Skip to main content

 

Chiesi Farmaceutici S.p.A. ("Chiesi") wants to inform you that Chiesi will process your Personal Data as a data controller under the provisions of Regulation (EU) 679/2016 ("GDPR"). 

 

"Personal Data" Any information relating to an identified or identifiable living individual. When different pieces of information are combined, they may identify a specific person and are considered personal data. 

 

"Processing of Personal Data" Any operation or set of operations performed on personal data, whether manual or automated, including collection, recording, organization, structuring, storage, modification, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction. 

"Data Subject" The individual to whom the personal data relates. 

"Initiative" The event 'Together for EB', taking place in Frankfurt, Germany on 29th May 2026. 
 

 (1)HOW WE COLLECT AND USE YOUR PERSONAL DATA 

PURPOSES: 
 
We need to process your Personal Data to manage your registration and assist you you’re your participation in the Initiative, including booking accommodation, managing travel arrangements, and coordinating your stay. 

During the Initiative, photographs and video recordings may be taken and subsequently published through the internal communication channels of the company (such as sharing platforms and internal monitors), as well as external communication channels (such as company website, social media platforms).  

By registering for the Initiative, you authorize Chiesi and its affiliated companies to use your images and process your data for the aforementioned purposes. If you prefer not to be recorded or photographed, please inform the event staff in advance. 

PROCESSED PERSONAL DATA: 

  • Identification data such as your first name, last name, work email address, professional role, phone number, passport/identity card number, and any additional information voluntarily shared by you during your participation in the Initiative.   
  • Photos, videos, images, audio recordings, and other reproductions of your physical image.   
  • Health data, including information related to food intolerances or health conditions, or mobility difficulties that may require our support to facilitate your participation. 

 

The aforementioned categories of data are necessary for the management of your participation in the Initiative; in particular, the first point. 

 
LEGAL BASIS OF THE PROCESSING: 

Legitimate interest: pursuant to Article 6, first paragraph (f) of the GDPR, Chiesi may rely on its legitimate interest to fulfill your request for registration and participation in the Initiative. For the purpose of your registration and participation in the Initiative, the provision of your personal data is mandatory and, in case of failure to provision or your subsequent objection to the processing, Chiesi will not be able to allow you to participate in the Initiative. Moreover, Chiesi may rely on its legitimate interest to share some information (including images and videos) with other companies of the Chiesi Group. Processing carried out based on the legitimate interest of Chiesi or a third party will only take place on condition that the interests or fundamental rights and freedoms of the data subject are not overridden.  

Consent: if, for the purpose of your participation in the Initiative and for the accommodation of your meals, you deem it appropriate to communicate to Chiesi special categories of data pursuant to Article 9 of the GDPR (e.g., food intolerances, any special dietary regimes, walking difficulties, etc.), Chiesi may process such information for the purpose of managing these kinds of requests. The legal basis for the processing of your special categories of data is your explicit consent in accordance with Article 9(1)(a) of the GDPR. The provision of your personal data of a special nature or the related explicit consent under Article 9 of the GDPR is optional, but any refusal on your part will not allow Chiesi to manage your requests for this purpose. Such consent will be considered freely given by flagging the relevant checkbox. 

We will also retain your Data to comply with applicable laws and regulations and fulfill competent authorities’ requests. 
 

 (2) HOW WE SHARE AND PROTECT YOUR PERSONAL DATA 

How We Share Your Personal Data 

  • Compliance with laws and regulations: we may disclose your Personal Data to third parties such as governmental agencies, regulators, and courts under the applicable laws to handle legal disputes or requests; 
  • Service providers: Chiesi may also share your Personal Data with companies providing services on our behalf. We will ensure the legitimacy of the processing by entering into an appropriate data processing agreement with the relevant stakeholders. All processors shall comply with the applicable privacy laws and implement appropriate technical security measures.  
     

How We Protect Your Personal Data 

Chiesi implements appropriate security measures to safeguard your Personal Data against unauthorized access, disclosure, or loss, including: 

  • Reasonable efforts to ensure that Personal Data is collected in compliance with the minimization and purpose limitation principles. We retain your Personal Data for a limited time as specified in the following section (3) unless an extension of the retention period is required or permitted by law; 
  • A range of technologies to ensure the confidentiality of Personal Data, ranging from encryption, strong passwords, and two-factor authentication to firewalls and dedicated software to protect servers from external attacks; 
  • Our business partners and service providers are selected based on strict qualification criteria and obligations to comply with our data protection standards secured through specific contractually binding provisions. In addition, we perform audits and other assessments to verify their compliance with the above requirements; 
  • Privacy and data protection training to verify knowledge and other activities to improve the awareness of privacy matters among employees and contractors. 

 
 

 (3) RETENTION PERIOD OF YOUR PERSONAL DATA 

Your Personal Data referred to in section 1) of this notice is stored on the servers of Chiesi or the suppliers' servers (specifically appointed as data processors) located in Italy or within the European Union.  

We keep your Personal Data until the completion of the Initiative and, in any case, for no more than the time necessary to manage all the activities connected to it. After this period, your Personal Data will be deleted or made anonymous unless otherwise provided for by law.  

You may also decide to exercise one of the rights listed in the "DATA SUBJECTS RIGHTS" section below.  
 

 (4) DATA SUBJECTS RIGHTS 

Access, rectification, cancellation, data portability, restriction of processing, objection to processing, and revocation of consent. 

Chiesi provides dedicated contacts to exercise your right to access, modify, object, or limit the processing of your Personal Data, to request their cancellation, portability (if applicable), or revoke your consent in situations specified in the GDPR or other relevant regulations. 

We invite you to contact the Data Protection Officer (DPO) to obtain the list of data processors, receive the list of parties with whom your data has been shared and request to exercise your rights listed above: dpoit@chiesi.com    

If you believe that Chiesi is not processing your Personal Data under this notice or applicable law, you may exercise your rights by complaining to the Italian Data Protection Authority. 

The Data Controller is: 

Chiesi Farmaceutici S.p.A., with registered office in Via Palermo 26/A, 43122 Parma. 

 VAT IT 01513360345
Company's Capital Euro 75MIL
Register of Parma Companies N. 15739

E.A.R. 159271-Post Box 13885439
Mail: Post Office Box 219 - 43121 Parma - Italy

www.chiesi.com