Privacy Notice for Social Media Users - Article 14, Regulation (EU) 2016/679 (“GDPR”)

This notice concerns the processing of personal data of users of social networks such as, for example, Facebook, YouTube, X, Instagram, LinkedIn and other similar networks or portals (hereinafter “Social Networks”) who, through their social account, interact with the accounts and social pages of Laboratori Guidotti S.P.A. (“Menarini”), or browse Menarini's websites after logging in to the Social Networks.

The notice refers exclusively to the processing operations carried out by Menarini: in fact, the data are collected and processed primarily by the Social Network with which the users are registered (acting as Data Controller of its own users' data); however, when the user interacts with the social profile, social pages or website of Menarini, the latter may receive a small fraction of such data from the Social Network, in respect of which Menarini assumes the status of “Independent Data Controller”: this means that the Social Network and Menarini independently decide the purposes and methods with which they process the data of the users to whom they respectively have access.

The processing operations carried out by Menarini will be described below. If, on the other hand, you wish to have information regarding the processing carried out by the Social Network you are registered with, you are invited to read the relevant Privacy Policy, accessible via your profile.

By interacting with Menarini's page/account on Social Networks (“Page”), Menarini may process the following personal data of the user, referable to the latter's profile on the Social Network:

name, surname, username and other biographical and professional data, age, gender, information made public by the user or shared through the Social Network via posts, or other existing tools on the Social Network, the user's activities on the Page and on the Social Network, such as “likes”, comments, public posts, tags and hashtags; content of private messages sent to Menarini.

The Social Network may also make available to Menarini information on activities and preferences expressed during web browsing, to the extent that the user has consented through their profile and browser settings. The collection of such data may also occur through tools such as cookies, web beacons and pixel tags: you are therefore invited to check your browser settings, your profile on Social Networks or the privacy/cookie notices on the sites visited for further information. It is specified that when such tools are present on Menarini sites, the relevant information is contained in the respective privacy and cookie policies. It is specified that if the user has logged in to their account on the Social Network and connects to a Company site with the same device, Menarini may be able to detect some of the information inferable from the user's profile (e.g., age range, “likes”, etc.), and in some cases even identify them.

The data will be processed in order to:

• respond to users' posts, requests and queries, and allow users to participate in activities carried out through the Page; manage and optimize the contents of the Page, perform statistical and market analyses regarding the users who interact with the Page or with our Sites. The legal basis for processing is Menarini's legitimate interest in promoting its activities and its corporate image (art. 6.1.f GDPR);
• fulfill regulatory obligations, pursuant to art. 6.1.c of the Regulation, and provide for fulfillments in matters of public health, which require Menarini to monitor, manage and report to the competent authorities and other subjects (licensors, licensees) information relating to adverse events (potential or actual) related to the use of its products. The legal basis for processing is the fulfillment of legal obligations and the protection of a public interest in the field of public health, consisting in ensuring a high level of quality and safety of Menarini's products.
• ensure compliance with the Netiquette, implement the Code of Ethics and the Code of Conduct of Menarini and the Menarini Group, protect Menarini's rights. The legal basis for processing is the Company's legitimate interest in preventing abuses committed by users through the page, including behavior contrary to the aforementioned codes, violations of applicable regulations and to protect its rights (art. 6.1.f and 9.2.f GDPR).
• carry out promotional campaigns relating to Menarini's activities or its products/services (in accordance with the regulations on the promotion of health-related products/services) through the page or social profile, also by sending messages; collect anonymous statistical information on the effectiveness of the aforementioned promotional campaigns: the legal basis for processing, in that case, is the consent expressed by the user to the Social Network (art. 6.1.a of the GDPR);
• send personalized messages (“profiling”) relating to the activities, products and services specified in the previous point. The legal basis for processing is the user's consent, expressed to the Social Network, also in combination with cookies, web beacons/web trackers, pixel tags, etc (art. 6.1.a of the GDPR).
• as regards the data collected in relation to job vacancy announcements published through Social Networks, evaluate and eventually establish a collaborative or working relationship: the legal basis for processing is the execution of a contract or pre-contractual measures aimed at the conclusion of a contract with the user (art. 6.1.b of the GDPR).

As regards the publication of any third-party data, it is the user's responsibility to obtain the necessary consents and fulfill the information duties eventually required by the applicable privacy legislation.

Regarding the consents to the processing of user data inferable from Social Network accounts, it is specified that: (i) these are granted by the user at the time of registration on the Social Network, which can modify/personalize them at any time (Menarini does not, however, exercise any control over such operations, managed entirely by the Social Network); (ii) the data processed by Menarini are those made available to it by the Social Network, which therefore responds exclusively for any sharing of information not permitted by the user or the receipt of unsolicited messages, not corresponding to the settings selected by the user.

The user's data will be processed primarily with electronic tools, and may be entered into Menarini's information system in compliance with applicable legislation, including security and confidentiality profiles and inspired by the principles of correctness and lawfulness of processing. The data will be stored for the period strictly necessary to achieve the purposes for which they were collected; in any case, the criterion used to determine such period is based on compliance with the terms allowed by applicable laws and the principles of data minimization and rational management of archives.

The data may be processed by Menarini personnel assigned to IT, administrative, internal audit and compliance functions and other duly authorized subjects who need to process them by reason of their duties.

For activities of an organizational, administrative, financial and accounting nature, pursuant to arts. 6.1.f and Recital 48 of the GDPR, the data may be communicated to companies of the Menarini Group, also in non-EU countries (hereinafter “Third Countries”).

Furthermore, in relation to the fulfillments and purposes indicated above, also in Third Countries, to: the data may be communicated to the OdV (Supervisory Body), as well as to third-party companies, such as suppliers, sub-suppliers, IT and “Cloud Computing” service providers, social networking service providers that manage the Pages, professional firms, and companies that carry out fiscal or administrative activities on behalf of Menarini, public authorities and legitimate recipients based on national or community regulations, third parties in case of audits, acquisitions or mergers. Depending on the case, such subjects will act as controllers, processors or persons authorized to process for the same purposes indicated above and according to the applicable law.

Regarding the eventual transfer of data to Third Countries, including countries that may not guarantee the same level of protection provided for by the applicable legislation, it is noted that the processing will take place only on the basis of one of the methods allowed by current law, such as for example the adoption of Standard Clauses approved by the EU Commission, the selection of subjects adhering to international programs for the free movement of data or operating in countries considered safe by the EU Commission.

By contacting the Data Protection Officer of the Menarini Group, reachable at the email address dpo at menarini dot com (please replace “at” with “@” and “dot” with “.”), the user may exercise the rights recognized by arts. 15-22 of the GDPR, including: obtaining confirmation of the existence or otherwise of data concerning them, accessing such data, verifying their content, origin, accuracy, location (also in relation to Third Countries where the data are located), requesting a copy, integration, updating, rectification and, in the cases provided for by current law, the limitation, erasure, transformation into anonymous form, opposition for direct contact activities (also limited to some means of communication), opposition for legitimate reasons to the processing. You are also informed that it is always possible, as well as to report any uses of the data not considered correct or unjustified. Finally, the user may lodge a complaint with the Data Protection Authority (Garante per la Protezione dei Dati Personali). To revoke the consent to the processing given to Social Networks, it is instead necessary to interface directly with the Social Networks themselves.