DISCLOSURE PAPER ON PERSONAL DATA PROCESSING
Edra Publishing US, LLC is committed to maintaining the highest standards regarding privacy and privacy
policies and decided to fully comply with Article 13 of the EU Regulation 2016/679 of the European Parliament
(so-called "GDPR")
1. This Statement
1.1 Edra Publishing US, LLC, aware of the importance of ensuring the security of private information, in
accordance with applicable Italian and European legislation, the following document describes how personal
data is processed, pertaining to whoever ("User", "Users") connects to this Site, either directly, or through a
link from another site.
1.2 This Site contains links to other websites: this policy does not apply to such other Web sites accessed
through any links. These other sites may contain "policies concerning the processing of personal data" partially
or entirely different from this one. Edra Publishing US, LLC, therefore, invites the User to examine the privacy
policy of each Site to which he is connected before submitting any personal information.
1.3 This policy applies only to personal data processed by means of and on the Site: it does not deal with the
processing of data through other communication tools (e.g., telephone, mail, etc.).
1.4 This is the current policy in force, updated as at the date reported in the footnote: Edra Publishing US, LLC
reserves the right to modify, update or edit this policy at any given time.
1.5 Edra Publishing US, LLC's statements are all set forth in the Site's Legal Notes (Terms and Conditions of
Use), yet these do not have any contractual validity, and therefore do not constitute contractual obligations
towards the User and corresponding User rights.
2. The Proprietor of Personal Data Processing
2.1 The proprietor of personal data is: Edra Publishing US, LLC, EIN: 844113980, with its registered office in
3309 Northlake Boulevard, Suite 203, Palm Beach Gardens, FL, 33403, incorporated under Italian law.
3. Place of processing of personal data
3.1 The processing of personal data related to site consultation shall take place at the registered office of Edra
Publishing US, LLC, indicated hereinbefore. Data shall be stored in a data center located in the registered office
of Edra Publishing US, LLC and at Elmec Informatica's Data Centre, nominated by Edra Publishing US, LLC as
external data controller following art. 28 of GDPR.
4. Type of personal data treated
Traffic and navigation data provided by the User's computer
During their normal operation, computer systems and software procedures used on this Website acquire
certain personal data for communication that are implicit in the use of internet communication protocols. This
category of data includes IP addresses or domain names of computers used by persons who connect to the
Site, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used
to submit the request to the server, the size of the file received in reply, the numerical code indicating the
status of the reply provided by the server (successful, error, etc.) and other parameters regarding the User's
operating system and computer environment. This data constitutes the access log.
4.2 The Site also captures and stores the URL sequence-data (Uniform Resource Locator) identification of
resources visited or searched on the Internet (e.g., Web-pages, documents, images, etc.), including date and
time of access and their content.
4.3 Moreover, the Website acquires data from the User's computer and information through the use of
cookies: permanent and/or "session":
- Permanent cookies: the computer system of the Site, in the course of its normal operation, some data is sent
from the Edra Publishing US, LLC server to the User's browser that gets stored on the hard disk of the User's
computer to allow navigation in certain, specific, restricted areas of the Site.
- Session cookies: the Website's computer system sends data consisting of random numbers generated by the
server; these so-called session cookies are not stored permanently on the User's computer and disappear when
the machine is turned off. The sending of such data is needed to enable the transmission of session identifiers,
necessary for a safe and efficient exploration of the Site and to gather information on Site usage by the User.
4.4 Most Users' browsers are designed to automatically accept cookies, although Users can set their browsers
to off, either permanently, or temporarily in order to receive and save new cookies; alternatively, computers
can be configured to give alerts when they are going to store any cookie. In the event of deactivation of cookies,
Users can access the Site, although they may not be able to navigate to specific and/or protected areas.
4.5 In general, the Site acquires and stores - and at times communicates to third parties - the hereinbefore
described navigation data in an anonymous and aggregated form. The processing of such data allows the
Owner to manage and monitor the Site's proper functioning and to make statistical analysis on samples for
promotional or scientific purposes.
