This page describes how the site is managed with regard to the processing of users’ personal data.

This information is also provided pursuant to art.13 of Regulation (EU) 679/2016 (hereinafter, the “Regulation”) to those who interact with the web services of Lofarma S.p.A. (hereinafter, also referred to as the “Company”) accessible by electronic means from the address: This information is provided only for this site and not for any other websites that may be reached by the user via links on it.

This information is also based on Recommendation No. 2/2001 which the European authorities for the protection of personal data, meeting in the group set up by art. 29 of Directive No. 95/46/EC, adopted on 17 May 2001 to identify the minimum requirements for collecting personal data on-line and, in particular, the methods, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

Terms and conditions of use

The purpose of the site is to present the Company’s services and products to its recipients, whether they are companies, employees of companies, organisations, bodies or individuals (hereinafter, the users).

Moreover, the site also provides the following possibilities:

  • sales of services and/or products of the Company;
  • registration on the site and use of the services linked to the Company;
  • assistance to customers/users on products and services;
  • e-commerce assistance.

Some of the contents of the site are confidential and accessible only by using appropriate authentication credentials (username and password). Any use of such content without the right to hold the credentials constitutes illegal use and may be prosecuted in the appropriate courts.

Intellectual property

All rights to the content (e.g., site text, images, architecture) are reserved in accordance with current legislation. The contents of the site pages may not, either in whole or in part, be copied, reproduced, transferred, uploaded, published or distributed in any way without the prior written consent of the Company, without prejudice to the possibility of storing them on one’s own computer or printing extracts from the pages of this site for personal use only.

Any kind of link to this site inserted by third parties shall not damage the Company’s reputation and activities. Deep linking, i.e., the non-transparent use of parts of this site on the sites of third parties, is forbidden.

Any failure to comply with these provisions, unless expressly authorised in writing, will be prosecuted in the competent civil and criminal courts.

Limitation of liability

Lofarma S.p.A. cannot be held in any way liable for damages of any kind caused directly or indirectly from access to the site, inability or impossibility of accessing it.

Lofarma S.p.A. reserves the right to modify the content of the site and this page at any time and without prior notice.

Any links to external sites do not imply any type of approval or sharing of responsibility by the Company in relation to the completeness and correctness of the information contained in the related sites.

Data controller

The “Data Controller” is Lofarma S.p.A., with registered office in Milan, Viale Cassala 40, (hereinafter, also referred to as the “Data Controller” or the “Company”).

For the purposes below, the Company may have recourse to the services of external companies specifically appointed as Data Processors pursuant to Art. 28 GDPR.

Types of data processed, purposes of processing and legal bases

Browsing data

The computer systems and software procedures used to operate this site acquire, in their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified data subjects, but by its very nature could allow users to be identified, through processing and association with data held by third parties carried out only after an explicit request by the judicial authority.

This data category includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

These data, which are deleted immediately after processing, unless express consent is given for the purpose of profiling, in the manner stated in the paragraph “Data collection points” below, are used by Lofarma S.p.A. for the sole purpose of obtaining anonymous statistical information on the site use and to check its correct functioning.

They could be used to ascertain responsibility in the event of any computer crimes against the site: except in that case, data related to web contacts are not currently stored for more than thirty days.

Data provided by the user on a voluntary basis

The Company may collect personal data provided by the user on a voluntary basis. These data may be collected, for instance, when the user purchases a service and/or product, creates an account, requests information.

If the user provides personal data of third parties, they shall take the necessary steps to ensure that the communication of data to the Company and our subsequent processing for the purposes specified in this Privacy Policy comply with applicable legislation, so that – for example – before providing Lofarma S.p.A. the personal data of third parties the user must inform them and obtain their consent to treatment, if required by the aforementioned legislation.

Data collection points

At each data collection point on the site (e.g., for the purchase of products and/or services, or filling in forms to request information), the Data Controller provides specific detailed information, including – among other information – an indication of the purposes pursued by the processing, the legal bases of the processing, the nature of the provision of the data and the consequences of any refusal to provide them.

The data collection points on this site are listed below.

Purchase of products without registration: The site includes an e-commerce section where the user can purchase products from the Company. The user is required to provide their personal data by filling in an on-line form and, at the bottom of it, is provided with specific information pursuant to art. 13 GDPR, which also indicates the purposes of the processing, such as the management of the purchase of products and the fulfilment of related legal obligations.

Purchase of products and/or services with registration: The site includes an e-commerce section where the user can purchase products and/or services from the Company and register on the site. The user is required to provide their personal data by filling in an on-line form and is provided with specific information pursuant to art. 13 GDPR, which also indicates the purposes of the processing, such as the management of the purchase of products, the fulfilment of related legal obligations, the management of the registration request and the provision of the related services.

For the further purpose of carrying out marketing activities (sending communications relating to products/services by letter, telephone, e-mail and SMS), Lofarma requires the user, at the bottom of the information, to give a specific consent. Failure to give the consent does not prevent the user from purchasing the requested products and registering on the site.

Information request form for Management/Shipping/Vaccines. The site includes a form by which the user can send a request for information to the Company regarding each of the following areas: Management, Shipping, Vaccines. The provision of personal data via the form is necessary for the Company to be able to contact the user and respond to their requests. The link to the Privacy Policy is at the bottom of the form.

E-commerce assistance request form. The site includes a form by which the user can send a request for assistance following the purchase of a product/service. The provision of personal data via the form is necessary for the Company to be able to contact the user and respond to their requests. The link to the Privacy Policy is at the bottom of the form.

