Menu

PRIVACY POLICY

Updated on: 05/05/2025.

1) PREAMBLE

This document describes the ways in which we operate the website [www.castlemandisease.co.uk](“Website”) with respect to the processing of the personal data of its users. The Website is managed by Recordati UK Ltd (hereinafter “Recordati”, “we”, “us”).
When you browse our Website, interact with us, or use our services (“Services”), we may collect and process information and personal data about you. For this reason, in accordance with the applicable provisions of data protection laws, we have created this document (“Privacy Policy”) to describe what personal data we collect, the purposes and methods for processing it and the security measures we take to protect it.
This Privacy Policy constitutes the information that is provided pursuant to applicable laws and exclusively concerns this Website and the processing of data performed by Recordati. Any third-party websites referred to by this Website, including through links, are not covered by the information indicated in this Privacy Policy.

2) WHO PROCESSES YOUR PERSONAL DATA

The data controller is Recordati UK Ltd., with registered office in Breakspear Park, Hemel Hempstead HP2 4TZ (United Kingdom) (hereinafter “Recordati”, “we”, “us”), a company of the Recordati Group.
The Data Protection Officer of the Recordati Group can be contacted for any privacy issue arising or in connection with the processing of Personal Data at the following email address: GroupDPO@recordati.com.

3) WHAT TYPES OF PERSONAL DATA WE PROCESS

  1. Navigation data: The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or MAC addresses of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and IT environment. These data are used to obtain statistical information on the use of the Website and to check its correct functioning. These data could be used to ascertain responsibility in the event of cyber-crimes against the Website, to the extent permitted by applicable legislation.
  2. Data necessary to access to the website, cookies and other similar technologies: Our Website uses cookies and other tracking technologies; for more information, please visit our Cookie Policy.

4) FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA

We process your personal data for the following purposes and set out the corresponding legal bases below:

# Purpose of processing Legal basis Types of data
1 To operate, provide you with access to our Website, improve it or its user experience, and troubleshoot any issues. The processing is based on Recordati’s legitimate interest in presenting its activities to the public, ensuring the functioning of the Website, improving its appearance and user experience. For this purpose, we process data under par. 3, letter a. above.
2 To get to know our visitors through the use of cookies and similar tracking technologies. For more information visit our Cookie Policy. The processing is based on your consent, where necessary, or on Recordati’s legitimate interest consisting of the interest in ensuring that the Website functions properly, is visible and accessible to users. For this purpose, we process data under par. 3, letter b. above.

Provision of your personal data for the purposes under n. 1 above is mandatory and in failure, you will not be able to access the Website. Provision of your personal data for the purpose under n. 2 above may be optional, depending on the specific cookies. Please visit our Cookie Policy for more information.

5) HOW WE PROCESS YOUR PERSONAL DATA

Your personal data will be processed using electronic means.
The security of your personal data is important to us. We adopt – and expect our service providers to adopt – appropriate technical and organizational security measures to prevent the loss or destruction of data, illicit or incorrect use and unauthorized access to data, in compliance with applicable legislation. In addition, the IT systems are configured in such a way that personal and identification data are used only when necessary to achieve the specific processing purposes pursued from time to time.
We implement multiple security technologies and procedures to protect your personal data from the risks described above. However, we would like to point out that electronic transmissions or storage of information are not 100% secure. Therefore, despite the security measures we have put in place to protect your personal data, we cannot guarantee that data loss, misuse or alteration will never occur.
We do not use automated individual decision-making that would have legal effects on you or, similarly, significantly affect you.

6) HOW LONG WE PROCESS YOUR PERSONAL DATA

Personal data is processed for the time necessary to provide the requested information or Services and, in any case, in accordance with any applicable legal or regulatory obligations. For information on the storage of cookies and other technologies, please visit our Cookie Policy.

7) TO WHOM AND WHERE WE TRANSFER YOUR PERSONAL DATA

Your personal data will be processed by our duly authorised staff, based on their respective needs. Your data will also be processed by our suppliers for technical and organizational services functional to the processing purposes indicated above, such as providers of technical assistance services for the Website and hosting services. All the mentioned service providers act as our data processors on the basis of our instructions and in accordance with the provisions of the contracts they have entered into with us.
We may disclose your personal data to public authorities or bodies and to any other legitimate recipient in accordance with the law. In this case, the recipients will act as independent data controllers according to their respective institutional purposes.
If we are involved in a reorganization, acquisition, or sale of our company or parts of it, we will disclose your personal data to the third parties involved in the process, in accordance with applicable law. Any third party that is the recipient of your personal data as part of this procedure may only use it within the limits established by this Privacy Policy and applicable legislation. To receive the updated list of recipients of your personal data, you can contact us using the contact details indicated above.
If your data is transferred abroad to countries that do not provide the same level of data protection as your country, we will ensure that the transfer is carried out in accordance with applicable law, i.e. by obtaining your consent, when necessary, or by taking any other measures necessary to ensure equivalent protection of the data being transferred, including, but not limited to, through the signing of standard contractual clauses. You can receive a copy of the relevant safeguards by contacting us using the contact details set out in section 2 of this Privacy Policy.
At this stage, we do not transfer your personal data outside of the United Kingdom and/or European Union.

8) WHAT ARE YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM

Recordati informs you that you will always have the right to withdraw your consent at any time, as well as to exercise, at any time, the following rights (subject to certain limitations/restrictions) by contacting the data controller or the DPO at the addresses indicated above:

  1. the “right of access” to your personal data and, in particular, to obtain a copy of personal data concerning you;
  2. the “right to rectification“, i.e. the right to request the rectification of inaccurate personal data;
  3. the “right to erasure“, i.e. the right to request the erasure of your personal data;
  4. the “right to restriction of processing“, i.e. the right to obtain from the data controller the restriction of processing in certain cases provided for pursuant to data protection legislation;
  5. the “right to data portability“, i.e. the right to receive (or to transmit directly to another data controller) personal data in a structured, commonly used and machine-readable format;
  6. the “right to object“, i.e. the right to object, in whole or in part:
    • to the processing of personal data carried out by the data controller for its own legitimate interest; and
    • to the processing of personal data carried out by the data controller for marketing or profiling purposes.

The exercise of the above rights is free of charge. However, we may charge a reasonable fee for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data.
All enquiries, requests or concerns regarding this notice or relating to the processing of your personal data, including the requests for the exercise of your rights, should be sent to GroupDPO@recordati.com.
Recordati may ask you to verify your identity before taking further action following your request to exercise the above Rights.
You may also lodge a complaint with the competent data protection authority (in the UK, the https://ico.org.uk/) if you believe that your personal data are processed in violations of applicable data protection legislation.

9) CHANGES TO THIS PRIVACY POLICY

We may update and amend all or part of this Privacy Policy at any time. The version published on the Website is the version currently in force. In the event of a change in the text of this Privacy Policy, we will inform you of such changes with a specific banner, link or pop-up on the home page of the Website.