Last Modified: February 08, 2019
According to European Regulations 2016/679 art. 14
Dear Data Subjects,
L-Nutra Italia S.r.l. considers as something fundamental the tutelage of its real and/or potential customers’ and users’ personal data.
Through this document (hereinafter, the “Policy Privacy”), we intend to renew our task, in order to guarantee that the processing of personal data, which can be made through any procedure (both automated and manual), is compliant with the tutelages and the rights recognised by the Regulation (UE) 2016/679 (hereinafter, the “GDPR” or “Regulation”) and by the further applicable rules on protection of personal data.
With the expression personal data we refer to the definition included in Article 4 (1) of the Regulation, which states that: (i) “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (hereinafter, “Personal Data”).
The Regulation establishes that, before proceeding to this processing – with this expression we refer to the definition included in Article 4 (2) of the Regulation, which says that: “any operation or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction ” (hereinafter, the “Processing”) – of Personal Data, it is necessary to inform the owner of the data about the reason why they are requested and the way, in which they will be used.
In this regard the purpose of this Policy Privacy – written basing on the principle of transparency and on all the elements requested by Article 14 of the Regulation – is to provide you, through a simple and intuitive manner, with all the useful and necessary information, which allow you to give consciously your personal data and to ask and obtain any explanation and/or correction in every moment.
- DATA CONTROLLER
L-Nutra Italia S.r.l., with its registered office in XX Settembre Street, n. 12/2E, Genoa, 16121 (hereinafter, the “registered office”) is the company, which will process your Personal Data according to the main purposes explained in section B of this Policy Privacy, and which will have the role of the data controller according to the related definition included in Article 4(7) of the Regulation, which declares that: “the natural or legal person, public authority, agency other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and the means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law” (hereinafter, the “Data Controller” or “L-Nutra Italia”).
- CATEGORIES OF PROCESSED PERSONAL DATA AND PURPOSES OF THE PROCESSING
The Data Controller has to collect some of your Personal Data in order to (i) make the purchase of the products available and/or (ii) reply to your information requests which come from the contact forms and/or (iii) consent your registration to the newsletter service.
The Processing of your Personal Data will be managed by the Data Controller who will let you purchase the products, receive the newsletter, send information requests and from time to time use all the other services, offered by every website you have registered or in which you are surfing, in particular:
(hereinafter, the “websites”)
The Processing of your Personal Data will legally base on the contractual relationship that will occur between the Data Controller and you, after you have agreed with the conditions of participation you find in the websites (see Article 6, Paragraph 1, B of the Regulation).
In this regard, it will be necessary for the users or the customers to complete the fields with the asterisks [*] with their Personal Data.
If such fields are not filled, it will be impossible to proceed to the operation of Processing of Personal Data and consequently it will be impossible for you to benefit from the other services offered by L-Nutra Italia.
Personal Data requested, will be those reported in the contact form and in the questionnaire, namely by way of explanation: name, surname, birth date, home address, e-mail address, telephone number, mobile phone number.
Finally, data related to your health conditions may also be requested for the “prevention” purposes, explained in the subsequent Section C of this Policy Privacy.
- ADDITIONAL PURPOSES
In addition to the purposes explained in Section B, your Personal Data may be processed for the following and further purposes:
- Prevention: this term means the will of L-Nutra Italia to protect your health, more than your privacy. For this reason, before proceeding with the purchase of Prolon®, you will be subjected to a questionnaire through which you will be asked for your personal data belonging to – according to the dictate of Article 9 of the Regulation – “specific” categories, in order to verify whether your health conditions are compatible with our food program.
- Direct marketing: this term refers to the will of L-Nutra Italia to carry out promotional and / or marketing activities for you and for your interest, in order to provide you with a better service and to promote products and services of your interest, which are sold and / or provided by L-Nutra Italia.
- Profiling: this term refers to any form of automated processing of personal data, which consists in the use of such personal data, in order to evaluate certain personal aspects related to a natural person, and in particular, in order to analyze or predict aspects concerning the professional performance, the economic situation, health, personal preferences, interests, reliability, behavior, location or movement of that natural person.
- Transfer of data to third parties: this term refers to the transmission of data collected by the Data Controller to third parties, in order to receive direct communications for marketing purposes from such third parties.
