PRIVACY & COOKIE POLICY

WWW.VITAMINCENTER.IT

This notice (hereinafter referred to as ‘the privacy policy’) is provided in compliance with the current legislation regarding the personal data protection and, in particular, with the article 13 of EU Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data and the free movement of data (“GDPR”) and it relates to the processing of personal data of the visitors to the website www.vitamincenter.it (hereinafter referred to as “the Site” or “the Website”).

This Privacy Policy aims to describe in a simple and transparent manner to the users which personal data are processed, for what purpose, by whom and how the data are processed and to inform the users about the measures undertaken to protect the data subjects’ rights and freedoms. This Privacy Policy, therefore, concerns only this Website and does not apply to other websites that may be visited by the user through hyperlinks accessed on the Website.

Index

1. Data Controller

2. Purposes and legal bases of data processing

3. Categories of data processed

3.1 Navigation data

3.2 Data supplied voluntarily by the User (messages)

3.3 Data supplied voluntarily by the User (customer service)

3.4 Data supplied voluntarily by the User (login and personal account registration)

3.5 Data supplied voluntarily by the user (anonymous purchase – without personal account)

3.6 Reviews & comments

3.7 Introduce us to your friend

3.8 VitaminPoints

3.9 Marketing purpose and softspam

3.10 Advertising and/or profiling

3.11 Newsletter

3.12.1 Cookie

3.12.2 General types of cookies used on the Web Site

4. How are the data processed?

5. To whom can the collected data be disclosed?

6. Data retention period

7. Privacy policy’s changes

8. Which are the data subject’s rights?

9. Right to withdraw consent, to object and to lodge a complaint

10. Data Protection Officer and Contact point

1. DATA CONTROLLER

1. The Controller of the processing of personal data of the users is Vitamin Center S.r.l. unipersonale, Cadriano-Granarolo dell'Emilia (BO) Via Bruno Buozzi n.54 (CAP 40057), R.E.A. BOLOGNA 424984, P.I. 02255511202, e-mail: privacy@vitamincenter.it, PEC: vitamincenter@pec.ascom.bo.it.

2. PURPOSES AND LEGAL BASES OF DATA PROCESSING

1. Your personal data will be used to:

1. let you access and visit the Site and use its features;
2. let you register and create a personal account;
3. for the execution of a requested service or to let you carry out transactions on the e-commerce platform;
4. to provide appropriate support that responds to your necessities and requests;
5. to comply with all the legal, public and governmental requirements and orders; 
6. to manage any disputes and defend the rights of Vitamin Center, both in and out of court;

2. The provision of your personal data is in some cases necessary to be able to perform the requested services. For the purposes referred to in points 1, 2, 3, 4, 5, 6 and 7 of article 3 following, the provision of your data is necessary, because they are information necessary for registration, use and the provision of the services offered by the website; therefore, if you do not intend to provide us with your personal data for these purposes, you will not be able to register on the Site and consequently you will not be able to use the services offered by Vitamin Center S.r.l.. 

Instead, exclusively through your prior consent: 

1. Your data could be used to carry out market surveys in order to improve the experience and quality of the services offered (Article 3.10);
2. You will be forwarded the newsletter and commercial communications from Vitamin Center S.r.l. through suitable means of communication (such as e-mail or direct mail, SMS or telephone calls), in relation to the products and services offered, special events or the promotion of dedicated offers (Article 3.11);
3. A profile can be created based on your preferences or your needs to send you personalized commercial communications on the products and services you have requested or that may be of interest to you (Article 3.10 - Article 3.12.c). 

Therefore, for the purposes referred to in points 10 and 11 the provision of your data is optional and failure to consent to their execution will make it impossible for Vitamin Center S.r.l. to provide you with commercial communications based on your interests. At any time, you can still revoke the consent previously given for these purposes, by contacting the Data Controller or his RPD, or, in the case of communications via email, request cancellation from the service by selecting the opt-out link at the bottom of each communication. 

