Privacy Policy

Introduction

EU Regulation 2016/679 on the “protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter “EU Reg. 2016/679” or “GDPR”) contains a series of rules aimed at ensuring that the processing of personal data is carried out in compliance with the fundamental rights and freedoms of individuals and with the principles of fairness, lawfulness, transparency, confidentiality and data minimization.

Therefore, on this page, Giuliani S.p.A. intends to provide, pursuant to Articles 13 and 14 of the GDPR, the following information notice on the processing of personal data of users who visit or consult the website accessible electronically from the address: www.giulianipharma.com (hereinafter the “Site”).

Data Controller

The Data Controller is Giuliani S.p.A., (Tax Code and VAT No. 00752450155), with registered office at Via Pelagio Palagi no. 2, 20129 – Milan (MI), in the person of its legal representative pro tempore, (hereinafter “Giuliani” or also only the “Controller”).

Data Protection Officer (DPO)

The Data Subject may contact the DPO at any time to request explanations regarding this Notice or to exercise the rights provided for by the personal data protection legislation by sending an e-mail to: dpo@giulianipharma.com

Categories of personal data and source of the data

During browsing of the Site, the following information relating to the data subjects may be acquired (hereinafter the “Data Subjects” or individually the “Data Subject”):

a) Browsing data

When connecting to the Site, the IT systems and software procedures responsible for its operation automatically and indirectly administer and/or acquire certain information (such as, purely by way of example, so-called “cookies” as specified in the “Cookie Policy”), the transmission of which is implicit in the use of the Internet. The processing of these data allows the Controller to ensure the best possible browsing experience as well as to provide all the functions and services offered through the Site. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow the identification of the data subjects browsing the Site. This category of data includes:

• the “IP addresses” or domain names of the computers used by visitors who connect to the Site;
• the time of the request;
• the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources;
• the method used to submit the request to the web server;
• time of the request, size of the file obtained in response;
• the numeric code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the visitor’s operating system and IT environment.

These data, necessary for the use of web services, are also used for the purpose of obtaining anonymous statistical information on the use of the Site and therefore are not collected to be associated with identified data subjects. Browsing data are normally deleted at the end of each processing operation but may be used and stored by the Controller to ascertain any liability in the event of computer crimes against the Site or other sites connected or linked to it. Except in this circumstance and as indicated in the Site’s Cookie Policy, browsing data are stored for a limited period of time, in compliance with the provisions of the applicable legislation.

It is possible to limit the processing of the personal data indicated above by using certain features made available by the Site (with particular reference to the transmission of cookies or similar tools, please refer to what is specified in the Site’s “Cookie Policy”) or by the device or browser / browsing application. In such case, browsing on the Site may be limited and some of its functions / services may be inaccessible.

b) Data voluntarily provided by the User

Interaction with the “Contacts” and “Reporting of suspected adverse reactions” sections of the Site, as well as the optional, explicit and voluntary sending of messages to the Controller’s contact addresses published on the Site, entails the collection and subsequent processing of additional personal data by Giuliani.

These additional personal data are freely provided by the Data Subject. Unless otherwise specified in the forms on the Site, the requested data are strictly necessary to process the requests received from the Data Subject.

In particular, the Controller collects the following types of personal data:

• identification data (name) and contact data (e-mail address) of the Data Subject as well as any additional personal data included in communications sent to the Controller by completing the form in the “Contacts” or “Reporting of suspected adverse reactions” section, or by sending an e-mail to the Controller’s e-mail address, or communicated by telephone to the contact numbers published on the Site
• special categories of data relating to adverse drug reactions provided through interaction with the “Reporting of suspected adverse reactions” section.
• identification and contact data provided by completing the additional forms on the Site.
• The processing of such additional personal data will be based on respect for the principles of fairness, lawfulness, transparency and protection of the confidentiality and rights of the Data Subject.

The personal data indicated above are collected directly from the Data Subject.

