Privacy Policy

Information on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). In force since 11/07/2023

 

PREMISE

 

This information takes into account what is indicated by the GDPR and by the Privacy Code (Legislative Decree 30 June 2003 n. 196). The document was also drawn up on the basis of the guidelines of the Privacy Guarantor (especially the guidelines for contrasting the spam issued by Privacy Guarantor on July 4, 2013).

 

The data controller: Pharmacy Cima Marco - Locality Bivio Lugnano, 25 06012 Città di Castello (PG) Italy - P.iva: IT03357780547 - C.F: Cmimrc72D25C745F - REA: PG-283456E - email: pharmacimacima@alice.it - ​​PEC: 08407@pec.federfarma .it - ​​Tel/fax: +390758540615

 

Site to which this Privacy Policy refers: https://farmaciacima.com/ (Site).

 

The data controller did not apply a DPO (Data Protection Officer). Therefore, you can send any request for information directly to the data controller.

 

GENERAL INFORMATIONS

 

This document describes how the data controller deals with his personal data awarded on the site.

 

The main treatments of your personal data are described below. In particular, the legal basis of the processing is explained, if the transfer is mandatory and the consequences of the failure to provide personal data. To best describe your rights, if necessary, we specified whether and when a certain processing of personal data is not carried out. In this case, she guarantees that she has obtained the consent of these subjects to the insertion of these personal data. Therefore, she undertakes to Manlevare and keep the data controller from any responsibility unscathed.

 

Registration on the site

 

The site does not offer the possibility of registration. Therefore, the data controller does not treat his personal data for this purpose.

 

Purchases on the site

 

Your personal data will be processed to allow you to make purchases on the site. In the event of making an online purchase order, to allow the conclusion of the purchase contract and the correct execution of the operations related to the same (and, if necessary on the basis of the sector legislation, to fulfill tax obligations). This processing of personal data also includes the possibility of sending communications (e.g. tracking and order information) through automated tools such as SMS and/or WhatsApp. The legal basis of the treatment is the obligation of the data controller to carry out the contract with the interested party or to fulfill legal obligations. Regardless of the above (and therefore from its consent), the data controller may process his data of the so -called "Soft-Spam", governed by art. 130 of the Privacy Code. This means that limited to the email you provide in the context of a purchase through the site, the data controller will deal with the email to allow the direct offer by similar products/services, provided that you do not oppose this treatment in methods provided for by this information. The legal basis of the treatment is the legitimate interest of the data controller to send this type of communication. This legitimate interest can be considered equivalent to the interest of the interested party to receive communications of "Soft-Spam". The data controller can send emails to remind the user to complete a purchase. The legal basis of this treatment is the legitimate interest of the data controller to send this type of communications. Through the "Follow on Shop" option, the Data Controller can also process your personal data to send updates by email and/or telephone (depending on the options from time to time on the site) on the state of orders, shipments and/or supplies. The legal basis of this treatment is the legitimate interest of the data controller to send this type of communication. This interest is equal to his interest in receiving this type of updates. The provision of personal data for this purpose is optional. If the personal data are not provided, however, it will not be possible for the data controller to send this type of communications.

 

Respond to your requests

 

His data will be processed to respond to your requests for information. The transfer is optional, but his refusal will result in the impossibility for the owner of the treatment to answer his questions. The legal basis of the treatment is the legitimate interest of the data controller to follow up on the user's requests. This legitimate interest is equivalent to the user's interest to receive response to communications sent to the data controller.

 

Generic marketing

 

After you consent, the data controller may process the personal data you provide you in order to send you advertising material and/or newsletters relating to products or third parties. The legal basis of this treatment is its consent. The provision of personal data for this purpose is merely optional. Failure to process data for marketing purposes will result in the impossibility for you to receive advertising material relating to products/services of the data controller and/or third parties as well as the impossibility for the data controller to carry out market investigations, Also aimed at evaluating the degree of satisfaction of users, as well as sending them newsletters.

 

Profit

 

After his consent, the data controller may process his personal data for profiling purposes, that is, for the analysis of his consumer choices through the revelation of the type and frequency of purchases he made, in order to send you advertising material e /or newsletters relating to its own products or third parties, of its specific interest. The legal basis of this treatment is its consent. The provision of data for this purpose is merely optional. Failure to consent to the processing of your personal data for profiling purposes will result in impossibility for the data controller to process its commercial profile, through the detection of your choices and purchasing habits as well as to send them advertising material, relating to the owner's products of treatment and/or third parties, of its specific interest.

 

Transfer of data

 

The data controller does not give in to third parties his personal data.

 

Geolocation

 

The site does not implement geolocation tools of the user's IP address.

 

Curriculum vitae

 

Through the site it is not possible to send curriculum vitae. Therefore your data will not be processed for these purposes.