 

3. The legal basis are:

• For data regarding navigation on the site (point 3.1 and point 3.12.a and 3.12.b), the legitimate interest of Vitamin Center S.r.l. the proper functioning of the website and to ensure the safety of navigation;
• For the request for information and support (points 3.2, 3.3), the provision of the service you have requested; 
• For the registration and management of the personal account (point 3.4), the provision of the services you have requested; 
• For the use of the e-commerce platform (point 3.5), the fulfillment of contractual services; 
• For the use of the Comments and Vitaminpoints functions (points 3.6, 3.8), the provision of the services you have requested; 
• For the use of the Introduce us to your friend function (point 3.7), the legitimate interest of the data controller in promoting his website to new potential customers and providing the service requested by the data subject;
• For the sending of news and promotions on products similar to those already purchased (point 3.9), the legitimate interest of the data controller in the promotion of their products with subjects who have already expressed an interest in them; 
• For marketing and profiling purposes and for the newsletter service (points 3.10, 3.11, 3.12.c), your free and informed consent is always revocable. 

Furthermore, your data can be processed by the Data Controller:

• In the case of orders from the Authority, for the fulfillment of a legal obligation of the Data controller; 
• For the protection of the rights of the data controller in the event of disputes or disputes, both judicial and extrajudicial, the legitimate interest of the data controller in the defense of his rights.

 

3. CATEGORIES OF DATA PROCESSED

Different types of personal data may be processed and treated differently, depending on the services rendered. 

3.1 Navigation data

The information systems and software procedures used to the operation of this web site acquire personal data as part of their standard functioning. Such information is not collected in order to relate it to identifiable data subjects, however, it may allow User identification after being processed and matched with data held by third parties.

This data category includes the: IP addresses or names of computer domains used by visitors who access the website; URI (Uniform Resource Identifier) addresses of the requested resources; time of request; method used to submit the request to the server; size of the file obtained in response; numerical code indicating the status of the response from the server and other details relating to the operating system and the information environment of Users. This data is used only to obtain anonymous statistical information about the website and to check its correct functioning and is deleted immediately after processing. This data may also be used to ascertain responsibility in the case of possible computer crimes against the website. Excepting this, data on web contacts is not stored for more than seven days. As for cookies, please refer to paragraph 4.4.

3.2 Data supplied voluntarily by the User (messages)

The voluntary and explicit sending of communications by e-mail emails to the contact addresses on this website (https://www.vitamincenter.it/servizioclienti/) will entail the subsequent acquisition of the sender’s data, including his e-mail address, and the consent to receive replies to his request.

The personal data provided herein are used solely for the purpose of responding to the submitted requests and are disclosed to third parties only if this is necessary for that purpose. The data will be stored for the times prescribed by law.

3.3 Data supplied voluntarily by the User (customer service)

You can contact us at the contact details indicated on the customer service page (https://www.vitamincenter.it/servizioclienti#telefonoverde) to request assistance from our operators. This means that we receive the data you have communicated to us (for example, your e-mail address) and, of course, implies that you authorize us to send you any response communications.

3.4 Data supplied voluntarily by the User (login and personal account registration)

You can fill out the form on the site to the following link https://www.vitamincenter.it/customer/account/create/?adb_context=9002, to create a personal account and then access to your personal area.

For that purpose, we collect your personal data and/or those that identify you, such as your e-mail address and password to access your personal account, including your debit/credit card details, which are processed during the registration process. 

This personal data is collected and processed for the purposes that can be activated at the user's request. Their use will also be required for accounting, administrative, declarative, financial and credit management purposes.

Moreover, your data will be processed to allow you to correctly manage and use your account, providing you with the opportunity to be informed about your purchase history, the Vitaminpoints you have accumulated and the other features and services you can use through the reserved area.

3.5 Data supplied voluntarily by the user (anonymous purchase – without personal account)

You can make a purchase through the Site even without registering or logging into the reserved area. In this case, the personal data necessary to complete the payment and shipping operations of the purchased products will be collected, as well as the identification data for the related billing and e-mail address and telephone number for updates relating to these activities.

