Notice on Personal Data – For the General Public

Notice on Personal Data – For the General Public


INTRODUCTION

Protection of personal data and privacy are key factors that can heavily affect the trust on which we build strong and durable relationships with all our interlocutors, and most especially with healthcare professionals and patients.

The protection of your personal data is a major priority. This Notice provides further information on our processes for collecting, processing, and protecting the data obtained in the context of our interactions, as well as the options available to you.

For all online communications with us, please refer to the Notice on Personal Data available on the Websites for Menarini France, NHS, and Relife France (hereinafter referred to as "we", "us", and the "Companies") belonging to the Menarini Group (hereinafter referred to as "Menarini").

PURPOSES AND LEGAL BASIS

Menarini France, NHS, and Relife France, in their capacity as joint Data Controllers, collect, process, retain, and transfer information about you, both digitally and manually (on paper). This information is solely used for the following purposes:

1. Associated operations:

  • The opportunity to participate in surveys, polls, and market studies (legal basis: legitimate interest),

  • The opportunity to participate in competitions and special consumer offers (legal basis: legitimate interest, or consent if via email),

  • Participation in competitions and special consumer offers, where the information provided may be qualified as sensitive (legal basis: consent),

The opportunity to participate in events (legal basis: legitimate interest, or consent if via email);


2. Digital communications relating to the Companies and our products, including promotional offers and communications (legal basis: consent);
 

3. The personalization of our digital information and content, including institutional, environmental, and product-specific communications. This personalization is based on the monitoring of your needs, preferences, and interests, expressed throughout your contacts with our Companies, such as your participation in our loyalty scheme, or based on communications regarding your favorite products, loyalty scheme points, or news for which you have demonstrated an interest (legal basis: consent).

We also collect this information in the context of the following requirements: 

  • Fulfillment of our statutory monitoring and reporting obligations, notably relating to anti-corruption regulations, adverse events, and complaints regarding our products and their safety of use (legal basis: legal obligation),

  • Managing the relationships between you and the Companies, including in the context of litigation and pre-litigation (legal basis: legitimate interest),

  • Monitoring the conclusion and execution of contracts entered into with you, and notably relating to special consumer offers that do not require sensitive data, or the processing of your order (legal basis: execution of contracts).

 

DATA COLLECTED

The main categories of personal data that we collect are as follows:

  • Surname and first name,

  • Date of birth of the registrant,

  • Contact information (mailing address, email address, telephone number),

  • If applicable, date of birth of the child concerned by the product,

  • If applicable, estimated date of childbirth,

  • If applicable, financial and transactional bank account details (payment methods),

  • If applicable, commercial data (e.g., client number, purchase history, client account and loyalty scheme information, product reviews, purchasing trends, etc.),

  • Information concerning your interactions (promotional and/or non-promotional) with the Companies (frequency, date, type of contact, etc.),

  • Any other data provided by you (e.g., regarding the consumption of our products),

  • Data relating to your use and/or consultation of our digital information and materials (e.g., IP address, browsing activity, geolocation, connection data),

  • Other information relating to preferences that you have expressed throughout your interactions with the Companies. 

Data processing is necessary for the proper performance of our operations. We ask that you provide, at the very least, the data highlighted in bold above. In the event of refusal, we will not be able to send you any further communications. However, the provision of all other data not in bold is optional.

Any data that is not necessary for the purposes set out above will not be collected by the Companies.

The legitimate interests pursued by the Companies are weighed against your own interests, freedoms, and fundamental rights, which necessitate the protection of your personal data. The interests of the Companies shall not prevail over your interests. You may request further information relating to the weighing of the legitimate interests pursued by the Companies against your own interests.

 

DATA SOURCE

Your data can be collected directly from you (via direct contact with the Companies, including via our Websites, social media pages, and participation in the loyalty scheme or in competitions) or through data sources provided by our partners. 

 

DATA RETENTION PERIOD

We retain your data for as long as necessary or as long as permitted in light of the purpose or purposes for obtaining such data, as outlined in this Notice.

The retention period is determined according to the following criteria:

  • The period during which you maintain a continuous relationship with the Companies and during which the Website is made available to you,

  • The fact that the Companies are subject or not to a legal obligation,

  • The duration of the contract entered into with you,

  • In the event of litigation, the duration of the legal procedure once ordinary and extraordinary means of recourse have been exhausted, 

The fact that such retention is recommended in light of our legal position (with regard to the application of the Terms & Conditions of use for the Website, applicable statutory limitations, litigation, and regulatory inspections).

