PRIVACY & COOKIE POLICY

WWW.VITAMINCENTER.IT

This notice (hereinafter referred to as ‘the privacy policy’) is provided in compliance with the current legislation regarding the personal data protection and, in particular, with the article 13 of EU Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data and the free movement of data (“GDPR”) and it relates to the processing of personal data of the visitors to the website www.vitamincenter.it (hereinafter referred to as “the Site” or “the Website”).
This Privacy Policy aims to describe in a simple and transparent manner to the users which personal data are processed, for what purpose, by whom and how the data are processed and to inform the users about the measures undertaken to protect the data subjects’ rights and freedoms. This Privacy Policy, therefore, concerns only this Website and does not apply to other websites that may be visited by the user through hyperlinks accessed on the Website.


Index



1. DATA CONTROLLER
1. The Controller of the processing of personal data of the users is Vitamin Center S.r.l. unipersonale, Castel Maggiore (BO) via Marino Serenari n. 6/A (CAP 40013), R.E.A. BOLOGNA 424984, P.I. 02255511202, e-mail: privacy@vitamincenter.it, PEC: vitamincenter@pec.ascom.bo.it.

2. PURPOSES, METHODS AND LEGAL BASES OF DATA PROCESSING
1. Your personal data will be used to:
a) let you access and visit the Site and use its features;
b) let you register and create a personal account;
c) for the execution of a requested service or to let you carry out transactions on the e-commerce platform;
d) to provide appropriate support that responds to your necessities and requests;
e) to comply with all the legal, public and governmental requirements and orders;
f) to manage any disputes and defend the rights of Vitamin Center, both in and out of court;
The above-mentioned purposes at points a), b), c), d), e) will be all together referred to as “Mandatory Purposes” and, therefore, the provision of data will be in those cases compulsory.

Moreover, only in case of previous consent:
g) your data might be used in order to carry out market investigations, that will allow us to improve your experience and the quality of our products;
h) you will receive our newsletter and Vitamin Center’s commercial communications, that will be sent through adequate means (like direct mail, e-mail, SMS or phone calls) and will concern offered products and services, special events or personalized proposals;
i) a profile based on your preferences and needs could be created in order to send you personalized commercial communications about products and services that you had asked for or that you could be interested in.
The purposes described under points g), h) and i) are all together referred to as “Marketing Purposes” and, therefore, the provision of data will be in those cases optional.

2. In order to be sure that we will process your personal data only for the purposes described in this section, we inform you that:
• The “Mandatory Purposes” are compulsory because they are necessary to register, use and provide the services offered with this Website. Therefore, if you will not provide us with your personal data, you will not be able to register to the Site and to enjoy its functionalities provided by Vitamin Center;
• The “Marketing Purposes” are optional, but in case of denial of consent, Vitamin Center S.r.l. will not be able to send you commercial communications based on your interests. In any case, in every moment you will be able to revoke your consent for these purposes, by sending us an e-mail to the contacts that you can find under section 10 “Data Protection Officer and Contact point”. With regard to the newsletter, you will be able to revoke your consent by opening on the link at the end of each message.
3. The legal bases related to the purposes mentioned under point 1 are the following:
• With regard to navigation data (lett. a)), the legitimate interests pursued by Vitamin Center S.r.l. to the correct operation of the Website and the safe Website browsing;
• For the registration and the use of the e-commerce platform (lett. b) and c)), the performance of the contract to which the data subject is party;
• For the information and support requests (lett. d)), the provision of the service you asked for;
• For authority requests and orders (lett. e)), the compliance with a legal obligation to which the controller is subject;
• For manage disputes and defend the rights of Vitamin Center (lett. f)), to pursue our legitimate interests;
• For Marketing and profiling purposes and for the newsletter service (lett. g), h) ed i)), your free and informed consent.




