ENGITA

Information Notice on the Processing of Personal Data pursuant

Home / Information Notice on the Processing of Personal Data pursuant

Privacy Notice pursuant to Article 13 of EU Regulation 2016/679

Homnya S.r.l. with registered office at Via della Stelletta, 23, 00186 Roma (hereinafter also referred to as the “Controller” or “Homnya”), is committed to protecting the privacy of all individuals who access the services provided by the Controller (the “Services”). This document (the “Privacy Notice”) has been prepared to allow you to understand how your personal data, as defined below, will be processed in the context of the Services, so that you may give explicit and informed consent to the processing described below, if you deem it appropriate. In general, any information or personal data you provide to Homnya will be processed in accordance with internationally recognized principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality.

Data Controller

Please be informed that, pursuant to EU Regulation 679/2016 (the “Regulation”), your personal data will be processed by Homnya S.r.l. as the Data Controller (“Controller”). The contact details of the Data Controller are: Homnya S.r.l., Via della Stelletta 23, 00186 Roma; e-mail: privacy@homnya.com.

The Data Protection Officer (“DPO”) can be contacted at the following email address: dpo@homnya.com.

Types of Data Processed

The Controller will process your personal data collected in the context of the requested services, contractual relationship, and/or pre-contractual measures related to the Services. including, but not limited to: first and last name, mobile phone number, email address, area of specialization, and tax code. During the provision of the Services, the Controller may also collect additional personal data you provide by completing forms, including those related to third-party services, to update and complete your profile.

Purpose, Legal Basis, and Optional Nature of the Processing

Your personal data will be processed for the following purposes:

  1. performance of the requested services, including, for example, the provision of information or advice regarding the activities carried out by Homnya, and responses to requests for information submitted via the online form and/or chat;
  2. compliance with legal obligations applicable to the Controller;
  3. allowing the Controller to defend its rights and interests in or out of court.

The legal bases for processing purposes a), b), and c) are respectively: Art. 6(1)(b), Art. 6(1)(c), and Art. 6(1)(f) (i.e., legitimate interest for legal defense) of the Regulation.

Providing your personal data for purposes a) and b) is optional; however, failure to provide such data will prevent the performance of the requested services, contract, or pre-contractual measures.

For the purposes sub a), the Data Controller may also process personal data that you subsequently provide by filling in forms or forms, including those relating to third-party services, in order to update and complete your personal data.

Your personal data may also be processed, with your specific consent, for the following purposes:

  1. to send promotional and marketing communications related to products and services of the Controller and commercial partners, including professionals, companies, or organizations operating in the fields of communication and marketing, legal, tax, financial, accounting/administrative, insurance, IT/technology, and social-humanitarian services. This includes sending newsletters and market research via automated tools (e.g., SMS, email, push notifications, automated calling systems without operator, use of social networks) and traditional tools (e.g., postal mail, operator phone calls);
  2. to communicate your personal data to third parties with whom the Controller has commercial agreements and/or arrangements, belonging to the following categories, for their direct marketing purposes using automated tools (e.g., email, SMS, push notifications):
    • providers in the medical, healthcare, veterinary, and pharmaceutical sectors, including healthcare facilities, clinics, diagnostic centers, pharmaceutical companies, medical and veterinary practices;
    • providers of personal care, nutrition, and fitness services;
    • institutions, companies, or professionals offering educational and training services, including professional development courses and continuing medical, nutritional, and veterinary education (ECM);
  1. to carry out profiling activities aimed at improving the quality of the services provided and aligning marketing communications with your preferences, habits, and/or choices, as well as comparing your personal data across the Controller’s databases;
  2. to communicate your personal data to companies with which the Controller has entered into commercial agreements and/or arrangements, belonging to the healthcare and pharmaceutical sectors, for medical-scientific informational purposes (in-person or via automated tools), only in the case you are a relevant professional (e.g., physician, healthcare worker, pharmacist, researcher, etc.);
  3. Send, on behalf of entities operating in the healthcare, medical, and/or pharmaceutical sectors, communications necessary for the fulfillment of legal obligations imposed on such entities, including—by way of example and without limitation – Important Safety Information (ISI), EMA communications, regulatory authority notifications, updates regarding the safety of medicines, drugs, and medical devices; educational materials related to risk management and the safe use of drugs; as well as information on changes to the Summary of Product Characteristics (SPC), the Package Insert, and labeling, or regarding the adoption of controlled supply regimes (e.g., mandatory prescription). This process applies exclusively to entities operating in the healthcare sector. This processing applies exclusively to individuals working in the healthcare sector and is based on the legitimate interests of the Data Controller and the third parties involved, as well as on the interest of healthcare professionals in receiving updates relevant to their professional activities (Article 6(1)(f) of the Regulation).
    You have the right to object to such processing at any time, including from the data collection stage, by contacting the Data Controller at the contact details provided in this notice.

