Privacy Policy


The processing of personal data performed by PROVEO™ is carried out in compliance with the Federal Act on Data Protection (FADP) and EU Regulation 679/2016, the principles of fairness, lawfulness, transparency, purpose limitation and storage, minimisation and accuracy, and protection of integrity and confidentiality.

This Privacy Policy applies to the website (hereafter the “Site”). The Data Controller is PROVEO™ a division of Cerbios-Pharma SA (PROVEO).

To request further information on the processing of personal data or to exercise your rights, you may contact us:

• by writing to:

A division of Cerbios-Pharma SA
Via Figino 6
6917 Barbengo/Lugano

• by writing to the email address:

1. What is personal data and what is processing?

Personal data is information that identifies or can identify, directly or indirectly, a natural person and that can provide information on his or her characteristics, habits, personal relationships, etc. The following are considered personal data, by way of example but not limited to: a first name, surname, address or other contact details, an identification number or an online identifier.

A processing is any operation performed with or without the aid of automated processes and applied to personal data. The following are considered as processing, by way of example but not limited to: the collection, recording, organisation, storage, modification, consultation, deletion or destruction of data.

2. What personal data are processed?

A) Navigation data

The computer systems responsible for the operation of the Site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This is information not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow the User to be identified. This data includes the IP addresses or domain names of the computers used by the User to connect to the Site; the URI addresses of the resources requested (Uniform Resource Identifier); the time of the request, and other parameters relating to the User’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site to check its correct functioning, to identify anomalies and/or abuses, and is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical computer crimes against the Controller or third parties.

B) Data provided by the User

  • The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this Site entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the message.
  • Personal data such as name, surname, e-mail, telephone, city, company are collected by the Controller when filling in the “Contact” Form or the “Mailing List” Form.

3. Purpose of Processing

The User’s personal data will be processed for the following purposes:

3.1 Responding to the User’s requests by providing general information on PROVEO products;

3.2 Fulfilling obligations under the law, a regulation, and fulfilling requests from the competent authority;

3.3 Send to Users who have filled in the “Mailing List” form and given their consent, information and update communications relating to PROVEO. In this case, the User may revoke the consent given at any time by writing to the address:

4. Legal basis for the processing of User data

Each processing is justified by one of the following legal prerequisites:

  • The processing is necessary to execute the User’s requests. In this case, the provision of personal data is mandatory;
  • The processing is necessary to fulfil a legal obligation. In this case, the provision of data is mandatory;
  • The processing is necessary for the pursuit of the legitimate interest/prevailing interest of the Data Controller, provided that it does not override the interests or fundamental rights and freedoms of the User which require the protection of personal data. In this case, the provision of data is optional.

5. To whom the data might be disclosed

As part of PROVEO activities and for the purposes specified above, the User’s personal data may be shared with:

  • Duly appointed Data Processors who provide specific processing or ancillary services on behalf of the Data Controller and under its instructions; the User may at any time request the updated list of Data Processors;
  • Autonomous Data Controllers to whom the data may be communicated by virtue of legal provisions or orders of the Authorities;
  • Persons authorised by the Controller to process personal data necessary for the performance of activities strictly related to the supply of products and who have assumed an appropriate legal and contractual obligation of confidentiality (e.g. the Controller’s employees and/or collaborators).

We do not sell or otherwise disclose your personal data to third parties.

6. Where data are stored

All personal data are stored in electronic form on servers located in the EU.

If necessary, the Controller may also transfer the data outside the EU. In this case, the Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions.

7. How long are data stored?

The User’s personal data are stored in accordance with the regulations in force for the period of time necessary to achieve the purpose for which they were collected; in particular, for the purpose of handling the User’s requests for a period not exceeding 36 months from receipt of the request, unless the User purchases a product from PROVEO.

The CV and any personal data of Applicants for a period of not more than 24 months after receipt of the CV, if the application is unsuccessful.

When processing is based on the User’s consent, personal data are retained until such consent is revoked.

8. Minors

Minors under 16 years of age must not give information or personal data to the Controller without the consent of those exercising parental responsibility over them. In the absence of such consent, it will not be possible for the child to send requests via the site.

PROVEO takes children’s privacy seriously. It therefore invites all those who exercise parental responsibility over minors to inform them about the safe and responsible use of the Internet and the Web.

9. What are the User’s rights?

The User may at any time request confirmation as to whether or not personal data relating to him or her are being processed, and in connection therewith he or she has the right to:

  • request access to the data in order to obtain information on the purposes of the processing, the recipients to whom the data may be disclosed, the duration of the processing (where possible) and the possible consequences of processing based on profiling;
  • revoke consent at any time, without affecting the lawfulness of processing based on the consent given before revocation;
  • request the rectification of personal data should they be inaccurate or incomplete;
  • request the deletion of data if they are no longer required by the Controller for the intended purposes of processing, are inadequate with respect to the purposes of processing, the User has revoked his/her consent or the data have been processed unlawfully;
  • request the restriction of data processing, in the cases provided for in the regulation;
  • request the transfer of data to another data controller, in a commonly used, machine-readable format, without hindrance from the current data controller;
  • object to the processing of his/her data and, specifically, he/she has the right to object to decisions concerning him if they are based solely on automated processing of his data, including profiling;
  • lodge a complaint with the competent authority if they consider that the processing operations concerning them violate current data protection legislation.

To exercise your rights, please use the contact details provided in the INTRODUCTION.

10. Automated decision-making process

The User is not subject to decisions based on automated processing.

11. Amendments

PROVEO reserves the right to amend or simply update the content of this Privacy Policy, in part or in full, also due to changes in applicable legislation. Such changes will be binding as soon as they are published on the Site. If the User continues to access or use the service after such publication, he/she shall be deemed to have expressly accepted these changes. PROVEO therefore invites the User to regularly visit this section to acquaint himself/herself with the most recent and updated version of the Privacy Policy in order to always be updated on the data collected and on the use made of such data by PROVEO.



Date: 20.10.2023