In regard of the purposes of prevention – point i. –, the processing of your Personal Data will take place only after your expressed, free and aware consent, marking the appropriate box at the bottom of the form for the collection of the data.
In regard of the purpose of direct marketing – point ii. –, it should be underlined that, according to Article 6, paragraph 1 (f) of the Regulation, L-Nutra Italia may carry out this activity basing on its legitimate interest and regardless of your consent, unless you oppose to such processing or you limit it (according to Section G letter d. of this Policy Privacy). This is better explained in the “Whereas” (47) of the Regulation: “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. This will also be possible following the assessments made by the Data Controller regarding the possible prevalence of your interests, fundamental rights and freedoms that require the protection of Personal Data on your legitimate interest in sending direct marketing communications.
As far as the purposes referred to the points iii. and .iv are concerned, the processing will take place only after obtaining your free and explicit consent, through the specific form that will be given to you from time to time.
You may lawfully revoke your consent, even individually, for the purposes of points ii. and iii. and (iv), without compromising in this way the processing for other purposes.
Contact modalities aimed at direct marketing activities, can be both automated and traditional. In any case, as it is better explained in Section G, you can also partially revoke your consent, for example by agreeing only to traditional contact methods.
In regard of the contact methods that provide for the use of your telephone contacts, we remind you that the direct marketing activities managed by the Data Controller will be made after the verification of your possible registration in the Register of Oppositions, as established according to the effects of the D.P.R. of the 7th September 2010, no. 178 and eventual and subsequent amendments or integration.
- SUBJECTS TO WHICH YOUR PERSONAL DATA WILL BE DISCLOSED
Your Personal Data may be disclosed to specific subjects, who are considered recipients of such Personal Data. Indeed, Article. 4 (9) of the Regulation defines the recipient of a Personal Data: “a natural or legal person, public authority, agency or another body to which the personal data are disclosed whether a third party or not” (hereafter, the “Recipient“).
In this regard and in order to carry out in the correct way all the activities of Processing, which are necessary in order to pursue the purposes examined in this Policy Privacy, the following Recipients may process your Personal Data:
- third parties who carry out part of the activities of Processing, or such activities which are connected with them on behalf of the Data Controller. Anyone of these subjects has been individually appointed as data processor, according to Article 4 (8) of the Regulation, which includes “natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller” (hereinafter, the “Data Processor”).
- natural persons, employees and / or collaborators of the Data Controller, who have been entrusted with specific and / or more processing activities on your Personal Data. Such persons have been given specific instructions about the safety and the correct use of Personal Data and are defined, according to Article 4 (10) of the Regulation: “persons, who under the direct authority of the controller or processor are authorized to process personal data” (hereinafter, the “Authorized Persons“).
If required by law or in order to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities, without being defined as Recipient. Indeed, Article 4 (9) of the Regulation affirms: “public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or the Member States law shall not be regarded as Recipients”.
E. TIME OF PROCESSING AND OF STORAGE OF PERSONAL DATA One of the applicable principles to the Processing of your Personal Data concerns the limitation of the period for which the personal data have to be stored, governed by Article 5, paragraph 1 (e) of the Regulation that states: “Personal Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject”.Basing on this principle, your Personal Data will be processed by the Data Controller only for what is necessary in order to pursue the purposes quoted in Sections B and C of this Policy Privacy. In particular, your Personal Data will be processed for a minimum necessary period of time, as indicated in “Whereas” 39 of the Regulation, namely until the end of the contractual relationship between you and the Data Controller, except for the legitimate interest of the Data Controller in preserving them further, according to “Whereas” 47 of the Regulation. Furthermore, your Personal Data will be processed for a minimum necessary period of time which may be imposed by legal provisions in accordance with “Whereas” 65 of the Regulation.
F. WITHDRAWAL AND LIMITATION OF THE CONSENT In accordance with the Regulation, if you have given your consent to the processing of your Personal Data for one or more purposes, explained in sections B and C of this Policy Privacy, you can, at any time, withdraw it totally and / or partially without compromising the lawfulness of the Processing, based on the consent given before the withdrawal. The withdrawal methods of the consent are very simple and intuitive; you have just to contact the Data Controller, using the contact channels, reported in Section G of this Policy Privacy.
