Test Access System

Privacy and cookie policy

I. GENERAL INFORMATION

In compliance with the duty of information set forth in Law 34/2002 of Services of the Information Society and Electronic Commerce (LSSI-CE) of July 11, 2002, the following general information about this website is provided below: The ownership of this website, www.test-access-system.com, (hereinafter, Website) is held by: GESTIÓ ORGANITZACIÓ COMUNICACIÓ S.A. (hereinafter, GOC), provided with NIF: A08989832 and registered office in Barcelona (08034, SPAIN), Josep Irla i Bosch St., 5-7, 1st floor, inscribed in Registro Mercantil de Barcelona with the following registry data: volume 41.347, folio 147, inscription 25ª with page B-72.105, and telephone number: +34 932 052 727 and contact email: [email protected]

II. GENERAL TERMS AND CONDITIONS OF USE>

The subject matter of the conditions: The Website

The purpose of these General Terms and Conditions of Use (hereinafter, Terms and Conditions) is to regulate access to and use of the Website. For the purposes of these Terms and Conditions, the Website shall be understood to mean: the external appearance of the screen interfaces, both static and dynamic, i.e. the navigation tree; and all the elements integrated both in the screen interfaces and in the navigation tree (hereinafter, Content) and all the online services or resources offered to Users (hereinafter, Services).

GOC reserves the right to modify, at any time and without prior notice, the presentation and configuration of the Website and the Content and Services that may be incorporated therein. The User acknowledges and accepts that at any time GOC may interrupt, deactivate and/or cancel any of these elements that are integrated in the Website or access to them.

Apart from the cost of connection through the telecommunications network supplied by the access provider, and which the User has contracted, some of the Content or Services offered by the Website or, where appropriate, third parties through the Website may be subject to prior contracting of the Content or Service, in which case the corresponding General or Particular Conditions governing this will be clearly specified and/or made available to the User.

The use of any of the Contents or Services of the Website may be made by prior subscription or registration of the User.

The User

The access, navigation and use of the Website, confers the condition of User, so you accept, from the moment you start browsing the Website, all the Conditions set forth herein, as well as its subsequent modifications, without prejudice to the application of the corresponding legal

Dossier Test Access System by Menarini Stemline regulations of mandatory compliance as the case may be. Given the relevance of the above, the User is recommended to read them every time he/she visits the Website.

The Website provides a great diversity of information, services and data. The User assumes responsibility for the correct use of the Website. This responsibility shall extend to:

· Any use of the information, Content and/or Services and data offered by GOC that is contrary to the provisions of these Conditions, the Law, morality or public order, or that in any other way may infringe the rights of third parties or the operation of the Website.

· The truthfulness and legality of the information provided by the User in the forms provided by GOC for access to certain Content or Services offered by the Website. In any case, the User shall immediately notify GOC of any event that allows the improper use of the information registered in said forms, such as, but not limited to, theft, loss, or unauthorized access to identifiers and/or passwords, in order to proceed to their immediate cancellation.

Access to this Website does not imply any commercial relationship between GOC and the User.

The User declares that he/she is of legal age and has sufficient legal capacity to be bound by these Terms and Conditions. Therefore, this GOC Website is not intended for minors. GOC disclaims any liability for failure to comply with this requirement.

III. ACCESS AND NAVIGATION ON THE WEBSITE: DISCLAIMER OF WARRANTIES AND LIABILITY

GOC does not guarantee the continuity, availability or usefulness of the Website, or of the Content or Services. GOC will make every effort to ensure the proper functioning of the Website, however, GOC makes no representation or warranty that access to the Website will be uninterrupted or error-free.

Nor does GOC make any representations or warranties that the content or software that may be accessed through this Website is error-free or will not cause damage to the User's computer system (software and hardware). In no event shall GOC be liable for any loss, damage or harm of any kind arising from accessing, browsing or using the Website, including but not limited to loss, damage or harm caused to computer systems or caused by the introduction of viruses.

GOC shall also not be liable for any damages that may be caused to users by improper use of this Website. In particular, it shall not be liable in any way whatsoever for any telecommunications failures, interruptions, faults or defects that may occur.

IV. PRIVACY AND DATA PROTECTION POLICY

In compliance with the provisions of current legislation, GOC undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data collected.

Laws Incorporated in this Privacy Policy

This privacy policy is adapted to current Spanish and European regulations regarding the protection of personal data on the Internet. Specifically, it respects the following rules:

Dossier Test Access System by Menarini Stemline

· Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

· Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

· Royal Decree 1720/2007, of December 21, 2007, approving the Regulations implementing Organic Law 15/1999, of December 13, 1999, on the Protection of Personal Data (RDLOPD).

· Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the responsible party for the processing of personal data

The responsible for the processing of the personal data collected on the Website is: GESTIÓ ORGANITZACIÓ COMUNICACIÓ S.A., provided with NIF: A08989832 and registered in: Mercantile Registry of Barcelona with the following registry data: volume 41,347, folio 147, 25th inscription with page B-72,105, whose representative is: Administrator (hereinafter, also Data Controller). Their contact details are as follows:

Contact phone: 34 932 052 727 Contact email: [email protected]

Data Protection Officer (DPO)

The Data Protection Officer (DPO) is responsible for ensuring compliance with the data protection regulations to which GOC is subject. The User may contact the DPO designated by the Data Controller using the following contact details: [email protected] .

Registration of Personal Data

In compliance with the provisions of the GDPR and the LOPD-GDD, we inform you that the personal data collected by GOC through the forms provided on its pages will be incorporated and processed in our files to facilitate, speed up and comply with the commitments established between GOC and the User or the maintenance of the relationship established in the forms that the User fills in. or to respond to a request or query from the same. Likewise, in accordance with the provisions of the GDPR and the LOPD-GDD, unless the exception provided for in article 30.5 of the GDPR applies, a register of processing activities is kept that specifies, according to their purposes, the processing activities carried out and the other circumstances established in the GDPR.

Principles applicable to the processing of personal data

The processing of the User's personal data shall be subject to the following principles set out in Article 5 of the GDPR:

· Principle of lawfulness, fairness and transparency: the User's consent will be required at all times after fully transparent information on the purposes for which the personal data is collected.

· Principle of purpose limitation: personal data will be collected for specific, explicit and legitimate purposes.

· Principle of data minimization: the personal data collected will only be those that are strictly necessary in accordance with the purposes for which they are processed.

· Principle of accuracy: Personal data must be accurate and always up-to-date.

· Principle of limitation of the retention period: personal data will only be kept in such a way as to allow the identification of the User for the time necessary for the purposes of its processing.

· Principle of integrity and confidentiality: personal data will be processed in a way that guarantees its security and confidentiality.

· Principle of Proactive Responsibility: The Data Controller shall be responsible for ensuring that the above principles are complied with.

Categories of personal data

The categories of data processed at GOC are identification data only. Under no circumstances are these special categories of personal data within the meaning of Article 9 of the GDPR.

Special categories of personal data are defined as those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data aimed at uniquely identifying a natural person, data relating to health or data relating to a natural person's sex life or sexual orientation.

For the processing of special categories of personal data, the explicit consent of the User will be required for one or more specific purposes.

Legal Basis for Processing Personal Data

The legal basis for the processing of personal data is consent. GOC undertakes to obtain the express and verifiable consent of the User for the processing of their personal data for one or more specific purposes.

The User shall have the right to withdraw his/her consent at any time. It will be as easy to withdraw consent as it is to give it. As a general rule, the withdrawal of consent will not condition the use of the Website.

On those occasions in which the User must or can provide their data through forms to make queries, request information or for reasons related to the content of the Website, they will be informed in the event that the completion of any of them is mandatory because they are essential for the correct development of the operation carried out.

Purposes of the processing of personal data

Personal data is collected and managed by GOC in order to facilitate, expedite and comply with the commitments established between the Website and the User or the maintenance of the relationship established in the forms that the latter fills in or to respond to a request or query.

Likewise, the data may be used for personalization, operational and statistical purposes, and activities specific to GOC's corporate purpose, as well as for the extraction, storage of data and studies to adapt the Content offered to the User, as well as to improve the quality, operation and navigation of the Website.

As soon as the personal data is obtained, the User will be informed about the specific purpose or purposes of the processing for which the personal data will be used; that is, the use or uses that will be given to the information collected.

Retention periods for personal data

Personal data will only be retained for the minimum time necessary for the purposes of its processing and, in any case, only for the following period: four years, or until the User requests its deletion.

At the time the personal data is obtained, the User will be informed about the period for which the personal data will be kept or, where this is not possible, the criteria used to determine this period.

Recipients of personal data

The User's personal data will not be shared with third parties.

In the event that the Data Controller intends to transfer personal data to a third country or international organisation, at the time the personal data is obtained, the User shall be informed about the third country or international organisation to which the data is intended to be transferred, as well as the existence or absence of an adequacy decision of the Commission.

