PRIVACY POLICY

EXTENDED INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA

Pursuant to art. 13, DLGS n. 196/2003 (so-called Privacy Code) and art. 13 European Regulation 679/2016 (so-called GDPR).

 

HOLDER OF DATA PROCESSING

Following consultation of this site, data relating to identified or identifiable persons may be processed.

 

Data Controller

NICOLA LEY SKINCARE

FINCHWOOD GRANGE

CHERRY ORCHARD LANE

ASHFORD

KENT

UNITED KINGDOM

Owner email address: info@dermogeneraspecialist.com

 

 

The data collected through the Site are in no case sold or disclosed.

The DATA CONTROLLER intends to provide you with some information regarding the processing of personal data you have provided by browsing this website or interacting with our company by sending e-mails or entering into a contract for the supply of goods, services or services. .

We have set up this information as a FAQ model; do not hesitate to address any further questions or requests to the email address: info@dermogeneraspecialist.com 

 

WHAT PERSONAL DATA DO YOU PROCESS?

Those strictly necessary for access to the reserved area for the consultation of our product catalogs, for the sending of informative newsletters, the execution of commercial contacts with our customers and, in general, to meet your requests. Normally the personal data collected are: name and surname, company name, email address, telephone number, address.

As for personal data processed automatically by virtue of your access to our site, consult the section: use of cookies ; 

We do not knowingly process "sensitive" personal data capable of revealing racial and / or ethnic origin, religious, philosophical beliefs, political opinions, membership of parties, unions, associations or organizations of a religious, philosophical, political or union nature. , the state of health or the sexual life of the person concerned. Therefore, please do not give us these types of personal data.

The personal data collected may refer both to the User and to third parties whose data the user provides. The user assumes responsibility for the personal data of third parties published or shared through the site and guarantees that he has the right to communicate or disseminate them, freeing the Data Controller from any liability to third parties.

 

 

 

FOR WHAT PURPOSE DO YOU TREAT PERSONAL DATA?

User data are collected for the following purposes: contacting the user, responding to requests and sending informative newsletters.

commercial purposes: that is, in order to satisfy your contact requests, sending newsletters and commercial information. Of course, you are not obliged to provide us with your personal data at all, but if you do not do it or you send us incorrect, incomplete or incorrect data, we may not be able to provide you with the newsletter service, the requested information or access to the area. reserved. It is not necessary for us to obtain your explicit consent to the processing of personal data for access to the protected area: consent is in fact implicit in your request for access. 

promotional purposes: we may be interested in processing your personal data to carry out promotional initiatives, such as for example the sending of information relating to our new products and / or services, events, sector fairs, presentations, etc. This information may be sent to you in traditional ways (calls by telephone with an operator, shipment of printed advertising material by post, etc.) or by automated means (e-mail). In this case, we will request your explicit and specific consent to the processing of personal data for promotional purposes, consent that you can revoke at any time. However, if you do not authorize us to process personal data for promotional purposes, you can still become or remain our customers. 

However, we inform you that, if you are already our customers, we have the right to send you promotional initiatives relating to services and / or services similar to those you have already used.

The types of personal data used for each purpose are indicated in the following sections.

 

Contact the user

Contact form (Wix.com Inc.)

To avoid unnecessary interference from third party services, this site uses contact forms managed directly through the Wix platform. 

By filling in the contact form with their Data, the User consents to their use to respond to requests for information, quotes, or any other kind indicated by the form header.

Wix.com Inc is certified under the EU-US Privacy Shield in cases where it receives and processes personal data collected from users in the European Union, as described in more detail in the Wix.com certification of the shield for privacy    

Personal data collected: name, email, telephone, address. 

Place of treatment: USA - For more information on Wix's privacy policy   

Why it is used on this site: the contact form is used to allow users to contact Dermogenera and ask questions about products, request commercial contacts, subscribe to the newsletter and access the reserved area. 

 

Details on the processing of personal data

Personal data are collected for the following purposes and using the following services:

Access to accounts on third party services

This type of services allow this Application to collect data from your accounts on third party services and perform actions with them.
These services are not activated automatically, but require the express authorization of the User.

Stripe Account Access (Stripe Inc)

This service allows this Application to connect with the User's account on Stripe, provided by Stripe, Inc.

Personal data processed: various types of data as specified in the privacy policy of the service.

Place of treatment: United States - Privacy Policy . Subject adhering to the Privacy Shield. 

Category of personal data collected pursuant to the CCPA: information on the Internet.

