Version 2.2 (25th of May 2018)
1. Data Controller
2. Purposes of the data processing
3. Nature of data provision
4. Categories of data processed
5. How are processed the data?
6. To whom can the collected data be disclosed?
7. Which are the data subject’s rights?
8. Contact point
1. DATA CONTROLLER
1. The Controller of the processing of personal data of the users is Natsabe sas, via Andrea Costa, 121, 40134 Bologna, P.Iva 03968470371 R.E.A. BOLOGNA 181434 e-mail: firstname.lastname@example.org, PEC: email@example.com (hereinafter referred to as “the Controller” or “the Company”).
2. PURPOSES AND METHODS OF DATA PROCESSING
1. By accessing and visiting this Website, as well as receiving the services offered to users through the Site, information concerning the user as an identified or identifiable natural person can be collected and processed. In the event that personal data are acquired, they will be processed in compliance with the current legislation on the personal data protection and only to meet the following purposes:
a) purposes strictly related and instrumental to allow the user to access and use the Site, its features and the services required;
b) to create a personal account, for e-commerce purpose, or for the execution of the requested service;
c) to comply with any obligation provided for by law and European legislation;
d) for internal operational and management purposes relating to the services offered through the Website;
e) for statistical purposes, in a completely anonymised and aggregate form;
f) sending newsletters.
2. In cases where explicit and voluntary consent has been provided, the data of the users of the Website collected for the aforementioned purposes may also be processed for for marketing and / or commercial promotion purposes, including paper and / or digital advertising material, with regard to the services and / or products offered by Natsabe. More details are available at the art. 4.3.
3. NATURE OF DATA PROVISION
1. The provision of personal data is mandatory for the purposes referred to in Article 2, paragraph 1, as the legal basis of the processing is contractual obligations, the performance of the services required by the user, or the use of the Site or any additional service made available through the Site that may be expressly required (as for the newsletter service). Any failure to provide such consent will therefore prevent the performance of the services required; however, it will be possible to visit the Site without providing any personal data, even if some features may not be available and some services not provided.
2. The provision of personal data for the purposes referred to in art. 2, paragraph 2, is optional, as the legal basis of the processing is the user’s consent, always free and optional. In the absence of explicit consent, these services will not be provided (the user will not receive the newsletter) without further consequences. If the user does not intend to provide his consent for these purposes, he may also use the Website and services for the purposes referred to in art. 2, paragraph 1, without prejudice.
3. In particular, the consequences of failure to provide personal data will always made explicit and strictly related to each service: for example, any refusal of consent to a given processing may prevent the consultation of the Site and the use of its features (as for the cookies) or the receipt of the newsletter (in the case of the newsletter service offer). Therefore, the user will be adequately informed for each specific case; anyway, it will be possible to consult the Website even denying consent to the processing of personal data, when required; in this case, some features may not be available.
4. CATEGORIES OF DATA PROCESSED
Different types of personal data may be processed and treated differently, depending on the services rendered.
4.1 Navigation data
The information systems and software procedures used to the operation of this web site acquire personal data as part of their standard functioning. Such information is not collected in order to relate it to identifiable data subjects, however, it may allow User identification after being processed and matched with data held by third parties.
This data category includes the: IP addresses or names of computer domains used by visitors who access the website; URI (Uniform Resource Identifier) addresses of the requested resources; time of request; method used to submit the request to the server; size of the file obtained in response; numerical code indicating the status of the response from the server and other details relating to the operating system and the information environment of Users. This data is used only to obtain anonymous statistical information about the website and to check its correct functioning, and is deleted immediately after processing. This data may also be used to ascertain responsibility in the case of possible computer crimes against the website. Excepting this, data on web contacts is not stored for more than seven days. As for cookies, please refer to paragraph 4.4.
4.2.1 Data supplied voluntarily by the User (messages)
The voluntary and explicit sending of communications by means of contact forms supplied by the site or by e-mail emails to the contact addresses on this website will entail the subsequent acquisition of the sender’s data, including his e-mail address, and the consent to receive replies to his request.
The personal data provided herein are used solely for the purpose of responding to the submitted requests and are disclosed to third parties only if this is necessary for that purpose. The data will be stored for the times prescribed by law.
4.2.2 Data supplied voluntarily by the User (advertising materials and/or quotes)
Users can voluntarily provide personal information to Vitamin Center
in the context of a service they requested by them. Such provided data may be used to send e-mail communications relating to services similar to those previously required by the user, pursuant to art. 130, paragraph 4 of the Italian Legislative Decree n. 196/2003, without the need for express and prior consent (“soft spam”). Each message includes a notice that its recipient can at any moment revoke his/her consent without formalities to such processing of personal data. Data subject can request the Data Controller to delete or anonymize his/her personal information.
The newsletter is sent by e-mail to those who explicitly request it, by filling out the appropriate form on the Website and authorizing the Data Controller to process their personal data for the aforementioned purpose.
Consent: The provision of data is mandatory only for the purpose of receiving the newsletter and any failure to provide it will prevent to use the service, without further consequences.
Purpose: The personal data provided by users will be processed only for the purpose to send the newsletter and will not be disclosed to third parties.
Modalities: The data collected will be processed with IT tools and/or automated means; specific security measures are adopted in order to prevent loss, unlawful use or to prevent unauthorized access to the Site.
Removal from the service: in order to stop receiving the newsletter, simply select the link for removal at the end of each e-mail or send a specific request to the e-mail address firstname.lastname@example.org.
The erasure could be managed automatically, so that further newsletters whose submission had been planned before the reception of his cancellation request may be received for a period subsequent to such request, in any case for no longer than 72 hours.
