This information note was drawn up by the company GP DERMAL SOLUTION S.R.L. in accordance with EU Regulation no. 679/2016 and Legislative Decree 10 August 2018, n. 101, which adapted the Code regarding the protection of personal data to the Community provisions, Legislative Decree no. 30 June 2003, no. 196, in order to describe how the site is managed www.gpdermal.com (hereinafter also "Site") and the services made available, through the Site, by the same company, in relation to the processing of the personal data of the user who consults the Site and / or uses the services contained therein (hereinafter also " User").
1. HOLDER OF THE TREATMENT AND CONTACTS
The Data Controller and site manager is the company GP DERMAL SOLUTION S.R.L., with registered office in 37122 - Verona (VR), Piazza Renato Simoni n. 3, VAT number 04430740235, and with operational headquarters in 29121 - Piacenza (PC), Corso Vittorio Emanuele II n. 165.
The contact details that the user can use to contact the Data Controller are as follows: email address firstname.lastname@example.org, no. by telephone 0523 318506, registered letter to be sent to one of the above addresses.
2. PURPOSE AND LEGAL BASIS OF THE PROCESSING
By accessing the Site, the User can use the services made available by GP DERMAL SOLUTION S.R.L., such as the sale online of dermo-cosmetic products and related pre and post-sales assistance services (e.g. creation of the cart, home delivery), registration of your account, browsing the Site, requesting information in the "can't you find our products? Click here to send us your request"Of the Site, release of reviews in the reserved area or in the dedicated sections on tested and purchased products and any other service made available to the user by the company.
The processing of User data collected while browsing the Site and in the final phase of the purchase of dermo-cosmetic products does not involve particular categories of personal data and is carried out in full compliance with the principles of transparency, correctness, relevance and lawfulness. Therefore, the information present on line about the therapeutic areas in which GP DERMAL SOLUTION S.R.L. is present with its research activities and the dermo-cosmetic products offered to the user do not intend to provide any medical-health advice or diagnosis, but the user is invited to contact only his own doctor for any therapeutic need and / or diagnostics.
The processing is aimed at the correct and complete execution of the activities resulting from the purchase of the products offered by the company and for the provision of the service requested by the User. The user's personal data will also be processed in order to fulfill the tax and accounting obligations related to the purchase made, or in any case to those obligations imposed by the applicable internal and supranational legislation. If the Data Controller intends to further process the user's personal data for one or more purposes other than that for which they were collected, the necessary information will be provided to the user before such further processing and, where necessary, consent will be collected.
When completing the order linked to the purchase of one or more products on the Site - "shop" area, the buyer can enter his telephone contact, thus consenting to receive text messages relating to the status of the order . At any time, if you no longer intend to receive update messages, the user is granted at any time to reply "STOP" to the last notification received to stop receiving messages.
Once the purchase has been made, the user will have the opportunity to create their own account on the site.
3. METHOD OF TREATMENT OF PERSONAL DATA
The processing of data is also carried out with the aid of electronic or automated tools, and consists in the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The processing is carried out by the Data Controller and by any subjects expressly authorized by the Data Controller in this sense (if present, as identified in point sub.1, to whom the Data Controller has provided the appropriate instructions pursuant to art.29 of the EU Regulation, n. .
The Data Controller adopts suitable measures to ensure the security of the processing of personal data provided by the User, in accordance with the provisions of art. 32 of the EU Regulation no. 679/2016.
In its capacity as Data Controller, the Company proceeds, directly or through any identified Managers, to save the personal data of the Users in special servers and to carry out all other processing operations through the staff - of the owner and of the manager - to purpose in charge in the capacity of appointee, or through any external appointees during maintenance operations.
The database is accessible only by authorized parties through methods that guarantee its protection and confidentiality, thanks to the adoption of security measures designed to prevent data loss, illicit or incorrect use and unauthorized access.
4. TYPE OF DATA PROCESSED AND OBLIGATORY
The processing concerns your "ordinary" data, ie those personal data that identify or make identifiable, directly or indirectly, the natural person. Data falling into particular categories, so-called sensitive, referred to in Articles 9 and 10 of the EU Regulation, n. 679/2016.