Purposes of processing and legal basis

The Data Subject’s personal data are processed for the following purposes:

1. to respond to contact or information requests from Data Subjects received through interaction with the “Contacts” section, or through the Controller’s contact addresses on the Site. In this regard, it is specified that personal data that are not strictly necessary for pursuing the aforementioned purpose will not be processed by the Controller. No data belonging to the special categories of data as identified by the applicable legislation shall be processed in any way, and the Data Subject is therefore invited not to communicate any such data (data suitable for revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-union nature, as well as data relating to the Data Subject’s health status and sex life);
2. to allow the Data Subject to participate in prize competitions or prize operations promoted, from time to time, by the Controller, through the management and execution of every measure (pre-contractual and/or contractual) connected with participation in the aforementioned competitions (including the prize awarding phase);
3. to optimize the operation of the Site and allow the use of services and features present therein, including through the use of cookies necessary for this purpose, as better specified in the Cookie Policy;
4. exclusively subject to the Data Subject’s specific and separate consent, to periodically send advertising, promotional and/or commercial material, including newsletters, relating to the products offered and/or promotional and sales initiatives promoted by the Controller. This may take place both through traditional contact systems (Telephone/Smartphone) and through electronic communications (e-mail);
5. to respond to requests from Data Subjects received through interaction with the “Reporting of suspected adverse reactions” section, or through the Controller’s contact addresses on the Site. In this regard, it is specified that personal data, possibly including special categories of data, that are not strictly necessary for pursuing the aforementioned purpose will not be processed by the Controller.
6. to comply with obligations provided for by laws and regulations to which the Controller is subject and/or to execute orders issued by duly authorized Authorities.

The legal basis justifying the processing consists of:

• for the purposes referred to under a); b) and c), the performance of pre-contractual measures adopted at the request of the Data Subject and/or the performance of a contract to which the Data Subject is a party (Art. 6, (1), letter (b) EU Reg. 2016/679);
• for the purposes referred to under d), the explicit consent of the Data Subject (Art. 6, (1), letter (a) EU Reg. 2016/679);
• for the purpose referred to under e), compliance with a legal obligation to which the Controller is subject (Art. 6, (1), letter (c) EU Reg. 2016/679) and, for special categories of data pursuant to Art. 9, para. 2 GDPR (letter i) – public interest in the area of public health;
• f) compliance with a legal obligation to which the Controller is subject (Art. 6, (1), letter (c) EU Reg. 2016/679);

The provision of personal data marked with an asterisk, or otherwise indicated as mandatory within the forms available on the Site, is necessary so that the Controller can correctly and completely perform the services requested by the Data Subject and/or correctly comply with legal or regulatory obligations.

Consent

The Data Subject has the right to withdraw, at any time, any consent given, in whole and/or in part, deciding, for example, to receive communications only through traditional contact methods (telephone/Smartphone) or only through electronic communications (e-mail), or not to receive any communications. Any withdrawal of consent shall not affect the lawfulness of processing based on consent given before the withdrawal.

To withdraw consent, the Data Subject may contact the Controller at any time at the addresses published in this notice.

Processing methods

The processing of personal data takes place using manual, IT and telematic tools with logic strictly related to the purposes stated in this document and, in any case, in such a way as to ensure the security and confidentiality of the data in compliance with the applicable regulations.

In the event of processing carried out by electronic processing methods, Giuliani may use third-party service companies that will be informed of their responsibilities through appointment as Data Processor pursuant to Art. 28 of the GDPR.

Data retention period

The processed data will be retained for a period not exceeding the achievement of the purposes for which they were collected (“storage limitation principle”, Art. 5 GDPR), without prejudice to cases of compliance with a legal obligation or an order issued by a duly authorized Authority. The obsolescence of the stored data in relation to the purposes for which they were collected is periodically verified.

Specifically:

• for personal data collected for marketing purposes (e.g. newsletters), they will be processed until consent is withdrawn by the data subject or in any case no longer than 24 months if consent is not renewed;
• for personal data collected through the “Reporting of suspected adverse reactions” form provided by the website, the data will be processed for a period of ten years from the last interaction/communication containing the report;
• for personal data collected through the “Contacts” form provided by the website, the data will be processed for a period of 6 months from the last interaction/communication

Once the applicable retention period has elapsed, personal data will be deleted, destroyed or made permanently and irreversibly anonymous. Following such deletion or anonymization, certain rights of the Data Subject – such as the right to rectification, portability and erasure – will no longer apply, as they refer to data that no longer exist or are no longer identifiable. The Data Subject may nevertheless exercise their right of access in order to obtain confirmation that their personal data have been deleted.

