Last Modified: February 08, 2019
According to European Regulations 2016/679 art. 14
Dear Data Subjects,
L-Nutra Italia S.r.l. considers as something fundamental the tutelage of its real and/or potential customers’ and users’ personal data.
Through this document (hereinafter, the “Policy Privacy”), we intend to renew our task, in order to guarantee that the processing of personal data, which can be made through any procedure (both automated and manual), is compliant with the tutelages and the rights recognised by the Regulation (UE) 2016/679 (hereinafter, the “GDPR” or “Regulation”) and by the further applicable rules on protection of personal data.
With the expression personal data we refer to the definition included in Article 4 (1) of the Regulation, which states that: (i) “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (hereinafter, “Personal Data”).
The Regulation establishes that, before proceeding to this processing – with this expression we refer to the definition included in Article 4 (2) of the Regulation, which says that: “any operation or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction ” (hereinafter, the “Processing”) – of Personal Data, it is necessary to inform the owner of the data about the reason why they are requested and the way, in which they will be used.
In this regard the purpose of this Policy Privacy – written basing on the principle of transparency and on all the elements requested by Article 14 of the Regulation – is to provide you, through a simple and intuitive manner, with all the useful and necessary information, which allow you to give consciously your personal data and to ask and obtain any explanation and/or correction in every moment.
- DATA CONTROLLER
L-Nutra Italia S.r.l., with its registered office in XX Settembre Street, n. 12/2E, Genoa, 16121 (hereinafter, the “registered office”) is the company, which will process your Personal Data according to the main purposes explained in section B of this Policy Privacy, and which will have the role of the data controller according to the related definition included in Article 4(7) of the Regulation, which declares that: “the natural or legal person, public authority, agency other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and the means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law” (hereinafter, the “Data Controller” or “L-Nutra Italia”).
- CATEGORIES OF PROCESSED PERSONAL DATA AND PURPOSES OF THE PROCESSING
The Data Controller has to collect some of your Personal Data in order to (i) make the purchase of the products available and/or (ii) reply to your information requests which come from the contact forms and/or (iii) consent your registration to the newsletter service.
The Processing of your Personal Data will be managed by the Data Controller who will let you purchase the products, receive the newsletter, send information requests and from time to time use all the other services, offered by every website you have registered or in which you are surfing, in particular:
(hereinafter, the “websites”)
The Processing of your Personal Data will legally base on the contractual relationship that will occur between the Data Controller and you, after you have agreed with the conditions of participation you find in the websites (see Article 6, Paragraph 1, B of the Regulation).
In this regard, it will be necessary for the users or the customers to complete the fields with the asterisks [*] with their Personal Data.
If such fields are not filled, it will be impossible to proceed to the operation of Processing of Personal Data and consequently it will be impossible for you to benefit from the other services offered by L-Nutra Italia.
Personal Data requested, will be those reported in the contact form and in the questionnaire, namely by way of explanation: name, surname, birth date, home address, e-mail address, telephone number, mobile phone number.
Finally, data related to your health conditions may also be requested for the “prevention” purposes, explained in the subsequent Section C of this Policy Privacy.
- ADDITIONAL PURPOSES
In addition to the purposes explained in Section B, your Personal Data may be processed for the following and further purposes:
- Prevention: this term means the will of L-Nutra Italia to protect your health, more than your privacy. For this reason, before proceeding with the purchase of Prolon®, you will be subjected to a questionnaire through which you will be asked for your personal data belonging to – according to the dictate of Article 9 of the Regulation – “specific” categories, in order to verify whether your health conditions are compatible with our food program.
- Direct marketing: this term refers to the will of L-Nutra Italia to carry out promotional and / or marketing activities for you and for your interest, in order to provide you with a better service and to promote products and services of your interest, which are sold and / or provided by L-Nutra Italia.
- Profiling: this term refers to any form of automated processing of personal data, which consists in the use of such personal data, in order to evaluate certain personal aspects related to a natural person, and in particular, in order to analyze or predict aspects concerning the professional performance, the economic situation, health, personal preferences, interests, reliability, behavior, location or movement of that natural person.
- Transfer of data to third parties: this term refers to the transmission of data collected by the Data Controller to third parties, in order to receive direct communications for marketing purposes from such third parties.
In regard of the purposes of prevention – point i. –, the processing of your Personal Data will take place only after your expressed, free and aware consent, marking the appropriate box at the bottom of the form for the collection of the data.
In regard of the purpose of direct marketing – point ii. –, it should be underlined that, according to Article 6, paragraph 1 (f) of the Regulation, L-Nutra Italia may carry out this activity basing on its legitimate interest and regardless of your consent, unless you oppose to such processing or you limit it (according to Section G letter d. of this Policy Privacy). This is better explained in the “Whereas” (47) of the Regulation: “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. This will also be possible following the assessments made by the Data Controller regarding the possible prevalence of your interests, fundamental rights and freedoms that require the protection of Personal Data on your legitimate interest in sending direct marketing communications.