This type of treatment constitutes a "sale of data" ("rooms") pursuant to the CCPA. In addition to the information contained in this clause, the User can consult the section that describes the rights of Californian consumers, for information on how to opt-out from the sale.

Contact form 

By filling in the contact form with their Data, the User consents to their use to respond to requests for information, quotes, or any other kind indicated by the form header.

Personal Data processed: ZIP code; city; Fiscal Code; surname; e-mail; User ID; address; nation; first name; telephone number; VAT number; province; business name; state; various types of data.

Category of personal data collected pursuant to the CCPA: identifiers; commercial information; information on the Internet.

Registration and authentication

By registering or authenticating, the User allows this Application to identify him and to give him access to dedicated services.
Depending on the following, registration and authentication services could be provided with the help of third parties. If this happens, this Application will be able to access some Data stored by the third party service used for registration or identification.
Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service.

Facebook Authentication (Facebook, Inc.)

Facebook Authentication is a registration and authentication service provided by Facebook, Inc. and connected to the Facebook social network.

Personal data processed: various types of data as specified in the privacy policy of the service.

Place of treatment: United States - Privacy Policy . Subject adhering to the Privacy Shield. 

Category of personal data collected pursuant to the CCPA: information on the Internet.

This type of treatment constitutes a "sale of data" ("rooms") pursuant to the CCPA. In addition to the information contained in this clause, the User can consult the section that describes the rights of Californian consumers, for information on how to opt-out from the sale.

Payment management

Unless otherwise specified, this Application processes all payments by credit card, bank transfer or other means through external payment service providers. In general, and unless otherwise indicated, Users are asked to provide payment details and personal information directly to these payment service providers.
This Application is not involved in the collection and processing of such information: instead, it will only receive a notification from the payment service provider in question about the payment.

PayPal (Paypal)

PayPal is a payment service provided by PayPal Inc., which allows the User to make payments online.

Personal data processed: various types of data as specified in the privacy policy of the service.

Place of treatment: Consult the Paypal privacy policy - Privacy Policy . 

Category of personal data collected pursuant to the CCPA: information on the Internet.

Stripe (Stripe Inc)

Stripe is a payment service provided by Stripe Inc.

Personal data processed: various types of data as specified in the privacy policy of the service.

Place of treatment: United States - Privacy Policy . Subject adhering to the Privacy Shield. 

Category of personal data collected pursuant to the CCPA: information on the Internet.

Platform and hosting services

These services are intended to host and operate key components of this Application, making it possible to provide this Application from a single platform. These platforms provide the Owner with a wide range of tools such as, for example, analytical tools, for managing user registration, for managing comments and the database, for e-commerce, for processing payments etc. The use of these tools involves the collection and processing of Personal Data.
Some of these services work through servers located geographically in different places, making it difficult to determine the exact place where Personal Data is stored.

Wix (Wix.com, Ltd.)

Wix is ​​a platform provided by Wix.com, Ltd. which allows the Owner to develop, operate and host this Application.
Wix is ​​an extremely versatile and customizable tool that allows you to host various types of websites ranging from simple blogs to complex e-commerce platforms.

Personal data processed: various types of data as specified in the privacy policy of the service.

Place of treatment: Israel - Privacy Policy . 

Category of personal data collected pursuant to the CCPA: information on the Internet.

This type of treatment constitutes a "sale of data" ("rooms") pursuant to the CCPA. In addition to the information contained in this clause, the User can consult the section that describes the rights of Californian consumers, for information on how to opt-out from the sale.

GDPR

 

Further information on Personal Data

Selling goods and services online                                       

The Personal Data collected is used for the provision of services to the User or for the sale of products, including payment and possible delivery. The Personal Data collected to complete the payment may be those relating to the credit card, the current account used for the transfer or other payment instruments provided. The payment data collected by this application depend on the payment system used.

Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

 

GOOGLE ANALYTICS (GOOGLE INC.)

Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.

Google could use Personal Data to contextualize and personalize the advertisements of its advertising network.

Google Inc. is certified under the EU-US privacy shield in cases where it receives and processes personal data collected from users in the European Union, as described in more detail in the Google Inc. certification for the privacy shield   

 

Personal data collected: cookies, IP address, geographic location, language, duration of the visit, age group, gender, browser used and traffic on the site (usage data). 

Place of treatment: USA - For more information on the Google Analytics privacy policy, visit their website .   

