PRIVACY POLICY
Information notice
Information notice pursuant to Article 13 of the Regulation EU 2016/679 (hereinafter “GDPR”)
In compliance with EU Reg. 2016/679 (European Regulation for the Protection of Personal Data), Effik Italia S.p.A., in its capacity as Data Controller, has to provide you with some information regarding the processing of your personal data that will be collected through the Plannher application (hereafter "App"). We therefore kindly ask you to read the following carefully.
The processing will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and rights.
1. DATA CONTROLLER, pursuant to Articles 4 and 24 of EU Reg. 2016/679 is EFFIK ITALIA S.p.A., with registered office in Via dei Lavoratori, 54, 20092 Cinisello Balsamo, in the person of its pro-tempore legal representative.
2. DATA PROTECTION OFFICER (DPO), pursuant to art. 37 of EU Reg. 2016/679:
Effik Italia S.p.A. has appointed a Data Protection Officer who can be contacted at the following email address: infoprivacy.italy@italfarmacogroup.com or at the following postal address: Data Protection Officer c/o Effik Italia S.p.A., Via dei Lavoratori, 54 20092 Cinisello Balsamo (MI).
3.TYPES OF DATA PROCESSED
Personal data and special categories of personal data
Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements that are characteristic of his/her physical, physiological, genetic, psychic, economic, cultural or social identity (such as, for example, nickname, personal details, tax code, photograph, e-mail address, etc.),
Special categories of personal data: e.g., data suitable for detecting the state of health, necessary to take advantage of certain services offered by the App.
App usage data
The applications dedicated to the functioning of the App collect, during their ordinary functioning, some personal data whose transmission is implicit in the use of Internet communication protocols.
These data are not collected in order to be associated with identified data subjects, however they could, through processing and association with other data held by third parties, allow the identification of users.
This category of personal data includes the IP addresses or domain names of the devices used by Users using the App, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s IT environment.
This data, collected for the sole purpose of obtaining statistical information on the use of the App and to check its correct operation, does not allow the user’s identity to be determined. This data could be used to ascertain responsibility in the event of any computer crimes against the App.
Data provided voluntarily by the User
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the App entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data entered.
Specific information notices
Specific information notices may be provided in the pages of the App in relation to particular services or processing of the Data provided by the Users.
Application authorisations and notifications
The App provides access to certain data on the device on which it is installed. In particular, these are:
- Full network access
- Viewing network connections
- Phone stand-by deactivation
- API Play Install Referrer
- Startup execution
These do not require authorisation from the user as they are strictly necessary for the operation of the APP and the provision of the underlying services.
In addition, the APP, in accordance with the ePrivacy Directive (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002) concerning the processing of personal data and the protection of privacy in the electronic communications sector, requires consent when setting up daily alerts. This consent can be deactivated at any time via the device settings. In any case, if the alert is deactivated, the notification relating to the alert will remain visible within the app.
Tracking tools
See the specific Cookie Policy in the App.
4. Purposes of the processing, legal basis of the processing and retention periods
Personal Data and special categories of personal data provided voluntarily by the user will be processed for the following purposes:
a) Registration and creation of the personal profile for the provision of the services provided by the App:
User Registration is a necessary phase for the use of the App with the consequent creation of the personal profile dedicated to the management of personal information. At this stage, the Data Controller requires the data subject to enter his/her name, e-mail address and a personal password. Later on, this profile will be enriched by all those additional elements that the user himself/herself will configure, within the scope of the services offered by the App.
The personal data thus provided will be processed in accordance with Articles 6(b) and 9(2)(a) of EU Reg. 2016/679.
The provision of such data is optional but, in any case, indispensable for the use of the application.
Personal Data will be retained for the duration of the use of the app and, thereafter, for the period equal to that of the ordinary statute of limitations.
The person concerned may at any time delete their profile and all personal data relating to it by means of the direct action 'delete account'.
b) Legal defence
Personal data may be used for the Data Controller's defence in legal proceedings or in the preparatory stages to its possible establishment, against abuses in the use of the same or related services by users. Data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the App.
The personal data provided could be processed in compliance with the conditions of lawfulness pursuant to Articles 6 paragraph 1 lett. f) and 9 par. 2 lett. f) (legitimate interest) of EU Reg. 2016/679.