As far as the purposes referred to the points iii. and .iv are concerned, the processing will take place only after obtaining your free and explicit consent, through the specific form that will be given to you from time to time.
You may lawfully revoke your consent, even individually, for the purposes of points ii. and iii. and (iv), without compromising in this way the processing for other purposes.
Contact modalities aimed at direct marketing activities, can be both automated and traditional. In any case, as it is better explained in Section G, you can also partially revoke your consent, for example by agreeing only to traditional contact methods.
In regard of the contact methods that provide for the use of your telephone contacts, we remind you that the direct marketing activities managed by the Data Controller will be made after the verification of your possible registration in the Register of Oppositions, as established according to the effects of the D.P.R. of the 7th September 2010, no. 178 and eventual and subsequent amendments or integration.
- SUBJECTS TO WHICH YOUR PERSONAL DATA WILL BE DISCLOSED
Your Personal Data may be disclosed to specific subjects, who are considered recipients of such Personal Data. Indeed, Article. 4 (9) of the Regulation defines the recipient of a Personal Data: “a natural or legal person, public authority, agency or another body to which the personal data are disclosed whether a third party or not” (hereafter, the “Recipient“).
In this regard and in order to carry out in the correct way all the activities of Processing, which are necessary in order to pursue the purposes examined in this Policy Privacy, the following Recipients may process your Personal Data:
- third parties who carry out part of the activities of Processing, or such activities which are connected with them on behalf of the Data Controller. Anyone of these subjects has been individually appointed as data processor, according to Article 4 (8) of the Regulation, which includes “natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller” (hereinafter, the “Data Processor”).
- natural persons, employees and / or collaborators of the Data Controller, who have been entrusted with specific and / or more processing activities on your Personal Data. Such persons have been given specific instructions about the safety and the correct use of Personal Data and are defined, according to Article 4 (10) of the Regulation: “persons, who under the direct authority of the controller or processor are authorized to process personal data” (hereinafter, the “Authorized Persons“).
If required by law or in order to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities, without being defined as Recipient. Indeed, Article 4 (9) of the Regulation affirms: “public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or the Member States law shall not be regarded as Recipients”.
E. TIME OF PROCESSING AND OF STORAGE OF PERSONAL DATA One of the applicable principles to the Processing of your Personal Data concerns the limitation of the period for which the personal data have to be stored, governed by Article 5, paragraph 1 (e) of the Regulation that states: “Personal Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject”.Basing on this principle, your Personal Data will be processed by the Data Controller only for what is necessary in order to pursue the purposes quoted in Sections B and C of this Policy Privacy. In particular, your Personal Data will be processed for a minimum necessary period of time, as indicated in “Whereas” 39 of the Regulation, namely until the end of the contractual relationship between you and the Data Controller, except for the legitimate interest of the Data Controller in preserving them further, according to “Whereas” 47 of the Regulation. Furthermore, your Personal Data will be processed for a minimum necessary period of time which may be imposed by legal provisions in accordance with “Whereas” 65 of the Regulation.
F. WITHDRAWAL AND LIMITATION OF THE CONSENT In accordance with the Regulation, if you have given your consent to the processing of your Personal Data for one or more purposes, explained in sections B and C of this Policy Privacy, you can, at any time, withdraw it totally and / or partially without compromising the lawfulness of the Processing, based on the consent given before the withdrawal. The withdrawal methods of the consent are very simple and intuitive; you have just to contact the Data Controller, using the contact channels, reported in Section G of this Policy Privacy.
G. DATA SUBJECTS’ RIGHTS In accordance with Article 15 of the Regulation, you can have access to your Personal Data and ask for their amendment and their updating, if they are incomplete or wrong. You can ask for their cancellation, if their collection has been made in breach of a law or regulation, and you can oppose to the processing for legitimate and specific reasons. In particular, we report below all the rights you can exercise, at any time, against the Data Controller.
a. ACCESS RIGHT
According to Article 15, Paragraph 1 of the Regulation, you will have the right to obtain from the Data Controller the confirmation that a Processing of your Personal Data is occurring, and in this case, you will have the right to obtain the access to these Personal Data and to the information: a) the purposes of the processing; b) the categories of Personal Data in question; c) recipients or recipients’ categories, to whom your Personal Data have been communicated or will be communicated, especially if they are Recipients coming from third countries or international organizations; d) when possible, the expected period of the Data storage, otherwise, the criteria used to determine that period; e) the right of the data subject to request the Data Controller to amend or delete Personal Data, to limit or to oppose to their processing; f) the right to make a complaint to a supervisory authority; g) if the Personal Data are not collected from the Data Subject, how the Data Controller has collected them; h) the existence of an automated decision-making processing, including also the profiling, according to Article 22, Paragraphs 1 and 4 of the Regulation and, at least in such cases, significant information about the employed logic, as well as about the importance and the effects of such Processing for the Data Subject.
