Pursuant to Article 13 of the EU Data Protection Regulation 2016/679.
With this information notice the company Green Remedies Spa intends to provide visitors and users of the website www.hinoskincare.com (hereinafter the "Site") with a brief description of the methods and purposes of the processing of personal data. The processing will take place in full compliance with the provisions of the EU Regulation 2016/679 on data protection (hereinafter the "Regulation").
For the purposes of this information notice, the following definitions are given in accordance with Article 4 of the Regulation:
- Personal data' means any information concerning an identified or identifiable natural person (hereinafter the 'Data Subject');
- processing' shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Data controller' shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
- DATA CONTROLLER
The Data Controller is the company Green Remedies Spa, with registered office in Padua, via Prima Strada n. 23/6, C.F. and P.I. 03802660286 (hereinafter also the 'Data Controller').
- TYPE OF DATA COLLECTED
The use of the Site implies the automatic acquisition of certain personal data including IP addresses or domain names of the computers used by users who connect to the Site.
The personal data subject to processing under this Policy may also include users' personal data, such as name, surname, date of birth, tax code and residence address that may be provided by users in order to access certain areas that require prior registration.
In the case of payment by bank transfer, payment data such as account number, SWIFT code, bank and name will also be collected.
- PURPOSE AND LEGAL BASIS OF PROCESSING
Personal data is processed for the following purposes:
- a) activities strictly connected and instrumental to the navigation and use of the Site and to the use of the relative services, with particular reference to the reserved areas. The Owner processes the personal data (such as name, surname, contact details, photographs, data relating to the state of the skin) provided by the user by filling in the data collection forms available in the various sections of the Site, in order to manage: (i) requests for information and notifications; (ii) newsletter subscriptions; (iii) spontaneous applications aimed at recruitment; (iv) registrations to the Skin Analyzer platform; (v) bookings for video consulting.
- b) establishment and execution of contractual relationships and consequent obligations, including payments, management of orders and/or purchases made by the user and activities functional to sales and after-sales services (e.g. administrative, accounting, shipping, returns and warranty activities, customer relations), pursuant to Article 6(1)(b) of the Regulation;
- c) fulfilment of legal obligations incumbent on the data controller, pursuant to Article 6(1)(c) of the Regulation;
- d) sending, by e-mail, to the e-mail address provided by the data subject at the time of purchasing a product or service from the Controller, promotional messages on products and/or services similar to those already purchased, without prejudice to the data subject's right to object at any time to receiving such communications;
- e) subject to specific consent, sending commercial and/or promotional communications about the services, events, products of the Owner. This processing includes marketing and advertising communication activities carried out by means of both automated (e.g., e-mail, SMS and Whatsapp) and traditional (e.g., sending brochures by mail) contact methods, or the performance of market research and statistical surveys.
The provision of personal data is optional, however, in certain cases (e.g. newsletter subscription, online purchase or Skin Analyzer service), failure to provide data may result in the impossibility to access specific services and, more generally, the impossibility for the Controller to establish and implement contractual relations with the Data Subject.
Since the processing of personal data for the purposes referred to in letters a), b), c) is necessary, respectively, for the execution of a request made by the Data Subject, for the execution of pre-contractual measures taken at the request of the Data Subject and for the fulfilment of contractual and legal obligations incumbent on the Data Controller, it may be carried out without the need for consent, in accordance with the provisions of Article 6(1)(b) and (c) of the Regulation.
Processing carried out for the purposes set out under d), on the other hand, is deemed to be permitted pursuant to Article 130(4) of the Personal Data Protection Code and the resolution of the Garante per la protezione dei dati personali no. 330 of 4.07.2013, since it is 'soft spam'.
The legal basis for the processing of personal data under e) will be consent, which can always be freely revoked by sending a communication to firstname.lastname@example.org.
- METHODS OF TREATMENT
The processing of personal data provided through the Site is carried out in automated form through the use of IT and telematic tools, with organisation and processing logics strictly related to the purposes themselves and in any case in such a way as to guarantee their security, integrity and confidentiality, in compliance with the provisions of Article 32 of the Regulation. Specific security measures have been adopted to minimise the risks of data loss, unlawful and incorrect use and unauthorised access.