Data retention period: the collected data is kept by Analytics for 14 months

Why it is used on this site :: the Google Analytics service is used to monitor the performance of the site and the type of public interested in the contents. 

Displaying content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of this website and interact with them.

In the event that a service of this type is installed, it is possible that, even if the Users do not use the service, the same collects traffic data relating to the pages in which it is installed.

Google Fonts (Google Inc.)

Google Fonts is a service of visualization of font styles managed by Google Inc. that allows this website to integrate such contents within its pages.

Personal Data collected: Usage data and various types of Data as specified in the privacy policy of the service.

Place of treatment: United States - Privacy Policy . Subject adhering to the Privacy Shield. 

Google Fonts
Google Fonts is a font style visualization service managed by Google LLC or by Google Ireland Limited, depending on the position in which this Application is used, which allows this Application to integrate such content within its pages.
Personal Data processed: Usage data; various types of data as specified in the privacy policy of the service.

Place of treatment: United States - Privacy Policy; Ireland - Privacy Policy. Subject adhering to the Privacy Shield.

Category of personal data collected pursuant to the CCPA: information on the Internet.

This type of treatment constitutes a "sale of data" ("rooms") pursuant to the CCPA. In addition to the information contained in this clause, the User can consult the section that describes the rights of Californian consumers, for information on how to opt-out from the sale.

 

ADVERTISING'

This type of service allows you to use the User Data for commercial communication purposes. These communications are shown on this Application in the form of banners and other advertising forms, also in relation to the interests of the User.
This does not mean that all Personal Data are used for this purpose. Data and conditions of use are indicated below.
Some of the services indicated below may use Cookies or other Identifiers to identify the User or use the behavioral retargeting technique, that is, display personalized advertisements based on the interests and behavior of the User, also detected outside this Application. For more information, we suggest you check the privacy policies of the respective services.
In addition to the opt-out features offered by the services listed below, the User can opt-out by visiting the opt-out page of the Network Advertising Initiative.

Users can also choose not to participate in certain advertising features through the corresponding device configuration options, such as the mobile device advertising configuration options or the generic advertising configuration.

Reach (Reach International)

Reach is an advertising service provided by Reach International.

Personal Data processed: Cookies; Usage data.

Place of treatment: United Arab Emirates - Privacy Policy.

Category of personal data collected pursuant to the CCPA: information on the Internet.

This type of treatment constitutes a "sale of data" ("rooms") pursuant to the CCPA. In addition to the information contained in this clause, the User can consult the section that describes the rights of Californian consumers, for information on how to opt-out from the sale.

 

HOW LONG DO YOU STORE PERSONAL DATA?

The data collected for contractual purposes are processed and stored for as long as necessary for the execution of the contract;

Personal data collected for purposes related to the legitimate interest of the Data Controller will be retained until the satisfaction of this interest. The user can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When the treatment is based on the user's consent, the Data Controller can keep personal data longer until such consent is revoked. Furthermore, the Data Controller may be obliged to keep personal data for a longer period in compliance with a legal obligation or by order of an authority.

 

At the end of the retention period, personal data will be deleted. Therefore, at the end of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

In particular, the data sent through the contact form will be kept for 90 days unless there is a commercial relationship between the owner and the user.

 

HOW DO YOU TREAT PERSONAL DATA?

Mainly with automated tools. Personal data can also be processed using traditional methods (e.g. by annotating on paper records). In any case, we use constantly updated tools for the security of the processing and storage of personal data.

The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data. 

The treatment is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.

 

IN ADDITION TO THE OWNER, WHO HAS ACCESS TO THE PERSONAL DATA PROCESSED?

the employees of the owner, appointed internal managers or processors or system operators;

the external collaborators of the owner: in some cases, other subjects involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, may have access to data) postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.

IS THE PERSONAL DATA COLLECTED TRANSFERRED OR DISCLOSED TO THIRD PARTIES?

The personal data collected can be communicated to the Judicial Authority in cases expressly provided for by law without the consent of the interested party;

in the event that we intend to transfer or communicate the personal data being processed to third parties identified expressly or by reference to general categories (e.g. credit institutions; telephone operators), we must take care of your specific explicit and specific consent;

apart from the hypotheses described above, personal data are not transferred or disclosed to third parties.

WHICH RIGHTS ARE RECOGNIZED TO ME?

Users can exercise certain rights with reference to the data processed by the Owner.

In particular, the user has the right to:

  •                             withdraw consent at any time . The User can revoke his consent to the processing of his personal data previously expressed.