 

Reservation of appointments

 

Third third party booking systems are not active on the site with the data controller. Therefore, your data will not be processed for this purpose. In any case, you can always contact the data controller to the contacts indicated in the epigraph.

 

Communication of personal data

 

As part of his ordinary activity, the data controller can communicate his personal data to certain categories of subjects. In article 2 You can find the list of subjects to whom the data controller communicates your personal data. To facilitate the protection of his rights, article 2 can specify in some cases when his data is not communicated to third parties.

The "communication" to third parties of the personal data is different from the "sale" (governed to the point that precedes). In fact, in the communication the third to which the data is transmitted can use it only for the specific purposes described in the relationship with the data controller. In the sale, however, the third becomes the owner of the autonomous treatment of the personal data. In addition, his consent is always requested to give in to third parties to third parties.

 

Without preceding the above, it is understood that the data controller will still be able to use his personal data to give correct fulfillment to the obligations provided for by the laws in force.

 

Specific privacy information

 

Art. 1 Treatment methods

 

1.1 The processing of your personal data will be mainly carried out with the help of electronic or automated means, according to the methods and with the tools suitable to guarantee its safety and confidentiality in accordance with the GDPR. If the automatic chatbot service is operational, your personal data will also be processed to allow the activation of this service, through which the user can contact and be contacted by the data controller, subject to consent. The legal basis is the legitimate interest of the data controller to respond to the user's requests through the chatbot service. This legitimate interest can be considered equivalent to the interest of the interested party to use the automatic chatbot service.

 

1.2 The information acquired and the methods of the processing will be relevant and not excess of the type of services rendered. Your data will also be managed and protected in secure and adequate IT environments.

 

1.3 via the site, health data can be processed. The health data are those given specifically and consciously by the interested party during navigation on the site. The processing of these data can only take place upon explicit consent of the interested party.

 

1.4 Through the site, no judicial data are processed.

 

Art. 2 Communication of personal data

 

The data controller can communicate his personal data to certain categories of subjects. Below are the subjects to whom the data controller reserves the right to communicate his data:

 

  • The data controller can communicate his personal data to all those subjects (including public authorities) who have access to personal data under regulatory or administrative measures.
  • Your personal data can also be communicated to all those public and/or private entities, natural and/or legal persons (legal, administrative and tax consultancy studies, judicial offices, chambers of commerce, chambers and job offices, etc.) , if the communication is necessary or functional to the correct fulfillment of the obligations deriving from the law.
  • The data controller makes use of employees and/or collaborators in any capacity. For the correct functioning of the site, the data controller can communicate his personal data to these employees and/or collaborators.
  • The data controller does not make use of companies, consultants or professionals in charge of installation, maintenance, updating and, in general, of the management of hardware and software of the data controller. Therefore, your data will not be communicated to these categories of subjects.
  • The data controller does not make use of CRM platforms (company that in particular carry out the activity of sending automated communications to users). Therefore, your personal data are not communicated to these companies.
  • For the purposes of customer assistance, the data controller makes use of one or more companies in charge of providing customer care services. Only for this purpose, your personal data can be communicated to these companies.
  • The buyer's personal data can be communicated to post offices, couriers or shippers in charge of the delivery of the products purchased through the site.

 

The owner reserves the right to change the above list on the basis of his ordinary operations. Therefore, you are invited to access this information regularly to check which subjects the data controller communicates your personal data.

 

Art. 3 Retention of personal data

 

3.1 This article describes how long the data controller reserves the right to keep his personal data.

 

 

  • Your personal data will be kept for the only time necessary to guarantee the correct provision of the services offered through the site.
  • For marketing purposes, personal data will be kept until any revocation of consent. For inactive users, personal data will be deleted after one year by the sending of the last email that may be viewed.
  • As required by article 2220 of the civil code, invoices, as well as all accounting records in general, are kept for a minimum period of ten years from the date of registration, so as to be presented in the event of a check.
  • For Customer Care purposes, the data will be deleted once the assistance service is completed.

 

 

3.2 Without prejudice to the provisions of article 3.1, the data controller can keep his personal data for the time requested by specific regulations, as modified from time to time.

 

Art. 4 Transfer of personal data

 

4.1 The data controller is based within the European Union. Therefore, the processing of your data is safe from a regulatory point of view as it is governed by the GDPR. If the transfer of your personal data takes place in an extra-EU country and for which the European Commission has expressed a judgment of adequacy, the transfer is considered in any case safe from a regulatory point of view. This article 4.1 indicates from time to time the countries in which its personal data can possibly be transferred and where the European Commission has expressed a judgment of adequacy.