“Patient side” form. The site includes a form by which the user can provide their personal data in order to be contacted for more information about the products/services of interest. The provision of personal data via the form is necessary for the Company to be able to contact the user and respond to their requests. The link to the Privacy Policy is at the bottom of the form.

Questionnaire to assess the quality of services. The site includes a specific section where the user can provide their personal data to answer a questionnaire on the quality of services. The legal basis of the processing is the consent given by the data subject at the bottom of the privacy policy issued by the company.


Data recipients

Third-party service providers. We share the user’s personal data with third-party service providers who act as our data processors appointed under Article 28 GDPR, in order to allow the user to use the site and/or receive services through it. For instance, these third parties may include professionals, also in associated form, who provide technical, commercial or administrative advice to the Company for its business and the purposes described in this Privacy Policy, companies involved in the management or maintenance of the site IT infrastructure, suppliers of pre- or post-sales customer services, logistics operators if it is necessary to deliver a product to the user, agencies specialised in the management of promotional and marketing services in the name and on behalf of the Company.

Third parties in compliance with a legal obligation or to protect the Company’s rights. The user’s personal data may be disclosed to institutions, law enforcement agencies, judicial, administrative, regulatory or public security authorities as part of legal or administrative proceedings, or in order to fulfil a legal obligation or protect our rights, including in court.

Third parties in case of corporate operations. Disclosure of the user’s personal data may occur on the occasion of events such as mergers, the sale of a business (or a branch) or other extraordinary transactions in which the Company may need to share information with potential purchasers or counterparties and their advisors.

Children’s data

Users under the age of 18 are requested not to register on the site and not to provide personal data.


The site uses cookies. As explained by the Italian Data Protection Authority in its FAQs of December 2012, available on, cookies are “small text files” – made up of letters and numbers – “that sites visited by the user send to their terminal (usually to the browser), where they are stored and then retransmitted to the same sites the next time the same user visit them”. Cookies have the purpose of streamlining web traffic analysis or signalling when a specific site or part of a site is visited, distinguishing between visitors in order to provide customized content and helping administrators to improve the site and the users’ browsing experience.

Cookies do not allow us to access any other information stored on the user’s device, although this is where the cookies are downloaded. Cookies cannot load codes of any kind, carry viruses or malware and are not harmful to the user’s terminal equipment.

This site also uses its own and third-party profiling cookies, aimed at creating profiles of the user and used to display advertising messages and content in line with the preferences expressed by the user while browsing. Profiling cookies require the user’s consent.

The above cookies may be temporary (when they are automatically deleted at the end of the connection), permanent (when they remain stored on the user’s hard drive, unless the user deletes them), first-party (when they are set and managed directly by the site operator) and third-party (when they are managed by a domain other than the one visited by the user).

Our Cookie Policy provides all the information about the cookies installed through this website and the necessary guidance on how to manage the user’s preferences in this respect.


Processing method and place

Personal data are processed on paper and/or by automated means.

Specific security measures are taken to prevent loss, illegal or incorrect use of data and unauthorised access.

Transfer of data abroad. No personal data will be transferred outside the European Economic Area for the purposes above.

Please note, however, that communications via the Internet, such as e-mail or webmail, may pass through different countries before being delivered to the recipients. The Company cannot be held liable for any unauthorised access or loss of personal information beyond its control.

Data retention time

We only retain the user’s personal data for as long as it is necessary to provide the service for which the data were collected or to comply with legal obligations. For instance, we retain personal data necessary for the exercise of our defence right in case of legal disputes, such as personal data relating to a contract or the provision of a service, for up to 10 years from the conclusion of the service and/or the provision of the product, on the basis of the ordinary limitation period provided for by the Italian Civil Code. After this period, the personal data are deleted or rendered anonymous.

In case we collect personal data on the basis of the user’s consent and no longer have any valid legal basis for continuing to process them, if the user subsequently withdraws their consent, we will delete the personal data in question. Without prejudice to the above and the provisions of the detailed information, we keep the user’s personal data collected in accordance with this Privacy Policy for possible marketing purposes for the time strictly necessary for the pursuit of them, in accordance with the legislation in force. After that period, the personal data are deleted or rendered anonymous.


Data safety

The Company takes safety measures to safeguard the confidentiality of users’ personal data. However, given the nature of the Internet, the constant evolution of technology and other factors beyond our control, the safety of data transmission over the Internet cannot be fully guaranteed. Therefore, we cannot guarantee the safety of any data or information provided to us by the user and the user acknowledges and agrees that such transmission is at their own risk. Moreover, we recommend users to take appropriate precautions when using the site, such as keeping any login credentials strictly confidential, changing their password periodically and keeping their system up to date.

Data subject’s rights

The user has the right to access, rectify or delete their data stored by the Company as well as the right to object to, or restrict, certain types of processing (including the right to withdraw their previous consent to processing) and to receive their personal data in a structured, commonly used and machine-readable format (right to data portability). Finally, the user has the right to lodge a complaint with a competent supervisory authority. The exercise of the above rights is free of charge. However, in case we consider the exercise of privacy rights to be clearly unfounded or excessive, we may charge the user a reasonable fee for processing the request. In order to exercise their privacy rights, as well as to request any information or clarification regarding this Privacy Policy, the user may contact the Company at the following address:

Data Protection Officer (DPO)

Requests from data subjects shall be addressed to Lofarma S.p.A. Data Protection Officer (DPO) to the following address:


Last update: march 2021

Versione: 1