This information note was drawn up by the company GP DERMAL SOLUTION S.R.L. in accordance with EU Regulation no. 679/2016 and Legislative Decree 10 August 2018, n. 101, which adapted the Code regarding the protection of personal data to the Community provisions, Legislative Decree no. 30 June 2003, no. 196, in order to describe how the site is managed www.conciliumcosmetics.com (hereinafter also "Site") and the services made available, through the Site, by the same company, in relation to the processing of the personal data of the user who consults the Site and / or uses the services contained therein (hereinafter also " Interested").
GP DERMAL SOLUTION S.R.L. has always considered the protection of the personal data of its customers and users, actual and / or potential, of fundamental importance.
The term "personal data" refers to the definition contained in art. 4, point 1 of EU Regulation no. 679/2016, namely "any information relating to an identified or identifiable natural person ("data subject"); the natural person is considered identifiable who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social».
The same Regulation provides that, before proceeding with the processing of personal data, it is necessary that the person to whom the personal data belong is informed of the reasons for which such data are requested and how they will be used. The treatment, according to art. 4, point 2 of EU Regulation no. 679/2016, may consist of "any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction».
1. HOLDER OF THE TREATMENT AND CONTACTS
The company that will process the personal data of the interested party for the purposes indicated in the following paragraph no. 2 "purpose and legal basis of the processing"Of this information and that, therefore, will play the role of Data Controller former art. 4, point 7, EU Regulation no. 679/2016, is the company GP DERMAL SOLUTION S.R.L. (hereinafter also the "Owner"), with registered office in 37122 - Verona (VR), Piazza Renato Simoni n. 3, VAT number 04430740235, and with operational headquarters in 29121 - Piacenza (PC), Corso Vittorio Emanuele II n. 165.
The contact details that the interested party can use to contact the Data Controller are as follows:
- email address email@example.com
- phone n. 351 5497161
2. PURPOSE AND LEGAL BASIS OF THE PROCESSING
The processing of the data subject's personal data will be legally based on the relationship that will be created between the latter and the Data Controller pursuant to art. 6, paragraph 1, point b, of EU Regulation no. 679/2016 and it is necessary to allow the interested party:
- to purchase Concilium dermo-cosmetics products, marketed through the Site,
- to respond to requests for information and to allow navigation on the Site,
- to take advantage of any after-sales assistance services,
- registering your own account,
- the use of services such as the creation of the shopping cart or the wish list or home delivery of products purchased online,
- the release of reviews in the reserved area or in the dedicated sections on tested and purchased products,
- benefit from any other service made available by the Owner.
The processing is thus aimed at the correct and complete execution of the activities resulting from the purchase of the products offered by the company. The personal data of the interested party will also be processed in order to fulfill the tax and accounting obligations related to the purchase made, or in any case to those obligations imposed by the applicable internal and supranational legislation.
In addition to the purposes indicated above, the personal data of the interested party may be used for the further purpose of:
- direct marketing, consisting in the performance of promotional activities carried out by GP DERMAL SOLUTION S.R.L. without the presence of intermediaries between it and the customer.
The interested party can subscribe to the mailing list related to the Site, leaving your email address in the appropriate space on the Site. The interested party will be required to confirm his consent by clicking the "Subscribe" item in the automatic email sent to the address previously communicated and entered on the Site. Therefore, by carrying out the previous steps, the interested party agrees to send advertising material, newsletter, promotional and commercial communications relating to products and / or services related to Concilium dermo-cosmetics products, as well as carrying out market studies and / or statistical analyzes.
The legislation recognizes the possibility for the interested party to change his mind at a later time, giving him the ability to revoke the consent previously expressed at any time in an easy and free way, by clicking on the appropriate item "unsubscribe". The information systems of the Data Controller are programmed in such a way as to guarantee the timely updating of the database, in order to avoid continuing to send promotional communications to those who have revoked their consent.
With regard to the purpose of direct marketing, it should be noted that, by virtue of art. 6, paragraph 1, point f) of EU Regulation no. 679/2016, the Data Controller may carry out this activity based on his legitimate interest, regardless of the consent of the interested party and in any case up to his opposition or limitation to this processing, as better explained in Recital 47 of the Regulations. This will also be possible following the assessments made by the Data Controller regarding the possible and possible prevalence of the interests, rights and fundamental freedoms of the interested party who require the protection of personal data on their legitimate interest in sending direct marketing communications.
The contact methods aimed at direct marketing activities can be both automated (e.g. sms messages, emails, etc.) and traditional ones.
As for the contact methods that involve the use of your telephone contacts, we remind you that the direct marketing activities by the Data Controller will be carried out after verifying any registration in the Register of Oppositions, as established pursuant to and for the effects of the DPR 7 September 2010, n. 178 and ss. mm.
