PRIVACY NOTICE – CHIESI FARMACEUTICI S.P.A.

Chiesi Farmaceutici S.p.A. ("Chiesi") informs you that Chiesi will process your Personal Data as a data controller in accordance with Regulation (EU) 679/2016 ("GDPR").

"Personal Data" is information about an identified or identifiable living individual. Different information collected together can identify a particular person and constitute personal data.

"Processing of Personal Data" covers a wide range of operations performed on personal data, including manual or automated means. It includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.

"Data Subject" is the identified or identifiable living individual to whom personal data relates.

"Initiative" is the GC&PA off-site Meeting – Stresa, June 30/July 1, 2026.

(1) HOW WE COLLECT AND USE YOUR PERSONAL DATA

PURPOSES:

We need to process your Personal Data to manage your registration for the Initiative and assist you with your participation in the Initiative, including booking your accommodation and managing your travel.

PROCESSED PERSONAL DATA:

  • Identification data such as name, surname, e-mail address, phone number, nationality, company, and any additional data voluntarily shared by you with your participation in the Initiative.
  • Health-related data, such as dietary restrictions or other information you may provide to help us ensure your well-being and appropriately accommodate your participation in the Initiative.

LEGAL BASIS OF THE PROCESSING:

Performance of contractual obligations for managing the registration to the Initiative.

Consent: the processing of health-related data is based on your explicit consent, which will be considered freely given by selecting the appropriate checkboxes in the registration form.

We will also retain your Data to comply with applicable laws and regulations and fulfill competent authorities' requests.

(2) HOW WE SHARE AND PROTECT YOUR PERSONAL DATA

How We Share Your Personal Data

  • Compliance with laws and regulations: disclosure to authorities and regulators where required.
  • Service providers: data may be shared with service providers such as Chorus Group S.p.A. for logistics and support.

How We Protect Your Personal Data

  • Data minimization and limited retention.
  • Security measures: encryption, passwords, firewalls.
  • Careful selection and auditing of partners.
  • Training on data protection.

(3) RETENTION PERIOD OF YOUR PERSONAL DATA

Your Personal Data is stored in Italy or within the EU. It is retained only for the time necessary to manage the Initiative and then deleted or anonymized unless required otherwise by law.

(4) DATA SUBJECTS RIGHTS

Access, rectification, cancellation, data portability, restriction, objection, and revocation of consent.