Skip to content

BetaGlue Therapeutics S.p.A. (hereinafter also “BetaGlue”), in its capacity as Data Controller of Personal Data (hereinafter, “Data Controller”), pursuant to EU Regulation 2016/679 (hereinafter: “Regulation”) – considers the protection of Personal Data to be one of the company’s main objectives.

We therefore invite you, before transmitting any personal data to the Data Controller, to read this Privacy Policy carefully.

“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors referred to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This document refers to the data processing carried out in the performance of the company’s institutional activity and is provided to those who, although not interested in the processing, interact with the activity of the Data Controller, such as independent Data Controllers, External or Joint Data Controllers.

The Data Controller can be contacted at the following email address: info@betaglue.com.

This document has, therefore, the function of disclosing the company’s privacy policy, and allows to understand how the personal information of the data subjects is processed by the company, in compliance with GDPR 2016/679.

According to the provisions of the Regulation, the processing carried out by the company is based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality.

The Data Controller

The Data Controller of personal data is BETAGLUE THERAPEUTICS S.P.A., in the person of the legal representative in force, with registered office in Piazzetta Umberto Giordano, 4, 20122 Milan, Italy.

Personal Data subject to processing

The company deals with:

  1. special personal data (state of health, results of analysis, existence, and outcome of pathologies, etc.) functional to the development of the technologies researched by the company;
  2. data of the company’s employees and collaborators.

Please note that the data referred to in point 1 are subject to pseudonymization by the CNR, which acts as an intermediary between the clinic/hospital or other subject active in the care of the patient and BetaGlue. BetaGlue does not have the decryption keys and, therefore, in fact, the data processed is anonymous.

Purposes of processing

The processing of data carried out by BetaGlue may have the following purposes:

  1. To enable BetaGlue’s institutional activity (research, development, etc.);
  2. To enable the provision of the Services offered by the company;
  3. To allow, in relation to the company website:
    1. Registration to the website;
    2. Subscription to the e-mail newsletter;
    3. Sharing contents of the website;
    4. General request of information;
    5. Registration for events and initiatives;
    6. Narration and analysis of résumé for collaboration or recruitment purposes.

Basis of legitimacy and mandatory or optional nature of the processing

The legal basis for the processing of Personal Data, depending on the purposes of the processing itself, may be, alternatively or cumulatively:

  • the consent;
  • the execution of a contract;
  • the fulfilment of legal obligations;

We wish to underline that the special health data processed by the company for the research and development of new technologies and treatment techniques are processed anonymously.

Recipients of Personal Data

Personal Data may be shared, for the purposes referred to in the dedicated section, with:

  • a. subjects who typically act as data processors pursuant to Article 28 of the Regulation, namely: i) persons, companies or professional firms that provide assistance and advice to BetaGlue; ii) subjects with whom it is necessary to interact in order to carry out BetaGlue’s institutional activities; iii) subjects delegated to carry out technical maintenance activities (including the maintenance of network equipment and electronic communications networks); (collectively “Recipients”). The list of data processors can be requested to the Data Controller.
  • b. subjects, bodies or authorities, autonomous data controllers, to whom it is mandatory to communicate Personal Data in compliance with legal provisions or orders of the authorities;
  • c. persons specifically authorised by BetaGlue (e.g. employees and contractors).

 

Data Retention

Personal Data processed for the purposes referred to in the dedicated section will be kept for the time strictly necessary to achieve those same purposes in compliance with the principles of minimization and storage limitation pursuant to Article 5.1.e) of the Regulation.

In any case, the Data Controller will process Personal Data for the time necessary for contractual and legal obligations, as well as to provide for the protection of company rights and employees/collaborators.

Anonymous or anonymized data will be processed sine die.

More information about the data retention period and the criteria used to determine this period can be requested by writing to the email address indicated above.

Transfer of data abroad

Data transfers to and from countries outside the European Economic Area are carried out in compliance with the conditions of reciprocity and legitimacy set out in GDPR 2016/679. In any case, the transfer of data concerns, primarily, data, which are in fact anonymous or anonymised.

Rights of the data subjects

The company guarantees the exercise of the rights of the data subjects, where applicable and in relation to non-anonymous data, pursuant to articles 15 et seq. of the Regulation, such as: right of access to Personal Data; their rectification or cancellation; restriction of processing in the cases provided for by art. 18 of the Regulation; right to obtain personal data in a structured, commonly used and machine-readable format, in the cases provided for by art. 20 of the Regulation; right to object and revoke consent and right to file a complaint with the competent supervisory authority pursuant to Article 77 of the Regulation (Guarantor for the Protection of Personal Data WWW.GARANTEPRIVACY.IT).

Changes

BetaGlue reserves the right to modify or simply update the content of this policy, in part or in full, also due to changes in the applicable legislation.