Privacy Policy

Privacy Policy




Alfasigma’s privacy policy



The methods of managing the website are described on this page with regard to the processing of the
personal data of the users who consult it.
This information briefing is also made available, in accordance with article 13 of the European
Regulation 2016/679 concerning the protection of physical persons with regard to the processing of
personal data (GDPR), to those who interact with the web services of the company Biosint S.p.A.,
accessible via digital transmission, starting from the address:

corresponding to the first page of of Alfasigma S.p.A.
The information briefing is made available only for the site
and not for any other websites that may be consulted by the user via links.

The information briefing is also in compliance with Recommendation No. 2/2001 for the protection
of personal data which the European authorities adopted on 17 May 2001 in order to identify certain
minimum prerequisites for the collection of personal data online and, in particular, the methods, times
and nature of the information that the data controller must provide to the users when the latter
connect to web pages, irrespective of the purposes of the connection.



Following consultation of this website, data may be processed concerning identified or identifiable
persons. The Data Controller is Biosint S.p.A. with registered office in via Pontina, Km 30,400 – 00071
Pomezia (RM) and Plant in via del Murillo 16/ via Roio, 2 – 04013 Sermoneta (LT) Tax Code n.
03724840586 – VAT No. 01233231008 – PEC

The Company has identified the Data Protection Officer in accordance with Article 37 of the Regulation;
DPO can be contacted for questions concerning the processing of your data, through the following



The Company Apex Srl has been appointed as data processor pursuant to article 28 of the
since it is responsible for the maintenance of the website’s technological
The complete list of the subjects to which your personal data have been or may be communicated is
available on demand at the address


Data Processing Purposes & Types of Data Processed

a) Browsing data

The computer systems and the software procedures assigned to the functioning of this website acquire,
in the course of their normal operation, certain personal data whose transmission is implicit in the
use of Internet communication protocols.
This is information that is not collected in order to be associated with identified interested parties
but which, by its very nature, could, through processing and association with data held by third
parties, allow the identification of the users.
This category of data includes IP addresses or domain names of the computers used by the users who
connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources
requested, the time of the request, the method used to submit the request to the server, the size of
the file obtained in reply, the numerical code indicating the status of the reply given by the server
(correct outcome, error, etc.) and other parameters regarding the operating system and the digital
environment of the user.
These data are used for the sole purpose of extracting anonymous statistical information on the use of
the site and to check its proper functioning and are deleted immediately after processing. The data
could be used to ascertain liability in the theoretical event of digital crimes to the detriment of the
site: apart from this eventuality, the data on web contacts are currently retained for no more than
seven days.

b) Data supplied voluntarily by the user

The optional, explicit and voluntary sending of emails to the addresses indicated on this
shall lead to the subsequent acquisition of
the address of the sender, required to respond to the requests, as well as any other personal data
entered in the communication or on the basis of the service requested.
Specific summary information will be gradually reported or displayed on the website pages provided for
particular services on request.



This website uses cookies.
By using our website, users declare they accept and consent to the use of cookies in compliance with
the terms of use of the cookies expressed in our Cookie Policy, which can
be found on this link.



Apart from what is specified for navigation data, the user is free to provide personal data through the
sending of emails to the addresses indicated on this website.
Failure to provide this data may make it impossible to obtain what has been requested.
Lawfulness of processing is based on data subject’s consent to the processing of his or her personal
data for purposes described in this privacy notice.



The personal data is processed with automated instruments for the time strictly necessary to achieve
the purposes for which they were collected.
Specific security measures are followed in order to prevent data loss, illegal or improper use and
unauthorised access.



Data collected are processed by Alfasigma’s personnel under the authority of the controller according
to instructions provided by the Controller pursuant to Art. 29 of Regulation, and can be communicated
to third parties appointed as Data Processor pursuant to Art. 28 of Regulation, for purposes described
in this Privacy Notice.
The complete list of the subjects to which your personal data have been or may be communicated is
available on demand at the address



The management and retention of the personal data shall take place on servers, located within the
European Union, of the Data Processor and/or third-party companies duly appointed as Data Managers.
Currently, the servers are located in Italy. The data are not currently subject to transfer outside the
European Union.
In any event, it remains understood that the Data Controller, should it be necessary, shall have the
right to change the location of the servers, in Italy, within the European Union and/or to countries
outside the EU.
In this case, the Data Controller ensures henceforth that the transfer of the data outside the EU shall
take place in compliance with articles 44 and subsequent of the Regulation and the applicable legal
measures stipulating, where necessary, agreements that ensure an adequate level of protection.



The data concerning you shall be retained in accordance with the following criteria:

  • for a period of time no longer than that necessary to attain the purposes for which they are
  • for a period of time no longer than necessary to fulfil regulatory obligations.



We inform you that at any time in relation to your data, you can exercise the rights under Articles 15
to 22 of the GDPR.
In detail:

  1. You have the right to obtain from the Company confirmation as to whether or not personal data
    concerning him or her are being processed, and, where that is the case, access to the personal
    data and the following information:

    • The purposes of the processing;
    • The categories of personal data concerned;
    • The recipients or categories of recipient to whom the personal data have been or will be
      disclosed, in particular recipients in third countries or international organisations;
    • The period for which the personal data will be stored;
    • Where the personal data are not collected from the data subject, any available information
      as to their source;
    • The existence of automated decision-making, and, at least in those cases, meaningful
      information about the logic;
    • The appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
  2. Moreover you have the right of the:
    • Access, update, rectification, integration or erasure of personal data or restriction of
      processing of personal data concerning the data subject or to object to such processing;
    • Obtain the data portability;
    • Withdraw consent to the processing of personal data, if applicable;
    • To lodge a complaint with a supervisory authority.

In order to exercise your rights, please contact the data Controller with a written request, filling
the form that you can download from this link, and send it at the following address

The Data Controller will provide information on action taken on a request under Articles 15 to 22 to
you without undue delay and in any event within one month of receipt of the request. That period may be
extended by two further months where necessary, taking into account the complexity and number of the
requests. The Data controller will inform you of any such extension within one month of receipt of the
request, together with the reasons for the delay.



This Privacy Notice may undergo changes. It is therefore recommended that you regularly check this
Privacy Notice and refer to the most up-to-date version.