3. CATEGORIES OF DATA PROCESSED
Different types of personal data may be processed and treated differently, depending on the services rendered.
3.1 Navigation data
The information systems and software procedures used to the operation of this web site acquire personal data as part of their standard functioning.
Such information is not collected in order to relate it to identifiable data subjects, however, it may allow User identification after being processed and matched with data held by third parties.
This data category includes the: IP addresses or names of computer domains used by visitors who access the website; URI (Uniform Resource Identifier) addresses of the requested resources; time of request; method used to submit the request to the server; size of the file obtained in response; numerical code indicating the status of the response from the server and other details relating to the operating system and the information environment of Users. This data is used only to obtain anonymous statistical information about the website and to check its correct functioning and is deleted immediately after processing. This data may also be used to ascertain responsibility in the case of possible computer crimes against the website. Excepting this, data on web contacts is not stored for more than seven days. As for cookies, please refer to paragraph 4.4.

3.2.1 Data supplied voluntarily by the User

• Data supplied voluntarily by the User (messages)
The voluntary and explicit sending of communications by e-mail emails to the contact addresses on this website (https://www.vitamincenter.it/en/servizioclienti/) will entail the subsequent acquisition of the sender’s data, including his e-mail address, and the consent to receive replies to his request.
The personal data provided herein are used solely for the purpose of responding to the submitted requests and are disclosed to third parties only if this is necessary for that purpose. The data will be stored for the times prescribed by law.

• Data supplied voluntarily by the User (advertising materials and/or quotes)
Users can voluntarily provide personal data to Vitamin Center while purchasing a product. Such provided data may be used to send e-mail communications relating to similar products to those previously required by the user, pursuant to art. 130, paragraph 4, of the Italian Legislative Decree n. 196/2003, without the need for express and prior consent (“soft spam”). Each message includes a notice that its recipient can at any moment revoke his/her consent without formalities to such processing of personal data. Data subject can request the Data Controller to delete or anonymize his/her personal information.

• Data supplied voluntarily by the User (customer service)
You can contact us at the contact details indicated on the customer service page (https://www.vitamincenter.it/servizioclienti#telefonoverde) to request assistance from our operators. This means that we receive the data you have communicated to us (for example, your e-mail address) and, of course, implies that you authorize us to send you any response communications.

• Data supplied voluntarily by the User (login and personal account registration)
You can fill out the form on the site to the following link https://www.vitamincenter.it/customer/account/create, to create a personal account and then access to your personal area.
For that purpose, we collect your personal data and/or those that identify you, such as your e-mail address and password to access your personal account, including your debit/credit card details, which are processed during the registration process.
This personal data is collected and processed for the purposes that can be activated at the user's request.
Their use will also be required for accounting, administrative, declarative, financial and credit management purposes.

• Data supplied voluntarily by the user (introduce a friend)
In order to invite a friend, you can enter the email address of a friend of yours in the specific form you will find in your personal area. This will involve our subsequent acquisition of this information and it will imply that you authorize us to send you a reply communication and that we will send to your friend the link to the registration page. This data will be processed only for the above mentioned purposes and will not be used for any further without your free and informed consent.

3.3. Newsletter
Vitamin Center’s newsletter is sent by e-mail to those who explicitly request it, by filling out the appropriate form on the Website and authorizing the Data Controller to process their personal data for the aforementioned purpose.
Consent: The service is provided only following explicit and unequivocal consent (released by the user selecting the appropriate box on the Website) and the provision of data is mandatory only for the purpose of receiving the newsletter. Any failure to provide consent will prevent the user to use the service, without further consequences.
Purpose: The personal data provided by users (e-mail address) will be processed only for the purpose to send the newsletter and will not be disclosed to third parties.
Modalities: The collected data will be processed with IT tools and/or automated means;
Removal from the service: in order to stop receiving the newsletter, you can simply select the link for removal at the end of each e-mail or send a specific request to the e-mail address privacy@vitamincenter.it.
The erasure could be managed automatically, therefore the user may receive for a period no longer than 72 hours further newsletters, whose submission had been planned before the reception of the cancellation request.
The newsletter service is provided by Adabra platform, owned by the company Ad Spray S.r.l., with registered office in Via XXV Aprile n. 38 –52100, Arezzo (AR), P.iva 02087840514; e-mail: privacy@adspray.it.
For further information, please visit the following page: https://assets.website-files.com/5e9dcaea14ba52eb79416f6a/5ef88cd686546679850434c9_Adabra_AdSpray_InformativaPrivacy_01.pdf

