3. THE BANNER AT FIRST ACCESS
Dr. Schär AG/S.p.A. has prepared the aforementioned banner and, additionally, has installed a specific cookie that memorises the user’s preference in terms of cookie installation for 365 days. This means that users will see the cookie banner only once, and if they wish to change their preferences, they may do so by following the instructions provided in the paragraph entitled “How to view and change cookies through your browser”
4. PURPOSE OF DATA PROCESSING AND COMPULSORY OR OPTIONAL NATURE OF PROVISION OF DATA BY USERS
The personal data you provide through the Website will be processed by the Data Controller for the following purposes:
a) purposes related to the provision of services requested by users: registration to the Schär Club.
The provision of your personal data for the purpose listed under (a) above is optional, but failure to do so could make it impossible for us to provide the services requested.
In compliance with article 6 comma 1 letter b) of the GDPR, we do not ask for your consent to process your personal data for these purposes, since said details are necessary to carry out the obligations deriving from a contract in which you are an involved party and/or to fulfil, before conclusion of the contract, specific requests by the involved party itself.
b) research/statistical analysis on aggregate or anonymous data, therefore without the possibility of identifying the user, aimed at measuring the effectiveness of any web marketing campaigns we may have conducted, measure traffic and evaluate usability and interest.
The processing of aggregate or anonymous data is not subjected to the provisions of GDPR 2016/679.
c) purposes that relate to the fulfilment of obligations under the law, regulations or European legislation.
The provision of your personal data for the purpose listed under (c) above is compulsory and failure to do so would not allow the Data Controller to satisfy its obligations under the law, regulations or European legislation.
We would like to remind you that, in compliance with article 6 comma 1 letter c) of the GDPR, it is not necessary to obtain your consent for processing your personal data for these purposes.
d) advertising messages.
In accordance with the decision of the Italian Authority for the protection of personal data "Guidelines regarding promotional activity and contrast to spam – July 4, 2013 "
, if you decide to grant your consent to the reception of information about the Data Controller’s promotional activities, including market research, we inform you that we may conduct such activities, as required by current regulations, by letter, call center contacts (so-called "traditional methods"), e-mail, text messages, push notifications and through social networks (so-called "automatic methods"). We also inform you that you may at any time decide to withdraw your consent previously granted for traditional or automatic methods by notifying the Data Controller informally, i.e. by sending an e-mail to: firstname.lastname@example.org
The provision of your personal data for the purpose listed under (d) above is optional and requires your previous consent. Lacking such consent, you will be able to use the service requested, but the Data Controller will not be able to send you advertising messages. Once you have granted consent, you can revoke it at any time for all these communication methods or only for one or some of them.
e) profiling purposes (e.g. creation, with the aid of electronic tools, of user profiles based on their preferences, habits and consumption choices).
Such profiling activities may be carried out by means of cookies or other online profiling technologies, e.g. trackers, (please see section 2.3 ___ LINK TO SECTION _____), and/or by cross-linking personal data collected in connection with the provision of services and the relevant use of multiple features chosen from among those made available to the user, as provided by the Guidelines on the processing of personal data for online profiling - March 19, 2015.
5. METHOD OF DATA PROCESSING, SECURITY AND PLACE OF DATA PROCESSING
Your personal data is processed by the Data Controller – or by third parties carefully selected for their reliability and competence, as well as regularly designated as Data Processors – only to the purpose of achieving the purposes specified above, mainly using automated tools, but also in paper format, for the time strictly necessary to achieve the purposes for which the data was collected.
Specific security measures are applied to prevent the loss of data, unlawful or unfair use, and unauthorised access, in full compliance with what is indicated in article 32 of the GDPR.
The personal data provided by users in relation to the web services offered by this Website is processed at the Data Controller’s registered office specified above. The Controller's data centres are located in Italy. The Data Controller also relies on the technological services/data centres of KEY-TEC GmbH & Co. KG e webAlm GmbH to process personal data for the purposes described above, which means that the data will also be stored at their offices.
Your personal data collected through the forms available on our website,will be kept for the time required to fulfil your requests. Wherever there are regulations requiring that we keep the details for a longer period of time, we will comply with said regulations. The details collected by cookies will be kept for the period of time established by the individual cookie.
6. COMMUNICATION AND DISSEMINATION
Your personal data may be communicated to external subjects whose assistance is necessary and functional to the provision of the Website services.
Your ordinary personal data may be transferred to third parties such as: 1. individuals, companies or professional firms that provide assistance and advice to the Data Controller, aptly designated as Data Processors; 2. entities, bodies or authorities to whom the communication of personal data is compulsory under the law or by order of the competent authorities; 3. subjects that are delegated by the Data Controller and/or to whom the Data Controller has assigned the task of carrying out activities strictly related to the purposes mentioned above (including technical systems maintenance), aptly designated as Data Processors; 4. business partners, identified by category, who process the data for direct marketing purposes as independent data controllers, but only if the user has granted specific consent for them to do so.
The Data Controller will not process data if such processing involves their dissemination, unless it has first obtained the user’s specific consent.
The data you supply us with will not be transferred to third party Countries or to international organisations outside of the EU.
7. YOUR RIGHTS
You have the right to ask us at any time to gain access to your personal data, to rectify, complete or erase them, and to limit or object to their processing wherever there are legitimate reasons to do so, as well as to transfer the aforementioned details to another Data Controller. We will send you a written response within 30 days. You may revoke, at any time, the consent given on this website, contacting one of the addresses indicated in the paragraph entitled “Information on the Data Controller and on the Data Protection Officer”. You are also allowed to make a complaint to the National Control Authority, wherever you feel that your data are being processed unlawfully.
Requests must be sent by email to the following address: email@example.com
9. CONTACT INFO
If you wish to receive any information about personal data processed by the Data Controller, you may contact our Company (i.e. the Data Controller) by letter, fax or e-mail to the address: firstname.lastname@example.org