DR SCHÄR AG/S.p.A., as Data Controller (in the following referred to as: “Controller”), in compliance with GDPR 2016/679 (General Data Protection Regulation, the European regulation on personal data protection, in the following referred to as “GDPR”) - considers privacy and the protection of personal data one of the main objectives of their activity. Therefore, before sending any piece of personal information to the Controller, please carefully read this Privacy Policy because it contains important information on your privacy, the protection of your personal data and the security measures applied in order to ensure confidentiality in full compliance with the applicable provisions.
Furthermore, this Privacy Policy:
- is understood as referring to this website and all other websites that sell Dr. Schär’s products and services (hereinafter simply referred to as the "Website") and are managed by the Data Controller;
- forms an integral part of the Website and the services we offer;
- also qualifies as the Privacy Policy information notice given, as required under art. 13 of the GDPR, to users who interact with this Website;
- complies with Recommendation No. 2/2001 on certain minimum requirements for collecting personal data on-line in the European Union, adopted on May 17, 2001 by the Work Group "Article 29".
***
The Controller would like to inform you that your personal data will be processed under the principles of lawfulness, fairness and transparency and the protection of your own confidentiality and rights. Your personal data will therefore be processed in accordance with the legislative provisions provided by GDPR 2016/679 and all obligations in terms of confidentiality indicated therein.
CONTENTS
The Table of Contents of this Privacy Policy below will help you find the information about your personal data processing that are of interest for you:
DATA CONTROLLER AND DATA PROCESSORS
As a result of users browsing the Website and using its services, personal data may be processed that concern identified or identifiable individuals.
To exercise the rights provided by the law and better specified above, you can contact the Data Controller or the DPO at the addresses listed below.
Information on the Data Controller:
The Data Controller is Dr. Schär SpA / AG, with registered office in Winkelau 9, 39014 Postal (BZ), Italy, Tel. 0473/293 300 E-mail privacy@schaer.com
Information on the Data Protection Officer:
The Data Controller has also appointed a Data Protection Officer (DPO), available at its headquarters (Winkelau 9, 39014 Postal (BZ), Italy, Tel. 0473/293 300) or by writing to dpo@drschaer.com.
Your personal data may be disclosed to employees or external collaborators of the Data Controller who are administrative, sales, legal or accounting employees or IT administrators, depending on how your data is processed and who, working under the Data Controller’s direct authority, are designated as Data Processors or persons in charge of the processing, pursuant to articles 28 and 29 of GDPR 2016/679 and who are suitably instructed on how to perform the tasks involved.
PERSONAL DATA PROCESSED
2.1 Website browsing data
The computer systems and software procedures used to operate this Website will collect some personal data whose transmission is implicit when you use Internet communication protocols. This information is not collected to be associated with identified data subjects, but by their very nature they could allow us, through their processing and association with data held by third parties, to personally identify users. This category of data includes IP addresses or domain names of computers used by persons who log onto the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the number code indicating the status of the reply given by the server (successful, error, etc.) and other parameters that refer to the user's operating system and computer environment. This data is used for the purpose of obtaining anonymous statistical information on the Website usage and to make sure it is functioning, to allow – given the system architecture used – the proper provision of the services, for security reasons and to ascertain responsibility in case of hypothetical computer crimes against the Website or third parties. The data are usually deleted after seven days.
2.2 Data provided voluntarily by users
The Website grants users the opportunity to voluntarily provide personal data, for example by filling in a contact form, by requesting services or information, by freely choosing to explicitly and voluntary send e-mails to the addresses indicated on the Website, etc.
2.3 Cookies
- Definitions, characteristics and application of the legislation
Cookies are small text files that websites visited by the user will send and record on your computer or mobile device, to be then retransmitted to the same websites the next time you visit them. Thanks to cookies, websites recall the user’s actions and preferences (such as your login, your preferred language, the font size, other display settings, etc.) so that users do not have to specify them a second time when they visit the website again or browse through its pages. Cookies are used for computer authentication, session monitoring and to store information about users who log on to a website, and may also contain a unique identification code that enables them to track user navigation within the website for statistical purposes or advertising. When browsing a website, users may also receive cookies or servers of other websites on their computer or mobile device (so-called "third-party" cookies). Some operations cannot be accomplished without the use of cookies, that in some cases are technically required in order to ensure website operation.
There are several types of cookies, depending on their characteristics and functions, and these may remain on your computer or mobile device for different time periods: so-called session cookies, which are automatically deleted when you close your browser; so-called persistent cookies, which remain on the user's computer/device for a set time.
According to the laws in force in Italy, it is not always mandatory to obtain the user’s consent to use certain cookies. More specifically, such consent is not required for "technical cookies", i.e. those used for the sole purpose of sending a communication over an electronic communications network, or as strictly necessary in order to provide a service explicitly requested by the user. In other words, these cookies are indispensable to provide access to the website or are required to perform tasks requested by the user.
