Published: 07 April 2017 17:05
PHARMANUTRA INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA
(Privacy code – Legislative Decree. No. 196 of 30/06/2003, – Article 13 – EU Regulation 679/2016 on the processing of personal data – Article 13)
Pharmanutra S.p.a. is the lead company of the Pharmanutra SpA Group, hereafter, for the sake of brevity, referred to as PH.
PH safeguards the privacy of its users and the security of the data processed through websites and has provided a detailed document on the methods by which the activity conforms to the Privacy Rules. This document describes, among other things, which personal data is collected, the purposes for which the personal data is intended, the way the data is processed and the security measures taken to protect it.
The PH rules on privacy contain the information required in accordance with Article. 13 of Legislative Decree. No. 196 of 30 June 2003
(Privacy Code) which transposes Directive 95/46/EC concerning the protection of personal data, and Article 13, EU Regulation No. 2016/679 (hereinafter, “GDPR”), also in accordance with Authorisation No. 2/2008, on the processing of data likely to reveal the state of health, issued by the Authority for the Protection of Personal Data, and Directive 2002/58/EC as amended by Directive 2009/136/EC, on the protection of personal data in electronic communications.
In particular, PH advises that the “data controller” of the processing in accordance with the Privacy Code is Pharmanutra S.p.a., based in Pisa, at via Delle Lenze, No. 216/b, in the person of its President and legal representative pro-tempore, Dr. Andrea Lacorte.
The Portal “www.pharmanutra.it” is a service designed to enable easy, clear use of information relating to Pharmanutra S.p.a. products and services.
Personal data and other information collected are linked to the access and visits to the “www. Pharmanutra.it” Portal and are considered:
1) as mandatory information which, in accordance with Art. 24 letters. a), b), c), Privacy Code, and Art. 6 letters b), e), GDPR, must be collected in order to use the Service and without which PH will be unable to provide the requested access, and may concern:
2) Mandatory/required information for technical reasons, to make available and/or facilitate access to the Portal, and shall be collected, stored and used for short periods;
3) IP address; date and time of access; access status and http status code; volume of data transferred and contents of the request; time zone differences in relation to Greenwich Mean Time (GMT), language settings and browser versions, as well as versions of the operating systems in use;
4) data relating to the content entered by the user (eg comments, check marks and/or functions of “meta tag” shares within the selected “heads”, such as to configure Snippets within search engines) published by the user on the Services;
5) it will be possible to use voice commands for voice control of activities and services. This functionality requires access to certain functions of your device in order to improve the interactive experience. Your consent expressed through the commands of the device will make it possible to collect information for specific purposes, shown in the reference section.
Specifically, with regard to mobile supports:
Location: Your explicit consent will make it possible to collect and use data on the sensors needed to operate the APP services, including the type of device in use, the “touch screen” data and the information from the accelerometer and gyroscope sensors in the device. This information will enable recording of the specific location of your mobile device (using, for example, GPS or Bluetooth). In any event, the recording of your IP address is the basis for determining, for example, in which country you are located, in order to comply with existing legislation and industrial property rights agreements.
Voice: Your explicit consent granting access to the microphone will enable us to improve the interactivity of your experience with our Services. You will still have the option of disabling access to the microphone.
Refusal to communicate data will make it impossible to complete the registration and use the PHN services.
Your authentication information shall be collected and encrypted. Its contribution for the data processing described above is mandatory.
aa) Mandatory/required information relating to product purchasing procedures: each piece of personal data, and all the information collected, are linked to use, also through third party professional operators such as Amazon Service Europe S.a.r.l., whose registered office is located at 5, Rue Plaetis, L-2338 Luxembourg, which has autonomous information available on the addressi “https://www.amazon.it/gp/help/customer/display.html/ref=hp_bc_nav?ie=UTF8&nodeId=200534380” and considered as information that must be collected in order to be able to use the information, sale/purchase service and without which PHN will be unable to provide the products requested: personal details; telephone numbers;
Email addresses; tax code and/or VAT number; IP addresses;
1) as information that can be made optional, subject to your specific and express consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR):
2) for the following purposes of trade and marketing information:
i)sending by email, post and/or messaging, newsletters, sales communication and/or advertising material on products or services offered by PH or, more generally, by the Pharmanutra Group, and determination of the level of satisfaction with the quality of services, which requires the processing of registration and authentication data: name, surname, user name, password, email address, date of birth, gender, address, post code and country.
This type of data is provided by the user optionally, only where required when signing up for the “newsletter” ();http://pharmanutra.us13.list-manage2.com/subscribe?u=3b17999bba7c26ff9ca778958&id=b932f61b01
– information and tools for collecting statistical data to determine the compliance of products with User expectations: Facebook pixels (https://www.facebook.com/business/help/742478679120153);
– Cookies: the “www.pharmanutra.it” Portal uses small text files that are stored in the memory of the terminal through the access browser, for example the User’s preferred language and/or settings, in order to make navigation more agreeable and adapted to the user’s tastes. PH has provided suitable information on the use and distribution of Cookies on its Web page portals, available on “http://www.pharmanutra.it/it/cookie-policy/”
– for the purpose of sharing: information that does not contain identifying and profiling elements shall be shared with the Companies of the Pharmanutra Group and its Partners, to help commercial partners provide us with utilities, services and promotional activities, and to improve the quality of services and products made and assess the possibility of commercial and working collaboration (“https://www.linkedin.com/psettings/privacy”) submitted by you and thus to your own advantage.
