THIS INFORMATION IS FOR HEALTHCARE PROFESSIONALS AND ORTHOFIX MEDICAL DEVICE REPRESENTATIVES ONLY

Webinars

This document (‘Privacy Policy’) aims to illustrate the processing operations carried out by Orthofix S.r.l., in its quality as data controller (hereinafter the ‘Controller’ or ‘Orthofix’) pursuant to the data protection legislation in force, including Regulation (EU) 2016/679 (the ‘GDPR’) and any applicable national laws, by means of the personal data collected in connection with the registration of the users to the webinars organized by or on behalf of Orthofix (the ‘Webinars’), both on proprietary or third parties’ platforms.

Due to the professional and high-specialized nature of the Webinars, the users to whom this Privacy Policy is addressed are mainly healthcare professionals (‘HCPs’). Nonetheless, the information provided herein shall apply to anyone who registers, or attempts to register, to the Webinars (including the HCPs, the ‘Participants’).

The processing of Participants’ personal data will take place in full compliance with the applicable data protection legislation.

 

1. CATEGORIES OF PERSONAL DATA COLLECTED

In order for a User to enroll for a Webinar and allow the Controller to ascertain the latter’s identity, the User will be required to register and provide the following personal data: name, surname, place of work/hospital, city, region, country, email, professional profile, specialty (where requested).

Moreover, the User will have the possibility to send written requests of information to Orthofix, via dedicated forms, in which no more data will be requested than those indicated above, or by writing to specific email addresses managed by the Controller.

In case of refusal to provide such data, Orthofix may find itself in the impossibility to satisfy the User’s requests, or provide the latter with the services requested (including allowing his/her registration to the Webinars).

In any case, Orthofix will never request/collect particular categories of personal data.

 

2. PURPOSES AND LEGAL BASES OF THE PROCESSING

The Users’ personal data identified above will be processed by Orthofix for the purposes of:

  1. allowing the Users to register and to participate in the Webinars, as per their requests, pursuant to Art. 6.1, (b) of the GDPR;
  2. allowing the Controller to answer and fulfil the Users’ requests, including for support to the use of a product, pursuant to Art. 6.1, (b) of the GDPR;
  3. making such data available to other Orthofix Group’s companies or, where necessary, to their or Controller’s distributors, based on Orthofix’s legitimate interest pursuant to Art. 6.1, (f) of the GDPR, exclusively to enable them to properly answer and fulfil any Users’ direct requests (received by Orthofix), as autonomous data controllers, if concerning products or services they market or distribute under Orthofix brand;
  4. allowing the Controller to provide follow-ups to the Users who have attended the Webinars and/or to send promotional communication to them regarding new initiatives and events sponsored or organized by or on behalf of the Controller, or Orthofix-branded products or services, on condition that the User has provided his/her specific consent for this purpose (receiving marketing communications) pursuant to Art. 6.1, (a) of the GDPR;
  5. transmitting such data to other Orthofix Group’s companies or to the Controller’s or their distributors, as long as the User has provided his/her specific consent for this purpose (namely, communication of data to third parties for receiving their own marketing communications) pursuant to Art. 6.1, (a) of the GDPR, in order to enable them, as autonomous data controllers, to provide follow-ups to the Users who have attended the Webinars and/or sending promotional communication to them regarding new initiatives and events or Orthofix-branded products or services;
  6. to comply with obligations provided for by applicable laws and/or requests or orders issued by competent authorities, pursuant to Art. 6.1, (c) of the GDPR;
  7. establishing, exercising or defending legal claims, based on the Controller’s legitimate interest pursuant to Art. 6.1, (f) of the GDPR.

The User is entitled to withdraw at any time the consent given in relation to the activities described under d) and e) above, it being understood that any processing operations carried out until the moment of such withdrawal shall remain fully lawful and valid.

Should the data be collected in the future also for purposes other than those described above, it will be duty of Orthofix, on one hand, to provide adequate information to the Users relating to such new purposes in order to enable transparency and user awareness and, on the other hand, ensure that a valid legal basis (such as the data subject’s consent) exists, where needed, to undertake the relevant processing activities.

 

3. METHODS OF PROCESSING AND DATA SECURITY

The personal data are collected and processed lawfully and fairly, exclusively for the above purposes and in accordance with the fundamental principles established by the applicable legislation, with special regard to the GDPR.

Processing operations may take place both manually and electronically, in any case under technical and organizational measures that ensure the security and confidentiality of the data, especially in view of reducing the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to the Users’ personal data.

The processing will be carried out, under the authority of the Controller, only by people who have been duly authorized to access and process the data in accordance with the instructions provided for by Orthofix, on a need-to-know basis, and the applicable data protection laws and regulations.

