ALPHA PHARMA PRIVACY POLICY
THIS PRIVACY POLICY ARE EFFECTIVE AS OF November 20, 2020.
These Privacy Policy is between Alpha Pharma Service (“Alpha Pharma Service”,“we” or “us”) and you or any other person for whose use and on whose behalf you purchase a Alpha Pharma Product or service(“you”), concerning your use of (including any access to): theAlpha Pharma website located at www.a-ps.it and other websites we operate (“ Alpha Pharma Websites”); the software applications we make (including our mobile application like Iris Flash)available for download or access at our Websites, in the Google Play or App Store or other mobile service provider locations or other locations we indicate (“Apps”); and any Alpha Pharma products (“Alpha Pharma Products” ). The policy describes your personal information protected by applicable privacy and data protection laws, how and why we collect or process the information about you when you use our products, services or website.
We are committed to protecting your personal information and your right to privacy in compliance with all applicable privacy and data protection laws globally, including without limitation the General Data Protection Regulation (EU) 2016/679 (“GDPR”). If you have any questions and concerns about this privacy notice, or our practices with regards to your personal information, please contact us at info@a-ps.it.
We hope you take some time to read through it carefully, as it is important. If there is any terms in this privacy notice that you do not agree with, please discontinue use of Alpha Pharma Websites, Products and Services. This privacy notice applies to all information collected through Alpha Pharma Websites, Products and Services, as well as any related services, sales, marketing or events.
WHAT, WHEN AND WHY we collect information about you?
Alpha Pharma Data Service Our Data Service, included in Alpha Pharma Services, is intended to allow a user to use the data generated by, or created in connection with the use of Alpha Pharma to help the user to manage his or her diabetes in accordance with the applicable labeling of Alpha Pharma Websites, Products and Services.
Each Data Service or software app may require the creation of an Alpha Pharma user account on the software app. If so, you are required to accurately complete and maintain the user account and to provide us with all required information. You are responsible for obtaining, maintaining and paying for all hardware, software and telecommunications and other services necessary for the use of the data services.
Use of our Data Services requires an internet-enabled smart device or computer. Each Data Service receives user data from a software app that is downloaded to your smart device or computer.
Our Data Services may also permit users to share user data, reports and other information relating to the user to certain third parties selected by the user. By selecting the third party (which may be a person, a software app, or another business), you are authorizing us to send your user data to each party you select. Alpha Pharma does not verify or validate any information regarding such third parties or the information you have provided regarding them. Once your information has been provided to a third party designated by you, Alpha Pharma has no further control or responsibility regarding that information.
Our collection, storage and transmission of user data and any other information that you provide to Alpha Pharma through Alpha Pharma Websites, Products and Services governed by the Privacy Policy.
We may collect:
- Account Information, which means Personal Information associated with your user account and account Information also includes the contact information, username and health information of any person whose account is created at your request. Account Information may include your contact information such as your name, billing and shipping address(es), phone number and email address; your Alpha Pharma username and password; birth date and place; gender; and your health information.
| WHEN | We may collect and process Account Information when you create a user account, or we create an account for you with your consent. |
| WHY | We collect and otherwise process Account Information to: Establish and manage your account and Products and Services;Establish, perform, and maintain a contract with you;Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out to receive marketing or, where an affirmative opt-in is required under applicable to law, you have affirmatively opted in to receive marketing);Send you surveys when permitted under applicable law;Process and address any Communications Information (defined below) if needed based on the communication you provide; |
- Health Data and Other Use Information, which means Personal Information associated with your use of our Products or Services, including those Products and Services accessible through our websites such as a web portal account accessed through a browser, and which may constitute Personal Information. Use Information includes your health information generated from your use of our Products or Services such as your glucose readings; the date, time and device identifier associated with the glucose reading; thresholds that you input into our services or software apps and notifications triggered by such thresholds. It also includes contact information of any person that you designate to receive your health information through functionality of our Product or Service (see below how we share information with your Designated Recipients; contact information; information about the devices, internet service, IP address, and browsers that you use to access and use our Products and Services; information about your settings and your activities associated with your use of our Products and Services (e.g. how frequently you use our services and your user preferences); usernames, passwords, security answers, and location data you input into our Products and Services; and, information associated with your viewing of any video available within our services; forms that you submit electronically through our services, including the any application you submit. Use Information also includes the username and health information of any person for whom you order or pay for our Products and Services.
