Privacy Policy

This Privacy Policy describes the means and purposes of the processing of personal data carried out by Orthofix S.r.l., in its quality of data controller (hereinafter the “Controller” or the “Company”), in connection with the use of the website www.orthofixkids.com (hereinafter the “Website”).

Please note that this Privacy Policy shall apply to anyone who navigates and/or uses the Website, or otherwise interacts with the contents and services accessible through the Website (hereinafter the “User”).

The processing of personal data of the Users will take place in full compliance with the applicable data protection legislation, including but not limited to Regulation (EU) 2016/679 (the “GDPR”).

1. Redirect to other websites

The Website incorporates links which allow you to connect to other websites run both by other companies of the Orthofix Group and by third parties. The Company assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third parties’ websites.

Therefore, Users who access such web pages and/or social platforms through the Website must carefully read the relevant privacy policies in order to understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites and the relevant data processing.

2. Categories of personal data collected

A) Traffic data

The computer systems and software procedures used to operate this Website need to acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data may include, by way of example: IP addresses, browser type, operating system, the domain name and website addresses from which you are logged in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s operating system and computer environment.

This technical / IT data is collected and used only in an aggregated and not immediately identifiable manner and can be used to ascertain liabilities in case of hypothetical crimes committed within or against the Website or upon competent authorities’ request.

B) Personal data provided directly from User

There are few sections of the Website (e.g. “Contact” and “Ask us questions”) which allow the collection of the personal data that the User decides to share with the Company. It remains understood that, in this case, the Controller will process the data provided by the User exclusively in order to fulfil the requests received. Accordingly, if the User does not want the Controller to process his/her personal data, he or she is invited not to send any request.

In any event, the Users will always be free whether or not to share his/her personal data by filling out the specific forms available on the Website.

3. Purposes and legal bases of the processing

The Website has been designed with the main goal of providing information – and therefore as an interactive window – regarding the activities, products and services offered by the Company or other companies belonging to the Orthofix Group.

The above categories of personal data will be processed by the Company for the following purposes and according to the legal bases set out below:

Personal data will be processed by the Company for the following  purposes and according to the legal bases set out below:

a) processing is required for the performance of a contract to which the data subject is a party, or to fulfil his/her requests (Art. 6.1(b) GDPR):

  • allowing Users an appropriate navigation on the Website;
  • allowing Users to get more information regarding the activities, services and products offered by the Company and other legal entities of the Orthofix Group;
  • answering and fulfilling the Users’ requests;

b) processing is necessary to pursue the legitimate interest of the Company (Art. 6.1(f) GDPR):

  • establishing, exercising or defending legal claims;
  • in case of mergers, demergers, transfers of business branches and other corporate transactions;

c) processing is necessary to comply with obligations provided for by applicable laws (e.g. tax and accounting obligations) and/or to fulfil requests or orders issued by competent authorities (Art. 6.1(c) GDPR).

Should personal data be processed in the future also for purposes other than those described above, the Company will provide adequate information to the User relating to such new purposes and will ensure that the relevant data processing will rely on a valid legal basis.

The provision of personal data by the User – unless otherwise noted – is optional. However, in case of refusal to provide his/her personal data, the Company will not be able to fulfill the User’s request or provide certain specific services (such as customer service).

4. METHODS OF THE PROCESSING AND DATA SECURITY

The personal data are collected and processed lawfully and fairly, for the above purposes and in accordance with the fundamental principles established by the applicable legislation.

Processing operations may take place both manually and electronically, or by information technology tools, always under technical and organisational measures that ensure the security and confidentiality of the data, especially in view of reducing the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to the personal data or, more generally, processing that is not compliant with the purposes of the collection.

The processing will be carried out under the authority of the Controller only by persons who have been duly authorized to access and process the Users’ personal data on a need-to-know basis, in accordance with the instructions provided for by the Company and the applicable data protection laws and regulations.

5. COMMUNICATIONS TO THIRD PARTIES

The Users’ personal data collected through the Website may be shared or communicated to third parties, including but not limited to other companies belonging to the Orthofix Group.

The data may be disclosed by the Company to third-party suppliers or partners (such as service or hosting providers, IT companies, marketing and communication agencies) in order to enable them to perform specific services connected to or necessary for the fulfilment of the purposes listed above. If needed, the Controller will appoint such third parties as data processors, by virtue of their capacity, experience and reliability and to provide them with specific instructions regarding the security of the data, according to Art. 28 GDPR.

It remains understood the Users’ personal data must be communicated to third parties, such as public or judicial authorities, to comply with binding orders and request, as well as with applicable legal provisions.

6. DATA RETENTION

Personal data will be kept in a format that allows the identification of the User for no longer than necessary to fulfill the purposes for which the data have been originally collected and, in any case, within the time limits set forth by applicable laws and regulations.

Where required or expressly permitted by applicable laws, the Users’ personal data may be kept for longer periods, e.g. if necessary to fulfil orders issued by competent authorities or to enforce or protect the rights of the Controller.

As soon as no longer necessary in accordance with the above, personal data will be cancelled or anonymized.

7. COOKIES (CROSS-REFERENCE)

To get more detailed information regarding the installation and use of cookies by this Website, please refer to the applicable Cookie policy.

8. TRANSFER OF DATA ABROAD

Given the international nature of the Controller’s business activities, for the sole purposes described above personal data may be transferred to countries outside the European Economic Area (“EEA”) that do not guarantee an adequate level of protection. By way of example, personal data may be transferred to other companies belonging to the Orthofix Group which are established outside the EEA (mainly in the U.S.).

In these cases, the Company undertakes to implement all necessary measures to protect the Users’ personal data, in accordance with applicable laws, e.g. by adopting Standard Contractual Clauses as approved by the European Commission, or other equivalent safeguards.

9. DATA SUBJECTS’ RIGHTS

The User can at any time exercise his/her rights under the GDPR, in particular:

a) the right of access to his/her personal data;

b) the right to request the rectification of his/her personal data;

c) where applicable, the right to obtain the erasure and the restriction of the processing of his/her personal data;

d) where applicable, the right to object to the processing of his/her personal data;

e) where applicable, the right to data portability, i.e. the right to receive the personal data concerning him/her in a structured, commonly used and machine-readable format, where applicable;

f) the right to lodge a complaint to the competent Supervisory Authority (in Italy, Autorità Garante per la protezione dei dati personali).

To exercise these rights, or for any further information and/or clarifications, please write to privacy@orthofix.it.

10. DATA CONTROLLER

The Data Controller is Orthofix S.r.l., a company duly incorporated under Italian law, with registered at Via Vittor Pisani no. 16, Milan (Italy).

The Data Controller may be contacted at privacy@orthofix.it.

11. CHANGES TO THIS PRIVACY POLICY

The Controller shall have the right to amend and/or integrate this Privacy Policy over time in order to comply with new legal provision and/or include new services. For this reason, each User is invited to periodically visit this page.

Below is highlighted the date when the last version of this policy has been uploaded.

Last Update:  December 2022