If the Data Controller intends to further process the user's personal data for one or more purposes other than that for which they were collected, before such further processing the necessary information will be provided to the interested party in this regard and, where necessary, consent will be collected.
3. METHOD OF TREATMENT OF PERSONAL DATA
Data processing is also carried out with the aid of electronic or automated tools, and consists of the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The processing is carried out by the Data Controller and by any subjects expressly authorized by the Data Controller in this sense, to whom the Data Controller has provided the appropriate instructions pursuant to art. 29 of the EU Regulation, n. 679/2016.
The Data Controller adopts suitable measures to ensure the security of the processing of personal data provided by the interested party, in accordance with the provisions of art. 32 of the EU Regulation no. 679/2016.
In its capacity as Data Controller, GP DERMAL SOLUTION S.R.L. proceeds, directly or through any Managers identified, to save the personal data of the interested parties in special servers and to carry out all other processing operations through the staff - of the owner and of the manager - for this purpose in the capacity of person in charge, or through any external appointees during maintenance operations. The database it is accessible only by authorized parties through methods that guarantee its protection and confidentiality, thanks to the adoption of security measures designed to prevent the loss of data, illicit or incorrect use and unauthorized access.
4. TYPE OF DATA PROCESSED AND OBLIGATORY
The processing concerns the "ordinary" data of the interested party, ie those personal data that identify or make identifiable, directly or indirectly, the natural person. Data falling into particular categories, so-called sensitive, referred to in Articles 9 and 10 of the EU Regulation, n. 679/2016.
Therefore, the information present on line about the therapeutic areas in which GP DERMAL SOLUTION S.R.L. is present with its research activities and the dermo-cosmetic products offered to the interested party, or those provided following the completion of the quiz "What kind of skin do you have?", They do not intend to provide any medical-health suggestions or diagnoses, but the interested party is invited to contact their own doctor only for any therapeutic and / or diagnostic needs.
Access to the "MEDICAL AREA"Present on the Site, reserved exclusively for healthcare professionals enrolled in the Register (eg surgeons, etc.), likewise does not provide for the processing by the Data Controller of the so-called categories particular, but the professional operating in the health sector will be required to indicate only their personal data so-called ordinary to access the restricted area, without having to provide any information on the health status of yourself or the patient.
The provision of personal data intended as personal data, contact data and contractual data (customer code, product code, order number), tax data, data relating to the products purchased, data relating to the products consulted and / or introduced in the cart, even if not purchased, registration data on the Site, navigation data, data required for the eventual release of reviews on the products purchased, data for the execution of payment operations, is mandatory for the pursuit of the purposes indicated in this statement. The refusal to provide the aforementioned personal data therefore does not allow the possibility of using the services indicated on the Site.
The processing of the data of the interested party collected while browsing the Site and in the final phase of the purchase of Concilium dermo-cosmetics products is carried out in full compliance with the principles of transparency, correctness, relevance and lawfulness.
5. COMMUNICATION OF DATA PERSONAL
The personal data of the interested party may be brought to the attention and communicated to specific subjects considered recipients of such data, such as employees or collaborators of the Data Controller (specifically appointed and authorized to process by the Data Controller himself), or external subjects, appointed as Data Processors by the Holder.
Specifically, the subjects to whom the data subject's personal data may be disclosed are the following:
to. external subjects who carry out tasks on behalf of the Data Controller in relation to which the current legislation in tax and accounting matters, it provides for the obligation to communicate;
b. credit institutions for the management of payments and collections deriving from the execution of the contract;
c. professionals, in order to study and resolve any legal problems;
d. professionals, both natural and legal persons, to whom the Data Controller entrusts any assignments for the carrying out outsourcing activities;
f. companies that offer website maintenance and development services;
g. companies that perform shipping, transportation and other after-sales services.
The Data Controller undertakes to rely exclusively on subjects who provide adequate guarantees regarding the adoption of suitable measures to ensure the protection of personal data and will, at the same time, appoint them as Data Processors pursuant to and for the purposes of art. 28 of the EU Regulation no. 679/2016. The list of appointed managers is kept at the headquarters of the owner and the interested party can view it upon request.
The personal data of the interested party are not subject to transfer or dissemination outside the territory of the European Union. The Site may provide links to third-party sites, deemed of interest to the interested party. By pressing the link to these links, you exit the Site to enter web domains not owned by GP DERMAL SOLUTION S.R.L. or over which it has no control. In the event that the User decides to click on these links or use these features, he would do so at his own risk, as the company is not responsible for the content or characteristics of third party sites, applications or features.