3.6 Reviews and comments

It is optional to review and comment the products you can find on the site; only the data necessary for this purpose are processed and no profiling activity is carried out. 

The forum service is provided by ‘Disquis’ platform. You can read its privacy policy at the following link: https://help.disqus.com/en/articles/1717103-disqus-privacy-policy  

3.7 Introduce us to your friend

In order to invite a friend, you can enter the email address of a friend of yours in the specific form you will find in your personal area. This will involve our subsequent acquisition of this information and it will imply that you authorize us to send you a reply communication and that we will send to your friend the link to the registration page. This data will be processed only for the above mentioned purposes and will not be used for any further without your free and informed consent.

If, on the other hand, you have been contacted by Vitamin Center, because a friend of yours, already registered on our Site, has provided us with your e-mail address to send you a discount coupon, your data will be used for the exclusive purpose of sending you the coupon and inviting you. to register in the reserved area of the Site in order to use it. In the email sent by Vitamin Center you will be able to view the data and the message of the friend who communicated your contact to us.

3.8 VitaminPoints

In relation to the VitaminPoints, only the necessary data is processed, and no profiling activity is carried out. The data is kept for up to twelve months after their expiry, for management purposes and to handle possible complaints.

3.9 Marketing purpose and softspam

Only if your personal data (in particular, e-mail address) has been provided to us in the context of the purchase of a product, the data may also be used to send e-mail communications relating to products similar to those you have already purchased, pursuant to art. 130, paragraph 4, legislative decree 196/2003, without the need for express and prior consent (so-called “soft spam”). In any communication, however, the user is reminded that he can withdraw consent at any time and without formalities. The data is deleted at the request of the data subject.

3.10 Advertising and/or profiling

If you have given your explicit consent, through the appropriate box, Vitamin Center will process your personal data (e-mail address) to carry out profiling activities and send you personalized commercial communications based on your interests. 

Consent: The service is provided only upon explicit and unambiguous consent by the user (issued by selecting the appropriate box "I want to receive commercial, promotional and advertising information from Vitamin Center Srl" on the Site) and the provision of data it is mandatory only for the purpose of receiving commercial communications and any refusal will make it impossible to use the service, without further consequences. Purpose: The personal data provided by users (e-mail address) will be used for the sole purpose of sending commercial communications and will not be disclosed to third parties. 

Method: The data collected will be processed with IT tools, even partially automated.

Cancellation from the service: to stop receiving commercial communications, simply select the cancellation link, present at the end of each e-mail, or send a specific request to the e-mail address privacy@vitamincenter.it. The cancellation is managed in a partially automated way, so further newsletters could be received for a period following this request, in any case no later than 72 hours from the cancellation request, and the sending of which was planned before receiving the cancellation request. 

3.11 Newsletter

Vitamin Center’s newsletter is sent by e-mail to those who explicitly request it, by filling out the appropriate form on the Website and authorizing the Data Controller to process their personal data for the aforementioned purpose.

Consent: The service is provided only following explicit and unequivocal consent (released by the user selecting the appropriate box on the Website) and the provision of data is mandatory only for the purpose of receiving the newsletter. Any failure to provide consent will prevent the user to use the service, without further consequences.

Purpose: The personal data provided by users (e-mail address) will be processed only for the purpose to send the newsletter and will not be disclosed to third parties.

Modalities: The collected data will be processed with IT tools and/or automated means; 

Removal from the service: in order to stop receiving the newsletter, you can simply select the link for removal at the end of each e-mail or send a specific request to the e-mail address privacy@vitamincenter.it.  

The erasure could be managed automatically, therefore the user may receive for a period no longer than 72 hours further newsletters, whose submission had been planned before the reception of the cancellation request.