Personal data of minors

The website is not directed to minors, so we decline any responsibility for failure to comply with this requirement. If you are a minor, you should not browse or offer your personal data on this website. GOC may offer services through the website that may be subject to its own particular conditions about which the User will be informed in each specific case.

Secrecy and security of personal data

GOC undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data collected, in order to guarantee the security of personal data and to prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed. or unauthorized disclosure of or access to such data.

The Website has an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and confidentially, as the transmission of data between the server and the User, and in feedback, is fully encrypted or encrypted.

However, because GOC cannot guarantee the impregnability of the internet or the complete absence of hackers or others fraudulently accessing personal data, the Data Controller undertakes to inform the User without undue delay when a breach of personal data security occurs that is likely to pose a high risk to the rights and freedoms of natural persons. In accordance with Article 4 of the GDPR, a personal data breach is defined as any breach of security resulting in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised disclosure of or access to such data.

Personal data will be treated as confidential by the Data Controller, who undertakes to inform and guarantee by means of a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom the information is made accessible.

Rights arising from the processing of personal data

The User has over GOC and may, therefore, exercise the following rights recognized in the GDPR vis-à-vis the Data Controller:

· Right of access: This is the User's right to obtain confirmation as to whether or not GOC is processing their personal data and, if so, to obtain information about their specific personal data and the processing that GOC has carried out or is carrying out, as well as, among others, the information available on the origin of said data and the recipients of the communications made or planned to be made or planned to be made.

· Right to rectification: This is the User's right to have their personal data modified if they turn out to be inaccurate or, considering the purposes of the processing, incomplete.

· Right to erasure ("the right to be forgotten"): This is the right of the User, provided that the legislation in force does not provide otherwise, to obtain the erasure of his/her personal data when it is no longer necessary for the purposes for which it was collected or processed; the User has withdrawn his/her consent to the processing and this does not have another legal basis; the User opposes the processing and there is no other legitimate reason to continue with the same; the personal data has been processed unlawfully; personal data must be erased in compliance with a legal obligation; or the personal data has been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to erasing the data, the Data Controller, taking into account the available technology and the cost of its implementation, shall take reasonable steps to inform the controllers who are processing the personal data of the data subject's request for the deletion of any link to that personal data.

· Right to restriction of processing: This is the User's right to restrict the processing of their personal data. The User has the right to obtain the restriction of processing when contesting the accuracy of his/her personal data; the processing is unlawful; the Data Controller no longer needs the personal data, but the User needs it to make complaints; and when the User has objected to the processing.

· Right to data portability: In the event that the processing is carried out by automated means, the User shall have the right to receive from the Data Controller his/her personal data in a structured, commonly used and machine-readable format, and to transmit them to another Data Controller. Whenever technically feasible, the Data Controller will transmit the data directly to that other controller.

· Right to object: This is the User's right not to have their personal data processed or to cease processing them by GOC.

· Right not to be subject to a decision based solely on automated processing, including profiling: This is the User's right not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, which exists unless the legislation in force provides otherwise.

Thus, the User may exercise his/her rights by means of a written communication addressed to the Data Controller with the reference "GDPR-TAS", specifying:

· Name, surname of the User and copy of the ID card. In cases where representation is admitted, it will also be necessary to identify the person representing the User by the same means, as well as the document accrediting the representation. The photocopy of the ID card may be replaced by any other legally valid means that prove identity.

· Request with the specific reasons for the request or information to be accessed.

· Address for the purpose of notifications.

· Date and signature of the applicant.

· Any document that proves the request you make.

This application and any other accompanying documents may be sent to the following address and/or e-mail:

Postal address: Carrer Josep Irla i Bosch, 5-7, 1st floor, 08034 – Barcelona Email: [email protected]

Links to Third Party Websites

The Website may include hyperlinks or links that allow access to websites of third parties other than GOC, and which are therefore not operated by GOC. The owners of these websites will have their own data protection policies, and they will be responsible for their own files and their own privacy practices.

Complaints to the Supervisory Authority

In the event that the User considers that there is a problem or infringement of the regulations in force in the way in which his/her personal data is being processed, he/she has the right to effective judicial protection and to complain with a supervisory authority, in particular in the State in which he/she has his/her habitual residence. place of work or place of alleged violation. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).

Acceptance and Changes to this Privacy Policy

It is necessary that the User has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, as well as that they accept the processing of their personal data so that the Data Controller can proceed with it in the manner, during the periods and for the purposes indicated. By using the Website, you agree to be bound by the Website's Privacy Policy.

