(aligned with Reg. (EU) 2016/679 GDPR, Decree 196/03 and any subsequent decrees aligning the domestic privacy regulations on adoption of the GDPR)
GlaxoSmithKline (GSK or we) attach great importance to your privacy and are concerned about how your personal data is processed. We want you to know the answers to the following questions:
What personal data do we collect about you?
The personal data processed by us includes, without limitation and to the extent applicable to our existing relationship with you:
- Basic information about you, such as: name, surname, photographs or images picturing you;
- Data about your health provided to us voluntarily by you;
- Contact details: e-mail address;
- Professional details: GSK place of work.
How do we obtain your personal data?
We collect your personal data – to the extent applicable – by monitoring our technological tools and related services, including the e-mail messages sent to and received by GSK. Alternatively, we may collect information about you when you give it to us or interact directly with us; for example, when you register on rideforjoy.it or on the Workplace page created ad hoc.
How do we use your personal data?
We use your personal data for the following purposes:
- administration of the Ride for Joy project, for which you registered voluntarily, and related communications;
- internal administration, for the arrangement of insurance cover linked to the Ride for Joy project.
What is the legal basis on which we use your personal data?
Our use and processing of your personal data is lawful because:
- you have given consent for the use of your personal data. For information about your rights should we process your personal data on the basis of the consent given by you, please see the section entitled Your rights
How long do we keep your personal data?
We keep your personal data solely for the period required by law. Where necessary, we will also keep your personal data in relation to any disputes, legal cases or investigations that involve GSK.
Alternatively, we will keep your personal data for a maximum of 1 year following completion of the Ride for Joy event.
With whom do we share your personal data?
We share some of your personal data with:
- companies within the GSK group and affiliated, subsidiary, parent and associated companies, and their employees;
- natural/legal persons that supply goods and/or services used by GSK in the course of our activities;
- our professional advisors and auditors.
For information about how we protect your personal data when it is shared with others, please see the section entitled Protection of your personal data.
Your personal data will not be processed outside of Italy.
Protection of your personal data
GSK uses various technologies and security measures to protect your personal data from unauthorised access, use, dissemination, alteration or erasure, consistent with the regulations applicable to the protection of data and privacy.
For example, when we share your personal data with our external suppliers – if considered appropriate – we might formalise a written agreement binding them to keep your data confidential and to implement appropriate security measures designed to protect it.
You are entitled to:
- ask GSK for information about the processing of your personal data, as well as for a copy of that data;
- ask for the correction or erasure of your personal data
- ask for restrictions on the processing of your personal data or object to such processing;
- withdraw your consent for the processing of your personal data (if GSK processes that data on the basis of your consent);
- ask to receive the personal data that you have provided to GSK, or for its transmission to another organisation, in a machine-readable format;
- lodge a complaint with the Data Protection Ombudsman if your privacy rights have been violated or you have suffered consequences due to the unlawful processing of your personal data.
When you are given the option to share your personal data with us, you may always refuse to do so.
If you object to the processing of your personal data or initially gave your consent to processing and, later, decide to withdraw it, we will respect your decision if that request is consistent with the legal obligations placed on GSK.
This might mean that GSK will be unable to do everything necessary in order to achieve the purposes of processing described (see How do we obtain your personal data?) or that you will be unable to use the products and services offered by GSK.
It is understood that your refusal to give consent would result in GSK being unable to administer your participation in the Ride for Joy event.
If, on the other hand, you decide to withdraw your consent, GSK might be justified in continuing to process your personal data to the extent required or allowed by law.
Should you decide to exercise your rights, please contact us at the following address: IT.CPA@gsk.com.
Please contact the GSK Data Protection Officer at the address below for further information, or if you have any requests or questions about the processing of your personal data: IT.CPA@gsk.com.
Controller of processing
GlaxoSmithKline Consumer Healthcare S.p.A.
Share Capital Euro 584,506.00 – Milan Business Register (R.E.A.) No. 598024 – Milan Companies Register No. 00867200156
Tax Code and VAT No. 00867200156 Management and coordination: GlaxoSmithKline Consumer Healthcare Holdings Limited – GB
Via Zambeletti s.n.c., 20021 Baranzate (MI), is the Controller of processing in relation to your personal data.