The provision of personal data intended as personal data, contact data, customer code, product code, order number, tax data, data relating to the products purchased, data relating to the products consulted and / or introduced in the cart, even if not purchased , registration data on the website, navigation data, data required for the eventual release of reviews on the products purchased, payment data in case of purchase, it is mandatory for the pursuit of the purposes referred to in point sub. 1. The refusal to provide the aforementioned personal data therefore does not allow the possibility of using the services indicated by the Site and provided by the Data Controller.
5. COMMUNICATION OF DATA
The User's personal data may be brought to the attention of the Data Controller's employees or collaborators (specifically appointed and authorized for processing by the Data Controller himself), or to external parties, appointed as Data Processors by the Data Controller.
Specifically, the subjects to whom your personal data may be communicated are the following:
to. external subjects who carry out tasks on behalf of the Data Controller in relation to which the current legislation in tax and accounting matters, it provides for the obligation to communicate
b. credit institutions for the management of payments and collections deriving from the execution of the contract;
c. professionals, in order to study and resolve any legal problems;
d. professionals, both natural and legal persons, to whom the Data Controller entrusts any assignments for the carrying out outsourcing activities;
is. companies that offer mail sending services;
f. companies that offer website maintenance and development services;
g. companies that perform shipping, transportation and other after-sales services;
The Data Controller undertakes to rely exclusively on subjects who provide adequate guarantees regarding the adoption of suitable measures to ensure the protection of personal data and will, at the same time, appoint them as Data Processors pursuant to and for the purposes of art. 28 of the EU Regulation no. 679/2016. The list of appointed managers is kept at the headquarters of the owner and the user can view it upon request.
Your personal data are not subject to transfer or dissemination outside the territory of the European Union.
The Site may provide links to third-party sites, deemed of interest to the User. By pressing the link to these links, you exit the Site to enter web domains not owned by GP DERMAL SOLUTION S.R.L. or over which it has no control. In the event that the User decides to click on these links or use these features, he would do so at his own risk, as the company is not responsible for the content or characteristics of third party sites, applications or features.
6. DURATION OF DATA PROCESSING AND STORAGE
User data will be kept for the period necessary to fulfill the purposes described in this Notice. The criteria used to determine these retention periods take into account: (i) the period of time of the existing relationship with the User; (ii) of any legal or commercial obligations to which the company is subject; or (iii) any legal requirements, or faculties, which provide for a longer retention period.
Once the above terms have elapsed, the User's data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation procedures and backup.
In some areas of the Site, such as e-commerce, the User can indicate a third party other than the same User as the recipient of the shipment of the purchased product; in this case, the User may be required to indicate the address and / or name of the recipient and the company undertakes to use such data only to process the User's request, and then immediately delete them from its database, without proceeding with any further processing of the same.
7. USER RIGHTS
The User has the right to request, in accordance with current legislation:
- access to personal data concerning him and that he believes in the possession of the company;
- the correction of personal data collected, where incorrect;
- in some specific cases, the deletion of personal data;
- at any time, that the use of data is ceased where the "legal basis" is represented by your consent, revoking the same, or to oppose the use of data where the "legal basis" is represented by legitimate interests and considers that the legitimate interest of the company does not prevail, or in the event that the purpose for which the data was collected has been exhausted;
- in specific cases, the limitation of the processing of personal data;
- that the use of data for direct marketing purposes is ceased;
- to request a copy of the personal data you have provided to us, in a commonly used format, to transmit them to another Data Controller, in the event that the data are being processed by reason of consent or by virtue of the execution of a contract with the company.
You have the right to request a copy of the personal data held by the company and concerning him.
Where GP DERMAL SOLUTION S.R.L. decides not to follow up on the User's request, the reasons for the refusal will be explained.
The User will also have the right to lodge a complaint with the Guarantor for the protection of personal data of the Member State of residence or domicile or the place where the alleged violation is believed to have occurred.
The exercise of the User's rights can take place by means of a written communication to be sent by email to the address email@example.com o registered letter with return receipt to be sent to the registered office of GP DERMAL SOLUTION S.R.L., in 37122 - Verona, Piazza Renato Simoni n. 3.