The legal basis for processing for purposes d), e), f), and g) is Article 6(1)(a) of the Regulation.

The provision of your personal data for the purposes set forth in points d), e), f), and g) above is optional; there are no consequences should you refuse to provide such data.

In any case, if you wish to object to the processing of your data for marketing purposes carried out by the means indicated above, as well as to withdraw the consent you have provided, you may do so at any time by contacting the Data Controller at the contact details provided in this notice, without prejudice to the lawfulness of the processing based on the consent provided prior to withdrawal.

It is also possible that personal data you have sent to the Data Controller may pertain to third parties.

In such cases, you act as an independent data controller, assuming all legal obligations and responsibilities. In this regard, you hereby grant the Data Controller the broadest indemnification against any dispute, claim, or request for compensation for damages arising from processing, etc., that may be received by the Data Controller from third parties whose personal data has been processed through your voluntary submission in violation of applicable data protection laws. In any case, should you provide or otherwise process personal data of third parties, you hereby guarantee, assuming all related liability, that such specific instance of processing is based on a suitable legal basis that legitimizes the processing of the information in question.

Recipients and Transfers of Personal Data

Your personal data may be shared with:

  • Individuals authorized by the Controller under Article 29 of the Regulation due to their job duties (e.g., employees and system administrators);
  • Service providers (e.g., lawyers, accountants, consultants, debt collection companies, etc.) acting as data processors under Article 28 of the Regulation or as independent controllers;
  • Entities or authorities to whom your data must be disclosed by law or by order of the authorities;
  • With your consent, partners with whom the Controller has entered into commercial agreements and/or arrangements, as listed under points e) and g) of the “Purpose, Legal Basis, and Optional Nature of Processing” section.

The full and updated list of data recipients is available upon request from the Controller using the contact details provided above.

Transfer of Data Outside the EU

If your personal data is transferred to countries outside the European Economic Area (“EEA”), the Controller ensures that the transfer will be made in accordance with one of the lawful mechanisms permitted by current regulations. These include the adoption of Standard Contractual Clauses approved by the European Commission, reliance on organizations adhering to international data transfer frameworks, or transfers to countries deemed adequate by the European Commission. More information is available from the Controller upon request.

Data Retention

Your personal data will be retained only for as long as necessary for the purposes for which it was collected, in accordance with the principles of data minimization and storage limitation under Article 5(1)(c) and (e) of the Regulation.
Further retention may be required under applicable law. Once retention periods have expired, personal data will be deleted in such a way that it can no longer be reconstructed or read. More information is available from the Controller.

Data Processing Methods

In relation to the above purposes, personal data will be processed using manual, electronic, and telematic tools with methods strictly related to the purposes and ensuring data security and confidentiality, as well as compliance with the legal obligations in force.

Your Privacy Rights

You have the right to request from the Controller, at any time: access to your personal data; rectification or erasure; restriction of processing under Article 18 of the Regulation; withdrawal of consent under Article 7 of the Regulation; data portability under Article 20 of the Regulation. You also have the right to lodge a complaint with the competent supervisory authority (the Italian Data Protection Authority) or bring a claim before the Judicial Authority under Article 77 of the Regulation, if you believe that your data has been processed unlawfully. You may also object to the processing of your data under Article 21 of the Regulation, indicating the reasons for your objection. The Controller reserves the right to evaluate your request, which may be denied if there are compelling legitimate grounds to continue the processing that override your interests, rights, and freedoms. Requests should be submitted in writing to the Controller using the contact details above.

Versione del 10/04/2026

Back to Top