- is understood as referring to this website and all other websites that sell Dr. Schär’s products and services (hereinafter simply referred to as the "Website") and are managed by the Data Controller;
- forms an integral part of the Website and the services we offer;
- complies with Recommendation No. 2/2001 on certain minimum requirements for collecting personal data on-line in the European Union, adopted on May 17, 2001 by the Work Group "Article 29".
The Controller would like to inform you that your personal data will be processed under the principles of lawfulness, fairness and transparency and the protection of your own confidentiality and rights. Your personal data will therefore be processed in accordance with the legislative provisions provided by GDPR 2016/679 and all obligations in terms of confidentiality indicated therein.
- DATA CONTROLLER AND DATA PROCESSORS
2.PERSONAL DATA PROCESSED
2.1 Website browsing data
2.2 Data provided voluntarily by users
3.THE BANNER AT FIRST ACCESS
4. PURPOSE OF DATA PROCESSING AND COMPULSORY OR OPTIONAL NATURE OF DATA PROVISION
5. METHOD OF PROCESSING, SECURITY AND PLACE OF DATA PROCESSING
6 COMMUNICATION AND DISSEMINATION
7 YOUR RIGHTS
9. CONTACT INFO
1. DATA CONTROLLER AND DATA PROCESSORS
As a result of users browsing the Website and using its services, personal data may be processed that concern identified or identifiable individuals.
To exercise the rights provided by the law and better specified above, you can contact the Data Controller or the DPO at the addresses listed below.
Information on the Data Controller:
The Data Controller is Dr. Schär SpA / AG, with registered office in Winkelau 9, 39014 Postal (BZ), Italy, Tel. 0473/293 300 E-mail firstname.lastname@example.org
Information on the Data Protection Officer.
The Data Controller has also appointed a Data Protection Officer (DPO), available at its headquarters (Winkelau 9, 39014 Postal (BZ), Italy, Tel. 0473/293 300) or by writing to email@example.com.
Your personal data may be disclosed to employees or external collaborators of the Data Controller who are administrative, sales, legal or accounting employees or IT administrators, depending on how your data is processed and who, working under the Data Controller’s direct authority, are designated as Data Processors or persons in charge of the processing, pursuant to articles 28 and 29 of GDPR 2016/679 and who are suitably instructed on how to perform the tasks involved.
2. PERSONAL DATA PROCESSED
2.1 Website browsing data
The computer systems and software procedures used to operate this Website will collect some personal data whose transmission is implicit when you use Internet communication protocols. This information is not collected to be associated with identified data subjects, but by their very nature they could allow us, through their processing and association with data held by third parties, to personally identify users. This category of data includes IP addresses or domain names of computers used by persons who log onto the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the number code indicating the status of the reply given by the server (successful, error, etc.) and other parameters that refer to the user's operating system and computer environment. This data is used for the purpose of obtaining anonymous statistical information on the Website usage and to make sure it is functioning, to allow – given the system architecture used – the proper provision of the services, for security reasons and to ascertain responsibility in case of hypothetical computer crimes against the Website or third parties. The data are usually deleted after seven days.
2.2 Data provided voluntarily by users
The Website grants users the opportunity to voluntarily provide personal data, for example by filling in a contact form, by requesting services or information, by freely choosing to explicitly and voluntary send e-mails to the addresses indicated on the Website, etc.
2.4 Data concerning minors
If the Website should process personal data of minors, consent will be required from the person having parental authority (legal guardian).
3. THE BANNER AT FIRST ACCESS
Dr. Schär AG/S.p.A. has prepared the aforementioned banner and, additionally, has installed a specific cookie that memorises the user’s preference in terms of cookie installation for 365 days. This means that users will see the cookie banner only once, and if they wish to change their preferences, they may do so by following the instructions provided in the paragraph entitled “How to view and change cookies through your browser”.
4. PURPOSE OF DATA PROCESSING AND COMPULSORY OR OPTIONAL NATURE OF PROVISION OF DATA BY USERS
The personal data you provide through the Website will be processed by the Data Controller for the following purposes:
a) purposes related to the provision of services requested by users: registration to the Schär Club.
The provision of your personal data for the purpose listed under (a) above is optional, but failure to do so could make it impossible for us to provide the services requested.
In compliance with article 6 comma 1 letter b) of the GDPR, we do not ask for your consent to process your personal data for these purposes, since said details are necessary to carry out the obligations deriving from a contract in which you are an involved party and/or to fulfil, before conclusion of the contract, specific requests by the involved party itself.
b) research/statistical analysis on aggregate or anonymous data, therefore without the possibility of identifying the user, aimed at measuring the effectiveness of any web marketing campaigns we may have conducted, measure traffic and evaluate usability and interest.
The processing of aggregate or anonymous data is not subjected to the provisions of GDPR 2016/679.
c) purposes that relate to the fulfilment of obligations under the law, regulations or European legislation.
The provision of your personal data for the purpose listed under (c) above is compulsory and failure to do so would not allow the Data Controller to satisfy its obligations under the law, regulations or European legislation.