Categories of recipients to whom personal data may be communicated

The Data Subject’s personal data may be made accessible or communicated for the purposes described above:

• to employees and collaborators of the Controller, in their capacity as persons authorized to process data and/or system administrators, within the scope of their respective duties and in accordance with the instructions received;
• to third-party companies or other entities that carry out activities functional to the management and administration of the Site (such as, for example, hosting companies; service providers, managers of electronic platforms and, more generally, IT service providers);
• to entities that carry out technical or organizational tasks (provision of printing, enveloping, transmission, transport and sorting services for communications, or also to third-party companies that provide outsourced call center services);
• exclusively in the case of data collected for the purposes referred to in paragraph b, the data may be communicated to persons authorized to process data (such as: notaries; chamber of commerce officials, etc.) or to service providers necessary for carrying out the prize competition (such as, by way of example: prize providers; couriers; entities associated with the prize competition held, etc.);
• to all those entities authorized to access the data by virtue of legal or regulatory provisions (such as, for example, Public Offices and Authorities);
• to companies responsible for the Controller’s internal audit on the basis of applicable laws and regulations.

Such entities, organizations and companies will process the Data Subjects’ data as Data Processors duly appointed by the Controller or, where relevant, as independent controllers.

The complete and updated list of entities appointed as Data Processors is kept at the Controller’s registered office.

Place of processing

The data will be processed by the Controller at its registered office located at Via Pelagio Palagi no. 2, 20129 – Milan (MI), and at the premises of service companies within the European Union.

Transfer of personal data outside the EU

The Data Subjects’ personal data are stored on servers located at the Controller’s registered office, as well as at the premises of service companies within the European Union.

The Controller undertakes not to transfer any personal data to countries outside the European Union.

Should such transfer become necessary, the Controller will adopt appropriate safeguards pursuant to Art. 46 GDPR (such as, for example, the standard contractual clauses adopted by the European Commission) or will rely on the derogations provided for by Art. 49 GDPR, including the explicit consent of the data subject

Interaction with social networks and external platforms

The site, through widgets and buttons, may interact with external platforms and social networks. In such case, the information acquired depends on the settings of the profiles used by the user on each social network and not on the administrator of this site, especially if the user has the login profile for such platforms active.

The links such as Facebook®, YouTube®, X®, Instagram®, TikTok®, etc. allow interaction with Giuliani’s pages on social media and sharing of ideas, opinions or topics from the website with the respective social platforms, and may collect data from the data subject. Please note that you may access the Site or connect to our areas and blogs, which may also contain purchasing advice. In some cases, you may be enabled to publish information, communicate with others, for example by coming from the Giuliani page on other social networking sites, view/review products and offers, and publish comments or content.

Before interacting with such areas, we invite you to carefully read the General Terms of Use, taking into account that, in certain circumstances, the information published may be viewed by anyone with Internet access and all information you include in your posts may be read, collected and used by third parties.

More information may be obtained from the websites of the companies offering the service. Please note that, in such case, during such browsing, your personal data are not managed by Giuliani, whose role is limited to making the connection available through such buttons solely to offer an additional service to the data subject, but it has no control over them. Please refer to the pages of the individual providers.

Rights of data subjects

Pursuant to Articles 15 et seq. of the GDPR, the Data Subject has the right to:

• access their Personal Data, or a copy thereof, as well as to receive due information on ongoing processing operations;
• request the updating, correction or integration of their personal data;

In the cases provided for, the Data Subject also has the right:

• to withdraw any consent given;
• to object to the processing of their personal data;
• to request the erasure of their personal data;
• to request the restriction of the processing of their personal data;
• to request their personal data to be transmitted to them or to another data controller in an intelligible format (data portability).

The Data Subject has in any case the right to lodge a complaint with the Italian Data Protection Authority if they believe that their personal data are processed in breach of Reg. (EU) 2016/679.

How to exercise rights

The Data Subject may exercise the rights granted to them at any time by sending a registered letter with return receipt addressed to “Giuliani S.p.A.”, Via Pelagio Palagi no. 2, 20129 – Milan (MI), or by sending an e-mail to: giulianiprivacy@giulianipharma.com or by contacting the appointed DPO at the e-mail address dpo@giulianipharma.com

Minors

Minors under the age of 18 must not provide information or personal data to the Controller without the consent of those exercising parental responsibility over them. In the absence of such consent, it will not be possible for the minor to send requests through the Site. Giuliani invites all those exercising parental responsibility over minors to inform them about the safe and responsible use of the Internet and the Web.

Updates and Changes

The Data Controller reserves the right to make changes to this notice at any time by informing the Data Subjects on this page. We therefore ask you to consult this page regularly, taking as reference the date of the last update indicated at the bottom.

Last updated: 22/06/2026