Your privacy is important for Bios & Derma srl.
Bios & Derma, with registered office in via Tommaso Abbate, 49 – 30020 – Quarto d’Altino (VE), has drawn up this document, concerning the processing of your personal data, how and why we collect them and how we manage them.
We remind you that for processing of personal data must be understood any operation or complex of operations, performed with or without the aid of electronic tools, concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion and destruction of data, even if not registered in a database.
This information applies when you visit our website or our social media channels; when you buy our products; when you subscribe to our newsletter or request information or you are a supplier, partner, consultant or any other person who has business relations with Bios & Derma srl.
The information and data provided by you will be processed in compliance with the applicable laws and regulations (including, but not limited to, the General Data Protection Regulation – EU Regulation 2016/679 – General Data Protection Regulation or “GDPR “).
The data processing carried out by STS Group srl will be based on principles of correctness, lawfulness, transparency, accuracy, integrity, confidentiality, purpose limitation and data retention and minimization.
THE LEGAL BASIS OF OUR PROCESSING OF YOUR PERSONAL DATA
Bios & Derma bases the processing of your personal data on different legal bases:
- your consent (only when necessary or permitted by law). In this case you will still have the right to revoke it;
- the need to establish a contractual relationship and fulfill the obligations arising from it;
- the need to comply with applicable laws and to establish, exercise or defend against legal actions;
- the need to pursue its legitimate interests: ensure that the information is secure, prevent or investigate alleged or actual violations of the law, commercial contracts or cases of non-compliance with its business principles;
- the need to respond to your requests;
- any other legal basis permitted by current regulations.
WHAT KIND OF PERSONAL DATA WE TREAT, WITH WHAT PURPOSES AND FOR HOW LONG TIME WE PRESERVE
a) Navigation data
For the correct operation of the Bios & Derma srl site and the services provided, IT systems and software procedures are required which, during their normal operation, acquire some personal data, the transmission of which is implicit in the use of internet communication protocols. These are data that are not collected to be associated with identified subjects, but that by their very nature could, through processing and association with data held by third parties, allow users to be identified (eg IP addresses). These data are used only for anonymous statistical information concerning the use of the service and to verify its correct functioning and are kept for the strictly necessary period and in any case in compliance with current regulations.
b) Customer data
In order to allow the fulfillment of the orders provided for in the contractual agreements, the conduct of marketing activities and comply with the tax obligations and required by current regulations, Bios & Derma srl will collect the following customer data: Name – Surname – Company name (in case of a person other than a private individual) – Tax code – VAT number (in case of a person other than private) – Address – City – Cap – Province – Telephone numbers – E-mail addresses. These data will be kept for the purposes of selling the products, as well as for promotional activities and for the duration of 10 years from the termination of the contractual relationship. For tax purposes and for other obligations under the law, the same data will be kept for 10 years, unless the law allows a longer retention period, also due to the accrual of the prescription of any rights claimed by third parties.
c) Supplier data
In order to ensure the smooth running of the employment relationship we need contact details of the relevant parties operating within the supplying company (such as names, surnames, telephone numbers and e-mail addresses). We also need all the data necessary for issuing the invoice, as well as the bank details necessary to pay for the services purchased (if it is part of the stipulated contractual agreements). For the aforementioned purposes, the data will be kept for a period of one year starting from the termination of the contractual relationship. For fiscal purposes and for the other obligations foreseen by the law, the data will be kept for 10 years, unless the law allows a longer retention period, also due to the accrual of the prescription of any rights claimed by third parties.
d) Data of third parties provided by the interested party
It may happen that you provide third party data to request a shipment or to differentiate billing contacts. In this circumstance you will be the exclusive owner of the processing of the aforesaid data with obligations and responsibilities of the attached law. These data will be stored exclusively for tax purposes (invoicing) for a period of 10 years and for a period of 6 months from the date of receipt of the goods, unless the law imposes or allows a longer retention period.
f) Traffic data
The Bios & Derma srl informs you of the existence of the register of links (LOG), in which the data relative to the electronic traffic are kept, within the terms and according to the timescales envisaged by the law. After the period of preservation required by law, and unless otherwise specified by the Authority by administrative or judicial ruling, the above data will be destroyed and the possibility of obtaining a copy will no longer be guaranteed.
HOW WE MANAG YOUR DATA FOR PROMOTIONAL PURPOSES
Bios & Derma srl may send you via e-mail, via telephone and social networks of other parties, marketing communications relating to its products, promotions or events.
Before starting any marketing activity and if required by the laws in force, we will ask you to provide us with the consent, which you can still withdraw by sending an e-mail PEC request to firstname.lastname@example.org. Even in case of revocation of the consent to receive marketing communications, you can still receive other types of communications (for example important notices of a technical or administrative nature).
WHO IS THE OWNER OF THE PROCESSING OF PERSONAL DATA
The holder of the treatments carried out through the site is Bios & Derma srl with headquarters in ViaTommaso Abbate, 49 – 30020 – Quarto d’Altino (VE) ,.
The owner and manager of personal data can be contacted at the following PEC address email@example.com for all information relating to the processing of personal data and to provide a list of all the managers involved in the management.
WHO ARE THE ADDRESS OF PERSONAL DATA
The recipients of the collected personal data are:
- people, companies, professional firms that provide accounting, administrative, tax or legal consulting services to Bios & Derma srl;
- subjects with whom Bios & Derma srl interacts for the provision of services;
- subjects providing services related to the collection of payments (for example, bank transfer, credit card);
- any subjects that perform maintenance activities of network equipment and communication networks;
- other bodies or authorities which, for reasons or legal obligations, need to communicate their personal data;
- persons authorized by Bios & Derma srl to carry out activities necessary for the provision of services (with a legal obligation of confidentiality).
