The purpose of this Privacy Policy is to demonstrate the commitment of CHIESI FARMACÊUTICA LTDA., enrolled with the CNPJ/ME under number 61.363.032/0001-46, headquartered at Rua Doutor Giacomo Chiesi, No. 151, km 39.2, Estrada dos Romeiros, city district of Votuparim, in the City of Santana do Parnaíba, State of São Paulo, Zip Code 06513-005 (hereinafter “CHIESI”) to the privacy and protection of personal data collected from its Users, establishing the rules on the collection, record, storage, use, sharing, enrichment and deletion of personal data collected within the scope of services and features of the Portal, according to the laws in force, with transparency and clarity with Users and the market in general.
As a condition for accessing and using the exclusive features of the Portal, User states that he/she has read this Privacy Policy and the Terms of Use completely and carefully, being fully aware of, and thus giving his/her free and express agreement with the terms set forth herein, as well as its use for the purposes specified below. If not in accordance with this Privacy Policy, Users shall discontinue their access, as well as revoke the consent they have granted.
1. DATA COLLECTED, MODE AND PURPOSE OF COLLECTION
1.1. Data is collected when you voluntarily enter or submit by accessing and interacting with the features of our Portal, which includes:
TYPES OF DATA |
PERSONAL DATA |
PURPOSE OF DATA USE |
GENERAL REGISTRATION DATA |
Full name Telephone
|
Identify Users and ensure security in their access account |
Administer, provide services and fulfill the obligations arising from the use of Portal services |
||
Portability of registration data to another Controller in the same branch in which we operate, if requested by any User |
||
Fighting fraud |
||
Identify Users and ensure security in their access account |
||
Receive messages, questions, criticisms and suggestions from any User, keeping in touch and providing an answer when appropriate |
||
REGISTRATION DATA OF HEALTH PROFESSIONALS |
Full name Password Regional council numberSpecialty Address City District City State Zip Code Telephone |
Identify Users and ensure security in their access account |
Administer, provide services and fulfill the obligations arising from the use of Portal services |
||
Inform about novelties, features, content, news and other events relevant to maintaining the relationship with you, User |
||
Promote our products and services |
||
Keep Users' records updated for contact purposes by phone, email, SMS, direct mail or other means of communication |
||
Restrict access to the Portal area with information of interest to healthcare professionals |
||
Portability of registration data to another Controller in the same branch in which we operate, if requested by any User |
||
Fighting fraud |
||
Identify Users and ensure security in their access account |
||
Receive messages, questions, criticisms and suggestions from any User, keeping in touch and providing an answer when appropriate |
||
HEALTH AND DISEASE DATA |
Name initials Gender Date of Birth Telephone Weight Pregnancy/ Pregnant State Allergies Diseases Symptoms Treatments Medicines |
In compliance with Law No. 6.360 dated September 23, 1976, Resolution of the National Health Council No. 3 dated June 28, 1989, and Resolution no. 406 dated July 22,2020 of the National Health Surveillance Agency, CHIESI maintains a communication channel with consumers and physicians who prescribe its medications to make aware of possible adverse events that occur with people undergoing treatment who use its drugs, whether such adverse events are related or not to its medicines, enabling the communication of health professionals, patients and government regulatory agencies in cases of important safety information |
DIGITAL IDENTIFICATION DATA |
IP Address and Origin Logical Gateway Records of Interactions with the Portal Pages accessed by Users Dates and times of each action and access to eachPortal page Web Beacons Session ID Cookies |
Administer, provide services and fulfill the obligations arising from the use of Portal services |
Prepare statistical analysis and studies to identify Users’ profile and develop campaigns |
||
Compliance with the obligation established by the Civil Rights Framework for the Internet - Law 12.965/2014 (this information is only collected through internet access) |
||
Storage of records on Users’device containing browsing data, choices made, as well as usernames and passwords, in applicable cases |
1.2. We are not responsible for the accuracy, veracity or lack of it in any information that any User provides through the Portal or for its outdating, when it is his/her responsibility to provide it accurately or to update it.
1.3. We may eventually receive information about any User from other sources such as recruitment and selection agencies and corporate data of partners to add them to our database, which shall in no case be sold to third parties.
1.4. We use the most modern technologies to record browsing events, clicks, events and non-identifiable data. All the technologies used shall always respect the current legislation and the terms of this Privacy Policy.
1.4.1. The Portal may use cookies. The main internet browsers allow any Users to manage the use of cookies on their devices (computer, cell phone, tablet, etc.). Our recommendation is that Users keep the option “save cookies” enabled. This way, it is possible to use all the customized browsing features offered by CHIESI, but if any User does not agree, it is possible to disable this function and the collection of some types of information shall be blocked, such as cookies. However, if you wish to block them, in this case, some features of the Portal may be limited.
1.4.2. The Portal may also use Web Beacons to collect Users’ behavior data, where it is not necessary to install files on Users' equipment.
1.5. It is important to note that once on the Portal you can be taken via link to other portals, social networks or platforms, which shall be able to collect your information and have their own privacy policy.
1.6. It is your responsibility to read the privacy policy of such platforms outside the Portal environment, leaving it up to you to accept or reject it. CHIESI is not responsible for the privacy policy or the content of any websites, social networks, content or services linked to the Portal, including through links.
1.7. Through our dpo-br@chiesi.com channel, you can change your permissions for processing your data, grant new permissions or withdraw your consent for current permissions, being warned of the consequences that the withdrawal of consent may cause.