 

RECIPIENTS AND TRANSFERS OUTSIDE OF THE EU

Data may be processed by our collaborators belonging to the following categories: administrative personnel, representatives of the Companies, product managers, and Department heads. Data may also be processed by other personnel in the context of their duties. Additionally, in accordance with Article 6 and Recital 52 of the GDPR, data may be communicated in line with the organizational, administrative, financial, and accounting requirements of the A. Menarini IFR S.R.L. parent company, based in Florence, Italy, as well as other Menarini Group companies, including those located in countries outside the European Union ("Non-EU Countries").

Your personal data may be communicated to our various partners or service providers for reasons including but not limited to the management of promotional offers or the loyalty scheme, the management of IT systems, the implementation of surveys or polls, and the organization of events. These service providers are bound by privacy obligations.

Your data may equally be provided to any potential current or future buyer of the Companies in the event of a commercial transaction, such as a sale, merger, or acquisition.

Your data in paper format may be hosted by a service provider specializing in archiving procedures.

Your data in digital format is hosted on Menarini IT servers located in the European Union.

Regarding the transfer of data to Non-EU Countries, including to countries that do not guarantee the same standards of protection regarding privacy as the various laws applicable within the EU, we hereby inform you that such data shall only be processed in accordance with the provisions of the laws in force, including, for example, the confirmation of your consent, the adoption of the European Commission's Standard Contractual Clauses, and the selection of commercial partners operating in countries considered safe by the European Commission. For more information on the guarantees implemented with regard to the transfer of your data outside the European Economic Area and to obtain a copy thereof, you can contact the DPO, whose contact information is available under the section on "YOUR RIGHTS".

 

REGULATORY NATURE OF THE PROVISION OF DATA

For the purposes described in points 1, 2, and 3 of the paragraph on "PURPOSES AND LEGAL BASIS", the processing of your data is neither regulatory nor contractual in nature, and the refusal to provide such data shall not entail any consequence for you whatsoever.

In the context of a relationship established between you and the Companies (e.g., a meeting with a representative) and for the purposes described in the other points of the same paragraph, the processing of your data is regulatory in nature (as set out in the legal texts by which the Companies are governed), and the refusal to provide such data may impede the furtherance of the relationships between you and the Companies.

Similarly, if you do not provide the data necessary to conclude and/or execute any contracts to which you are a party, we will not be able to enter into such contracts.

In all cases, the primary aim of the personalization implemented by the Companies is to rationalize all operations with regard to promotional information and to deliver content that is intended to be best suited to your needs, preferences, and interests. It shall not entail any significant individual consequence for you whatsoever. No automatic decisions shall be made by the Companies concerning you. You have the right to withdraw your consent at any time. If you choose to withdraw your consent, you will no longer receive personalized content. 

 

GENERAL DATA PROTECTION REGULATION (GDPR)

This European Regulation was designed to reinforce the protection of your personal data.

The Companies hereby confirm that:

-  Menarini has designated a Data Protection Officer (DPO) who is available for any questions or claims you may have concerning the processing of your personal data (contact information below),

-  All your data is processed in a lawful, fair, and transparent manner,

-  An appropriate level of security is guaranteed throughout the processing and retention period of your data,

-  All personal data retained by the Companies is exact and up-to-date,

-  All necessary measures have been taken to avoid any breach, loss, or modification of your personal data.

However, Menarini France is the sole company (among all joint Data Controllers) specifically responsible for ensuring the security of processing operations, managing responses to any persons concerned, and cooperating with the competent authorities.

 

YOUR RIGHTS

Your rights include the right of access, the right to rectification, the right to object (for reasons relating to your particular situation), the right to erasure of your data, the right to restriction of processing, the right to data portability in certain cases, and the right to define the fate of your data after your death.

You can freely accept or refuse interactions with the Companies with regard to canvassing and prospecting. You can also object, at any time and without the need to justify your decision, to receiving communications from us in the context of our campaigns.

However, when you accept interactions with the Companies, processing that falls under a legal obligation in accordance with the Certification standard and the Charter on information provided for the promotion of medicinal products (e.g., planning and traceability of interactions between you and the Companies) are not subject to the right to erasure or the right to object.

You can exercise your rights directly via the following email address: dpl@menarini.fr.

You can also use the "Submit a request for rectification" form available on our Website – www.menarini.fr – under the "Contact" section.

Additionally, you can contact the DPO in Italy via the following email address: dpo@menarini.com.

You can submit a claim directly to a supervisory authority at any time, and notably to the supervisory authority appointed by the Member State of your place of residence, place of work, or place where you consider a breach of the Regulation to have been committed (e.g., the French Data Protection Authority "CNIL" – Commission Nationale de l’Informatique et des Libertés).