3.4.1 Cookie
What is a cookie? Cookies are information stored by the browser when you visit a Web Site using a PC, smartphone or tablet. Each cookie contains several pieces of data (e.g., the name of the server from which it originates, a numeric identifier, etc.). Cookies can remain in the system for the duration of a session (until the closing of the browser), or for long periods, and may contain a unique identifier.
When you will visit the website again, cookies will be reforwarded to the website that has generated them (first-party cookies) or to the ones that were provided by third parties and that are able to recognize them (third-party cookies).
In any case, Vitamin Center S.r.l. grants that the cookies used in its website are safe: they will not cause any damage to your device and they will allow you to surf faster the website.
What are they used for? Cookies are used for different purposes, depending on their type: some are strictly necessary for the correct function of the Web Site (technical cookies), whereas others optimise performance in order to provide the User with a better experience while they are visiting the Web Site. In addition, cookies allow Web Site usage statistics to be obtained, such as cookies analytics; others are for the purpose of displaying advertisements (in some cases advertisements are targeted based on cookie profiling).
Consent: Consent from the Users is stored by the Controller, for the purpose of fulfilling its responsibilities, through a technical cookie. The User is informed both by the brief privacy notice (displayed in a banner upon the first visit to the Web Site until permission is granted or denied) and by this privacy policy.
Vitamin Center’s website uses both cookies that do not require your previous consent (e.g. Technical cookies) and cookies you will have to assent to (e.g. profiling cookies). In detail, on the website might be active:

3.4.2 General types of cookies used on the Web Site
a) Technical cookies (which do NOT require your consent):
These are cookies necessary for the functioning of the site and allow you to access its functions (so-called navigation cookies) or to authenticate yourself in the session.
Functional cookies are also used to store your preferences and settings, thus improving your browsing experience on the site.
In order to guarantee their functionality, these cookies are generally not deleted when you close your browser; however, they have a default duration (generally up to a maximum of 2 years) and after this period they are automatically deactivated. These cookies and the data they collect will in no way be used for further purposes.
The installation of technical cookies takes place automatically when you access the site or to activate certain functions (e.g. by selecting the "remember me" option). You can always decide to disable them at any time by changing your browser settings: in this case, however, you may have some problems viewing the site.
b) Analytical cookies (which do NOT require your consent):
These cookies track the choices made by the user on the site and the data related to navigation, in order to carry out statistical analysis, in anonymous and aggregate form.
c) Profiling cookies (requiring your CONSENT):
This site also uses profiling and third-party cookies. However, your prior consent is required for their installation.
Profiling cookies may include several categories, including advertising profiling, retargeting or social cookies.
Advertising profiling cookies: create a user profile that allows you to view advertising content in line with your preferences while browsing the site;
Retargeting cookies: are designed to create a user profile in order to send you personalized advertising content related to products in which you have expressed interest;
Social cookies: this site provides for the installation of cookies related to social network plug-ins. These cookies are managed directly by third parties and allow the display of advertising messages in line with your preferences.
When you access the site, through a special banner you will be informed of the presence of profiling and retargeting cookies and, through it, you can consent or not to their installation. Of course, you can revoke your consent at any time, without any prejudice to the possibility of visiting the site and enjoying its contents.
The installation of profiling, retargeting, analytical and social cookies and every other related activity is provided by third parties. For further information and to turn on or off these cookies, please visit the specific privacy notices of the third parties. You can find a list with the link to their policies at our Cookie Policy clicking on the link: Cookie Policy

The User is informed both by the brief privacy notice (displayed in a banner upon the first visit to the Web Site until permission is granted or denied) and our Cookie Policy, that we invite you to read, in order to get all the information you need about the cookies used in the website and how to disabilitate them.

