Chiesi - global rare diseases
Apply for grant

Privacy notice

Under Article 13 of Regulation (EU) 2016/679 on the protection of individuals regarding the processing of personal data (hereinafter “GDPR”)

This is a privacy notice provided by Chiesi Farmaceutici S.p.A. (“Chiesi”), in accordance with the provisions of European Regulation No. 679/2016 (hereinafter “GDPR”), to inform you that your Personal Data or otherwise Personal Data provided by you will be processed by Chiesi as data controller, in full compliance with applicable law.

Personal Data” is information of any kind, including electronic information, that allows a person to be identified individually or in combination with other information.

With “Processing of Personal Data” we mean, pursuant to Article 4(2) of the GDPR, any operation or set of operations, carried out with or without the help of automated processes and applied to personal data, such as collecting, recording, organising, storing, adapting, or modifying, extracting, consulting, using, and disseminating them.

User” means the company, authorised person, or individual using the services provided by the website (hereinafter the “Website”).

This notice describes the following aspects:

  1. (1) HOW WE COLLECT AND USE YOUR PERSONAL DATA
  2. (2) HOW WE SHARE YOUR PERSONAL DATA
  3. (3) RETENTION PERIOD OF YOUR PERSONAL DATA
  4. (4) USER RIGHTS
  5. (5) UPDATES TO THIS NOTICE

(1) HOW WE COLLECT AND USE YOUR PERSONAL DATA

PURPOSES:

Application submission: after applying for the “Find For Rare” Research Grant, we may process your Personal Data to evaluate the eligibility of the research project for funding and to contact you once the grant recipients have been selected regarding the contents of the proposal.

Social media and third-party links: our website may include links to third-party websites, plug-ins, and applications, such as hyperlinks to our Facebook, LinkedIn, and Instagram pages. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Technical and analytical purpose: we may process technical or usage data that may indirectly reveal your identity to guarantee a reliable user experience on the Website. Such data is automatically collected during the normal functioning of every website and are processed for technical purposes (including troubleshooting, testing, system maintenance, support, and reporting) or for statistical and analytical ones to improve the user experience on the Website.

Such data are usually processed in an aggregated and non-identifiable form to pursue statistical purposes. For example, usage data may measure the engagement rate or the time spent on a specific section or feature of the Website.

Pharmacovigilance: the Website has a section dedicated to Pharmacovigilance, where you can report any adverse reactions or safety issues with our products.

PROCESSED PERSONAL DATA:

Identification and professional data: for the purposes of evaluating your application for the grant, such as (i) your contact details (i.e., name, surname, e-mail); (ii) your curriculum vitae and cover letter; and (iii) your affiliation entity (e.g., university, academic medical centre, research institution, hospital).

Technical data: including the IP address, type of browser and version, time zone, and location based on the IP address, general information on the hardware, and the operating system of the device used to browse the Website. As detailed above, such data are used for technical and statistical purposes only.

Usage Data: including information on how you use the Website. For example, the time spent on certain sections.

The processing of so-called special data as defined by art. 9 of the GDPR (such as data relating to health) and / or data relating to minors is expressly excluded. These categories of data, if shared by the User, will be immediately deleted.

LEGAL BASIS OF THE PROCESSING:

Performance of contractual obligations: with the researcher who applies for the grant, with regards to their Personal Data to be processed within the evaluation process of their application.

Legitimate interest: to ensure the website’s security and prevent online fraud.

Legal obligation: to comply with applicable laws and regulations, address requests from the authorities, or manage reports of adverse events received through the Pharmacovigilance contact channels.

Your Personal Data will also be processed and stored should Chiesi need to protect its interests and carry out its defensive rights in legal proceedings.

(2) HOW WE SHARE YOUR PERSONAL DATA

Chiesi may share your Personal Data with other companies, organisations, and individuals, if any of the following circumstances occur:

  • We may share your Personal Data to companies forming part of Chiesi Group, in Italy, and abroad (including non-EEA countries).
  • Sharing with your expressed consent: after obtaining your consent, we may share your Personal Data with certain third parties or categories of third parties.
  • Sharing in accordance with laws and regulations: we may share information required under applicable laws and regulations to handle legal disputes or requests by administrative or judicial authorities.
  • Sharing with service providers: we may also disclose your Personal Data to companies that provide services to us or on our behalf.

In the latter case, Chiesi will ensure the legitimacy of such sharing and will sign data processing agreements and/or clauses with the companies, organisations, and individuals with whom your Personal Data will be shared, requiring them to comply with this notice and take appropriate security measures.

How We Protect Your Personal Data

Chiesi places extreme importance on the security of your Personal Data and have taken appropriate security measures to safeguard your Personal Data against unauthorised access, disclosure, or loss.

For this purpose, Chiesi takes the following steps:

  • We take reasonable steps to ensure that the Personal Data collected is as minimal and relevant as necessary in relation to the purposes for which it is processed. We retain your Personal Data for no longer than is necessary for the purposes set out in this notice unless an extension of the retention period is required or permitted by law.
  • We use a range of technologies to ensure the confidentiality of data during transmission. We use trusted protection mechanisms to protect data and data storage servers from attack.
  • We rigorously select business partners and service providers and require them to comply with our Personal Data protection requirements through specific provisions in business agreements with such business partners and service providers. In addition, we perform audits and other assessment activities to verify compliance with the requirements.
  • We conduct privacy and security protection training, testing, and informational activities to increase awareness of Personal Data protection among employees and contractors.

(3) RETENTION PERIOD OF YOUR PERSONAL DATA

Your Personal Data referred to in section (1) of this notice is stored on the servers of Chiesi or on the servers of the suppliers (specifically appointed as data processors) located in Italy and abroad (including non-EEA countries). In any event, Chiesi guarantees that the safety of your Personal Data is not adversely affected by such transfer. This means that each of the intended transfers is based on one of the following transfer mechanisms envisaged by the Chapter V of the GDPR:

  • • the existence of an adequacy decision issued by the European Commission for the country that your personal data is transferred to; or, alternatively;
  • • the conclusion of standard contractual clauses reproducing the models adopted by the European Commission; or, alternatively;
  • • the existence of an exemption related to one of the specific situations exhaustively provided for by the GDPR.

We keep your Personal Data for the time necessary for the purposes indicated in this Privacy Notice, and in any case for no more than 24 months.

Your Personal Data will be kept for the time set out above, or for a shorter period if you decide to exercise one of the rights listed in the “USER RIGHTS” section below.

(4) USERS RIGHTS

Access, rectification, cancellation, data portability, restriction of processing, objection to processing, and revocation of consent.

Chiesi provides specific channels so that you can access, modify, oppose, and/or limit the processing of your data, as well as request their cancellation or portability to other parties and revoke your consent.

We invite you to contact the Data Protection Officer (DPO) to obtain the list of data processors, obtain the list of parties with whom your data has been shared, and request the exercise of your rights listed above: dpoit@chiesi.com.

If you believe that Chiesi is not processing your Personal Data in accordance with this notice or applicable law, you may exercise your rights by lodging a complaint with the Italian Data Protection Authority.

The Data Controllers is:

Chiesi Farmaceutici S.p.A., with registered office in Via Palermo 26/A, 43122 Parma.

(5) UPDATES TO THIS NOTICE

This notice may be updated from time to time. Any update to this notice will become effective at the time of its publication on the Website.

Background splash

The Rare Disease Research Grant Initiative, Find For Rare, is organised and funded by Chiesi Global Rare Diseases.

By entering this site, I confirm I am a principal investigator, research scientist, and/or physician scientist with an affiliation outside of the Americas.