G. DATA SUBJECTS’ RIGHTS In accordance with Article 15 of the Regulation, you can have access to your Personal Data and ask for their amendment and their updating, if they are incomplete or wrong. You can ask for their cancellation, if their collection has been made in breach of a law or regulation, and you can oppose to the processing for legitimate and specific reasons. In particular, we report below all the rights you can exercise, at any time, against the Data Controller.
a. ACCESS RIGHT
According to Article 15, Paragraph 1 of the Regulation, you will have the right to obtain from the Data Controller the confirmation that a Processing of your Personal Data is occurring, and in this case, you will have the right to obtain the access to these Personal Data and to the information: a) the purposes of the processing; b) the categories of Personal Data in question; c) recipients or recipients’ categories, to whom your Personal Data have been communicated or will be communicated, especially if they are Recipients coming from third countries or international organizations; d) when possible, the expected period of the Data storage, otherwise, the criteria used to determine that period; e) the right of the data subject to request the Data Controller to amend or delete Personal Data, to limit or to oppose to their processing; f) the right to make a complaint to a supervisory authority; g) if the Personal Data are not collected from the Data Subject, how the Data Controller has collected them; h) the existence of an automated decision-making processing, including also the profiling, according to Article 22, Paragraphs 1 and 4 of the Regulation and, at least in such cases, significant information about the employed logic, as well as about the importance and the effects of such Processing for the Data Subject.
All these information will always be available to you both in this Policy Privacy and in the Privacy section of each Website.
b. AMENDMENT RIGHT
In accordance with Article 16 of the Regulation, you can obtain the amendment of incorrect Personal Data. Taking into account the purposes of the processing, moreover, you can obtain the integration of your incomplete Personal Data, also by presenting an additional declaration.
c. CANCELLATION RIGHTIn accordance with Article 17, Paragraph 1 of the Regulation, you can obtain the cancellation of your Personal Data without unjustified delay, and the Data Controller will be obliged to delete your Personal Data, if there is just one of the following reasons: a) Personal Data are no longer necessary for the purposes, for which they have been collected, or otherwise processed; b) you have withdrawn the consent, on which the processing of your Personal Data is based and there is no other legal basis for their processing; c) according to Article 21, Paragraph 1 or 2 of the Regulation, you have opposed to the processing and there is any more a legitimate overriding reason to proceed with the processing of your Personal Data; d) your Personal Data has been processed unlawfully; e) it is necessary to delete your Personal Data, in order to comply with a legal obligation, which is provided in a Union or member state law. In some cases, as it is indicated by Article 17, Paragraph 3 of the Regulation, the Data Controller is entitled to collect and not to delate your Personal Data, if their processing is necessary, for example, for the exercise of the right of freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for purposes of archiving in the public interest, for scientific or historical research, for statistical purposes, for verification, or for the exercise or the defense of a right before a court.
d. LIMITATION OF PROCESSING RIGHT In accordance with Article 18 of the Regulation, you can obtain the limitation of the Processing, in case one of the following hypotheses occurs: a) you have contested the accuracy of your Personal Data (the limitation will continue for a necessary period, in which the Data Controller can verify their accuracy); b) the processing is illegal but you have opposed to the cancellation of your Personal Data, asking, instead, that their use is limited; c) although the Data Controller needs no longer your Personal Data for the purposes of processing, they are necessary for the verification, for the exercise or the defense of a right before a court; d) according to Article 21, Paragraph 1 of the Regulation, you have opposed to the processing and you are waiting for the verification regarding the possible prevalence of the legitimate reasons of the Data Controller than yours. In case of limitation of the processing, your Personal Data will be processed, except for their collection, which is possible only with your consent, then for the verification, for the exercise or the defense of a right before a court, for the protection of the rights of another natural or legal person, or again for reasons of significant public interest. In any case, we will inform you, before this limitation is withdrawn. e. DATA PORTABILITY RIGHT In accordance with Article 20, Paragraph 1 of the Regulation, at any time you can request and receive all of your Personal Data, processed by the Data Controller, in a structured format, which is of common and legible use, otherwise you can request their transmission to another Data Controller without any impediment. In this case, it will be your responsibility to provide us with all the exact details of the new Data Controller in a written authorization. f. OPPOSITION RIGHT In accordance with Article 21, Paragraph 2 of the Regulation and as also reiterated by “Whereas” 70 of the Regulation, at any time you can oppose to the processing of your Personal Data if these are processed for purposes of direct marketing, of profiling and of transferring the data to third parties. g. RIGHT OF MAKING A COMPLAINT TO THE SUPERVISORY AUTHORITY Apart from your right to appeal to any other administrative or jurisdictional office, if you believe that the processing of your Personal Data, conducted by the Data Controller, breaches the Regulation and / or the applicable legislation, you can make a complaint before the Persona Data Protection Authority. In order to exercise all your rights, as described above, you can simply contact the Data Controller using the following ways: – by sending an e-mail to the e-mail address: firstname.lastname@example.org; – by sending a registered letter to the registered office of the Data Controller.