The Italian Authority for the protection of personal data has established (cf. General Provision "Identification of simplified procedures for information to users and the acquisition of consent for the use of cookies – May 8, 2014") that technical cookies (i.e. those that do not require the user’s consent) include:
- "cookie analytics", when used directly by the website operator to collect information in aggregate form on the number of users and on how they visit the website;
- navigation or session cookies (for user authentication);
- functionality cookies, which allow users to browse the website based on the selected criteria (e.g. language, products selected for purchase) in order to improve the service provided to them.
"Profiling cookies", vice versa, i.e. those used to create user profiles and to send advertising messages in line with the preferences expressed by users when browsing the web, require the user’s prior consent.
- Types of cookies used by the Website and option to (de-)select them
The Website uses the following cookies, offering users the option to (de-)select them, except for third-party cookies (for which the user must refer directly to the relevant selection and de-selection modalities of the respective cookies, see the links here below):
- Technical navigation or session cookies, that are strictly necessary to provide access to the Website or to allow users to make use of the contents and services they request.
- Technical cookie analytics, that help the Data Controller understand how users browse the website. These cookies are not used to collect information about the user's identity, nor any personal data. The information is processed in aggregate and anonymous form.
- Technical functionality cookies, that are used to provide specific website features and a series of selected criteria (e.g. language, products selected for purchase) in order to improve the service provided by the website.
IMPORTANT: if you disable technical and/or functional cookies, the Website may be inaccessible or certain services or functions may be unavailable or not function properly and you may be forced to change or to manually enter some information or preferences each time you visit the Website.
- Third-party cookies, i.e. cookies from websites or servers other than the Data Controller ones, used by such third parties for their own purposes, which also include profiling cookies. Please note that these third parties, listed below with the individual links to their privacy policies, are independent data controllers of the data collected through the cookies they use. Therefore, the user should refer to their policies for information about how they process personal data, their privacy policy information notices and consent forms (selection and de-selection of the respective cookies), the links of which are provided below (as specified in the General Provision "Identification of simplified procedures for information to users and the acquisition of consent for the use of cookies – May 8, 2014"):
http://www.google.com/intl/it/policies/privacy/
_gid --> Google Universal Analytics, analytics performance
drschaer_language --> Language preferences -> functionality
_ga -> Aggregate analysis of website visits, Google Analytics, performance
__zlcmid –> Privacy policy cookie, functionality
__zlcprivacy --> Privacy policy cookie, functionality
Dr. Schär AG/S.p.A. has provided notification to the Privacy Authority for the profiling processes carried out through the website.
- How to view and change cookie settings on your browser
Users can choose which cookies they want to enable through the specific procedure described below, as well as allow, block or delete (in whole or in part) the use of cookies through the specific functions of their browser. However, in the event that all or some of the cookies are disabled, the Website may be inaccessible or certain services or functions may be unavailable or may not work properly, and/or you may be required to modify or to manually enter some information or preferences each time you visit the Website.
For more information about how to set cookie preferences on your web browser, see the relevant instructions:
With specific reference to the “Google Analytics” cookie, you can install a specific add-on to disable them, downloading it at the following link: https://tools.google.com/dlpage/gaoptout.
2.4 Data concerning minors
If the Website should process personal data of minors, consent will be required from the person having parental authority (legal guardian).
THE BANNER AT FIRST ACCESS
The Authority’s ruling dated 8 May 2014 required, in the case of the use of cookies other than technical cookies, the addition of a banner at the user’s first access to the website (so-called information notice), indicating, essentially, the website’s cookie management procedures, and linking to the full text of the company’s privacy policy regulation.
Dr. Schär AG/S.p.A. has prepared the aforementioned banner and, additionally, has installed a specific cookie that memorises the user’s preference in terms of cookie installation for 365 days. This means that users will see the cookie banner only once, and if they wish to change their preferences, they may do so by following the instructions provided in the paragraph entitled “How to view and change cookies through your browser”.
PURPOSE OF DATA PROCESSING AND COMPULSORY OR OPTIONAL NATURE OF PROVISION OF DATA BY USERS
The personal data you provide through the Website will be processed by the Data Controller for the following purposes:
a) purposes related to the provision of services requested by users: registration to the Dr. Schär Institute
The provision of your personal data for the purpose listed under (a) above is optional, but failure to do so could make it impossible for us to provide the services requested.
In compliance with article 6 comma 1 letter b) of the GDPR, we do not ask for your consent to process your personal data for these purposes, since said details are necessary to carry out the obligations deriving from a contract in which you are an involved party and/or to fulfil, before conclusion of the contract, specific requests by the involved party itself.
b) research/statistical analysis on aggregate or anonymous data, therefore without the possibility of identifying the user, aimed at measuring the effectiveness of any web marketing campaigns we may have conducted, measure traffic and evaluate usability and interest.