  • To allow the correct operations of the site, your personal data can be transferred abroad. This is allowed on the basis of the decision of the European Commission of 20 December 2001 n. 2002/2/EC (published in the Official Gazette of the European Communities l 2/13 of 4 January 2002) with which it was found that Canada guarantees an adequate level of protection of personal data transferred by the European Union to the recipients subject to the law Canadian on the protection of personal information and electronic documents ("The Canadian Act") of April 13, 2000.

 

 

4.2 Firm what is indicated in article 4.1, its data can also be transferred to non-EU countries and for which the European Commission has not expressed a judgment of adequacy. You are therefore invited to regularly view this article 4.2 to ascertain which of these countries your data are possibly transferred.

 

4.3 In this article, the data controller indicates the countries where he possibly directs his business specifically. This circumstance can imply the application of the regulations of the reference country, together with that of the GDPR.

 

 

  • Through the site, personal data of natural persons are processed in Australia. This information was drawn up also taking into account the provisions of the Australian national and federal legislation. In particular, reference is made to the Federal Privacy Act 1988 (CTH) (Privacy Act) and the Australian Privacy Principles (Apps).
  • The site also manages personal data of Brazilian users. Brazilian users are informed that this Privacy Policy complies with the provisions of the Brazilian law on the protection of personal data (LGPD), which entered into force on 18 September 2020. Therefore, all the rules indicated above are applied.
  • The site also manages personal data of Canadian users. Therefore, Canadian users are informed that this Privacy Policy also complies with the provisions of the Personal Information Protection and Electronic Documents Act.
  • The California Consumer Privacy Act (CCPA) is a California law that was approved in June 2018. The data controller deals with the personal data of Californian users pursuant to this law. We inform the user that the personal data processed are those communicated on the site to allow the execution of the contract. The user can exercise the rights provided by the CCPA by contacting the data controller to the delivery published in the introduction.
  • The law on the protection of personal information (Pipl) is a Chinese legislation that entered into force on 1 November 2021 and which governs the protection of users' personal data. In compliance with this law, the person responsible for data processing is undertaken in the responsible and safe management of the personal data of Chinese users who are collected through the site, in order to guarantee the appropriate fulfillment of the contract. Users are informed that can exercise the rights guaranteed by the protection of personal information by contacting the data processing manager using the contact details provided previously.
  • The law on personal data (PDPA) is a Singapore legislation governing the protection of users' personal data. In accordance with the PDPA, the data processing manager undertakes to manage the personal data of Singapore users collected through the site responsible, to ensure adequate fulfillment of the contract. We inform the user that it is possible to exercise the rights provided by the PDPA by contacting the data processor for the contact details provided previously.
  • For users of the Philippines, it should be noted that the data controller undertakes to conform to the law on the protection of personal data of 2012 (DPA) in the management of personal data collected through the site. This law aims to protect rights and privacy of individuals. Users can exercise their rights pursuant to the DPA by contacting the data controller using the contact details provided.
  • We want to inform South African users that personal data collected through the site are managed in accordance with the law on the protection of personal data of 2013 (popular) of South Africa. The data controller undertakes to comply with the provisions of this law. South African users can assert the rights guaranteed by the popular by contacting the data controller through the communication channels provided.
  • Thai users are notified that the data processor carefully follows the 2019 personal data protection law (PDPA) of Thailand in the management of personal data collected on the site. This is essential to guarantee the privacy and security of user data. To exercise the rights sanctioned by the PDPA, Thai users can contact the data processor using the indicated contact details.
  • Virginia Consumer Data Protection Act (CDPA) is a Virginia law that was approved in March 2021. The data controller deals with the personal data of Virginia users pursuant to this law. We inform the user that the personal data processed are those communicated on the site to allow the execution of the contract. The user can exercise the rights provided by the CDPA by contacting the data controller to the delivery published in the introduction.

 

 

Art. 5. Rights of the interested party

 

Pursuant to art. 13 of the Privacy Regulation, the data controller informs you that you have the right to:

 

  • Ask the data controller for access to your personal data and the correction or cancellation of the same or the limitation of the processing concerning it or to oppose their processing, in addition to the right to data portability
  • revoke consent at any time without affecting the lawfulness of the treatment based on the consent given before the revocation
  • propose a complaint to a control authority (e.g. the Guarantor for the protection of personal data).

 

The aforementioned rights can be exercised with a request addressed without formalities to the contacts indicated in the introduction.

 

Art. 6. Changes and Miscellanea

 

The data controller reserves the right to make changes to this information at any time, giving suitable advertising to the users of the Site and in any case guaranteeing an adequate and similar protection of personal data. In order to view any changes, you are invited to consult this information regularly. In the event of substantial changes to this Privacy Policy, the Data Controller may also communicate by email.

 

Powered by Legalblink.