FARMACOSMO S.p.A. has drafted this Privacy Policy to inform you about how we collect, use and share your Data. This Policy applies to all information collected through the relevant website www.farmacosmo.it (hereinafter the "Site").
NB: Should you provide us with information voluntarily, you freely consent to the use of your Personal Data as described herein. If you do not intend to consent to the processing of Personal Data, please refrain from communicating this decision to us.
Under Article 13 of EU Regulation 679/2016 (GDPR), we hereby provide the following information.
DATA PROCESSING
1. Data Controller
The data controller is the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of Personal Data, also dealing with security profiles.
With regard to this website, FARMACOSMO S.p.A. is the Data Controller of Personal Data, with a registered office in Via Francesco Crispi no. 92 - 80121 Naples, Tax Code, VAT number and registration in the Register of Companies: 07328451211 - REA: 876902 ("farmacosmo").
For any clarification or exercise of your rights, you can contact us at the following addresses: Fax 081.0901315 Tel. 02 8362 3081, email privacy@farmacosmo.it.
2. Place of Data Processing
The processing related to this site’s web services takes place at the aforementioned headquarters in Naples. As regards the transfer of Data, its management and storage, all this takes place on servers physically located within the European Union.
3. DPO (Data Protection Officer)
FARMACOSMO S.p.A. has appointed a Data Protection Officer per Articles 37 and subsequent amendments of the GDPR that can be contacted at the following email address: dpo@farmacosmo.it.
4. Data Processing for Minors
Product purchase is reserved exclusively for adults. However, should a parent or guardian have reason to believe that their child or a minor has provided us with Data, you are kindly requested to contact us. Subscription to the newsletter of a promotional and commercial nature is reserved for users with an email address, who are at least 14 years old.
DATA PROCESSED
1. Data processing methods
Processing operations
For the "processing" of your Data we mean the completion of any operation, or set of operations, referred to in Article 4 no. 2) of the GDPR, consisting of the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of the Data.
The Personal Data thus collected may be processed both in paper form and with the help of IT, telematics and/or automated tools, by entering them in archives managed by persons formally appointed to do so.
Access to Data
Your Data may only be accessed by authorised parties within the scope of the duties assigned by the Data Controller.
Dissemination and Communication of Data
Your Data shall not be disclosed and, without the need for your express consent - Article 6, Letters b) and c) and f) of the GDPR, may be communicated, where necessary or in any case if required, exclusively to:
• Institutional control bodies in the field of Public Security;
• External consultants in charge of providing administrative, accounting, legal and tax services;
• Credit institutions and data processing companies relating to the temporary management of data only related to the commercial and financial aspects of FARMACOSMO S.p.A.
• Shippers
• Providers of IT products and services (7 pixels as a price comparison service and Trustpilot A/S as an online collection and review service)
Some of the indicated subjects operate as data controllers. The communication to those who, on the other hand, operate as independent Data Controllers is carried out because prescribed by legal obligations or necessary to give effect to the obligations deriving from the contractual relationship or the legitimate interest of the owner consisting of maintaining the security of computer systems and in the performance of defensive activities.
Farmacosmo uses the Trovaprezzi.it, a certified review system that collects feedback from users who have purchased on the affiliated e-shop. In this context: "7Pixel S.r.l., in the person of the pro tempore legal representative, is appointed as the data controller of the User's data (email address) for the management of requests for comments within the Trusted Program of the website www.trovaprezzi.it"
For marketing activities and, specifically, for the management of promotional and commercial communications via email, Farmacosmo makes use of the MailUP service provider. This person acts as a data processor and manages the Data with the guarantees required by current legislation. Any further communication shall only take place with your explicit consent.
2. Purpose of processing and legal basis:
We use your Data for a variety of legitimate business reasons and purposes:
a) to provide you with the products you have purchased and to send you communications related to your order. For example, we shall use your Data to manage your order, confirm your purchase and manage services related to it such as shipping the products purchased. The legal basis for this processing is the execution of the contract of sale to which you are a party from the moment you accept the terms and conditions of sale indicated on the site;
b) to comply with the accounting and tax obligations in force, to comply with the obligations provided for by the Law, by a Regulation, by EC Legislation or by an Order of the Authority (in particular tax, anti-money laundering, banking and public security), as well as by supervisory and control bodies and for anonymous and aggregated statistical purposes. The legal basis for this processing is compliance with legal obligations;
c) to control unlawful conduct and/or prevent other unlawful acts or fraud, as permitted by applicable law. The legal basis for such processing is the legitimate interest of the Data Controller;
d) for the initiation, exercise or defence of legal actions of which the company "FARMACOSMO S.p.A." is part or could be part thereof. The legal basis for such processing is the legitimate interest of the Data Controller;
e) for email marketing purposes, also within the scope of the newsletter service, if subscribed. The legal basis for this processing is your explicit consent;
f) for the sole purpose of evaluating the quality of the products offered and to measure the degree of customer satisfaction, through requests for reviews of the products purchased. The legal basis for such processing is the legitimate interest of the Data Controller;
g) for reasons related to the application of future vacant professional positions in the context of the activities of the Data Controller. In particular, we refer to the Data collected during a selection or through the spontaneous sending of the Curriculum Vitae, carried out by email as well as through the section expressly dedicated to the purpose: "Work with us" on the website www.farmacosmo.it as well as through Sites or portals to which the Data Controller refers for the selection process and/or through the dedicated social media networks (e.g. LinkedIn). The Data collected is processed to verify the skills necessary for the recruitment or start of a working collaboration with the Company, as well as for purposes related or instrumental to the performance of the research and selection of personnel. It is understood that the provision of your personal data for the specific purpose indicated above is optional, but necessary to consider, possibly, the application and contact you to select the staff. The legal basis of the processing for the aforementioned purposes is represented by the need to execute activities of a pre-contractual/contractual nature requested by the candidate.