GOC reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. The User is advised to check this page periodically to be aware of the latest changes or updates.

Right to Opt-Out

GOC reserves the right to deny or withdraw access to the portal and/or the services offered without prior notice, at its own request or at the request of a third party, to those users who fail to comply with the provisions herein.

This Privacy Policy was updated on 16 January 2024 to adapt to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD)

V. COOKIES POLICY

Access to this Website may involve the use of cookies. Cookies are small amounts of information that are stored in the browser used by each User – on the different devices that they may use to browse – so that the server remembers certain information that will later be read only by the server that implemented it. Cookies make browsing easier, more user-friendly, and do not damage your browsing device.

Cookies are automatic procedures for collecting information relating to the preferences determined by the User during their visit to the Website in order to recognize them as a User, and to personalize their experience and use of the Website, and they can also, for example, help to identify and resolve errors.

The information collected through cookies may include the date and time of visits to the Website, the pages viewed, the time spent on the Website, and the sites visited just before and after the Website. However, no cookie allows the User to contact the User's telephone number or any other means of personal contact. No cookie can extract information from the User's hard drive or steal personal information. The only way for the User's private information to be part of the Cookie file is for the user to personally give that information to the server.

Cookies that allow an individual to be identified are considered personal data. Therefore, the Privacy Policy described above will apply to them. In this sense, the User's consent will be required for the use of the same. This consent will be communicated, on the basis of an authentic choice, offered by an affirmative and positive decision, prior to the initial, removable and documented treatment.

First-party cookies

These are cookies that are sent to the User's computer or device and managed exclusively by GOC for the better functioning of the Website. The information collected is used to improve the quality of the Website and its Content and your User experience. These cookies make it possible to recognise the User as a recurring visitor to the Website and to adapt the content to offer content that is tailored to their preferences.

Third-party cookies

These cookies are used and managed by external entities that provide GOC with services requested by GOC to improve the Website and the user's experience when browsing the Website. The main purposes for which third-party cookies are used are to obtain access statistics and analyse browsing information, i.e. how the User interacts with the Website.

The following table lists the specific cookies used on this platform:

Help Scout

Name of the cookie	Description	Expiration date
hs-app-id	Unique web widget identifier	Permanent
hs-app-session-id	Web widget session identifier	30 days
hs-user-id	Web widget session identifier	30 days
hs-user-hash	Permanent identifier
hs-visitor-id	Web widget visitor identifier	30 days
hs-visitor-hash	Permanent visitor's identifier
hs-chat-session-id	Chat session identifier	30 days
hs-chat-user-id	Chat user identifier	30 days
hs-chat-visitor-id	Chat visitor identifier	30 days

These cookies are used to provide the Help Scout web widget, which allows visitors to a website to initiate a chat with a support agent. The cookies store information about the visitor's session, the user and the chat.

The hs-app-id and hs-app-session-id cookies are used to identify the web widget and visitor session. The hs-user-id and hs-user-hash cookies are used to identify the user of the Web widget. The hs-visitor-id and hs-visitor-hash cookies are used to identify the visitor of the web widget. The hs-chat-session-id, hs-chat-user-id and hs-chat-visitor-id cookies are used to identify the chat session, chat user and chat visitor, respectively.

All cookies, except hs-app-id, expire after 30 days. The hs-app-id cookie is permanent, as it is necessary to identify the web widget.

Youtube

Name of the cookie	Description	Expiration date
VISITOR_INFO1_LIVE	Unique visitor identifier	24 hours
YSC	Unique visitor identifier	24 hours
IDE	Unique visitor identifier	24 hours
YOUTUBE_ACTIVITY_TRACKING	Unique identifier of user activity	Permanent

These cookies are used to provide and improve the YouTube service, as well as to collect statistical data on YouTube usage.

The VISITOR_INFO1_LIVE cookie is used to identify the visitor to the website that embeds the YouTube video. The YSC cookie is used to identify the video being played. The IDE cookie is used to identify the user's session. The YOUTUBE_ACTIVITY_TRACKING cookie is used to collect statistical data about the user's use of YouTube.

All cookies, except VISITOR_INFO1_LIVE, expire after 24 hours. The VISITOR_INFO1_LIVE cookie expires after 24 hours, but is automatically renewed each time the user visits the website that embeds the YouTube video.

