1. PURPOSE
The purpose of this Policy is to describe how Chiesi USA, Inc. (“Chiesi” at 1255 Crescent Green, Cary, North Carolina, USA) processes the personal data of individuals who visit our website(s). The information on this website is intended only for US residents. Nonetheless, if you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), this Policy also explains your data rights and how to use them. Chiesi is a data controller for any personal data processed through Chiesi’s websites that falls within the scope of the General Data Protection Regulation (GDPR) and is responsible for the processing of information collected from the websites maintained by Chiesi.
Chiesi is referred to as “we” or “us” throughout this Policy.
Please know that we may update, amend, or remove this Policy periodically. Therefore, it is important that you review this Policy whenever you visit any of our websites.
2. WHAT PERSONAL DATA DO WE PROCESS AND FOR WHAT PURPOSES?
You do not have to provide us with any personal data to browse Chiesi websites. However, you may choose to provide personal data to register on one of our websites, to submit to or request information from us, or to participate in other voluntary programs that we may offer through our websites from time to time. This information may include your title, name, postal address, institutional association, occupation, e-mail address, telephone number, date of birth, gender, information required to request a prescription, and other demographic information.
We also may collect, store, and process information from your visit to our website(s) that is not stored in a form that can be linked back to you. This type of data includes your browser type (to ensure compatibility between our applications and your browser), the domain name of the website that allowed you to navigate to our website, your incomplete internet protocol (IP) address, time spent on our website, web pages viewed, frequency of visits, and other relevant statistics.
3. COOKIES
We use cookies to collect aggregate data. A “cookie” is a small piece of information sent by a Web server to a Web browser that enables the server to collect information from the browser. Cookies are stored on your hard drive and not on our website, so you can examine your data files and see what information is being recorded. Most cookies are “session cookies” that are automatically deleted when the user closes his or her browser at the end of a session. You may decline cookies if your browser permits. If you do so, however, you may be required to re-enter your previously submitted information each time you visit our website.
Data collected by cookies is used to monitor a website and improve its usability. We may use cookies on certain pages, for example, to eliminate the need for you to re-enter your password during a session. We also use cookies to identify you when you visit a website to keep track of your browsing patterns and to build a demographic profile.
4. HOW WE USE PERSONAL DATA
If you choose to share personal data through this site, we may store and use that personal information to respond to your questions; provide you with requested products or services; conduct market research analysis; contact you, as requested, with information about matters like the website (whether by e-mail or postal mail), Chiesi, or our products or services; or for such other purposes as you may request at the time you submit the information.
From time to time, we may use or augment the personal data we have about you with information obtained from other sources, such as third parties. For example, to verify licensure of healthcare professionals, we may use personal data in conjunction with information obtained from the state licensing board.
If you submit to us any personal data relating to other people, you represent that you have the authority to do so and to permit us to use the information in accordance with this Policy.
5. OUR BASIS FOR PROCESSING YOUR PERSONAL DATA IF YOU ARE A RESIDENT OF THE EEA OR UK
Data privacy laws in the EEA and the UK set forth several different reasons that a company may collect and use their residents’ personal data.
We may use your personal data for the following reasons:
- For legitimate business purposes: We may use your personal data to make our communications with you more relevant and personalized and to make your experience with our products and services efficient and effective. Your personal data also may be used to help us operate and improve our business and minimize any disruption to the services that we offer.
- To perform a contract to which you are a party: We may process your personal data to provide a product or service that you request.
- To comply with our legal obligations and other legal demands for data: It is important to us that we can comply with laws, regulations, guidance, and all other legal demands for data. These legal obligations affect the way in which we run our business and help us make our products and services as safe as we can.
- You have given your consent: At times, we may need to get your consent to allow us to use your personal data for one or more of the purposes set forth above. See Section 9 (YOUR RIGHTS IF YOU ARE A RESIDENT OF THE EEA OR UK) below for information about your rights if we process your personal data based on your consent.
6. HOW WE SHARE YOUR PERSONAL DATA
We may retain other companies and individuals to perform services on our behalf, and we may collaborate with other companies and individuals with respect to products or services (collectively, “Providers”). Examples of Providers include data analysis firms, customer service and support providers, and web hosting and development companies.
We reserve the right to disclose your personal data as required by law when we believe disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us or when we believe disclosure is necessary to protect the safety, rights, or property of our customers, the public, Chiesi, or others. We also may disclose aggregate or de-identified data that is not personally identifiable to third parties for any purpose.
7. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will keep your personal data for as long as we are permitted based on the purpose(s) for which it was obtained. We consider the following criteria to determine our retention period: (i) the length of time we have an ongoing relationship with you and provide a Chiesi website to you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
8. PROTECTING YOUR PERSONAL DATA
We use a variety of security measures and technologies to help protect your personal data from unauthorized access, use, disclosure, alteration, or destruction in line with applicable data protection and privacy laws. No such measure is ever 100% effective; so, we do not guarantee that your personal data will be secure from theft, loss, or unauthorized access or use.
9. YOUR RIGHTS IF YOU ARE A RESIDENT OF THE EEA OR UK
Data privacy laws provide you with several rights over your personal data.
You may be entitled to:
- ask us for access to your personal data;
- request the correction and/or deletion of your personal data;
- request the restricted processing of your personal data or object to processing all together;
- withdraw your consent to the processing of your personal data (in circumstances in which we are processing your personal data based on your consent);
- request the transfer of your personal data to another organization; and
- contact your local data protection authority if your privacy rights are violated, or if you have suffered because of unlawful processing of your personal data.
Please contact our Data Protection Officer at Us.privacy@chiesi.com if you would like to exercise your rights. Please note that we may need to retain certain personal data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
10. WHAT IF YOU DO NOT WANT TO PROVIDE YOUR PERSONAL DATA?
You can always choose not to share your personal data with us when prompted to share.
If you object to the processing of your personal data, or if you have provided your consent to the processing and later choose to withdraw it, we will respect your choice in accordance with our legal obligations. This could mean that we may be unable to perform the actions necessary to achieve the purposes set forth in Section 4 (HOW WE USE PERSONAL DATA) above, or you may be unable to make use of the services and products offered by our websites.
11. CROSS-BORDER TRANSFERS
Chiesi websites are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country, or territory other than that of the United States. Any personal data that you provide to us through use of our websites may be stored, processed, transferred between, and accessed from the United States and other countries that may not guarantee the same level of protection of personal data as the one in which you reside. However, we will handle your personal data in accordance with this Policy regardless of where your personal data is stored/accessed.
12. CHILDREN’S PRIVACY
This site is not directed to individuals under the age of thirteen (13), and we do not knowingly collect personal data directly from children under the age of thirteen (13).
13. WHAT IF YOU DO NOT WANT TO PROVIDE YOUR PERSONAL DATA?
If you have questions about the processing of your personal data or Chiesi data privacy policies or would like to be connected with our Data Protection Officer, please contact us at:
us.privacy@chiesi.com
14. DISCLAIMER
Chiesi operates to the best of its ability in a compliant manner regarding this Policy and with respect to current laws and regulations.
