Privacy en – GN Cosmetic

PRIVACY POLICY

Pursuant to Legislative Decree no. 196/2003 and Regulation (EU) 2016/679 (hereinafter the “Regulation”), this page describes the methods of processing the personal data of users who consult the website accessible electronically at the following address: https://gnpharmaceutical.com. We inform the user that, following consultation of this website, data relating to identified or identifiable persons may be processed. This information does not concern other websites, pages, or online services that may be reached through hyperlinks published on the site.

Identity of the Data Controller

The Data Controller is G.N. Pharmaceutical Srl, represented by its legal representative pro tempore, with registered office in Modugno (BA) – Via Dei Gigli 17 (e-mail: info@gnpharmaceutical.com, PEC: giusininivaggi@legalmail.it, Tel.: 0808890375 (hereinafter also referred to as “the Data Controller”).

Source of data and type of data collected

1) Data provided by the User

The Data Controller collects personal data provided by users:

when sending a message using the contact channels and/or contact forms available on the website.

The optional and voluntary sending of messages to the contact addresses, as well as the completion and submission of forms on the website, involves the acquisition of the sender’s contact data necessary to provide a response, as well as all personal data included in the communications.

2) Browsing data

The Data Controller collects data relating to the use of the website by the user.

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response, and other parameters relating to the user’s operating system and IT environment.

Such data, necessary for the use of web services, are also processed for the purpose of:

obtaining statistical information on the use of services (most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.);
monitoring the proper functioning of the services offered.

Browsing data are not retained for more than seven days and are deleted immediately after aggregation (except for any need to ascertain criminal offences by the judicial authority).

3) Cookies and other tracking systems

In order to make its services as efficient and easy to use as possible, this Website uses cookies.

Therefore, when visiting the Website, a minimal amount of information is placed on the User’s device, such as small text files called “cookies”, which are saved in the User’s web browser directory. There are different types of cookies, but essentially the main purpose of a cookie is to make the Website function more effectively and to enable certain functionalities.

For more information about the cookies used by this website, please refer to the cookie policy available at the following link.

Purpose of processing

Depending on the type of processing to be carried out, the Data Controller uses the data collected and/or provided by the User for the following purposes:

1) responding to communications, requests for information and/or services sent by users through messages sent using the contact addresses and/or forms available on the website;

2) managing and controlling risks, preventing possible fraud, insolvency or breaches of obligations; preventing and managing possible disputes and taking legal action where necessary.

Legal basis for processing

With reference to the purposes indicated in the previous paragraph, the legal basis is, with regard to point:

1) the necessity to perform a contract to which the data subject is party or to take pre-contractual measures at the request of the same;

2) the necessity to pursue the legitimate interest of the Data Controller (particularly with regard to the prevention of fraud and insolvency).

Recipients of the data

The personal data processed by the Data Controller are not disclosed, meaning they are not made known to unspecified parties in any possible form, including through their availability or simple consultation.

However, they may be communicated to employees working under the authority of the Data Controller. Based on their roles and duties, such employees have been authorized to process personal data, taking into account their respective competencies and in accordance with the instructions provided by the Data Controller. The Data Controller has appointed third-party service providers in relation to the operation of the website, such as hosting providers, IT maintenance service providers, and providers enabling the integration of additional functions on the website that the user may use at their discretion. These service providers, appointed as Data Processors, are provided only with the personal data necessary to perform the relevant services and are not permitted to use or disclose the personal data of data subjects for other purposes without prior authorization from the data subject. Finally, data may be communicated to parties entitled to access them by virtue of legal provisions, regulations, or EU legislation.

Data transfer

Under no circumstances does the Data Controller transfer personal data to third countries or international organizations.

Data retention

The Data Controller stores and processes personal data for the time necessary to fulfill the indicated purposes. Subsequently, personal data will be stored and no longer processed for the period established by current civil and tax regulations. In the event of any dispute, the collected data will be retained for the entire duration of the dispute, until the expiry of the terms for exercising legal remedies. It should also be added that, should a user provide the Data Controller with personal data that are not requested or not necessary for the performance of the requested service or for the provision of a service strictly related thereto, G.N. Pharmaceutical Srl cannot be considered the Data Controller of such data and will proceed with their deletion as soon as possible.

Rights of the data subject

In relation to the data processed under this privacy notice, the data subject has the right at any time to:

request from the Data Controller access to their personal data and related information (Art. 15 GDPR); rectification of inaccurate data or completion of incomplete data (Art. 16 GDPR); deletion of personal data concerning them (upon the occurrence of one of the conditions indicated in Art. 17, para. 1 GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); restriction of the processing of their personal data (when one of the conditions referred to in Art. 18, para. 1 GDPR applies);
request and obtain from the Data Controller – where the legal basis of the processing is a contract or consent, and the processing is carried out by automated means – their personal data in a structured and machine-readable format, also for the purpose of transmitting such data to another data controller (so-called right to data portability – Art. 20 GDPR);
object at any time to the processing of their personal data where particular situations concerning them exist (Art. 21 GDPR);
withdraw consent at any time, limited to cases where the processing is based on consent for one or more specific purposes. Processing based on consent and carried out prior to its withdrawal shall nevertheless remain lawful (Art. 7, para. 3 GDPR);

The relevant request may be submitted by contacting the Data Controller via PEC at: giusininivaggi@legalmail.it, by e-mail at: info@gnpharmaceutical.com or by registered mail with return receipt to: Modugno (BA) – Via Dei Gigli 17.

Should the data subject believe that the processing of their data is in violation of the Regulation, they may lodge a complaint with a supervisory authority (Italian Data Protection Authority – www.garanteprivacy.it), as provided for by Art. 77 GDPR, or take appropriate legal action (Art. 79 GDPR).

Refusal to provide data

If the Data Subject does not provide the data identified as necessary for the performance of the requested service, the Data Controller will not be able to carry out the processing related to the management of such service, nor fulfill the obligations deriving from it.

If the Data Subject does not provide consent to the processing of personal data for activities requiring such consent, said processing will not be carried out for those purposes, without affecting the provision of the other requested services, nor those for which consent has already been given. Should the Data Subject have given consent and subsequently withdraw it or object to the processing, their data will no longer be processed for such activities, without this resulting in consequences or prejudicial effects for the Data Subject or for any other requested services.

Automated decision-making processes

The Data Controller does not carry out processing consisting of automated decision-making processes concerning the data of natural persons.