Skip to content

Privacy Policy

WhiteNest Pharma S.r.l. (hereinafter referred to as “WhiteNest”) provides users of the WhiteNest website (hereinafter referred to as the “Website”, accessible at (https://www.whitenest.com) with the following information, in compliance with Article 13 of Regulation (EU) 2016/679 (or General Data Protection Regulation, hereinafter “G.D.P.R”) and Italian national adaptation legislation (hereinafter collectively referred to, along with the G.D.P.R., as the “Applicable Privacy Law”). While browsing the Website, information relating to users is collected, constituting personal data as defined by the Applicable Privacy Law.

This privacy policy applies exclusively to the Website mentioned above and not to other websites accessible via links contained within it.

Data Controller

The Data Controller of personal data is WhiteNest Pharma S.r.l., with registered office at Corso Venezia 24 20121, Milan Italy (email: info@whitenest.com; tel.: +39 0342 771070.

Types of Data Processed

Below are the details of the types of data processed by WhiteNest when users interact with the Website.

The user assumes responsibility for any third-party personal data included or published on the Website and ensures they have the right to disclose or share it—thus releasing WhiteNest from any liability towards third parties.

Personal Data Automatically Collected When Visiting the Website

  • Browsing Data: WhiteNest automatically collects data about the device (PC, tablet, mobile phone, or other mobile device) and the connection used by the user, such as the IP address, date and time of access, hardware and software information, device event information, unique identifiers, and crash data.
  • Usage Data: WhiteNest collects information on how the user interacts with the Website, including pages or other content viewed, searches performed, and links to other websites and applications clicked.

Personal Data Directly Provided by the User

  • Optional Data
  • Data Provided via Information Requests by Email: If the user explicitly and voluntarily sends emails to WhiteNest’s addresses listed on the Website to request information, or uses the form available under “Request Information” in the “Contact” section of the Website, WhiteNest acquires the user’s email address and any personal data (and/or third-party data) included in the content of the electronic communication, as well as – for the “Request Information” form – the user’s name, email address, and any personal data included in the subject and message content.

Purposes of Data Processing

To enable the functioning of the Website; provide users with the services offered through the Website; protect the vital interests of the user; comply with applicable laws, or meet other public interest needs.

User data is processed for the following purposes:

  • to operate, measure, improve, and maintain the security of the Website and the services provided through it;
  • to prevent, detect, and mitigate security breaches and potentially prohibited or illegal activities.

Purposes of Processing

Pursue WhiteNest’s legitimate interests in such a way that these interests do not override the user’s fundamental rights and freedoms.

User data is processed:

  • to identify and resolve issues encountered by users when using the Website (e.g., blocked or non-functional pages).

These processes safeguard WhiteNest’s interest in maintaining the Website operational and efficient. Additionally, these activities do not infringe on users’ rights and freedoms, as they are predictable and common to any website. Moreover, such processes also benefit the user by enabling the Website to remain functional.

Methods of Processing

Users’ personal data is processed through IT or telematic tools exclusively for the purposes for which it was collected (as outlined above) and stored for a determined period based on the criteria provided in this privacy policy (see below).

Personal data may be accessed and processed by WhiteNest’s staff, who are appropriately trained in the precautions to be taken as required by Applicable Privacy Law.
WhiteNest is obligated to adopt the technical and organizational measures necessary to ensure that the processing of personal data complies with data protection provisions, particularly the principles outlined in Article 6 of the GDPR, and incorporates these measures into its operations from the design stage.

WhiteNest processes users’ personal data in a controlled and secure manner, ensuring that the data’s security is adequate to the risks involved, through appropriate technical and organizational measures.

Duration of Processing

The specific retention periods for users’ personal data are documented in WhiteNest’s record of processing activities (implemented in compliance with Article 30 of the GDPR).
Users’ personal data is retained (in accordance with Recital 39 and Article 5, Paragraph 1, Letter (e) of the GDPR) for the period necessary to ensure the Website’s functionality and to provide users with the services offered through the Website. However, this period will not exceed 10 years from the time of collection.
Users’ personal data will be destroyed or anonymized as soon as it is no longer needed for processing purposes.

Users’ personal data may be retained beyond the aforementioned periods only if necessary for WhiteNest to comply with legal obligations or to defend a right in legal proceedings.
Upon expiration of these retention periods, users’ data will be deleted or permanently anonymized.

Disclosure of Data

WhiteNest may disclose processed personal data to the entities and for the purposes listed below.

Combating Unlawful Acts and Security Breaches

WhiteNest may disclose users’ personal data to third parties tasked with preventing, detecting, and mitigating potentially unlawful acts and security breaches.

Law Enforcement, Judicial Proceedings, and Other Legal Processes

WhiteNest may disclose users’ personal data to judicial authorities, public authorities, or authorized third parties in cases where the law requires such action. This includes compliance with verified requests related to criminal investigations, suspected unlawful activity, or in response to third-party claims concerning the rights, property, or safety of WhiteNest, its employees, or its users.

User Rights

In the cases and within the limits specified by Articles 15–22 of the GDPR, users have the right—at any time, free of charge, and without particular formalities—to:

  • obtain confirmation of whether WhiteNest processes their personal data;
  • access their personal data and know its origin, purposes, and processing objectives, retention period, and details about third parties to whom the data has been disclosed;
  • revoke consent at any time, where consent forms the basis of processing;
  • update or rectify their personal data collected by WhiteNest, ensuring that such data remains accurate and correct;
  • exercise the so-called right to be forgotten, i.e., have their personal data deleted from WhiteNest’s databases and/or backup archives;
  • restrict the processing of their personal data by WhiteNest;
  • object to processing, for personal data processed to meet public interest needs or WhiteNest’s legitimate interests;
  • be informed of any rectifications, deletions, or processing limitations applied by WhiteNest, as well as any revocations of such measures and the reasons for the revocations.

Users can exercise these rights by submitting a written request via email to WhiteNest at info@whitenest.com.

Upon receiving the request, WhiteNest will fulfill it within one month of receipt. This period may be extended by two months, with prior notice to the user, considering the complexity and number of requests.

If the response to the user’s request is deemed unsatisfactory, the user may lodge a complaint with the Italian Data Protection Authority (https://www.garanteprivacy.it/) as provided under Applicable Privacy Law.

Changes to the Privacy Policy

WhiteNest reserves the right to make changes to this privacy policy at any time, notifying users on this page of the Website.

Users are therefore encouraged to check this page frequently, referring to the date of the last update indicated at the bottom. Unless otherwise specified, any previous privacy policies will continue to apply to personal data collected up until the moment of modification.

Last Updated: November 2024