Moreover, you may note that from http://www.youronlinechoices.com you can not only learn more about cookies, but also check the installation of numerous cookies on your browser and/or device and, if supported, also disable them.

3.5 VitaminPoints
In relation to the VitaminPoints, only the necessary data is processed, and no profiling activity is carried out.
The data is kept for up to twelve months after their expiry, for management purposes and to handle possible complaints.

3.6 Reviews and comments
It is optional to review and comment the products you can find on the site; only the data necessary for this purpose are processed and no profiling activity is carried out.
The forum service is provided by ‘Disquis’ platform. You can read its privacy policy at the following link: https://help.disqus.com/en/articles/1717103-disqus-privacy-policy

4. HOW ARE THE DATA PROCESSED?
1. Data will be managed lawfully and used only for the aforementioned purposes (art. 2). It will be processed using suitable means to guarantee its security and confidentiality, using the most appropriate, also automated, means (hard copy or electronic) to store, manage and transmit the data. The Controller assess the appropriate level of security in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
2. This data will be retained for the period stipulated under the relevant law and, anyway, for no longer than is necessary for the purposes for which the personal data are processed and/or until the data subject revokes the consent given for the purposes referred to in art. 2.
3. Vitamin Center S.r.l. will limit the number of subjects that will be allowed to have access to servers or databases, setting out a system to prevent cyber-attacks.

5. TO WHOM CAN THE COLLECTED DATA BE DISCLOSED?
1. The processing operations related to the web services of this Site are only handled by internal and/or external technical staff specifically delegated for processing. In particular, where necessary and only with prior consent, the data may be disclosed to third parties whose collaboration is needed for the performance of the services offered. The data collected via the web, or in any case arising from web services, may be disclosed to the technological and instrumental partners who cooperates with the Data Controller to provide the services required by users, always in compliance with the purposes set forth in article 2. To this purpose, the subjects who will have access to personal data will be specifically authorized for processing by the Data Controller and, if due, appointed as Data Processors, pursuant to Articles 28 and 29 of the GDPR.
2. The data collected for the aforementioned purposes may also be disclosed to subjects authorized under the relevant legislation.
3. A list of the subjects to whom the Data Controller discloses the personal data collected for the aforementioned purposes is available and can be consulted at the Data Controller’s office and can be requested at the addresses indicated above.
4. The data Vitamin Center s.r.l. processes are held in server located within the European Union. Some of the cookie service providers have registered offices outside European Union, especially in the U.S.A., as specifically explained in our Cookie Policy.
In these cases, the personal data are held in server located in the United States, in compliance with art. 45 and thereafter of GDPR.
Indeed, we will adopt all the necessary precautions in order to ensure a complete data protection. The data transfer will be based on: a) an adequacy decision of the European Commission about a third country designed as receiver; b) appropriate and explicit safeguards of the third subject designed as receiver pursuant to art. 46 GDPR; c) the adoption of Corporate binding rules. These requirements are always ensured by Vitamin Center’s suppliers.

6. DATA RETENTION PERIOD
Vitamin Center S.r.l. will process your personal data only for the period of time that will appear necessary to pursue the purposes set forth in section 2, in respect of the limits settled by the law.
At the end of the retention period, your personal data will be deleted or irreversibly anonymised and aggregated.
With regard to deletion deadline of the data processed through cookies, you can find all the information you might need at our Cookie Policy

7. PRIVACY POLICY’S CHANGES
1. This Privacy Policy could be modified, also as a consequence of legislative or regulatory changes, technological developments and the provision of new services or modifications to those already rendered. The user/visitor/customer is therefore invited to periodically consult the Vitamin Center Privacy policy.