- DATA RETENTION PERIOD
In compliance with the principles of lawfulness, purpose limitation and data minimisation set out in Article 5.1. a)b)c) of the Regulation, the personal data collected will be kept for the time strictly necessary to achieve the purposes for which they were collected and processed.
With reference to the purposes under letters a), b), c) of paragraph 4, personal data will be stored for the sole purpose of the proper provision of services or, in the case of the purchase of goods, for the time necessary to fulfil the contractual terms and conditions and the storage obligations provided for by administrative and accounting regulations. Data voluntarily provided by the Interested Party through the "Work with us" section will be kept for 12 months and then deleted. The data voluntarily provided by the Interested Party through the Skin Analyzer platform will be kept for the sole purpose of the correct provision of services and, once the analysis has been carried out, will be immediately destroyed, deleted or anonymised.
With regard to the purposes referred to under (d), personal data will be processed until the data subject exercises his or her right to object, whereas, with regard to the purposes referred to under (e), personal data will be processed until consent is withdrawn and in any case for a maximum period of 24 months.
This is without prejudice to the fact that, once the purposes of the processing have been fulfilled, or in the event of exercising the right to object to the processing or to revoke the consent given, the Data Controller shall nevertheless be obliged and/or entitled to retain the personal data for the periods prescribed by law and/or to assert or defend a right in court.
- COMMUNICATION OF PERSONAL DATA
The personal data collected will in no way be subject to communication or dissemination, except for communications necessary for the fulfilment of legal obligations incumbent on the data controller.
Within the scope of the above-mentioned purposes, personal data will be accessible (limited to their respective competence) to the data processors of the Data Controller, as well as to external companies, whose collaboration the Data Controller will consider to use (e.g. for the maintenance service of the Site, for the provision of the Skin Analyzer service). Where necessary, the Data Controller has expressly appointed such parties as Data Processors. Personal data may also be accessed by other companies connected or related to the Data Controller for organizational reasons related to the purposes referred to in paragraph 4, in their capacity as Data Processors.
- PLACE OF DATA PROCESSING
The processing of personal data connected to the Website services takes place at the servers of Green Remedies Spa with registered office in Padua, Via Prima Strada n. 23/6 and of Aruba Spa with registered office in Ponte S. Pietro (BG), Via S. Clemente n. 53.
- TRANSFER ABROAD
Personal data may be transferred to countries outside the European Union, in order to fulfil the purposes set out in paragraph 2 and in particular for the skin analysis service. In case of transfer of personal data outside the European Union, in the absence of an adequacy decision by the European Commission, the Data Controller undertakes to adopt appropriate measures to ensure that personal data are adequately protected and that the requirements of the applicable legislation on the transfer of personal data to non-EU countries are complied with, in accordance with Article 46 of the Regulation. The Data Subject is entitled to request from the Controller, without any formalities, at email@example.com, the complete and updated list of companies located in third countries to which personal data may be transferred.
- RIGHTS OF THE DATA SUBJECT
At any time, the Data Subject may exercise the rights set out in Articles 15 to 22 of the Regulation including, in brief, obtaining from the Controller confirmation as to whether or not personal data relating to him are being processed and, if so, obtaining access to the data and knowing their origin, the purposes and methods of processing, the recipients or categories of recipients to whom the personal data may be communicated and the storage period; exercising the right to have the data rectified, updated or supplemented the right to have the data cancelled or transformed into an anonymous form or to have the processing of personal data concerning him/her restricted; the right to be informed of any rectification or cancellation or restriction of processing carried out in relation to his/her personal data; the right to object, at any time, to the processing of the data; the right to receive personal data in a structured, commonly used and machine-readable format.
In addition, if he/she considers that the processing of personal data concerning him/her is carried out in violation of the provisions of the Regulation, the Data Subject has the right to lodge a complaint with the Garante per la protezione dei dati personali in accordance with Article 51 of the Regulation.
The data subject shall remain free to revoke the consent given at any time without thereby affecting the lawfulness of the processing based on the consent before revocation.
With regard to the exercise of the above-mentioned rights, the Data Subject may contact the following addresses:
Address: Via Prima Strada n. 23/6 - Padua
Fax number: 0498894035
In any case, you may at any time request and obtain the deletion of the data collected for the purposes described above, including by following the instructions below:
by clicking on the 'Unsubscribe' link that is sent in every newsletter.