 

4. COMMUNICATIONS TO THIRD PARTIES

Subject to lett. c) and e) above, the Users’ personal data will not be shared with third parties.

Should the data be made available by Orthofix to any other third-party suppliers or partners (such as service or hosting providers, IT companies, communication agencies, or else) in order to enable them to perform specific services connected to or necessary for the fulfilment of the purposes listed above, it will be responsibility of the Controller to appoint such third parties as data processor by virtue of their capacity, experience and reliability and to provide them with specific instructions regarding the security of the data, according to Art. 28 of the GDPR. The updated list of data processors can be accessed at any time by sending a written request to Orthofix, as specified below.

It remains understood that Users’ personal data must be communicated to third parties, such as public or judicial authorities, to comply with their binding orders and requests, as well as with applicable legal provisions.

 

5. DATA RETENTION

Personal data will be kept in a format that allows the identification of the Users for no longer than necessary to fulfill the purposes for which the data have been originally collected.

In more detail:

  1. the data collected in connection with the User’s registration to the Webinars will be retained:
    1. for organisational reasons connected to the management of the Webinars, for no longer than one (1) month following the end of the relevant Webinar;
    2. for 36 months, in relation to the Controller’s direct follow-ups and communications described under d) above;
  2. the data collected in connection with the requests made by the Users will be retained:
    1. for one (1) month following the response and/or fulfillment of such requests;

Subject to the above, the Users’ personal data will be kept in identifiable form for those further periods which are required or expressly permitted by the applicable laws, e.g. in order to fulfil orders issued by competent Authorities, as well as to enforce or protect the rights of the Controller (consistent with the retention periods and statutes of limitations provided for by the law).

As soon as no longer necessary in accordance with the above, the data will be cancelled or anonymized.

 

6. TRANSFER OF DATA ABROAD

Given the international nature of Orthofix’s business activities, the data may be transferred and so processed abroad, still for the sole purposes described above, by the companies belonging to Orthofix Group which are established inside the European territory (mainly in France, Germany) and outside the territory of the European Union (mainly in the UK, U.S. and Brazil).

In all cases, should the data be transferred to other non-EU countries, the relevant transmission will be subject to specific data protection guarantees, as required by the law, e.g. through the adoption of Standard Model Clauses as approved by the European Commission, or other equivalent safeguards.

 

7. DATA SUBJECTS’ RIGHTS

The User can at any time exercise his/her rights in accordance with the applicable data protection legislation, including:

  1. accessing his/her personal data, obtaining evidence – among others – of the purposes pursued by the Controller, the categories of data involved, the recipients to whom they may be disclosed, the applicable storage period, the existence of automated decision-making processes;
  2. having incorrect personal data referred to him/her rectified without delay;
  3. having his data erased in the cases provided for by the law;
  4. obtaining restrictions to processing, where possible;
  5. objecting to processing activities described under c) and d) above, in the cases provided for by law;
  6. requesting portability of the data provided to the Controller, e. receiving them in a structured, commonly used and machine-readable format, also for transmitting such data to another controller, without any hindrance by Orthofix, in all situations where it is required by the law in force;
  7. withdraw his/her consent for those processing which are based on this legal ground, without this may affect in any manner the lawfulness of the processing operations carried out until that moment;
  8. lodge a complaint to the competent Supervisory Authority (in Italy, Autorità Garante per la protezione dei dati personali).

 

To exercise these rights, or for any further information and/or clarifications, please write to privacy@orthofix.it.

 

8. DATA CONTROLLER

The Data controller is Orthofix S.r.l., a company duly incorporated under Italian law, with registered at Via Vittor Pisani no. 16, Milan (Italy).

 

9. POLICY UPDATING

The Controller shall have the right to amend and/or integrate this Privacy Policy over time in order to comply with new legal provision and/or include new services. For this reason, each User is invited to periodically visit this page.

Below is highlighted the date when the last version of this policy has been uploaded.

 

10. CONSENT FORM

I have read and understood the Privacy Policy above and, therefore, I hereby consent to the processing of my personal data by Orthofix S.r.l.:

  1. for sending me marketing and promotional communications regarding new initiatives and events sponsored or organized by or on behalf of the Controller, or Orthofix-branded products or services;

    I consent I do not consent

  2. for transmitting such data to third parties (namely to other Orthofix Group’s legal entities and to distributors engaged by them and Orthofix directly), in order to enable them to provide me with their own follow-ups after my attendance to the Webinars and to send me their own marketing and promotional communications regarding new initiatives and events or Orthofix-branded products or services.

    I consent I do not consent

 

Last Update: 01/07/2020

 

Want more info about upcoming events, resources and customized training possibilities?