8. WHICH ARE THE DATA SUBJECT’S RIGHTS?
With regard to your personal data and according to GDPR provisions, Vitamin Center S.r.l. informs you that you have the right to:
• access to your personal data;
• rectification of any incorrect personal data about you that is in our databases;
• erasure of your personal data that are retained in lack of legal requirements;
• restriction of processing;
• portability of data;
• object.
In the following chart we show you how to exercise your rights:

YOUR RIGHT

HOW TO EXERCISE IT?

Access

you can ask:
a confirmation about a processing on your personal data;
• to have a copy of your personal data;
to have further information about you personal data that you cannot find in this privacy notice.

Rectification

you can ask for the rectification of incorrect or incomplete personal data. Before rectificating the data, we will verify the accuracy of the information in our archives.

Erasure
(‘right to be forgotten’)

you can ask for the erasure of your personal data, in the following cases:
• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the data subject withdraws consent on which the processing is based.
• there are no legitimate grounds for the processing;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Vitamin Center S.r.l is subject.

Restriction of processing

you can ask for the restriction of processing, in the following cases:
• the accuracy of the personal data has already been contested;
• the personal data are no longer needed for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
After you have asked for the restriction, the data can be still used if:
• there is your consent to it;
• it appears necessary to exercise or defend from a legal claim;
• for the protection of the rights of another natural or legal person involved in the data processing.

Portability

you can ask for a copy of your personal data in a structured, commonly used and machine-readable format.

Object

You can object at any time to the processing of personal data concerning you when:
• they are based on the pursuing of a legitimate interest pursued by the controller;
• your personal data are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
When you object:
• to processing for direct marketing purposes, your personal data will no longer be processed for such purposes;
• in case of legitimate interest of the data controller, the processing may continue only if he demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
It is possible to exercise the right of object also by automated means using technical specifications, such as those you can find on your personal account and in the e-mails you may receive (link for cancellation).

You will be able to exercise your rights in the ways pointed out in the following sections or by contacting Vitamin Center’s DPO at its registered offices in Via Marino Serenari n. 6/A, Castel Maggiore (BO) (CAP 40013) or at the e-mail adress: rpd@fclex.it.
We ensure that we will answer to your requests within 30 days from the receipt.
If you think that Vitamin Center S.r.l. personal data processing is unlawful or violates GDPR, you also have the right to lodge a complaint to the competent supervisory authority. For further details see next paragraph.

9. RIGHT TO WITHDRAW CONSENT, TO OBJECT AND TO LODGE A COMPLAINT
1. Each data subject has also the right to withdraw his or her consent at any time, without prejudice to the lawfulness of the processing based on consent before its withdrawal.
2. The data subject is also always entitled to object to the processing of any data concerning him or her if it was carried out for direct marketing purposes by the Data Controller; in this case, his/her data will no longer be processed for these purposes (right of objection).
3. You have the right to lodge a complaint to a supervisory authority, if you think that Vitamin Center’s personal data processing is not compliant to GDPR or any other national law.
In Italy, the competent authority is Garante per la protezione dei dati personali, whose contact are accessible at the following page: http://www.garanteprivacy.it/
Further information and a template to lodge a complaint are here: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524
Finally, in case there are the conditions of artt. 78 e 79 GDPR, you have the right to an effective judicial remedy at the competent court.

10. DATA PROTECTION OFFICER AND CONTACT POINT
1. The Data Controller has appointed a Data Protection Officer (DPO) that Data Subjects can contact to exercise their rights and for any question and request concerning personal data processing activities. The DPO is reachable at Data Controller register office located in via Marino Serenari n. 6/A, Castel Maggiore (BO) (CAP 40013) and to the following e-mail address: rpd@fclex.it.
2. Any request regarding the processing of personal data and any communication concerning the exercise of their rights may also be addressed to the Data Controller itself by sending a communication via e-mail, to privacy@vitamincenter.it, via PEC, to vitamincenter@pec.ascom.bo.it, by mail to Vitamin Center S.r.l. unipersonale, via Marino Serenari n. 6/A, Castel Maggiore (BO) (CAP 40013).