The complete list of data processors can be requested by sending a PEC e-mail to firstname.lastname@example.org.
WHICH RIGHTS CAN EXERCISE
As an interested party you can exercise the rights referred to in Articles from 16 to 22 of EU Regulation 679/16:
Art. 16 – Right of rectification
You have the right to obtain from the data controller the correction of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
Art. 17 – Right to cancellation
You have the right to obtain from the data controller the deletion of your personal data without undue delay and the data controller is obliged to cancel your personal data without undue delay if one of the following reasons exists:
- personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; 4.5.2016 EN Official Journal of the European Union L 119/43
- withdraw the consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and whether there is no other legal basis for the processing;
- opposes the processing pursuant to Article 21 (1), and there is no legitimate overriding reason to proceed with the processing, or opposes you to the processing pursuant to Article 21 (2);
- personal data have been processed unlawfully;
- personal data must be deleted to fulfill a legal obligation under Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the information society service offer referred to in Article 8 (1).
The data controller, if he has made public personal data and is obliged, pursuant to paragraph 1, to delete them, taking into account the available technology and implementation costs, takes reasonable steps, including technical ones, to inform the data controllers that are processing the personal data of your request to delete any link, copy or reproduction of your personal data.
Paragraphs 1 and 2 shall not apply to the extent that treatment is necessary:
- for the exercise of the right to freedom of expression and information;
- for the assessment, exercise or defense of a right in court.
Art. 18 – Right to limit the processing
You have the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
- contexts the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
- the processing is illegal and you oppose the cancellation of personal data asking instead that its use is limited;
- although the data controller no longer needs it for processing purposes, your personal data are necessary for the assessment, exercise or defense of a right in court;
- you are opposed to the processing pursuant to Article 21 (1), pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the data subject.
If the processing is limited in accordance with paragraph 1, such personal data shall be processed, except for storage, only with your consent or for the assessment, exercise or defense of a right in court or to protect rights of another natural or legal person or for reasons of a significant public interest of the Union or of a Member State. L 119/44 EN Official Journal of the European Union 4.5.2016 3.
If you have obtained the treatment limitation pursuant to paragraph 1, you are informed by the controller before the limitation is revoked.
Art. 19 – Right to obtain notification from the data controller in cases of rectification or cancellation of personal data or cancellation of the same
The controller shall inform each of the recipients to whom the personal data have been transmitted of any correction or cancellation or limitation of the processing carried out in accordance with Article 16, Article 17 (1) and Article 18, unless proves impossible or involves a disproportionate effort. The data controller will inform you of these recipients if you request it.
Art. 20 – Right to portability
You have the right to receive, in a structured format, commonly used and readable by automatic device, the personal data concerning you provided to a data controller and you have the right to transmit this data to another data controller without impediments by the data controller to whom you have provided them if:
- processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract within the meaning of Article 6 (1) (b) ;
- the treatment is carried out by automated means.
In exercising your rights to data portability pursuant to paragraph 1, you have the right to obtain direct transmission of personal data from one controller to another, if technically feasible.
The exercise of the right referred to in paragraph 1 of this Article is without prejudice to Article 17.
The right referred to in paragraph 1 must not affect the rights and freedoms of others.
Art. 21 – Opposition right
You have the right to object at any time, for reasons connected to your particular situation, to the processing of personal data concerning you pursuant to Article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions. The data controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms or for the assessment, exercise or defense of a right in court. If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling in so far as it is connected to such direct marketing. If you oppose the processing for direct marketing purposes, personal data will no longer be processed for these purposes. 4.5.2016 EN Official Journal of the European Union L 119/45 4. The right referred to in paragraphs 1 and 2 shall be explicitly brought to your attention and shall be presented clearly and separately from any other information at the latest at the time of the first communication with you. In the context of using information society services and without prejudice to Directive 2002/58 / EC, you can exercise your right to object by using automated means that use technical specifications. Where personal data is processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1), you, for reasons connected with your particular situation, have the right to object to the processing of personal data concerning you, unless the processing is necessary for carrying out a task of public interest.
Art. 22 – Right to refuse the automated process
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that affect you or which significantly affects your person. Paragraph 1 shall not apply if the decision:
- is necessary for the conclusion or execution of a contract between you and a data controller;
- is authorized by the law of the Union or of the Member State to which the controller is subject, which also specifies appropriate measures to protect your rights, your freedoms and your legitimate interests;
- is based on your explicit consent.
In the cases referred to in paragraph 2 (a) and (c), the controller shall implement appropriate measures to protect your rights, your freedoms and your legitimate interests, at least the right to obtain human intervention from the controller , to express their opinion and to challenge the decision.
The decisions referred to in paragraph 2 shall not be based on the particular categories of personal data referred to in Article 9 (1), unless Article 9 (2) (a) and (g) applies and not appropriate measures are in place to protect your rights, your freedoms and your legitimate interests.
In this sense, you will be able to access your data for:
- Verify its veracity
- Change them if they become inaccurate
- Integrate them also with a supplementary declaration
- Request cancellation
- Limit the treatment
- Opposing the treatment
The data controller is obliged to respond without undue reason.
CANCELLATION OF DATA
The Bios & Derma srl in compliance with the corresponding right of access to the interested party, has set up procedures for which you can request cancellation without unjustified delay of your personal data or limitation of the processing of personal data concerning you for the following reasons:
- Because the data are no longer necessary for the purposes for which they were collected
- Because you have revoked your consent
- Because you oppose the treatment
- Because the data is treated illegally.
You can exercise the aforementioned rights by writing to the PEC email email@example.com.
This privacy statement is effective from 24.05.2018 and STS Group may modify or update its content.
You will be informed of these circumstances and the changes will be effective as soon as they are published on our website www.biosederma.it