Privacy Notice for the website www.inpha.it owned by Inpha Duemila S.r.l. (art. 13 Italian Legislative Decree 196/2003 – art. 13 and 14 of Regulation (EU) 2016/679, aka GDPR)

This page describes how we manage the website www.inpha.it and how we process your personal data.

We at Inpha Duemila S.r.l. are committed to protecting the privacy of our visitors and users, in compliance with Italian Legislative Decree 196/2003 (and subsequent amendments and additions) and the Regulation (EU) 2016/679 (GDPR). We ensure high security standards and rules for appropriate data processing. This document provides information on how we process the personal data we collect through this Website and therefore complies with the aforementioned regulations. We always process data ensuring transparency, fairness, and lawfulness, in compliance with all applicable regulations. Data processing means any operation or set of operations carried out even without the help of electronic instruments and concerning the collection, recording, organization, storage, viewing, processing, modification, selection, extraction, comparison, use, interconnection, blocking, dissemination, deletion of personal data.

Data controller

The Data Controller of this website is the owner and legal representative of Inpha Duemila S.r.l., with registered office in Via Rugabella 1, 20122 Milano (MI), Italy. The Data Controller ensures the security, confidentiality and protection of the personal data in their possession during any stage of the processing.

Who processes your personal data

Your personal data will be processed by Inpha Duemila S.r.l. personnel, who are appropriately identified, trained, and authorised. Your personal data will also be handled by the Data Processor, Edisfera S.r.l. Via Sistina, 121 - 00187 Rome, who manages our corporate website.

Where we process your personal data

Your personal data will be processed by the data controller at their headquarters. The data will be stored on a server located in Germany.

Why we process your personal data

Inpha Duemila S.r.l. may process your personal data for the following purposes:

  • managing requests received through the Website
  • newsletters for communications
  • managing applications received through the Website
  • website traffic statistics
  • website functionality optimization
  • fulfilling obligations established by laws, regulations, and EU standards

The data controller will not adopt any automated decision-making process.

Data provision

Some of your personal data are required for managing your requests and communications with you. The boxes with a green line on the left-hand side indicate required data. Failure to provide them will make it impossible for us to reply to your request. On the other hand, fields not marked with an asterisk are optional; therefore, not providing that data will not affect the service in any way.

What personal data we process

We process the following data:

  • personal details you provide when you interact with the website or sign up for the services we provide (logging into the restricted areas)
  • browsing data, as explained in detail in our cookie policy.

Please note that Inpha Duemila S.r.l. does not process sensitive or judicial data in compliance with Article 4, paragraph 1 of Italian Legislative Decree 196/03 as well as data of the particular categories referred to in art. 9 of the EU Reg. 2016/679.

Links to other websites

This Website may link to other websites (third-party websites). We have no access or control over cookies and other user tracking technologies that could be used by third-party sites that you may access from our website. Moreover, we have no control over the content and materials published by or obtained through third-party websites, nor over their data processing methods; therefore, we decline any liability to this regard. Please read the privacy policy of any third-party sites you access through our Website to check how they process personal data. This privacy notice applies only to the Website specified above.

How and for how long we store your personal data

The computer systems and software we use are configured to minimise the use of personal and identifying data. These data will be stored for the period of time strictly necessary to fulfil the purpose. In any case, the retention period is determined in compliance with the applicable laws and the principles of data minimisation and rational archive management. We will store your data only for the time required to fulfil the purpose they were collected for and in compliance with the standards in force, and in any case for a period exceeding ten years. You can ask to interrupt data processing or delete your data at any time (see our Contact page to see how).

How we keep your personal data secure

We are committed to keeping your personal data secure and we comply with the applicable laws to prevent data loss, illegitimate or unlawful use of data and unauthorised access. We use advanced security technologies and procedures to protect your personal data. For example, we store personal data on secure servers located in places with restricted and controlled access. You can help us keep your personal data always correct and up-to-date by communicating any changes to your address, profession, contact information, etc.

Who else can access your personal data

Your personal data can be accessed by our personnel who need to process them while carrying out their tasks to fulfil your requests regarding our website’s services and functions and, in any case, for the purposes described above.

Personal data transfers to third countries

The Data Controller will not transfer your personal data to third countries or international organisations.

Your data access rights

You can exercise the rights granted under Article 7 of the Italian Privacy Code and Article 15 et seq. of the GDPR at all times. In particular, you have the right to obtain confirmation as to whether or not we have personal data concerning you, verify their origin, correctness, and location (even with reference to possible third countries), and ask for their integration, updating, rectification, erasure, anonymisation, blocking if processed in violation of the law, object to their processing for legitimate reasons, and lodge a complaint with your Data Protection Agency. You can also withdraw your consent at any time. You can contact the Data Controller (check our Contact page to see how) if you have any request regarding data processing, want to exercise your data access rights, or ask for the updated list of the subjects who can access your personal data.

Data Protection Officer

You can contact our DPO (check our Contact page to see how) to exercise your rights, report something, or receive information on how we process your data.

Information not included in this privacy notice

You can get in touch with our Data Controller (check our Contact page to see how) at any time for further information concerning personal data processing.

Changes to this privacy notice

The Data Controller is entitled to make changes to this privacy notice at any time and will use this page to inform users. Please make sure to check this page periodically referring to the date of the latest update indicated at the bottom. Should you not accept the changes to this privacy notice, you will be required to stop using this website and you can ask the Data Controller to erase your personal data, unless otherwise agreed.