The data will be retained, in the event of judicial or pre-judicial litigation, for the entire duration of the same, until the time limit for appeals is exhausted.
At the end of the retention periods indicated above, the personal data will be deleted, destroyed or anonymised, without prejudice to any further processing provided for by law and the Data Controller's own backup policies.
5. SERVICES PROVIDED THROUGH THE APP
Within the scope of purpose (a) above, it should be noted that the services available in the app are as follows:
1) Daily alerts for taking the pill
The App allows the user to plan daily, through the receipt of pre-established daily alerts, the taking of the contraceptive pill. For this service, the person concerned is required to enter strictly personal information relating to their state of health, such as the type of pill taken.
2) Monitoring the state of well-being resulting from taking the pill
When using the App, the user can make use of an additional service which consists of monitoring the effects of taking the pill over time. For this service, strictly personal information relating to one's psychophysical state is required (e.g. by selecting a state of well-being from the predefined ones; indicating the level of drowsiness and appetite, etc.). In this case, the user will have daily visibility of their 'well-being report'. This information remains exclusively available to the user and is in no way used by the Data Controller to create profiles or carry out further analyses.
The provision of this data is optional and is not indispensable for the use of the application, but failure to provide it does not allow the user to use the service in question.
3) Handling of user requests for information:
The user has the option of requesting information from the Data Controller via the "Write to us" link (e.g. if he/she cannot find a specific type of pill in the list entered). The link takes the user to one of the e-mail services installed on his/her device and generally used.
6. PROCESSING METHODS - STORAGE
This App processes user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorised access, disclosure, modification, or destruction of data. Personal data shall only be made accessible to those who, by reason of their duties, have been expressly authorised and instructed to process the data by the Data Controller pursuant to Article 29 of the GDPR.
The processing will be carried out in automated form, with methods and tools designed to ensure maximum security and confidentiality
7. SCOPE OF COMMUNICATION AND DISSEMINATION
The personal data provided may be processed by companies trusted by the Data Controller that perform tasks of a technical and organisational nature on its behalf, by way of example but not limited to: companies that deal with the management and technical maintenance of the Data Controller's IT systems, or entities that provide and/or manage services requested by App users on behalf of the Data Controller, or firms or companies within the scope of assistance and consultancy relationships. The aforementioned companies have been appointed by the Data Controller as external data processors pursuant to Article 28 of the GDPR.
The updated list of data processors is available upon request by sending a communication to the contacts listed below.
Furthermore, in addition to the subjects indicated above, the Data Subject's personal data may be communicated, where required or provided for by applicable legislation, to the competent supervisory and control authorities, tax authorities and other authorities, within the scope of their competences. In these cases, these additional subjects will act as autonomous data controllers.
8. TRANSFER OF DATA TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANISATION
With regard to the transfer of data to non-EU countries, including countries that may not guarantee the same level of protection as provided for by the GDPR, the Data Controller would like to inform you that no transfers are made to third countries. Any transfers may concern anonymised data which, being anonymous, do not fall within the scope of the GDPR.
The data will not be disseminated.
9. RIGHTS OF DATA SUBJECTS
By contacting the Data Controller, by post at EffiK Italia S.p.A. via dei Lavoratori, 54, 20092, Cinisello Balsamo (MI), or by e-mail at infoprivacy.italy@italfarmacogroup.com, data subjects may exercise their rights pursuant to and in accordance with the terms and conditions set out in Articles. 15-22 of the GDPR, including the rights of access to data concerning them, of deletion, of rectification of inaccurate data, of integration of incomplete data, of restriction of processing in the cases provided for by Art. 18 GDPR, as well as of opposition to processing, for reasons related to their particular situation, in cases of legitimate interest of the data controller.
Data subjects also have the right, in the event that the processing is based on consent or contract and is carried out by automated means, to receive the data in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit them to another data controller without hindrance.
Data subjects have the right to lodge a complaint with the competent supervisory authority in the Member State where they habitually reside or work.
10. CHANGES TO THE PRIVACY POLICY
The Controller reserves the right to change, update, add or remove parts of this privacy policy at its own discretion and at any time. The data subject is required to periodically check for any changes. In order to facilitate such verification, the notice will contain an indication of the date on which the notice was updated.
Date of update: 06/16/2022