| WHEN | We may collect and process Use Information when you access or use our Products or Services, including those you access through our websites. |
| WHY | We collect and otherwise process Use Information to: Provide you Dexcom Products and Services that you have ordered or otherwise requested;Establish, perform, and maintain a contract with you;Provide technical support that you request for your Dexcom Products and Services;Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out to receive marketing or, where an affirmative opt-in is required under applicable law, you have affirmatively opted in to receive marketing);Send you surveys when permitted under applicable law;Process and address any Communications Information (defined below) if needed based on the communication you provide;Comply with applicable law;Establish, exercise or defend our legal claims and rights; and,For any other purpose(s) set forth in any consent you provide. |
How is your information used?
We may use your Personal information to carry out our obligations arising from any contract entered by you and us, including: Registration and Ordering Information to manage your account and Alpha Pharma Products and Services applicable to you. We also use your email address to contact you regarding your account. We make any Registration and Ordering Information confidential; Feedback Information you are provide to us. We do not identify you or include any information that could be used to identify you. Feedback Information may be used by us and provided by us to our customers and third parties; Data Service in connection with our provision of Data Services and for our operations, administration and product development, maintenance and support in line with applicable data protection laws; Analytical statistics to improve our products and provide better service tailored to you. We may use Personal Information (anonymous) in accordance with applicable data privacy laws to manage our Products and Services, including the Website, to improve our business and provide new website and product and service features, and to otherwise manage our business; Law Enforcement and Legal Proceedings required by applicable law, including laws outside your country of residence, to prevent fraud, abuse, illegal uses and violations of our Terms of Use. We may use and disclose Personal Information to protect our rights, privacy, safety, or
property, and/or that of our affiliates, you or others; to protect our operations or those of any of our affiliates; to enforce this Privacy Policy; and to allow us to pursue available remedies or limit the damages that we may sustain; in each case in accordance with applicable data protection laws; De-Identification as removing information that could identify you, and we may use such deidentified information for any purpose, except where we are required to do otherwise under applicable law; Other Uses for purposes other than those permitted in this Privacy Policy but only after you consent to such use.
We will only use your data with your consent to provide services to you. We will only collect and keep glucose monitoring history (readings, calibrations, alerts) for you to access. With consent you can share information with others. You have the right not to upload device data to the Alpha Pharma servers, in which case data will not be accessible to others. Without the data upload the only record of information is on your smart device itself.
Will your information be shared with others?
We only share information with your consent, to comply with law, to provide you with services, to protect your rights, or to fulfill business obligations.
We may hold, process, share and transfer your Personal Information but solely for legitimate purposes in accordance with applicable laws, ordinances and guidelines, and it is only disclosed on a need-to-know basis to those who are authorized to use it for these purposes.
We do NOT share or transfer your information in connection with, or during negotiation of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company.
We do NOT share your information with our affiliates. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
We do NOT share your information with our business partners without your consent.
Third Parties
In the ordinary course of our business, Alpha Pharma will collect and use providers to perform services or functions on our behalf. We will not authorize those third parties to keep, use or disclose your Personal Information except for providing the services we have asked them to
provide.
When you elect to share your protected health information with a Designated Third-Party Service, such as through the Apple Health app, you are electing to provide your data to a third party, and your authorization continues until you revoke it.
Your Designated Recipients may share your Personal Information with Alpha Pharma for purposes relating to their use of Alpha Pharma Websites, Products and Services.
Once you share any Personal Information with a third party, including Designated Third-Party Services, we have no control over that Personal Information and how it is used by any such third party. You should refer to the terms of service, privacy policy and other provisions of the websites for each third party to which you provide any Personal Information yourself, and for any Designated Third-Party Service you authorize.
Is your Information transferred Internationally?
In compliance with GDPR (General Data Protection Regulation), our major servers are located in Frankfurt, Germany.
As part of the services offered to you, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If you are a resident out of EU, we only store your personal information in our servers, your personal information will only be transferred with your consent, to comply with law, to provide you with services, to protect your rights, or to fulfill business obligations.
If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU to provide you with those services.