- PROCESSING LOCATION/PLACE
Your Personal Data will be processed by the Data Controller within the territory of the European Union.
Considering the fact that the Data Controller belongs to the US L-Nutra Group, it may be necessary for technical and / or operational reasons, to cooperate with entities who are located outside the European Union, so that they can respond to your requests. In accordance with and for the purposes of Article 28 of the Regulation, we inform you from now on that these subjects have been specifically appointed as Data Processor, and the transmission of your Personal Data to these subjects, which is limited to specific activities of processing, will be regulated in accordance with “Chapter” V of the Regulation.
All necessary precautions will therefore be taken in order to ensure the whole protection of your Personal Data. As a matter of fact the transmission is based: (a) on adequate decisions of the third country recipients, expressed by the European Commission; (b) in accordance with Article 46 of the Regulation, on appropriate guarantees, expressed by the third party recipient; (c) on the adoption of binding corporate rules; (d) on the adoption of standard contractual clauses, approved by the European Commission.
In any case, you can ask the Data Controller more details about the specific adopted measures, if your Personal Data have been processed outside the European Union.
1. DATA CONTROLLER
L-NUTRA ITALIA S.r.l., with registered office in Genova, Via XX Settembre, 12/2E, C.F. and P.IVA n. 02140480993 (referred to as the "Company", "we", "our", "us").
2. WHAT ARE COOKIES?
Cookies are small text files sent from a site to the interested party's terminal (usually to the browser), where they are stored before being re-transmitted to the site at the next visit by the same user. A cookie cannot retrieve any other data from the user's hard drive or transmit computer viruses or acquire email addresses. Each cookie is unique to the user's web browser. Some of the functions of cookies can be delegated to other technologies. In this document, the term 'cookie' refers to both cookies, proper, and all similar technologies.
3. TYPE OF COOKIES
The cookies can be first or third party, where "first party" means the cookies that bring as domain the site, while "third party" means the cookies that are related to external domains.
The cookies have a duration dictated by the expiration date (or by a specific action such as closing the browser) set at the time of installation. In particular we distinguish between session cookies (they are used to store temporary information, they allow to link the actions performed during a specific session and they are removed from the computer when the browser is closed) and persistent cookies (they are used to store information, such as the login name and password, so that the user does not have to type them again each time he/she visits a specific site and they remain stored in the computer even after closing the browser).
These cookies are used to store information, such as the login name and password, so that the user does not have to type them again each time he/she visits a specific site and they remain stored in the computer even after closing the browser).
4. NATURE OF COOKIES
Relating to the nature of cookies, there are different types:
There are several types.
Type of cookie - Function
Technical Cookies, Navigation - Navigation cookies are technical cookies and are necessary for the operation of the site. They allow a website to function properly and improve the user experience by recognizing the language and country from which they are connecting. They also allow registered users to access the services of the dedicated areas.
Technical, Functional Cookies - These cookies are not essential to the operation of the site, but they improve the quality and experience of navigation. They allow, on the basis of an express request by the user, to be recognized at subsequent accesses, so you do not have to enter your data again at each visit, or to recover the contents of the cart if you have interrupted the session without having completed the purchase.
Technical and Analytical Cookies - These are used to collect data in an anonymous and aggregate form. These cookies are used to perform statistical analysis on how users navigate our site. The Company treats the results of these analyses anonymously and exclusively for statistical purposes.
Profiling Cookies - These cookies aim to improve the user's browsing experience: by collecting information about your browsing, they are able to propose to you products of interest or similar to those you have viewed. These are third party cookies over which we have no control, nor do we have access to the data collected. For further details, please refer to their respective policies where you can consciously manage your consent or refusal (see session "What cookies do we use and for what purposes?").