  •                             object to the processing of your data . The user can object to the processing of their data when it takes place on a legal basis other than consent. Further details on the right to object are indicated in the section below.

  •                             access their data . The user has the right to obtain information on the data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the data processed. 

  •                             verify and request correction . The user can verify the correctness of the proprieties and request their updating or correction.

  •                             obtain the limitation of the treatment . When certain conditions are met, the user can request the limitation of the processing of their data. In this case, the Data Controller will not process the data for any other purpose other than their conservation.

  •                             obtain the cancellation or removal of your personal data . When certain conditions are met, the user can request the cancellation of their data by the Owner.

  •                             receive your data or have it transferred to another holder . The user has the right to receive his data in a structured format, commonly used and readable by an automatic device and, where technically feasible, to obtain the transfer without obstacles to another owner. This provision is applicable when the data are processed with automated tools and the treatment is based on the user's consent, on a contract of which the user is a part or on contractual measures connected to it.

  •                             propose a complaint . The user can lodge a complaint with the competent data protection supervisory authority or take legal action.

 

 

Details on the right to object

When personal data are processed in the public interest, in the exercise of public powers with which the Data Controller is invested or to pursue a legitimate interest of the Data Controller, users have the right to oppose the processing for reasons related to their particular situation.

Users are reminded that, if their data were processed for direct marketing purposes, they can oppose the processing without giving any reasons. To find out if the Data Controller processes data for direct marketing purposes, users can refer to the respective sections of this document.

How to exercise your rights

To exercise the rights of the user, users can direct a request to the contact details of the owner indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within a month.

 

The interested party can exercise these rights by sending an e-mail communication to the following e-mail address: info@dermogenera.com 

 

The interested party also has the right to lodge a complaint with the Guarantor Authority for the protection of personal data ( www.garanteprivacy.it ).

Information for Californian consumers

This part of the document integrates and completes the information contained in the rest of the privacy policy and is provided by the company that manages this Application and, if applicable, by its parent company and by its subsidiaries and affiliates (for the purposes of this section collectively called "we" , "ours" or "ours").

The provisions contained in this section apply to all Users who are considered consumers residing in the state of California, United States of America, pursuant to the "California Consumer Privacy Act of 2018" (these Users are referred to below simply as "you "," Your "," you "or" your "), and, for them, these provisions prevail over any other provision which may be divergent or in contrast contained in this privacy policy.

The term "personal information" is used in this part of the document as defined by the California Consumer Privacy Act (CCPA).

Categories of personal information collected, disclosed or sold

This section summarizes the categories of personal information that we have collected, communicated or "sold" pursuant to the CCPA and the related purposes of the processing. You can find detailed information on these activities in the section called "Detailed information on the processing of Personal Data" in this document. 

Information We Collect: The categories of personal information we collect

We have collected the following categories of personal information about you: identifiers, business information and information on the Internet.

We will not collect additional categories of personal information without first informing you of a new information.

How we collect information: what are the sources of personal information we collect?

We collect the aforementioned categories of personal information, directly or indirectly, from you when you use this Application.

For example, you directly provide us with your personal information when you send requests via any form on this Application. In addition, you indirectly provide us with personal information when you browse this Application, as the personal information concerning you is automatically observed and collected. Finally, we may collect your personal information from third parties who work with us in relation to the provision of the Service or the functioning of this Application and its functionality.

How we use the information collected: sharing and communicating your personal information with third parties for operational purposes.

We may communicate your personal information to third parties for operational and service purposes. In this case, we enter into a written contract with that third party which obliges the recipient of your personal information to keep this information confidential and not to use it for purposes other than those necessary for the execution of the contract.

We may also disclose your personal information to third parties when you ask us or authorize us to do so in order to provide you with our Service.

For more information on the purposes of the processing, please consult the relevant section of this document.

Selling your personal information

For the purposes of this document, the term "sale" means "sell, assign, release, make public, disclose, disseminate, make available, transfer or otherwise communicate orally, in writing or by electronic means, a consumer's personal information by a company to another company or to third parties, for consideration or drawing another type of profit ”.

This means that, for example, a sale can take place whenever an application publishes advertisements, performs statistical analysis on its traffic or views or, simply, uses tools such as social network plug-ins and similar tools.

Your right to opt out of the sale of your personal information

You have the right to opt out of the sale of your personal information. This means that every time you ask us not to sell your data, we will execute your request.
These requests can be made freely, at any time, and without submitting any request subject to verification, simply by following the instructions below.