What is a cookie? Cookies are information stored by the browser when you visit a Web Site using a PC, smartphone or tablet. Each cookie contains several pieces of data (e.g. the name of the server from which it originates, a numeric identifier, etc.). Cookies can remain in the system for the duration of a session (until the closing of the browser), or for long periods, and may contain a unique identifier.
What are they used for? Cookies are used for different purposes, depending on their type: some are strictly necessary for the correct function of the Web Site (technical cookies), whereas others optimise performance in order to provide the User with a better experience while they are visiting the Web Site. In addition, cookies allow Web Site usage statistics to be obtained, such as cookies analytics; others are for the purpose of displaying advertisements (in some cases advertisements are targeted based on cookie profiling).
How can you disable them? You can disable cookies either through your browser settings (paragraph 4.4 “How to disable cookies?”), or through the mechanisms made available by a third party (paragraph 4.3 “Specific types of cookies used on the site”).
4.4.2 General types of cookies used on the Web Site
Technical cookies (first party): these are essential for the proper operation of this Web Site.
Analytics cookies (third-party): are used to create User profiles in order to send advertising messages in accordance with the preferences expressed by the User during the browsing, by using a third-party service.
4.4.3 How to disable cookies?
Control via browser: The browsers commonly used (e.g. Internet Explorer, Firefox, Chrome, Safari) accept cookies by default, but this setting can be changed by the User at any time. This applies to both PCs and mobile devices like tablets and smartphones, and it is a function generally and widely supported.
Therefore, cookies can easily be disabled or turned off by accessing the browser’s options or preferences, and in general third-party cookies can also be blocked. As a general rule, these options will only have an impact on that browser and on that device, unless there are active options to synchronize the preferences on different devices. Specific instructions can be found on the Options page or Help page of the browser itself. Disabling technical cookies, however, may affect the full and/ or proper functioning of different sites, including this one.
Normally, browsers used today:
• offer the “Do not track” option, which is supported by some websites (but not all). Thus, these websites are no longer able to collect certain navigation data;
• offer the option of anonymous surfing or incognito mode: in this way, data will not be collected in the browser and browsing history will not be saved, but the navigation data may still be acquired by the operator of the Web Site that was visited;
• allow the deletion of cookies stored in whole or in part, but after visiting a Web Site again they are usually installed, where such possibility is not blocked.
Below are links to the support pages for the most popular browser (with instructions on how to disable cookies on these browsers):
Internet Explorer (http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11);
Safari (iOS)( https://support.apple.com/it-it/HT201265 );
Chrome (desktop: https://support.google.com/chrome/answer/95647?hl=it; Android e iOS https://support.google.com/chrome/answer/2392971?hl=it).
Third-party cookies: these may be disabled either using the methods described above, or by referring to each third party (following the links listed in the previous paragraph).
On-line tools: You may note that from http://www.youronlinechoices.com/ you can not only learn more about cookies, but also check the installation of numerous cookies on your browser and/or device and, if supported, also disable them.
5. HOW THE DATA ARE PROCESSED
1. Data will be managed lawfully and used only for the aforementioned purposes. It will be processed using suitable means to guarantee its security and confidentiality, using the most appropriate means (hard copy or electronic) to store, manage and transmit the data. This data will be retained for the period stipulated under the relevant law.
6. TO WHOM CAN THE COLLECTED DATA BE DISCLOSED?
1. The processing operations related to the web services of this Site take place at the Data Controller's premises and are only handled by internal and/or external technical staff specifically delegated for processing. In particular, where necessary and only with prior consent, the data may be disclosed to third parties whose collaboration is needed for the performance of the services offered. The data collected via the web, or in any case arising from web services, may be disclosed to the technological and instrumental partners who cooperates with the Data Controller to provide the services required by users, always in compliance with the purposes set forth in article 2. To this purpose, the subjects who will have access to personal data will be specifically authorized for processing by the Data Controller and, if due, appointed as Data Processors, pursuant to Articles 28 and 29 of the GDPR.
2. The data collected for the aforementioned purposes may also be disclosed to subjects authorized under the relevant legislation.
3. A list of the subjects to whom the Data Controller discloses the personal data collected for the aforementioned purposes is available and can be consulted at the Data Controller’s office and can be requested at the addresses indicated above.
7. WHICH ARE THE DATA SUBJECT’S RIGHTS?
1. The interested party is the natural person, identified or identifiable, to whom the personal data processed relates and, therefore, the user who accesses the Site and who, if necessary, requests the provision of services by the Data Controller.
2. Each data subject have the right of access at any time to personal data which have been collected concerning him or her (right of access) in order to be aware of, and verify, the lawfulness of the processing. The data subject is also entitled to exercise all the existing rights pursuant to the current national and European legislation on the personal data protection (set forth in the Italian Legislative Decree n. 196/2003 and the EU Regulation No. 2016/679 and subsequent amendments and additions): in particular, he/her may request at any time the rectification and updating of incorrect or inaccurate data, the limitation of the processing and the erasure of the same (right to be forgotten), as well as lodging a complaint to the Data Protection Supervisory Authority .
3. With reference to personal data processed by automated means, the data subject may also receive data concerning him or her in a structured, commonly used, machine-readable and interoperable format, and to transmit them to another data controller (right to data portability).
8. CONTACT POINTS
Any request regarding the processing of personal data and any communication concerning the exercise of their rights may be addressed to the Data Controller by sending a communication via e-mail, to email@example.com, via PEC, to firstname.lastname@example.org, by mail to Natsabe sas, via Andrea Costa, 121, 40134 Bologna, Italy.