3. Data Retention Times
We store your data for the time necessary to achieve the purposes for which it was collected.
Your Data may also be stored so that we can contact you, to ensure compliance with national laws, prevent fraud, for any disputes, solve problems, provide assistance in case of investigations, take other actions where required by national laws in force and assert or defend a right in court: in these cases, the Data Controller may be obliged to keep Personal Data for a longer period.
For marketing purposes, the retention period of your data is 24 months from collection.
At the end of the retention period, all Personal Data shall be deleted. Therefore, upon the expiry of this term, the right of access, cancellation, rectification and the right to data portability (as indicated below) may no longer be exercised.
SECURITY OF DATA PROVIDED
Means of Protection
To protect your Data, we will take appropriate measures in line with applicable data protection and security laws and regulations, including asking our service providers to use appropriate measures to protect the confidentiality and security of your Data. Depending on the technological development, the implementation costs and the nature of the Data to be protected, we take technical and organisational measures to prevent risks, such as the destruction, loss or alteration of your Data and the unauthorised disclosure or access thereto.
Duties of the interested party
We remind you that you shall ensure, as far as you know, that the Data you provide us is correct, complete and updated. In addition, if you share other people's Data with us, you should collect such Data following any ongoing legal requirements. For example, you shall need to inform the other people, of whom you provide us with the Data, and obtain their consent.
RIGHTS OF THE DATA SUBJECT
Methods of exercising the rights
Under the provisions of Chapter III of the GDPR, Data Subjects may at any time exercise the rights provided for therein and in particular:
• Right of access: it consists of the right to obtain confirmation from the Data Controller whether the processing of Personal Data concerning you is in progress and, in this case, to receive information about the purposes of the processing, the categories of Data involved, the recipients or categories of recipients to whom the Personal Data are or may be communicated, the period of retention of Personal Data or the criteria for determining this period (Article 15, GDPR);
• Right of rectification: consists of the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate Personal Data and the integration of incomplete Personal Data (Article 16, GDPR);
• Right to erasure: consists of the right to obtain from the Data Controller, without undue delay, the erasure of Personal Data, in the cases provided for by the GDPR (so-called "right to be forgotten" - Article 17, GDPR);
• Right of limitation: consists of the right to obtain from the Data Controller the limitation of processing, in the cases provided for by the GDPR (Article 18, GDPR);
• Right to portability: it consists of the right to receive from the Data Controller in a structured format, commonly used and readable by an automatic device, the Personal Data concerning you provided to the Data Controller and request to transmit them directly, or through the Data Controller if technically feasible, to another Data Controller (so-called "right to data portability" - Article 20 GDPR);
• Right to object: to object to the processing of Personal Data in the event of particular situations affecting you (Article 21 of the GDPR);
• Right to withdraw consent: consists of the right to withdraw consent to the processing of your Personal Data, where provided. It may be exercised concerning all or only some of the purposes of the processing, and about all or some of the Data provided. The withdrawal of consent does not affect the lawfulness of the processing based on the previously given consent. In the same way, the consents expressed in reference to this policy can be revoked at any time notwithstanding the lawfulness of the processing based on the consent given prior to revocation.
• Right of complaint: Data Subjects who believe that the processing of Personal Data relating to them through the Website takes place in violation of the provisions of the Regulation have the right to lodge a complaint with the supervisory authority, as provided for by Article 77 of the Regulation, or to take appropriate legal action against the Data Controller or the Data Processor (Article 79 of the Regulation).
If you need to change your personal information, and you are a registered customer, you can correct, update or remove it by accessing your Reserved Area. In your account area - Information section - you will find the "ACCOUNT CANCELLATION" option, which you can access by clicking the "Cancel Your Account" button. Thus, you can permanently delete your data on Farmacosmo. If you are not a registered customer, you can write to us at: privacy@farmacosmo.it
If you are no longer interested in receiving advertisements and other marketing information by email, please send a request to privacy@farmacosmo.it (including your full name, email address and postal address) or you can unsubscribe by clicking the appropriate link at the bottom of the emails sent through the MailUP software or by accessing the customer's private area, in the dedicated section.
AMENDMENTS HERETO
Changes to the Data Processing Policy and Privacy Policy
This document constitutes the site's disclosure and may be subject to change. If substantial modifications are made to the use of the Data relating to the user by the Data Controller, the latter shall notify the user by publishing them with the maximum highlight on its pages or through alternative or similar means.
The document was updated on 10/06/2022 to be in line with the relevant regulatory provisions, and in particular per EU Regulation no. 2016/679 and Legislative Decree101/2018.
If you have any questions regarding the Privacy Policy, please do not hesitate to contact us at privacy@farmacosmo.it.