Instructions for opting out of the sale of personal information

If you wish to have further information or exercise your right to opt-out in relation to all sales made by this Application, both online and offline, you can contact us using the contact details provided in this document.

What are the purposes for which we use your personal information?

We may use your personal information to allow the correct functioning of this Application and its functionalities ("operational purposes"). In such cases, your personal information will be processed in an adequate and proportionate way for the purposes for which it was originally collected and strictly within the limits of compatible purposes.

We may also use your personal information for other reasons, such as for commercial purposes (as indicated in the section "Detailed information on the processing of Personal Data" in this document), as well as to comply with the law and defend our rights before the competent authorities when our rights or interests are threatened or when we suffer damage.

We will not use your personal information for different, unrelated or incompatible purposes, without first informing you of a new information.

Your California privacy rights and how to exercise them

Right to knowledge and portability

You have the right to know the following:

  •                 the categories of personal information we collect about you and the sources of that information, the purposes for which we use your personal information and with whom we share it;

  •                 in case of sale or communication of personal information to third parties for operational purposes, we will provide you with two separate lists in which we will communicate to you:

    •                           for sale, the categories of personal information communicated to each category of recipients; is

    •                           for communication to third parties for operational purposes, the categories of personal information obtained from each category of recipients;

The above information will be limited to personal information collected or used in the past 12 months.

In the event that our response is provided electronically, the information contained therein will be "portable", that is, delivered in a compatible format so as to allow you to transmit the information to other entities without impediments - provided that this is technically feasible.

Right to request the deletion of your personal information

You have the right to request the deletion of any of your personal information, subject to the exceptions provided by law (such as, by way of example and not limited to, in the event that the information is used to identify and repair errors on this Application, to detect accidents security, for purposes of protection from fraudulent or illegal activities, to exercise certain rights etc.).

If no exceptions provided for by law apply, as a result of the exercise of your right, we will delete your personal information and ask our suppliers to do the same.

How to exercise your rights

To exercise the rights described above, it is necessary to submit a verifiable request by contacting us using the contact details provided in this document.

In order to respond to your request, it is necessary for us to be able to identify you. For this you can exercise the above rights only by submitting a verifiable request that must:

  •                 provide sufficient information to allow us to reasonably verify that you are the person to whom the personal information we have collected relate to or an authorized representative;

  •                 describe your request with a degree of detail that is sufficient to make us understand, evaluate and respond correctly to what you ask us.

We will not respond to any request if we are unable to verify your identity and, therefore, to confirm that the information in our possession actually refers to you.

If you cannot personally submit a verifiable request, you can delegate a person registered with the California Secretary of State to do it on your behalf.

If you are an adult, you can make a verifiable request on behalf of those who fall under your parental authority.

A maximum of 2 requests can be submitted within 12 months.

How and in how long we will handle your request

Within 10 days, we will confirm that we have received your request and provide you with information on how we will process it.

We will respond on the merit of the request within 45 days of receiving it. If we need more time, we will explain the reason and tell you how long we need. In this regard, please note that it may take up to 90 days to satisfy your request.

Our communications will cover the period of the previous 12 months.

If we were to deny your request, we will explain the reason for the refusal.

We will not charge any commission to process or respond to your verifiable request unless it is manifestly unfounded or excessive. In such cases, we may charge a reasonable commission, or deny the request. In both cases, we will notify you of our decisions and explain the reasons.

 

Definitions and legal references

Personal Data (or Data)

It constitutes personal data any information which, directly or indirectly, also in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.

Usage data

These are the information collected automatically through this Application (also from third party applications integrated into this Application), including: IP addresses or domain names of the computers used by the User who connects with this Application, addresses in URI notation ( Uniform Resource Identifier), the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc.). country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the Application, with particular reference the sequence of pages consulted, the parameters relating to the operating system and the User's IT environment.

User

The individual who uses this Application who, unless otherwise specified, coincides with the interested party.

Interested

The natural person to whom the Personal Data refers.

Data Processor (or Responsible)

The natural person, legal entity, public administration and any other entity that processes personal data on behalf of the Data Controller, as set out in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of this Application. The Data Controller, unless otherwise specified, is the owner of this Application.

This Application

The hardware or software tool through which Users' Personal Data is collected and processed.

Service

The service provided by this application as defined in the relative terms (if any) on this site / application.

  • Instagram

©2020 Dermogenera. All rights reserved