You can obtain more information about cookies, privacy information, or consult the description of the type of cookies used, their main characteristics, expiration period, etc. at the following link(s):

· https://www.helpscout.com/company/legal/privacy/The entity(ies) in charge of providing cookies may disclose this information to third parties, provided that it is required by law or that this information is processed by a third party for such entities.

· https://www.helpscout.com/company/legal/privacy/

Disabling, rejecting, and deleting cookies

The User can disable, reject and delete cookies – in whole or in part – installed on their device through the settings of their browser (including, for example, Chrome, Firefox, Safari, Explorer). In this regard, the procedures for rejecting and deleting cookies may differ from one Internet browser to another. Consequently, the User must refer to the instructions provided by the Internet browser they are using. In the event that you refuse the use of cookies – in whole or in part – you may continue to use the Website, although you may be limited in the use of some of its features.

Changes to the Cookies Policy

It is possible that the Website's Cookies Policy may change or be updated, so it is recommended that the User review this policy each time they access the Website in order to be adequately informed about how and for what purpose we use cookies.

VI. LINKING POLICY

It is reported that the GOC Website makes or may make available to Users means of links (such as, among others, links, banners, buttons), directories and search engines that allow Users to access websites belonging to and/or managed by third parties.

The installation of these links, directories and search engines on the Website is intended to make it easier for Users to search for and access the information available on the Internet, without being considered a suggestion, recommendation or invitation to visit them.

GOC does not offer or market, by itself or through third parties, the products and/or services available on such linked sites.

Likewise, it will not guarantee the technical availability, accuracy, veracity, validity or legality of sites that are not its property and that can be accessed through the links.

Under no circumstances will GOC review or control the content of other websites, nor does GOC approve, examine or endorse the products and services, contents, files and any other material existing on such linked sites.

GOC does not assume any responsibility for any damages that may occur due to the access, use, quality or legality of the contents, communications, opinions, products and services of websites not managed by GOC and that are linked to this Website.

The User or third party who makes a hyperlink from a web page of another, different, website to the GOC Website must be aware that:

The reproduction – in whole or in part – of any of the Contents and/or Services of the Website is not permitted without the express authorisation of GOC.

Any false, inaccurate or incorrect statement about the GOC Website, or about its Contents and/or Services, is also not permitted.

With the exception of the hyperlink, the website on which the hyperlink is established will not contain any element of this Website protected as intellectual property by the Spanish legal system, unless expressly authorised by GOC.

The establishment of the hyperlink does not imply the existence of a relationship between GOC and the owner of the website from which it is made, nor the knowledge and acceptance by GOC of the contents, services and/or activities offered on said website, and vice versa.

VII. INTELLECTUAL AND INDUSTRIAL PROPERTY

GOC, by itself or as an assignee, is the owner of all the intellectual and industrial property rights of the Website, as well as the elements contained therein (including but not limited to, images, sound, audio, video, software or texts, trademarks or logos, colour combinations, structure and design, selection of materials used, computer programs necessary for its operation, access and use, etc.). They will be, therefore, works protected as intellectual property by the Spanish legal system, and both Spanish and EU regulations in this field will be applicable to them, as well as the international treaties related to the subject and signed by Spain.

All rights reserved. Under the provisions of the Intellectual Property Law, the reproduction, distribution and public communication, including the way in which it is made available, of all or part of the contents of this website, for commercial purposes, in any medium and by any technical means, without the authorisation of GOC, are expressly prohibited.

The User undertakes to respect GOC's intellectual and industrial property rights. You may view the elements of the Website or even print them, copy them and store them on your computer's hard drive or on any other physical medium as long as it is exclusively for your personal use. The User, however, may not delete, alter, or manipulate any protection device or security system installed on the Website.

In the event that the User or third party considers that any of the Contents of the Website constitutes a violation of intellectual property protection rights, they must immediately notify GOC through the contact details in the GENERAL INFORMATION section of this Legal Notice and General Conditions of Use.

VIII. LEGAL ACTIONS, APPLICABLE LAW AND JURISDICTION

GOC reserves the right to bring any civil or criminal action it deems necessary for the improper use of the Website and Contents, or for the breach of these Conditions.

The relationship between the User and GOC shall be governed by the regulations in force and applicable in the Spanish territory. In the event of any dispute arising in relation to the interpretation and/or application of these Conditions, the parties shall submit their conflicts to the ordinary jurisdiction, submitting to the corresponding judges and tribunals in accordance with the law, if there is an exclusive forum or, otherwise, to the competence of the Courts and Tribunals of Barcelona capital.

Cookie Warning