The processing of aggregate or anonymous data is not subjected to the provisions of GDPR 2016/679.
c) purposes that relate to the fulfilment of obligations under the law, regulations or European legislation.
The provision of your personal data for the purpose listed under (c) above is compulsory and failure to do so would not allow the Data Controller to satisfy its obligations under the law, regulations or European legislation.
We would like to remind you that, in compliance with article 6 comma 1 letter c) of the GDPR, it is not necessary to obtain your consent for processing your personal data for these purposes.
d) advertising messages.
In accordance with the decision of the Italian Authority for the protection of personal data "Guidelines regarding promotional activity and contrast to spam – July 4, 2013 [2542348]", if you decide to grant your consent to the reception of information about the Data Controller’s promotional activities, including market research, we inform you that we may conduct such activities, as required by current regulations, by letter, call center contacts (so-called "traditional methods"), e-mail, text messages, push notifications and through social networks (so-called "automatic methods"). We also inform you that you may at any time decide to withdraw your consent previously granted for traditional or automatic methods by notifying the Data Controller informally, i.e. by sending an e-mail to: privacy@schaer.com.
The provision of your personal data for the purpose listed under (d) above is optional and requires your previous consent. Lacking such consent, you will be able to use the service requested, but the Data Controller will not be able to send you advertising messages. Once you have granted consent, you can revoke it at any time for all these communication methods or only for one or some of them.
e) profiling purposes (e.g. creation, with the aid of electronic tools, of user profiles based on their preferences, habits and consumption choices).
Such profiling activities may be carried out by means of cookies or other online profiling technologies, e.g. trackers, (please see section 2.3) and/or by cross-linking personal data collected in connection with the provision of services and the relevant use of multiple features chosen from among those made available to the user, as provided by the Guidelines on the processing of personal data for online profiling - March 19, 2015.
The provision of your personal data for the purpose listed under (e) above is optional and requires your prior and specific consent, which you may grant also through the simplified procedures provided for in the aforementioned General Provision “Identification of simplified procedures for information to users and the acquisition of consent for the use of cookies – May 8, 2014” and the “Guidelines regarding the processing of personal data for online profiling” (bypassing the initial banner when logging on to the website). In the absence of such consent, you may benefit of the service requested, but the Data Controller will not be able to profile you and send you communications in line with your preferences. We also inform you that you may at any time decide to withdraw the consent you previously granted for user profiling, carried out by the Data Controller by information cross-linking or other profiling technologies, by notifying the Data Controller informally by sending an e-mail to: privacy@schaer.com.
METHOD OF DATA PROCESSING, SECURITY AND PLACE OF DATA PROCESSING
Your personal data is processed by the Data Controller – or by third parties carefully selected for their reliability and competence, as well as regularly designated as Data Processors – only to the purpose of achieving the purposes specified above, mainly using automated tools, but also in paper format, for the time strictly necessary to achieve the purposes for which the data was collected.
Specific security measures are applied to prevent the loss of data, unlawful or unfair use, and unauthorised access, in full compliance with what is indicated in article 32 of the GDPR.
The personal data provided by users in relation to the web services offered by this Website is processed at the Data Controller’s registered office specified above. The Controller's data centres are located in Italy. The Data Controller also relies on the technological services/data centres of KEY-TEC GmbH & Co. KG to process personal data for the purposes described above, which means that the data will also be stored at their offices.
Your personal data collected through the forms available on our website, will be kept for the time required to fulfil your requests. Wherever there are regulations requiring that we keep the details for a longer period, we will comply with said regulations. The details collected by cookies will be kept for the period established by the individual cookie.
COMMUNICATION AND DISSEMINATION
Your personal data may be communicated to external subjects whose assistance is necessary and functional to the provision of the Website services.
Your ordinary personal data may be transferred to third parties such as: 1. individuals, companies or professional firms that provide assistance and advice to the Data Controller, aptly designated as Data Processors; 2. entities, bodies or authorities to whom the communication of personal data is compulsory under the law or by order of the competent authorities; 3. subjects that are delegated by the Data Controller and/or to whom the Data Controller has assigned the task of carrying out activities strictly related to the purposes mentioned above (including technical systems maintenance), aptly designated as Data Processors; 4. business partners, identified by category, who process the data for direct marketing purposes as independent data controllers, but only if the user has granted specific consent for them to do so.
The Data Controller will not process data if such processing involves their dissemination, unless it has first obtained the user’s specific consent.
The data you supply us with will not be transferred to third party Countries or to international organisations outside of the EU.