All these information will always be available to you both in this Policy Privacy and in the Privacy section of each Website.
b. AMENDMENT RIGHT
In accordance with Article 16 of the Regulation, you can obtain the amendment of incorrect Personal Data. Taking into account the purposes of the processing, moreover, you can obtain the integration of your incomplete Personal Data, also by presenting an additional declaration.
c. CANCELLATION RIGHTIn accordance with Article 17, Paragraph 1 of the Regulation, you can obtain the cancellation of your Personal Data without unjustified delay, and the Data Controller will be obliged to delete your Personal Data, if there is just one of the following reasons: a) Personal Data are no longer necessary for the purposes, for which they have been collected, or otherwise processed; b) you have withdrawn the consent, on which the processing of your Personal Data is based and there is no other legal basis for their processing; c) according to Article 21, Paragraph 1 or 2 of the Regulation, you have opposed to the processing and there is any more a legitimate overriding reason to proceed with the processing of your Personal Data; d) your Personal Data has been processed unlawfully; e) it is necessary to delete your Personal Data, in order to comply with a legal obligation, which is provided in a Union or member state law. In some cases, as it is indicated by Article 17, Paragraph 3 of the Regulation, the Data Controller is entitled to collect and not to delate your Personal Data, if their processing is necessary, for example, for the exercise of the right of freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for purposes of archiving in the public interest, for scientific or historical research, for statistical purposes, for verification, or for the exercise or the defense of a right before a court.
d. LIMITATION OF PROCESSING RIGHT In accordance with Article 18 of the Regulation, you can obtain the limitation of the Processing, in case one of the following hypotheses occurs: a) you have contested the accuracy of your Personal Data (the limitation will continue for a necessary period, in which the Data Controller can verify their accuracy); b) the processing is illegal but you have opposed to the cancellation of your Personal Data, asking, instead, that their use is limited; c) although the Data Controller needs no longer your Personal Data for the purposes of processing, they are necessary for the verification, for the exercise or the defense of a right before a court; d) according to Article 21, Paragraph 1 of the Regulation, you have opposed to the processing and you are waiting for the verification regarding the possible prevalence of the legitimate reasons of the Data Controller than yours. In case of limitation of the processing, your Personal Data will be processed, except for their collection, which is possible only with your consent, then for the verification, for the exercise or the defense of a right before a court, for the protection of the rights of another natural or legal person, or again for reasons of significant public interest. In any case, we will inform you, before this limitation is withdrawn. e. DATA PORTABILITY RIGHT In accordance with Article 20, Paragraph 1 of the Regulation, at any time you can request and receive all of your Personal Data, processed by the Data Controller, in a structured format, which is of common and legible use, otherwise you can request their transmission to another Data Controller without any impediment. In this case, it will be your responsibility to provide us with all the exact details of the new Data Controller in a written authorization. f. OPPOSITION RIGHT In accordance with Article 21, Paragraph 2 of the Regulation and as also reiterated by “Whereas” 70 of the Regulation, at any time you can oppose to the processing of your Personal Data if these are processed for purposes of direct marketing, of profiling and of transferring the data to third parties. g. RIGHT OF MAKING A COMPLAINT TO THE SUPERVISORY AUTHORITY Apart from your right to appeal to any other administrative or jurisdictional office, if you believe that the processing of your Personal Data, conducted by the Data Controller, breaches the Regulation and / or the applicable legislation, you can make a complaint before the Persona Data Protection Authority. In order to exercise all your rights, as described above, you can simply contact the Data Controller using the following ways: – by sending an e-mail to the e-mail address: firstname.lastname@example.org; – by sending a registered letter to the registered office of the Data Controller.
- PROCESSING LOCATION/PLACE
Your Personal Data will be processed by the Data Controller within the territory of the European Union.
Considering the fact that the Data Controller belongs to the US L-Nutra Group, it may be necessary for technical and / or operational reasons, to cooperate with entities who are located outside the European Union, so that they can respond to your requests. In accordance with and for the purposes of Article 28 of the Regulation, we inform you from now on that these subjects have been specifically appointed as Data Processor, and the transmission of your Personal Data to these subjects, which is limited to specific activities of processing, will be regulated in accordance with “Chapter” V of the Regulation.
All necessary precautions will therefore be taken in order to ensure the whole protection of your Personal Data. As a matter of fact the transmission is based: (a) on adequate decisions of the third country recipients, expressed by the European Commission; (b) in accordance with Article 46 of the Regulation, on appropriate guarantees, expressed by the third party recipient; (c) on the adoption of binding corporate rules; (d) on the adoption of standard contractual clauses, approved by the European Commission.
In any case, you can ask the Data Controller more details about the specific adopted measures, if your Personal Data have been processed outside the European Union.