The processing of personal data of the Users will take place in full compliance with the applicable data protection legislation, including but not limited to Regulation (EU) 2016/679 (the “GDPR”).
The Website incorporates links which allow you to connect to other websites run both by other companies of the Orthofix Group and by third parties. The Company assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.
Therefore, Users who access such web pages and/or social platforms through the Website must carefully read the relevant privacy policies in order to understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites and the relevant data processing.
The computer systems and software procedures used to operate this Website need to acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data may include, by way of example: IP addresses, browser type, operating system, the domain name and website addresses from which you are logged in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s operating system and computer environment.
This technical / IT data is collected and used only in an aggregated and not immediately identifiable manner and can be used to ascertain liabilities in case of hypothetical crimes committed within or against the Website or upon competent authorities’ request.
There are few sections of the Website (e.g. “Contact” and “Ask us questions”) which allow the collection of the personal data that the User decides to share with the Company. It remains understood that, in this case, the Controller will process the data provided by the User exclusively in order to fulfil the requests received. Accordingly, if the User does not want the Controller to process his/her personal data, he or she is invited not to send any request.
In any event, the Users will always be free whether or not to share his/her personal data by filling out the specific forms available on the Website.
The Website has been designed with the main goal of providing information – and therefore as an interactive window – regarding the activities, products and services offered by the Company or other companies belonging to the Orthofix Group.
The above categories of personal data will be processed by the Company for the following purposes and according to the legal bases set out below:
Should personal data be processed in the future also for purposes other than those described above, the Company will provide adequate information to the User relating to such new purposes and will ensure that the relevant data processing will rely on a valid legal basis.
The provision of personal data by the User – unless otherwise noted – is optional. However, in case of refusal to provide his/her personal data, the Company will not be able to fulfill the User’s request or provide certain specific services (such as customer service).
The personal data are collected and processed lawfully and fairly, for the above purposes and in accordance with the fundamental principles established by the applicable legislation.
Processing operations may take place both manually and electronically, or by information technology tools, always under technical and organizational measures that ensure the security and confidentiality of the data, especially in view of reducing the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or unauthorized access to the personal data or, more generally, processing that is not compliant with the purposes of the collection.
The processing will be carried out under the authority of the Controller only by persons who have been duly authorized to access and process the Users’ personal data on a need-to-know basis, in accordance with the instructions provided for by the Company and the applicable data protection laws and regulations.
The Users’ personal data collected through the Website may be shared or communicated to third parties, including but not limited to other companies belonging to the Orthofix Group.
The data may disclosed by the Company to third-party suppliers or partners (such as service or hosting providers, IT companies, marketing and communication agencies) in order to enable them to perform specific services connected to or necessary for the fulfilment of the purposes listed above. If needed, the Controller will appoint such third parties as data processors, by virtue of their capacity, experience and reliability and to provide them with specific instructions regarding the security of the data, according to Art. 28 GDPR.
It remains understood the Users’ personal data must be communicated to third parties, such as public or judicial authorities, to comply with binding orders and request, as well as with applicable legal provisions.
Personal data will be kept in a format that allows the identification of the User for no longer than necessary to fulfill the purposes for which the data have been originally collected and, in any case, within the time limits set forth by applicable laws and regulations.
Where required or expressly permitted by applicable laws, the Users’ personal data may be kept for longer periods, e.g. if necessary to fulfil orders issued by competent authorities or to enforce or protect the rights of the Controller.
As soon as no longer necessary in accordance with the above, personal data will be cancelled or anonymized.
Given the international nature of the Controller’s business activities, for the sole purposes described above personal data may be transferred to countries outside the European Economic Area (“EEA”) that do not guarantee an adequate level of protection. By way of example, personal data may be transferred to other companies belonging to the Orthofix Group which are established outside the EEA (mainly in the U.S.).
In these cases, the Company undertakes to implement all necessary measures to protect the Users’ personal data, in accordance with applicable laws, e.g. by adopting Standard Contractual Clauses as approved by the European Commission, or other equivalent safeguards.
The User can at any time exercise his/her rights under the GDPR, in particular:
To exercise these rights, or for any further information and/or clarifications, please write to firstname.lastname@example.org
The Data Controller is Orthofix S.r.l., a company duly incorporated under Italian law, with registered at Via Vittor Pisani no. 16, Milan (Italy).
The Data Controller may be contacted at email@example.com.
Below is highlighted the date when the last version of this policy has been uploaded.
Last Update: April 22, 2021