Information about the processing of users’ personal data
Dichotomic Lab SAGL Via Belvedere 11 6952 Canobbio (Switzerland) Switzerland
(The “General Data Protection Regulation”), became enforceable beginning 25 May 2018.
In the role of company administrator and legal representative, the Data Controller (also defined “Owner“) Elisabetta Saccon wishes to inform its Clients including the users of the website http://www.dichotomiclab.ch (hereinafter cumulatively indicated as the “website“) (the “Interested“) regarding the methods of processing the personal data provided to the Data Controller. It is required by Legislative Decree no. 196/2003 (the “Privacy Code“) and the new European Regulation 2016/679 regarding the protection of personal data (the “General Data Protection Regulation“), became enforceable beginning 25 May 2018.
1 Owner and Data Controller
The Data Controller is Dichotomic lab SAGL., with registered office in Via Belvedere 11 6952 Canobbio (Switzerland), and can be contacted at the following email address: email@example.com. The complete list of responsible for the processing of personal data, appointed by the Data Controller, is available upon written request sent to the email address indicated above.
1 Personal data collected
1 the personal and contact data provided to the Data Controller at any time, including those necessary to create an account on the website;
2 the data relating to purchases made also through the website;
3 the navigation data relating to the use of the services offered also through the website collected through cookies in accordance with the Cookies Policy available at the following link https://www.dichotomiclab.ch/cookie-policy/;
4 the data provided in case of a request for information and assistance;
Health data and particular categories of personal data are not processed in accordance with article 9 of the European Privacy Regulation. The data of minors will be processed according to the methods referred in paragraph 8 below.
3 Data processing methods
The personal data of the interested party are processed with the support of computer and / or paper means and are protected through adequate security measures suitable to guarantee the confidentiality and security of personal data. In particular, the Data Controller adopts appropriate organizational and technical measures to protect the personal data she owns against loss, stealing, as well as use, disclosure or unauthorized modification of personal data.
The Data Controller proceeds with the anonymization of personal data and with the removal of identification data if there is no need to process personal data in an identifiable form for the purposes of treatment and at the end of the retention period indicated in paragraph 10 below.
4 Purpose of the processing
The purposes for which the interested party is required to provide the Data Controller with their personal data are as follows:
1 allow the interested party to register also through the website by creating a personal account and carry out the activities of the website. Those include: purchases on the website, use the services made available also through the website, participation in prize competitions and customer support services and assert and defend the rights towards the interested party and third parties (hereinafter jointly defined as “Contractual Purposes“);
2 comply with any legal and regulatory obligations (hereinafter referred to as “Legal Purposes“);
3 with the consent of the interested party, to send newsletters and commercial communications, through traditional and remote means of communication including email, SMS, MMS, social networks, instant messages, mobile applications, banners, faxes, mail and telephone. The purpose is for the promotion and / o sale of products and / or services marketed by the Data Controller and for customer satisfaction surveys (“Marketing Purposes of the Data Controller“);
4 with the consent of the interested party, to send marketing communications from other companies of the Owner’s group and / or commercial partners belonging to the same categories as the Owner, in relation to their products and services according to the methods referred to in point c) above. This list is available at the request of the interested party (“Third Party Marketing Purposes“);
5 in case that the interested party has given consent to the processing of his data for the Marketing Purposes of the Data Controller, to send newsletters and communications relating to the products and services marketed by the Data Controller by email, SMS with frequency not exceeding 3 communications to month to Users. Those are identified solely on the basis of belonging to non-invasive categories, such as, the age group, the eventual opening of previous newsletters received, the ways in which the interested party makes his purchases (“Purpose of Legitimate Marketing Interest” );
6 carry out functional activities for company and company branch transfers, acquisitions, mergers, divisions or other transformations and for the execution of such operations (“Purpose of Legitimate Business Interest“).
5 Legal basis of the processing
The processing of personal data for Contractual Purposes is mandatory, as it is necessary for the purpose of registration, for carrying out the activities of the website, for purchasing products also online and for the use of specific services offered also through the website. The provision of data Personal for the Legal Purpose is mandatory as required under applicable laws. In the event that the interested party does not want their personal data to be processed for these purposes, for the same reason it will not be possible to use the website and the services made available by the Owner also through the website itself.
The processing of personal data for the Marketing Purposes of the Owner and Third Party Marketing is optional and subject to the prior consent of the interested party. Any failure to provide consent determines the impossibility for the Data Controller, for the companies of the Data Controller group and / or for the selected commercial partners to keep the Data Subject updated. The updates concern new products or services, promotions, personalized offers, as well as to carry out market surveys and to send communications or other information material that may be in line with the interested party’s preferences.
The processing for Purposes of Legitimate Marketing Interest is functional to the pursuit of a legitimate interest of the Owner properly balanced with the interests of the Users in light of the limits imposed on such treatment illustrated in paragraph 4 f). It will be in effect from 25 May 2018, starting date of the effectiveness of the Privacy Regulation.
The processing for the purposes of legitimate business interest is carried out pursuant to article 24, paragraph 1, letter d) of the Privacy Code and for the pursuit of the legitimate interest of the Owner and its counterparties in carrying out the economic operations indicated therein pursuant to article 6, letter f), of the Privacy Regulation. It is properly balanced with the interests of the Users as the processing takes place within the limits strictly necessary for the execution of these operations.
6 Communication scope and data dissemination
For the purposes referred in paragraph 4, the Data Controller may communicate the data of the interested parties, strictly necessary for each type of processing, to the following categories of subjects:
- to the collaborators, employees and suppliers of the Data Controller, in the context of their duties and / or any contractual obligations with them, concerning commercial relations with Users;
- to subcontractors and / or subcontractors engaged in activities related to the execution of the 3. services and products offered by the Owner;
- to other companies of the Owner’s group in Italy and abroad, national and international, located in countries better specified in paragraph 7 below;
- to post offices, shippers and couriers entrusted of shipping the products purchased by the interested party and / or other material relating to carrying out the Owner’s services;
- to legal, administrative and tax consultants within the limits necessary or functional to carry out the activity of the Data Controller, in the manners and for the purposes described above;
- to banks for collections and payments management deriving from the execution of contracts with the interested party.
The personal data of the interested party will not be disclosed.
7 Personal data are transferred abroad
Personal data may be freely transferred outside the national territory to countries located in the European Union. Any transfer of the personal data of the interested party to countries of the European Union will take place, in any case, in compliance with the appropriate and adequate guarantee for the purposes of the transfer itself in accordance with applicable legislation.
8 People under 18 years old
9 Right of the interested party
The interested party may, at any time and free of charge:
(a) Obtain confirmation of the existence or not of data concerning him / her and receive communication;
(b) Know the origin of the data, the purposes of the processing and its methods, as well as the rationale of data processing carried out through electronic tools;
(c) Request updating, correction or – if interested – integration of data;
(d) Obtain the cancellation, the transformation into anonymous form or blocking of any data processed in violation of the law, as well as to oppose, for legitimate reasons, the processing;
(e) Object, in whole or in part, to the processing of data concerning him / her for direct marketing purposes carried out through automated and / or traditional methods;
(f) Withdraw, at any time, consent to the processing of data, without this could undermine the lawfulness of the treatment based on the consent given before the revocation.
At any time, the interested party can exercise the above rights, change the contact methods, notify the Owner of any updates to their data, request the removal of their personal data communicated by third parties, or obtain further information about the use by part of the Owner of their personal data, by contacting the Owner at the address firstname.lastname@example.org
10 Provisions applicable beginning May 25, 2018
The following provisions will become effective from 25 May 2018, as consequence of the beginning of the effectiveness of the Privacy Regulation.
- Personal data storage: the Data Controller will keep personal data for the period necessary to fulfill the purposes for which they were collected pursuant to paragraph 2 above. In any case, the following storage periods apply to the processing of personal data for the purposes indicated below:
• The data collected for the Contractual Purposes referred in paragraph 4, lett. a) are kept for the entire duration of the contract and for 10 years following the termination of the same agreement for defense purposes and / or to assert a right of the Owner in court and / or out of court in case of disputes related to the execution of the contract;
• The data collected for legal purposes referred in paragraph 4, lett. b) are kept for a period equal to the duration for each type of data required by law;
• The data collected for the Data Controller’s Marketing Purposes referred in paragraph 4, lett. c) are kept for a period equal to the entire duration of the registration of the interested party on the website through their account and / or participation in the competition and / or […] as well as for the 2 years following the termination, deactivation and / or cancellation of the same;
• The data collected for Third Party Marketing Purposes referred to in paragraph 4, lett. d) and e) are kept for a period of 12 months from the collection;
• The data collected for Legitimate Marketing Interest Purposes referred to in paragraph 4, lett. f) are kept for a period equal to the entire duration of the registration of the interested party on the website, through their account and / or participation in the competition and / or […] as well as for a 2 years following the end, deactivation and / or cancellation of the same;
• The data collected for Legitimate Business Interest Purposes referred to in paragraph 4, lett. g) are kept for a period of 10 years from the moment of collection.
Once the above terms have expired, the interested party data can be deleted, anonymized and / or aggregated.
b) Additional rights: the interested party may, at any time, in accordance with the procedures referred to in paragraph 9 above, (a) request the limitation of the processing of personal data in the event that (i) he / she questions the accuracy of the personal data, for the period necessary to verify the accuracy of such personal data. (ii) The processing is illegal and the interested party opposes the cancellation of personal data and instead requests that their use be limited. (iii) Although the Data Controller no longer needs personal data for processing purposes, those are necessary for the interested party to assess, exercise or defend a right in court. (iv) The interested party has opposed the treatment pursuant to art. 21, paragraph 1 of the Privacy Regulation waiting the verification of the eventual prevalence of the legitimate reasons of the Data Controller compared to those of the interested party. (b) Object to the processing of personal data at any time. (c) Request the cancellation of personal data concerning him / her without unjustified delay. (d) Obtain the portability of personal data concerning him / her. (e) Propose a complaint to the Data Protection Supervisor where the conditions exist.
11. Changes and updates
If the interested party has doubts, remarks or complaints about the methods of collection or purpose of his / her personal data, please use the Contact section of the website to contact the Owner.