1.8. Data collected and activities recorded can also be shared:
a) With competent judicial, administrative or governmental authorities, whenever there is a legal order, request, formal petition or court order;
b) Automatically in case of corporate transactions such as merger, acquisition and takeover of and/or by CHIESI.
1.9. The database created through the collection of data on the Portal is our ownership and responsibility, and its use, access and sharing, when necessary, shall be made within the limits and purposes of our business and described in this Privacy Policy.
1.10. Internally, data we collect is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to the objectives of the Portal, in addition to the commitment to confidentiality and preservation of privacy under this Privacy Policy.
1.11. CHIESI only collects information that is essential for the viability of its commercial activities.
2. HOW WE STORE DATA AND RECORDS
2.1. Data collected and the records of activities shall be stored in a safe and controlled environment according to the periods set in the legislation in force, such as Consumer Protection Code, General Data Protection Laws, Civil Rights Framework for the Internet, Resolutions of the National Health Surveillance Agency, among others.
2.2. However, considering that no security system is foolproof, CHIESI disclaims any liability for any damage and/or loss arising from failures, viruses or intrusions of CHIESI database, except in cases where it contributes to fraudulent intent or negligence.
2.3. If you are interested, any data may be deleted before the legal deadlines, upon express request. However, it may happen that any data needs to be kept for a longer period, due to law, court order, fraud prevention (art. 11, II, “a” of the General Data Protection Law “LGPD”, Law No. 13.709/2018) and other legitimate interests, in accordance with Article 10 of the LGPD. After the period and the legal need, data shall be deleted using safe disposal methods, or used anonymously for statistical purposes.
2.4. Data collected shall be stored on our servers located in Brazil, as well as in an environment of use of cloud resources or cloud servers (cloud computing), which means in the latter case, transfer or processing of data outside the country.
3. DISPLAY, RECTIFICATION, LIMITATION, OPPOSITION AND DELETION OF DATA
3.1. Users, through our dpo-br@chiesi.com channel, can:
3.1.1. Request the display or rectification of their personal data;
3.1.2. Request the portability of their data, provided that the contract between any User and CHIESI has been terminated, and any Access Accounts canceled;
3.1.3. Through the same tool, you can also:
a) require limiting the use of your personal data;
b) express your opposition to the use of your personal data, and
c) request the deletion of your personal data that we collect, provided that any Access Accounts have been canceled and the minimum legal period related to data storage has elapsed.
3.1.4. If you withdraw your consent for fundamental purposes for the regular operation of the Portal, services and features of the Portal may be unavailable.
3.1.5. If you do not give your consent for optional purposes related to sending information, novelties, content, news and other events relevant to maintaining the relationship, services and features of the Portal shall continue to be made available on a regular basis.
3.2. For the purposes of auditing, security, fraud control, credit protection and preservation of rights, we may remain with the record history of your data for a longer period of time in the event that the law or regulatory standard so establishes or for the preservation of rights.
3.3. Anonymized data or required after the end of the relationship between the parties may not be available for portability, and data related to CHIESI trade or industrial secret shall remain owned by CHIESI and shall not be made available to any User, under the applicable law.
4. GENERAL PROVISIONS
4.1. We do not use any type of automated decision that impacts you, User.
4.2. We have the right to change the contents of this Privacy Policy at any time, according to the purpose or need, such as for the adequacy and legal compliance of a provision of law or rule that has equivalent legal force, and it is up to you to check it whenever you access the Portal.
4.2.1. In the event of updates to this document that require collection of consent, you shall be notified through the contacts you provide us with in the record.
4.3. In case of any doubt regarding the provisions of this Privacy Policy, you can contact us through the dpo-br@chiesi.com channel.
4.4. If outsourced companies process any data we collect, they must comply with the conditions set forth herein and our Information Security rules.
4.5. If any provision of this Privacy Policy is considered illegal or illegitimate by any authority of the place where you reside or where you connect to the Internet, the other conditions shall remain in full force and effect.
4.6. You acknowledge that every communication carried out by e-mail (to the addresses informed in your record), SMS, instant communication applications or any other digital, virtual and digital means is also valid, effective and sufficient for the disclosure of any matter that concerns services we provide, as well as the conditions of their provision or any other matter addressed therein, subject to the expressly diverse provisions set forth in this Privacy Policy.
5. GLOSSARY
5.1. 5.1. For the purposes of this document, the following definitions and descriptions shall be considered for a better understanding:
CHIESI: CHIESI FARMACÊUTICA LTDA., enrolled with the CNPJ/ME under No. 61.363.032/0001-46
Cloud Computing: is a service virtualization technology built from the interconnection of more than one server through a common information network (por example, the Internet) in order to reduce costs and increase the availability of sustained services.
Cookies: Files sent to Users' devices by the Portal server, with the purpose of identifying them and obtaining access data, such as browsed pages or links accessed, thus allowing Users to customize the browsing of Users on the Portal, according to their profile.
Access Account: Users’ credentials required to access the Portal and use its features.
IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies Users' devices on the Internet.
Link: Terminology for internet address.
Portal: Designates the electronic address https://www.chiesi.com.br/
User: Person who accesses and uses the features offered on the Portal.
You: Refers to a User.
Web Beacons: Programming lines on HTML pages that have the purpose of obtaining browsing details of any User, such as how long he/she was with the Portal open, which address was visited next, among others.
6. APPLICABLE LAW
6.1. This Privacy Policy shall be governed by and construed in accordance with Brazilian law, in the Portuguese language, and the Central Court of the Judicial District of São Paulo shall be chosen to settle any litigation or dispute involving this document, unless specific proviso of any personal, territorial or functional jurisdiction by applicable legislation.
Update: 08/01/2020.