We take reasonable steps to protect all personal information from loss, misuse, and unauthorized access, disclosure, alteration or destruction. You should however keep in mind that no internet transmission is ever 100% secure or error free. And you should therefore take exceptional care in deciding what information you send to us via e-mail and avoid including any of your personal or healthcare information without encrypting it first and would ask you not to share your passwords with anyone.
How we secure and keep your information?
Your data is stored in Alpha Pharma Products for 90 days, data transferred to Alpha Pharma Products is stored offline on your smart device.
We keep your information/data you upload in the servers for 2 years. We are required under law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after your last transaction with Alpha Pharma, after this time they will be destroyed.
We securely store your personal information and isolate it from any further processing until deletion is possible.
Do we collect information from minors?
We are concerned to protect the privacy of children, children aged 16 or under must have parent/guardian’s consent before we will accept any personal information.
Applicable laws and regulations
For Personal Information that Alpha Pharma receives from users, affiliates and companies in the European Union, the European Economic Area, and Switzerland, Alpha Pharma will commit to handling such personal information in accordance with General Data Protection Regulations (GDPR) and the European law principles for international transfers such as EU Standard Contractual Clauses or Privacy Shield.
Where Alpha Pharma requires your Personal Information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage the relationship, or to meet obligations placed on us. In all other cases, provision of requested Personal Information is optional.
What security measures do we take to protect your personal information?
Each user will need an Alpha Pharma account and a password to access the data in any of Alpha Pharma Websites, Products and Services. All of our systems are protected by strong passwords, a firewall to filter any malicious access, intrusion detection to detect any system anomalies and malicious code protection to perform security checks on all committed data.
In order to ensure the confidentiality of your data different types of user have different access levels, you own your healthcare data, you can upload, download or delete it, you can choose to share it with others which will give them the ability to view or download your data.
We use a firewall to filter any malicious access, intrusion detection to detect any system anomalies and Malicious code protection to perform security checks on all committed data.
Data encryption: AES symmetric encryption is used to encrypt and store important information such as user names, email addresses, and mobile phone numbers.
Database attack prevention: The complexity of the account password prevents hackers from hitting the database. We also change the default port to prevent hacking.
Interface security: Strictly restrict the user’s menu authority + button authority, and only return the user’s matching authority data
Data encryption: The FGM glucose data stored and transmitted via hardware is data encrypted.
Further Processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection privacy notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
Where and whenever necessary, we will seek your prior consent to the new processing.
Your rights with your personal information Contact our Data Protection Officer at info@a-ps.it for any requests.
Based on the applicable laws of your country, you have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. You are able to review, update or delete your personal information at any time
using your own access to Alpha Pharma Websites, Products and Services or by contacting us.
You have rights to object to some processing and, where we have asked for your consent to process your data, to withdraw this consent. These rights may be limited in some situations – for example, where fulfilling your request would reveal Personal Information about another person or where we can demonstrate that we have a legal requirement to process your data.
You have the right to request your personal data is erased where it is no longer necessary for Alpha Pharma to retain such data.
You have the right to request that Alpha Pharma provide you with your personal data and where possible, to transmit that data directly to another data controller, this applies where the processing is based on your consent or is necessary for the performance of a contract with you by automated means.
You have the right to lodge a complaint with the Information Commissioners Office:
SP 231 KM 5+200, Bitonto, Bari, 70032, Italy.
Do we make updates to this Privacy Policy?
We may update this privacy notice from time to time. The updated version will be indicated by an updated date and will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of
such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.
Appendix: Permission application and application scenarios
We will apply for necessary permissions when you use certain product functions. If you do not agree to enable the permissions, please click “No”. Refusing the permission will only affect your use of certain product functions. Here we enumerate the types of permissions that the product will likely collect and the purposes for which they are used.
We will not undertake activities below without your consent where such consent is required under applicable law.
Camera permissions
This product requires access to your camera in order to scan the QR code of the device for device verification paired connection.
Location permissions
This product requires access to your location rights to support Bluetooth scanning paired devices.
(why: Device and Connectivity Information is information that we or our Service Providers (as defined below) collect about the computer, cell phone, tablet or other device you use to access our Services and Sites. This information includes your connection and settings when you interact with our Services and Sites, as well as information about your operating system, browser type, URLs of websites you visited prior to visiting our Sites, URLs of websites you visited after visiting our Sites, device identifiers and crash data)
Storage permission (write) The ability to save a file of user-exported data, such as glucose, locally.