Above all, by expressing consent to allow the collection of data for statistical purposes and improvement of interaction between PH and the User, and to receive “exclusive offers and promotions” and/or receive updates about initiatives relating to PH products and those of the Pharmanutra Group in general, or for possible job offers and applications, the User consents and authorises the collection, use, sharing and other processing of their information, including any for advertising purposes.
The data may also be communicated and shared with:
1) staff and consultants of PH and Associated Companies of the Pharmanutra Group;
2) state and public administration financial institutions;
3) judicial authorities and police forces, if PH receives a formal request from the judicial authorities in relation to inquiries, investigations and assessments regarding alleged violation of the rules and rights of third parties;
4) subjects intended for studying and publishing de-identified or aggregated information relating to the use of the Service
Exclusion of processing
In the event of access from mobile support, data relating to the functionality of your hardware support, such as photos and camera, will not be collected or processed; position; geo-location (“touch screen” data, information from the accelerometer and gyroscope sensors of the device concerning the specific position of your mobile device; there is the possibility of interfacing with proximity applications (ie: iBeacon); voice; contacts; data relating to the accesses and preferences shown during the visit.
The “www.pharmanutra.it” portal is designed and intended for use by adults and is not to be used by children under 18 years. PH does not collect personal data from persons stating that they are under 18 years of age.
The use of identity credentials that do not correspond to the user intending to log in constitutes an illegitimate impersonation, and as such constitutes a crime against public faith.
Storage of data
The only data that shall be collected, and to which the previous paragraph a) above refers, will be stored on dedicated servers based in Italy, at the head offices of Holocron S.r.l. Via Marche 8/A, Pisa, for this purpose, where it will be processed in order to enable the functions described in this statement.
Data will not be forwarded outside the European borders without express and reasoned authorisation.
PH guarantees the utmost confidentiality of personal data by means of the most appropriate technologies, in compliance with Italian and European standards regarding minimum security measures to prevent unauthorised access to its databases, loss and/or accidental destruction of data.
Access to personal data will also be enabled for the personnel of all Data Controller operational offices and all other processing sites on which the parties concerned are located: particularly the staff of S.r.l. Calabughi, a company that PH has commissioned for software development and Service functionality management, named the “Data Processor”, in accordance with Art. 29 of the Privacy Code, as well as the
Personnel and Collaborators of PH working in the “Marketing and Communication” sector, and the security staff of the telematic networks, who have been designated as processing “Delegates” in accordance with Art. 30 of the Privacy Code, to provide support for users in relation to the services offered by PH, respond to requests from the Judicial Authorities, check any non compliant behaviour and any other requirement.
Exporting of data
PH distributes and sells its products overseas and is operating in 56 countries located in Europe, Asia, the Americas and Africa (http://www.pharmanutra.it/it/estero) through 27 distributors carefully selected from the best pharmaceutical and nutraceutical companies marketing exclusively in the product and territory. For this reason, your data might flow into one of its overseas databases, even outside the European Community. PH ensures that transfer and storage of the data in the Company’s database will take place, in all foreign countries, in a highly protected manner. In any event, the transfer of data to third parties in these countries will not take place without your explicit, prior consent.
Exercising of the rights of interested parties
PH grants you the opportunity to exercise the rights listed in Art. 7 of Legislative Decree No. 196/2003 and Art. 15 of EU Regulation 679/2016, namely:
1) to obtain information as to whether or not there exists any personal data concerning you, and its communication in an intelligible form;
2) to be informed of: a) the origins of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out using electronic instruments; d) the identification details of the data controller, managers and designated representative, in accordance with Art. 5, paragraph 2 of the Privacy Code and Art. 3, paragraph 1 of EU Regulation 679/2016; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representatives in the territory of the State, managers or delegates;
3) to be informed of: a) the updating, correction and, hypothetically, the integration of data; b) the cancellation, the transformation into anonymous form or blocking of unlawfully processed data, including data whose storage is unnecessary for the purposes for which the data was collected or subsequently processed; c) an attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data has been communicated or disseminated, except in the case where such fulfilment proves impossible or involves the use of means that are clearly disproportionate to the protected rights;
4) to oppose, in whole or in part, the processing of personal data concerning you: a) for legitimate reasons, even if it is relevant to the purpose for which it was collected; b) for the purpose of sending advertising or direct sales material or conducting market research or sales communication, using automated systems and/or via email and/or through the traditional marketing methods of telephone and/or paper mail. It should be noted that the right to opposition may also be exercised in part. The interested party may therefore decide to receive communications via traditional methods only, or automated communications only, or neither of these two types of communication.
5) exercise the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of processing, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
The above-mentioned rights may be exercised by contacting the Data Controller, Pharmanutra S.p.a, whose registered office is located on via Delle Lenze, No. 216/b, Pisa, in the person of its President and legal representative pro tempore, Andrea Lacorte, by registered letter, or alternatively by contacting us at the address firstname.lastname@example.org
An updated list of data processing managers and delegates is kept at the registered office of the Data Controller.
PH undertakes to periodically review, and if necessary update, its technical and organisational measures relating to the security of data processing.