YOUR RIGHTS
You have the right to ask us at any time to gain access to your personal data, to rectify, complete or erase them, and to limit or object to their processing wherever there are legitimate reasons to do so, as well as to transfer the aforementioned details to another Data Controller. We will send you a written response within 30 days. You may revoke, at any time, the consent given on this website, contacting one of the addresses indicated in the paragraph entitled “Information on the Data Controller and on the Data Protection Officer”. You are also allowed to make a complaint to the National Control Authority, wherever you feel that your data are being processed unlawfully.
Requests must be sent by email to the following address: privacy@schaer.com.
AMENDMENTS
The Data Controller may modify or simply update this Privacy Policy, partly or completely, even following variations of the laws and regulations that govern such policies and protect the rights of data subjects. These variations and updates of the Privacy Policy will be communicated to Website users on the home page as soon as they are introduced and will be binding once published on the Website. Please visit this section regularly to be informed of the most recent and updated version of this Privacy Policy, so that you always know which personal data we collect and how we use them.
CONTACT INFO
If you wish to receive any information about personal data processed by the Data Controller, you may contact our Company (i.e. the Data Controller) by letter, fax or e-mail to the address: privacy@schaer.com
The original version of the privacy policy is the one in Italian.
INFORMATION FOR CANDIDATES
Dear candidate,
This information is to inform you how Dr. Schär SpA/AG processes your data.
Aim of processing. Dr. Schär SpA/AG collects and uses the personal data provided by you in your curriculum vitae and during the interview(s) held by the company. This data is used solely for personnel search and selection purposes. Your data will not be used by the company or its partner companies for marketing purposes under any circumstances.
Type of data processed. The data processed for the aforementioned purposes is personal data (name, surname, address, tax code, IBAN etc.) concerning you, as well as sensitive data (health status, membership of trade unions or political parties, religious beliefs) and/or data relative to crimes and criminal convictions (such as, but not limited to, the distraint of one fifth of monthly income by a creditor, etc.)
Sensitive personal data. Dr. Schär SpA/AG may also process so-called sensitive data, regarding racial or ethnic origin; religious, philosophical or other beliefs; political opinions; membership of political parties or trade unions, or of religious, philosophical or political associations or organisations, as well as personal data regarding health status or sexual preferences. Provision of this data and consent to its processing is optional. Failure to provide this information will not affect the selection procedure or assessment of your application.
Data relative to crimes and criminal convictions. Dr. Schär SpA/AG may also process data relating to crimes or criminal convictions. Provision of this data and consent to its processing is optional. Failure to provide this information will not affect the selection procedure or assessment of your application.
Provision of data and the consequences of any refusal. Provision of the data necessary to begin the personnel selection process, or required by laws, regulations, public authority measures, etc. (such as, but not limited to, a mandatory background check if the candidate will be working with minors) is obligatory, since the failure to provide this data means we will be unable to assess your application. The provision of any further data not strictly related to the selection procedure is optional, and any refusal to provide this data will not affect the selection procedure itself or the assessment of your application.
Methods of processing, automated decision-making processes and data storage times. Your data may be processed on paper or by electronic means, in accordance with the technical and organisational measures stipulated by the General Data Protection Regulation (GDPR) EU 2016/679. It will not be processed using automated decision-making processes. The information regarding you will be stored for the entire duration of the selection procedure and for 2 years subsequently, and in any case in compliance with the legislation in force.
Communication and transmission of data, and transfer of data to a third country or to international organisations. Your data may be communicated to third parties which help Dr. Schär SpA/AG in staff search and selection procedures, and at the end of the procedure, to third parties who, on behalf of the company, fulfil the obligations stipulated by labour law, necessary for the performance of an employment contract. Examples of such third parties are, but are not limited to, the company responsible for the selection and assessment of personnel; the physician, consultant, and companies which provide training in workplace safety; tax or accountancy consultants; social security or healthcare bodies in order to meet legislative requirements; credit or insurance institutes, other training companies. The data provided by you will not be passed to third countries or international organisations outside the EU. The data you provide will not be communicated to third parties without your specific and prior consent.
Rights of the candidate and complaints to the Data Protection Authority. You have the right to access the data concerning you at any time, to request its updating, correction or cancellation, or to restrict or block its processing, whenever there are legitimate reasons. You can also lodge a complaint with the national data protection authority, if you believe your data has been processed illegally.
Information on your employer and on the Data Protection Officer. The Data Controller is Dr. Schär SpA/AG, with registered office in Winkelau 9, 39014 Postal (BZ), Italy. The Data Controller has also nominated a Data Protection Officer (DPO), employee of Dr. Schär SpA/AG, available by writing to dpo@drschaer.com.
To exercise the rights set out in the legislation and specified above in greater detail, contact the Data Controller or DPO at the registered office or by telephoning 0473 293300 or writing to privacy@schaer.com.