Data provided voluntarily by the User
4.6 The Site may sometimes require the User to provide certain personal information such as, for example, full
name, business address, telephone number, email address, etc. Submission of such information is entirely at
the User's discretion and is therefore optional.
4.7 The User, to gain access to certain content in specific protected areas of the Site, and to take advantage of
the Site's full operational functions, has the responsibility to:
- Obtain a pair of unique keys (username and password) through a registration procedure ;
- Thereafter, on every new session, enter his/her Username and Password for recognition by the authentication
system.
4.8 Personal data collected from the form filled in by the User at the time of voluntary registration (registration
data) consists of information concerning the User's contacts and so, e.g.: name and surname or company,
association or institution name, job title, address, email, telephone number, fax. The Site's computer system
associates that data automatically to the Username and Password chosen by the User and connects this data
to an account. In following visits to the Site, users would have access to their personal registration data merely
by typing their Username and Password; Users are therefore fully responsible for the proper custody of their
Username and Password.
Data provided by third parties
4.9 The Site's computer system may also manage the personal and contact details of Users from public
directories (e.g., database of telephone subscribers, databases of professional associations, databases of social
security institutions of healthcare categories, etc.). As such, this data can be processed by Edra Publishing US,
LLC acting as independent data controller, in compliance with the requirements of the GDPR Privacy Code and,
in particular, those provided with regard to unsolicited communications (email, SMS, MMS, fax).
5. Purpose of data processing
Users personal data shall be processed for the following purposes:
5.1 activities strictly connected and functional to business service operations: for example, allowing the user
access to services offered and displaying Site contents; allowing the User to receive requested products or
services, processing any received orders; answering User's questions and responding to requirements;
5.2 Technical management of the Site and its information system, including the Medikey® certification
platform: for example, acquisition, feedback and management of account information; rendering safe and
verifications of Site's correct functionality; Site monitoring;
5.3 enrichment or customization of content, services, or Site's design during a single visit or repeated accesses;
5.4 profiling in aggregate form (that is, anonymous, without prejudice to data privacy and confidentiality of
each registered holder), the Users and their access to confidential specialist pages, for scientific research
purposes and/or market analysis, and report processing, performed directly by Edra Publishing US, LLC or by
other specialist third party companies;
5.5 messages to Users about Site changes or updates and its services; advertising messages, notification of
special offers and promotions; requests for adhesion to market surveys to which the User can freely opt-in or
out.
6. Processing Methods
6.1 The processing of personal data takes place through information technology, electronic, and manual, both
as Edra Publishing US, LLC, and as Medikey® or other names and trademarks of the companies which belong
to the group of which Edra owns quotas (hereafter, the "LSWR group").
6.2 Data processing is performed in compliance with the GDPR and the requirements defined within Edra
Publishing US, LLC, described in the Security Policy Document and related technical documents.
7. Categories of subjects who process data.
7.1 The treatment is carried out by the Owner and his agents: employees, agents, representatives, suppliers,
third parties (e.g., companies are providing data processing services, invoices printing, packing and labeling of
products purchased online, shipping, etc.).
7.2 The treatment is also carried out by other LSWR group companies and entities (companies, associations,
organizations) for which the Owner operates as an agent, licensee, publisher in relation to the purposes listed
above. In the situation mentioned in art. 28 of the GDPR (so when Edra Publishing US, LLC performs data
processing activities on behalf of other entities), Edra Publishing US, LLC is nominated as the data controller.
7.3 The processing of data by Edra Publishing US, LLC and its Distributors may take place regardless of the
User's consent in the following cases:
7.3.1 upon request of the judicial authorities, or to defend themselves or protect their rights in administrative,
judicial, or arbitration;
7.3.2 in the event that the processing of data is necessary to allow investigations aimed at countering illegal
activities, fraudulent acts, or to ensure the safety of persons or property; in all cases, in general, in which the
transmission of the data is required by law;
7.3.3 in the event Edra Publishing US, LLC is acquired by, transferred, or merged with another company, or if
this Site or some of its contents are transferred to third parties.
8. Rights of persons concerned
8.1 The Users registered on the Website are solely responsible for the veracity and accuracy of the personal
information they enter. Under Articles from 15 to 21 of the GDPR, the User has the right, at any time, to:
1. obtain confirmation of whether personal data concerning the same exists, even if not yet stored and whether
its communication in intelligible form has occurred.