6. DURATION OF TREATMENT AND DATA STORAGE
The data of the interested party will be kept for the minimum period necessary to fulfill the purposes described in this Notice. The criteria used to determine these retention periods take into account: (i) the period of time of the existing relationship with the interested party; (ii) of any legal or commercial obligations to which the company is subject; or (iii) any legal requirements, or faculties, which provide for a longer retention period (archiving purposes in the public interest, scientific or historical research, statistical purposes).
Once the above terms have elapsed, the data of the interested party will be destroyed, deleted or made anonymous, compatibly with the technical cancellation procedures and backup.
7. USER RIGHTS
The interested party, in accordance with the provisions contained in EU Regulation no. 679/2016, has the right to request:
- access to personal data concerning him and that he believes in the possession of the company;
- the correction and updating of personal data communicated, if incomplete or incorrect;
- the cancellation of personal data, if the collection took place in violation of a law or regulation;
- opposition to processing for specific and legitimate reasons.
In this regard, all the rights that the interested party may exercise towards the Owner, at any time, are specified below.
- right of access
In accordance with art. 15, paragraph 1 of the Regulation, the interested party has the right to obtain from the Data Controller confirmation that his personal data is being processed or not and, in this case, to obtain access to such data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients to whom your personal data have been or will be disclosed; d) when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the Data Controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the personal data are not collected from the interested party, all available information on their origin; h) the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4 of EU Regulation no. 679/2016 and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing.
- right of rectification
In accordance with art. 16 of EU Regulation no. 679/2016, the interested party can obtain the correction of his personal data that are inaccurate. Furthermore, taking into account the purposes of the processing, you will be able to obtain the integration of your personal data that are incomplete, also by providing a specific supplementary declaration.
- right to cancellation
In accordance with art. 17, paragraph 1 of EU Regulation no. 679/2016, the interested party may obtain the cancellation of his personal data without undue delay and the Data Controller will have the obligation to delete the applicant's data, if there is even one of the following reasons: a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party has revoked the consent on which the processing of personal data is based and there is no other legal basis for their processing; c) the interested party opposed the processing pursuant to art. 21, paragraph 1 or 2 of the Regulation and there is no longer any legitimate overriding reason to proceed with the processing of your personal data; d) your personal data have been unlawfully processed; e) it is necessary to delete your personal data to comply with a legal obligation provided for by a community standard or internal law.
In some cases, as required by art. 17, paragraph 3 of EU Regulation no. 679/2016, the Data Controller is entitled not to proceed with the cancellation of the personal data of the interested party if their processing is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfillment of an obligation by law, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.
- right to limit the processing
The interested party may obtain the limitation of the processing, pursuant to art. 18 of the EU Regulation no. 679/2016, in the event that one of the following hypotheses occurs: a) you have contested the accuracy of your personal data (the limitation will continue for the period necessary for the Data Controller to verify the accuracy of such data); b) the processing is unlawful but you have opposed the cancellation of your personal data, requesting, instead, that its use be limited; c) although the Data Controller no longer needs it for processing purposes, your personal data are used to ascertain, exercise or defend a right in court; d) has opposed the processing pursuant to art. 21, paragraph 1, of the Regulations and is awaiting verification of the possible prevalence of the Data Controller's legitimate reasons with respect to his own.
In case of limitation of the processing, the personal data of the interested party will be processed, except for storage, only with his consent or for the ascertainment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest. GP DERMAL SOLUTION S.R.L. will inform the interested party, in any case, before this limitation is revoked.
- right to data portability
The interested party, at any time, may request and receive, in accordance with art. 20, paragraph 1 of the Regulation, all your personal data processed by the Data Controller in a structured, commonly used and legible format or request their transmission to another data controller without impediments. In this case, it will be your responsibility to provide GP DERMAL SOLUTION S.R.L. all the exact details of the new data controller to whom you intend to transfer your personal data, providing written authorization.
- right to object
In accordance with art. 21, paragraph 2 of the Regulation and as also reaffirmed by Recital 70, the interested party may object, at any time, to the processing of his personal data if these are processed for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing. If the interested party objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
- right to lodge a complaint with the supervisory authority
Without prejudice to the right of the interested party to appeal to any other administrative or judicial office, if he believes that the processing of his data, as conducted by the Data Controller, is in violation of EU Regulation no. 679/2016 and / or applicable legislation, you may lodge a complaint with the competent Personal Data Protection Authority.
To exercise all his rights as identified above, the interested party simply needs to contact the Data Controller in the following ways:
- by sending an e-mail to the mailbox firstname.lastname@example.org
- by sending a registered letter to the registered office of GP DERMAL SOLUTION S.R.L., in 37122 - Verona, Piazza Renato Simoni n. 3.