Information pursuant to art. 13 Regulation (EU) 216/679 of the European Parliament and of the Council, dated 27/04/2016, concerning the protection of individuals with regard to the processing of personal data (for the sake of brevity GDPR 2016/679)
1. Data Controller and Data Processors – art. 13 c.1 letter a, b GDPR 2016/679:
The data controller is Tialfarma srl, to which the customer/user of the website can contact to exercise the rights recognized by the GDPR and to know the updated list of all data processors.
2. Interested:
The term “interested” refers to the subject to whom the personal data refer.
3. Purpose and legal basis of processing – art. 13 c. 1 letter d, d, GDPR 2016/679:
The personal data provided by the customer may only be processed for the following purposes:
- registration on the site and order processing;
- sending service communications related to orders sent/bookings recorded.
In the presence of data relating to health, the legal basis of the treatment is the explicit consent to the processing of such personal data for the aforementioned purposes (Article 6.1.a and 9.2.a GDPR). The email address may also be used to send commercial communications for direct sales purposes. In this case, the basis of the treatment is an exemption provided by law (so-called soft-spam) provided that these are goods or services similar to those sold. No further processing is envisaged based on the legitimate interests pursued by the data controller.
4. Types of data processed:
- Common data
- Health data.
5. Communication and dissemination of data – art. 13 paragraph 1 letter e, f GDPR 2016/679:
The data may be made accessible only to parties authorized to process or appointed persons responsible (for example: persons in charge of databases /IT tools).Data will not be disclosed.
6. Processing methods and data retention times – art. 13 paragraph 2, letter to GDPR 2016/679:
The processing of personal data consists in the collection, registration, organization, conservation, communication of the same data. The processing of personal data is carried out for the purposes set out above, in accordance with the provisions of art. 5 of the European regulation on paper and/or IT support and/or by electronic means (sms, whatsapp), in full compliance with the rules of lawfulness, legitimacy, confidentiality and security required by current legislation. The data will be kept for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed (management of contractual relationship, fulfillment of legal obligations).
7. Rights of the interested party – art. 13 paragraph 2 letter b, c, GDPR 2016/679:
The interested party has the right to obtain access to personal data and to correct them. The interested party, in the cases provided by law, for legitimate reasons has the right to obtain the cancellation of the same or the limitation of the treatment that concern him or to oppose their treatment.
For the processing of data for commercial/promotional purposes, the data subject has the right to object to such communications at any time without prejudice to the lawfulness of the treatment based on the exemption indicated above before the revocation. The interested party has the right to lodge a complaint with the supervisory authority – Guarantor for the protection of personal data.
8. Nature of the provision of personal data and consequences of any refusal to respond – art. 13 paragraph 2, letters e, f, GDPR 2016/679:
The provision of personal data is optional. Any refusal to provide them may result in the inability to use the services of the website. With regard to sending emails for direct sales purposes, the data subject may object to the treatment at any time for free. With regard to the data of the customer/user of the website, there is no automated decision-making process, nor a treatment that involves the profiling of the customer/user.