You have the right to obtain information:
a) on the origin of personal data;
b) on the purposes and methods of the processing;
c) on the logic applied in case of computer-assisted processing;
d) on the identity of the Owner, manager, and the representative appointed under article 5, paragraph 2 ;
e) on subjects or categories of persons to whom the data may be communicated or who can access such
information as an appointed representative, managers, or agents in that territorial State.
The interested party has the right to obtain:
a) updating, rectification, or, when desired, integration of data;
b) the cancellation, transformation into anonymous form, or blocking of data processed unlawfully, including
those that do not need to be kept for the purposes for which the data were collected or subsequently
processed;
c) certification that the operations as per letters a) and b) were made known, including their contents, to those
to whom the data were communicated or disclosed, except where this is impossible or involves a commitment
of resources disproportionate to the protected right.
The User can exercise these rights recognized by law by contacting Edra Publishing US, LLC in the contact means
listed in Section 11 below.
8.2 Beginning May 25 2018, following articles 15-21 of the GDPR, the Site User has the right to exercise the
following right, in whole or in part:
• right of access;
• right of rectification
• right to cancellation (right to be forgotten), except in the event that the processing is necessary for
the Data Controller, for the exercise of the rights to freedom of expression and information, for the
fulfillment of a legal obligation, or for the execution of a task carried out in the public interest, for
purposes of archiving in the public interest, scientific or historical research or for statistical purposes,
for the assessment, exercise or defense of a right in court.
• right to limitation of treatment
• opposition right
• right of withdrawal of consent at any time, subject to the lawfulness of the treatment based on consent
before the revocation;
• the right to lodge a complaint with the Guarantor for the protection of personal data.
If the Site User decides to exercise such right, it can express this willing contacting Edra Publishing US, LLC
following instructions mentioned in the following Section 11).
8.3 Edra Publishing US, LLC reserves the right to inform the User of any changes or updates to the Site whenever
necessary.
9. Conservation of personal data
9.1 Edra Publishing US, LLC retains the personal information of Users collected for as long as that information
is relevant reputed for commercial purposes, and in any case not over 2 years from the last interaction or until
the User requests the cancellation of aforesaid data by contacting Edra Publishing US, LLC at one of the
addresses listed in Section 11, herein.
10. Security of information
10.1 Edra Publishing US, LLC is aware of the importance of ensuring the security of private information of which
it becomes aware, and therefore strives to protect the privacy of its Website Users.
10.2 Personal and demographic information, including login credentials (username/login and password) for
each User, are sent and stored in servers equipped with firewalls and physically located in secure data centers.
10.3 Login and passwords circulating on the Internet are in encrypted form over SSL protocol. Other personal
information flows between data centers of private line MPLS in encrypted form.
10.4 The implementation of lockout management systems (which provide the blocking of access in case of
repeated incorrect access) further helps protect User accounts from intrusion or hacking attempts by
unauthorized third parties.
10.5 In addition to Edra Publishing US, LLC establishing internal security procedures in the Security Policy
Document (SPD), including, for example, filtering accesses and usage data by their employees.
10.6 Edra Publishing US, LLC cannot, however, be held responsible for any unauthorized access to data, loss
(e.g., password), illegal/improper use, or alteration of personal information that occurs outside of its control,
nor can ensure the correct and safe use of the User's personal data by third parties.
11. Contacts
11.1 The User may exercise the rights recognized by Articles 15-21 of GDPR and submit any request, question,
comment, or complaint regarding this Statement, or the manner in which their personal data are processed in
the Site to:
Edra Publishing US LLC, 3309 Northlake Boulevard, Suite 203, Palm Beach Gardens, FL, 33403 EIN: 844113980
email info@edrapublishing.com
Data Processing Officer (DPO)
Edra Publishing US, LLC, following the article 37, co. 1, letter b) of the GDPR, has nominated Tommaso
Albonetti as Data Protection Officer ("DPO"), who can be contacted at the following address:
t.albonetti@edrapublishing.com