We would like to remind you that, in compliance with article 6 comma 1 letter c) of the GDPR, it is not necessary to obtain your consent for processing your personal data for these purposes.
d) advertising messages.
In accordance with the decision of the Italian Authority for the protection of personal data "Guidelines regarding promotional activity and contrast to spam – July 4, 2013 ", if you decide to grant your consent to the reception of information about the Data Controller’s promotional activities, including market research, we inform you that we may conduct such activities, as required by current regulations, by letter, call center contacts (so-called "traditional methods"), e-mail, text messages, push notifications and through social networks (so-called "automatic methods"). We also inform you that you may at any time decide to withdraw your consent previously granted for traditional or automatic methods by notifying the Data Controller informally, i.e. by sending an e-mail to: firstname.lastname@example.org.
The provision of your personal data for the purpose listed under (d) above is optional and requires your previous consent. Lacking such consent, you will be able to use the service requested, but the Data Controller will not be able to send you advertising messages. Once you have granted consent, you can revoke it at any time for all these communication methods or only for one or some of them.
e) profiling purposes (e.g. creation, with the aid of electronic tools, of user profiles based on their preferences, habits and consumption choices).
Such profiling activities may be carried out by means of cookies or other online profiling technologies, e.g. trackers, (please see section 2.3, and/or by cross-linking personal data collected in connection with the provision of services and the relevant use of multiple features chosen from among those made available to the user, as provided by the Guidelines on the processing of personal data for online profiling - March 19, 2015.
5. METHOD OF DATA PROCESSING, SECURITY AND PLACE OF DATA PROCESSING
Your personal data is processed by the Data Controller – or by third parties carefully selected for their reliability and competence, as well as regularly designated as Data Processors – only to the purpose of achieving the purposes specified above, mainly using automated tools, but also in paper format, for the time strictly necessary to achieve the purposes for which the data was collected.
Specific security measures are applied to prevent the loss of data, unlawful or unfair use, and unauthorised access, in full compliance with what is indicated in article 32 of the GDPR.
The personal data provided by users in relation to the web services offered by this Website is processed at the Data Controller’s registered office specified above. The Controller's data centres are located in Italy. The Data Controller also relies on the technological services/data centres of KEY-TEC GmbH & Co. KG and webAlm GmbH to process personal data for the purposes described above, which means that the data will also be stored at their offices.
Your personal data collected through the forms available on our website,will be kept for the time required to fulfil your requests. Wherever there are regulations requiring that we keep the details for a longer period of time, we will comply with said regulations. The details collected by cookies will be kept for the period of time established by the individual cookie.
6. COMMUNICATION AND DISSEMINATION
Your personal data may be communicated to external subjects whose assistance is necessary and functional to the provision of the Website services.
Your ordinary personal data may be transferred to third parties such as: 1. individuals, companies or professional firms that provide assistance and advice to the Data Controller, aptly designated as Data Processors; 2. entities, bodies or authorities to whom the communication of personal data is compulsory under the law or by order of the competent authorities; 3. subjects that are delegated by the Data Controller and/or to whom the Data Controller has assigned the task of carrying out activities strictly related to the purposes mentioned above (including technical systems maintenance), aptly designated as Data Processors; 4. business partners, identified by category, who process the data for direct marketing purposes as independent data controllers, but only if the user has granted specific consent for them to do so.
The Data Controller will not process data if such processing involves their dissemination, unless it has first obtained the user’s specific consent.
The data you supply us with will not be transferred to third party Countries or to international organisations outside of the EU.
7. YOUR RIGHTS
You have the right to ask us at any time to gain access to your personal data, to rectify, complete or erase them, and to limit or object to their processing wherever there are legitimate reasons to do so, as well as to transfer the aforementioned details to another Data Controller. We will send you a written response within 30 days. You may revoke, at any time, the consent given on this website, contacting one of the addresses indicated in the paragraph entitled “Information on the Data Controller and on the Data Protection Officer”. You are also allowed to make a complaint to the National Control Authority, wherever you feel that your data are being processed unlawfully.
Requests must be sent by email to the following address: email@example.com.
9. CONTACT INFO
If you wish to receive any information about personal data processed by the Data Controller, you may contact our Company (i.e. the Data Controller) by letter, fax or e-mail to the address: firstname.lastname@example.org
WARNING OF RISK
In compliance with the guidelines from the Italian Data Protection Authority (Garante per la protezione dei dati personali) dated 25 January 2012,
Dr. Schär AG/S.p.A., as manager of the www.schaer.com website and of all other websites owned by the writing company, is obliged to warn the users that:
- they must give the necessary attention to evaluating the possibility, during operations, of entering or denying personal data (including email address) which may, even indirectly, be linked to their identity;
- they must evaluate the possibility of publishing or not publishing photos and/or videos that make it possible to identify people or places, or make them identifiable;
- they must pay special attention to the possibility of entering, during their own operations, data that may, even indirectly, reveal the identity of third parties, for example: other people linked to the author of the post by the same pathology, human experience, or medical journey;
- what is written in these forum/community can be indexed and available to generalised search engines (Google, Yahoo, etc.).
We would like to specify that data entered on these forum/community can be consulted only by other users who register on the website.