5. WHICH COOKIES DO WE USE AND FOR WHICH PURPOSES?
We use different types of cookies, some have been set and are set directly by us, while others are set and managed by third parties (set and managed by third parties according to their own privacy policies and not under our control) and related technologies, each of which has a specific function. Below you can find a list of the cookies present on our website www.prolon.it accessible also through the relevant application for mobile devices ("App" and jointly with our website, the "Site").
List of technical cookies present on our Site
Klaviyo (Klaviyo Inc.)
Klaviyo CRM is a user database management service provided by Klaviyo Inc.
Adobe Flash Player is used on some pages for technical purposes, consisting in delivering certain content, such as videos or animations; to improve your browsing experience, we use Local Shared Objects ("Flash cookies"): they allow us to remember your settings and preferences. Although these cookies are stored on your computer or mobile device, they are managed through a different interface than the one provided by your browser and do not have an expiration date. If Flash cookies are disabled, Flash-based features of the site may not work. To prevent the storage of these cookies the user can follow the procedure available at the following link: https://www.adobe.com/devnet/security.html
List of Profiling Cookies on our Site
Google Adwords Remarketing
Google Adwords Remarketing installs cookies to study and improve advertising, with remarketing actions, in order to send you messages in line with your interests. Remarketing helps reach users who have visited the Site. Previous visitors or users may see our ads while browsing websites included in the Google Display Network or while searching for terms related to our products or services on Google. More information, including how to disable these cookies, can be found at the following link: https://support.google.com/adwords/answer/2407785?hl=it To select/deselect the cookie click here http://www.google.com/settings/ads
Hotjar Heat Maps & Recordings (Hotjar Ltd.)
Hotjar is a heat mapping and session recording service provided by Hotjar Ltd. Hotjar complies with generic "Do Not Track" headers. This means that the browser can instruct the script not to collect any User data. This is a setting that is available in all major browsers.
For more information, please see: https://www.hotjar.com/legal/compliance/opt-out
Awin is a global affiliate network.
For more information, please see the page:
Awin is a global affiliate network.
For more information, please see the page:
LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that links the activity of this Application with the LinkedIn advertising network. For more information, please see: https://www.linkedin.com/legal/privacy-policy
Bing Ads (Microsoft Corporation)
Bing Ads is an advertising service provided by Microsoft Corporation. For more information, please see: http://privacy.microsoft.com/en-us/default.mspx
Google Tag Manager (Google LLC)
Google Tag Manager is a tag management service provided by Google LLC. For more information, please see: https://policies.google.com/privacy?hl=it
6. HOW CAN YOU DISABLE COOKIES AND MANAGE YOUR PREFERENCES?
All technical cookies do not require consent, so they are installed automatically when you access our Site.
Consent to the use of profiling cookies is given by the user in the following ways: closing the banner containing the short information, scrolling down the page that hosts the banner or clicking on any of its elements. The consent to the use of profiling cookies can be revoked at any time.
If you have already given your consent but you want to change the cookie permissions, here are the steps to follow. Be aware, however, that by disabling cookies some of the features of our Site may no longer be usable.
Most browsers are configured to accept, control through settings. Below are links to the policies of the major browsers for more information on disabling cookies: Chrome, Mozilla, Firefox, Internet Explorer, Safari, Edge, Opera
(B) Third Parties
For third-party cookies, keep in mind that we cannot in any way control them, so if you have already previously given consent, you must proceed to delete the cookies through your browser (dedicated section) or by asking the opt-out directly to the third parties by clicking on their respective information (see section "What cookies do we use and for what purposes?") or through http://www.youronlinechoices. com/en/le-tue-choiche
With regard to the profiling cookies aimed at offering you personalized advertising, we inform you that, if you exercise the opt-out, you will continue to receive generic advertising.
(C) Mobile devices
To exercise the opt-out and deactivate the personalized advertisements by modifying the settings of your mobile devices, follow the instructions below:
1. on your device open the app "Google Settings"
2. scroll to the "Google Settings" tab on the right side of the screen.
3. scroll down and select "Google"
4. Select "Ads"
5. Select "Turn off interest-based ads" or "Turn off ad personalization"
IOS devices use Apple's Advertising Identifier. For more information on how to limit ad tracking with this identifier, visit the "Settings on your device" app or visit https://support.apple.com/it-it/HT205223.
7. WANT TO KNOW MORE?
If you want to know more, you can visit the following sites: