EU Regulation 2016/679 on the “protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter “EU Reg. 2016/679” or “GDPR”) contains a set of rules aiming to ensure that the processing of personal data takes place in compliance with the fundamental rights and freedoms of individuals.
As a consequence, on this page, Giuliani S.p.A. intends to provide, pursuant to articles 13 and 14 of the GDPR, the following information regarding the processing of personal data of users who visit or consult the website accessible electronically from the address www.bioscalin.it (hereinafter the “Website”).
This notice only relates to the website bioscalin.it and not to other websites that may be consulted by the user through links contained therein.
2. Data Controller
The Data Controller is Giuliani S.p.A., (Tax Code and VAT reg. no. 00752450155), with registered office in Via Pelagio Palagi no. 2, 20129 – Milan (MI) Italy, in the person of its pro tempore legal representative (hereinafter “Giuliani” or the “Data Controller”).
3. Categories of personal data and data source
While browsing the Website, the following information may be acquired regarding the data subjects (hereinafter the “Data Subjects” or individually the “Data Subject”):
(a) Browsing data
the “IP addresses” or domain names of computers used by visitors connecting to the Website;
the time of the request;
the URI/URLaddresses (Uniform Resource Identifier/Locator) of the requested resources;
the method used to submit the request to the web server;
time of the request, size of the file obtained in response;
the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the visitor’s operating system and computer environment.
b) Data provided voluntarily by the User
The use of the “Contacts” section or of other sections of the Website, as well as the optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller published on the Website, imply the collection and subsequent processing of additional personal data by Giuliani.
Such additional personal data are freely provided by the Data Subject. Unless otherwise specified in the forms on the Website, the data requested are strictly necessary to process the requests received from the Data Subject.
In particular, the Data Controller collects the following types of personal data:
identification data (name) and contact details (email address) of the Data Subject, as well as any other personal data included in the communications sent to the Data Controller by filling out the formin the “Contact” section, by sending an email to the Data Controller’s email address or by telephone to the contact numbers published on the Website;
identification and contact data provided by filling in the additional forms on the Website.
The processing of this additional personal data will be based on the principles of correctness, lawfulness, transparency and protection of the confidentiality and rights of the Data Subject.
The information provided by the Data Subject through interacting with the “Take the Test” section of the Website is only collected in an anonymous manner and is not processed to be associated in any way with identified or identifiable subjects.
The personal data indicated above are collected directly from the Data Subject.
4. Purpose of the processing and legal basis
The personal data of the Data Subject are processed for the following purposes:
a) responding to requests for contact or information of the Data Subjects received through the “Contacts” section, or through the contact addresses of the Data Controller on the Website. In this regard, it is specified that personal data will not be processed by the Data Controller unless strictly necessary to pursue the aforementioned purpose. No data belonging to the special categories of data as identified by the current legislation (data revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade union nature, as well as relating to the state of health and sex life of the Data Subject) will be processed in any way. Therefore, the Data Subject is invited not to communicate any such data;
b) allow the registration of the Data Subject to the Website and the correct use of the specific services accessible only to registered subjects;
c) allow the Data Subject to participate in contests or prize competitions promoted, from time to time, by the Data Controller, by managing and executing each (pre-contractual and/or contractual) measure related to participating in these contests (including awarding prizes);
e) exclusively subject to the specific and separate consent of the Data Subject, periodically send advertising, promotional and/or commercial material, including sending newsletters, relating to the products offered and/or the promotional and sales initiatives launched by the Data Controller that are in line with the age stated by the Data Subject. This can take place either through traditional contact systems (paper mail) or through electronic communications (email);
g) fulfil the obligations provided for by laws and regulations to which the Data Controller is subject and/or execute orders from Authorities legitimised to do so.
The legal basis justifying the processing is given by:
– for the purposes referred to under letters a); b) and c), the execution of pre-contractual measures taken at the request of the Data Subject and/or the performance of a contract with the Data Subject (art. 6, (i), lett. (b) EU Reg. 2016/679);
– for the purposes referred to under letter d), the pursuit of a legitimate interest of the Data Controller (art. 6(i) lett. (f) EU Reg. 2016/679);
– for the purpose referred to under letter e), the express consent freely given by the Data Subject (art. 6 (i) lett. (a) EU Reg. 2016/679);
– for the purpose referred to under letterf), the fulfilment of a legal obligation the Data Controller is subject to (art. 6, (i), lett. (c) EU Reg. 2016/679).
Providing personal data marked with an asterisk, or otherwise indicated as mandatory within the forms on the Website, is necessary so that the Data Controller can perform the services requested by the Data Subject correctly and completely and/or comply with legal or regulatory obligations correctly.
On the contrary, it is understood that the refusal of the Data Subject to give his/her consent to processing the personal data for the purposes referred to in lettere) will make it impossible for the Data Controller to pursue the purposes indicated therein.
The Data Subject has the right to revoke, at any time, any consent provided in whole and/or in part, deciding, for example, to receive communications only through traditional means of contact (paper mail) or only through electronic communications (email) or not to receive any communication. The withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal.
To revoke the consent, the Data Subject may contact the Data Controller at any time at the addresses published in this notice or click on the consent withdrawal button at the bottom of any commercial communication sent to the email address of the Data Subject.
6. Treatment methods
Personal data are processed using manual, computerised and electronic tools with logics that are strictly related to the purposes stated in this document and, in any case, so as to ensure the security and confidentiality of the data in accordance with current regulations.
In case of processing carried out by electronic means, Giuliani may use third-party service companies, which will be made aware of their responsibilities with notice of appointment as Data Processors pursuant to art. 28 of the GDPR.
7. Data storage period
The processed data will be stored for a period of time not exceeding the achievement of the purposes for which they were collected (“storage limitation principle”, art. 5 GDPR), without prejudice to cases of compliance with a legal obligation or an order by an Authority legitimised to do so. The obsolescence of the stored data in relation to the purposes for which they were collected is checked periodically.
With regard to the purpose referred to in paragraph 4 letter e), the data will be processed by the Data Controller until the Data Subject communicates, in the manner provided for in this Notice, his/her intention to revoke his/her consent to the processing of his/her personal data. In any case, the Data Controller will store the personal data of the Data Subjects for a predetermined period of time.
At the end of the storage period, the personal data will be erased, destroyed or made anonymous, without prejudice to any storage periods required by law.
Therefore, at the end of this term, the right of access, erasure, rectification and the right to data portability can no longer be exercised.
8. Categories of subjects to whom data may be communicated
The personal data of the Data Subject may be made accessible or communicated for the purposes described above:
– to the Data Controller’s employees and collaborators, in their capacity as authorised processors and/or system administrators, within the scope of their respective duties and in accordance with the instructions received;
– to third-party companies or other entities that carry out activities required for the management and administration of the Website (such as hosting companies; service providers, managers of electronic platforms and, more generally, IT service providers);
– to people who perform tasks of a technical or organisational nature (providing communication printing, enveloping, transmission, transport and sorting services, or to third-party companies to which the call centre service has been outsourced);
– exclusively in the case of data collected for the purposes referred to in paragraph 4 lett. c), the data may be communicated to persons authorised to process the data (such as: notaries; chamber of commerce officials, etc.) or to the providers of services needed for the performance of the prize competition (by way of example: awarding parties; forwarding agents; parties associated with the prize competition held, etc.);
– to all those subjects entitled to access the data under the law or regulations (by way of example, public offices and authorities);
– to companies responsible for the internal audit of the Data Controller based on the laws and regulations in force.
These entities, bodies and companies will process the data of the Data Subject in their capacity as Data Processors duly designated by the Data Controller or, when applicable, as autonomous data controllers.
The complete and updated list of the designated Data Processors is kept at the registered office of the Data Controller.
9. Transferring personal data outside the EU
The personal data of the Data Subjects are stored on servers located at the registered office of the Data Controller, as well as at the offices of the service company within the European Union.
If, for technical and/or operational reasons, it is necessary to use entities located outside the European Union, the transfer of personal data to such entities will be regulated in accordance with the provisions of GDPR. Therefore, all the necessary precautions will be taken in order to ensure the full protection of personal data by basing such transfer on: a) the adequacy decisions on the recipient third-party countries expressed by the European Commission; b) the provision of adequate guarantees to protect the Data Subject (by way of example, data protection clauses adopted by the European Commission or by a national supervisory authority, codes of conduct, ad hoc contractual clauses, etc.); c) the specific conditions for derogation provided by art. 49 of the GDPR, including the explicit consent of the Data Subject.
10. Place of processing
The data will be processed by the Data Controller at its registered office in Via Pelagio Palagi no. 2, 20129 – Milan (MI), Italy.
11. Rights of Data Subjects
Pursuant to articles 15 et seq. of the GDPR, the Data Subject has the right to:
– request access to his/her personal data;
– request the updating, correction or integration of his/her personal data;
– revoke any consent given.
The Data Subject also has the right, in certain circumstances, to:
– object to the processing of his/her personal data;
– request the erasure of his/her personal data;
– restrict the processing of his/her personal data;
– request that his/her personal data be transmitted to him/her or transmitted to another data controller (data portability).
The Data Subject has in any case the right to lodge a complaint with the Personal Data Protection Authority in the event that he/she considers that his/her personal data are processed in breach of Reg. (EU) 2016/679.
12. Methods to exercise the rights
The Data Subject may exercise the rights granted to him/her at any time, by sending a registered letter with return receipt addressed to “Giuliani S.p.A.”, Via Pelagio Palagi no. 2, 20129 – Milan (MI), Italy or by sending an email to the address email@example.com
13. Data Protection Officer
The Data Controller has also designated a Data Protection Officer (DPO) pursuant to art. 37 of the GDPR. The Data Subject may contact the DPO at any time to request explanations about this Notice or exercise his/her rights under personal data protection law by sending an email to the following address firstname.lastname@example.org
Minors under 18 years of age must not provide information or personal data to the Data Controller without the consent of the parents or guardians responsible for them. In the absence of this consent, it will not be possible for the minor to send requests through the Website. Giuliani invites all the parents or guardians to inform minors about the safe and responsible browsing of the Internet.
The Data Controller reserves the right to make changes to this notice at any time by informing the Data Subjects on this page. Therefore, we advise you to consult this page regularly, taking as reference the date of the last change stated at the bottom.
Last amendment date
16. Expression of consent
□ I declare that I have read and understood this information notice
□ I GIVE MY CONSENT□I DO NOT GIVE MY CONSENT
to the processing of my personal data in order to periodically receive advertising, promotional and/or commercial material (including the newsletter), related to the products offered and/or the promotional and sales initiatives promoted by Giuliani that are in line with my age, through traditional contact methods (paper mail).
□ I GIVE MY CONSENT□I DO NOT GIVE MY CONSENT
to the processing of my personal data in order to periodically receive advertising, promotional and/or commercial material (including the newsletter), related to the products offered and/or the promotional and sales initiatives promoted by Giuliani that are in line with my age, through electronic communication (email).