 

3.12.1 Cookie

What is a cookie? Cookies are information stored by the browser when you visit a Web Site using a PC, smartphone or tablet. Each cookie contains several pieces of data (e.g., the name of the server from which it originates, a numeric identifier, etc.). Cookies can remain in the system for the duration of a session (until the closing of the browser), or for long periods, and may contain a unique identifier.

When you will visit the website again, cookies will be reforwarded to the website that has generated them (first-party cookies) or to the ones that were provided by third parties and that are able to recognize them (third-party cookies).

In any case, Vitamin Center S.r.l. grants that the cookies used in its website are safe: they will not cause any damage to your device and they will allow you to surf faster the website.

What are they used for? Cookies are used for different purposes, depending on their type: some are strictly necessary for the correct function of the Web Site (technical cookies), whereas others optimise performance in order to provide the User with a better experience while they are visiting the Web Site. In addition, cookies allow Web Site usage statistics to be obtained, such as cookies analytics; others are for the purpose of displaying advertisements (in some cases advertisements are targeted based on cookie profiling).

Consent: Consent from the Users is stored by the Controller, for the purpose of fulfilling its responsibilities, through a technical cookie. The User is informed both by the brief privacy notice (displayed in a banner upon the first visit to the Web Site until permission is granted or denied) and by this privacy policy.

Vitamin Center’s website uses both cookies that do not require your previous consent (e.g. Technical cookies) and cookies you will have to assent to (e.g. profiling cookies). In detail, on the website might be active: 

3.12.2 General types of cookies used on the Web Site

These are cookies necessary for the functioning of the site and allow you to access its functions (so-called navigation cookies) or to authenticate yourself in the session.

Functional cookies are also used to store your preferences and settings, thus improving your browsing experience on the site. 

In order to guarantee their functionality, these cookies are generally not deleted when you close your browser; however, they have a default duration (generally up to a maximum of 2 years) and after this period they are automatically deactivated. These cookies and the data they collect will in no way be used for further purposes. 

The installation of technical cookies takes place automatically when you access the site or to activate certain functions (e.g. by selecting the "remember me" option). You can always decide to disable them at any time by changing your browser settings: in this case, however, you may have some problems viewing the site.

These cookies track the choices made by the user on the site and the data related to navigation, in order to carry out statistical analysis, in anonymous and aggregate form.

This site also uses profiling and third-party cookies. However, your prior consent is required for their installation.

Profiling cookies may include several categories, including advertising profiling, retargeting or social cookies. 

1. Advertising profiling cookies: create a user profile that allows you to view advertising content in line with your preferences while browsing the site;
2. Retargeting cookies: are designed to create a user profile in order to send you personalized advertising content related to products in which you have expressed interest;
3. Social cookies: this site provides for the installation of cookies related to social network plug-ins. These cookies are managed directly by third parties and allow the display of advertising messages in line with your preferences.

When you access the site, through a special banner you will be informed of the presence of profiling and retargeting cookies and, through it, you can consent or not to their installation. Of course, you can revoke your consent at any time, without any prejudice to the possibility of visiting the site and enjoying its contents.

The installation of profiling, retargeting, analytical and social cookies and every other related activity is provided by third parties. For further information and to turn on or off these cookies, please visit the specific privacy notices of the third parties. You can find a list with the link to their policies at our Cookie Policy

The User is informed both by the brief privacy notice (displayed in a banner upon the first visit to the Web Site until permission is granted or denied) and our Cookie Policy, that we invite you to read, in order to get all the information you need about the cookies used in the website and how to disabilitate them.

Moreover, you may note that from http://www.youronlinechoices.com/ you can not only learn more about cookies, but also check the installation of numerous cookies on your browser and/or device and, if supported, also disable them.

4. HOW ARE THE DATA PROCESSED?
1. Data will be managed lawfully and used only for the aforementioned purposes (art. 2). It will be processed using suitable means to guarantee its security and confidentiality, using the most appropriate, also automated, means (hard copy or electronic) to store, manage and transmit the data. The Controller assess the appropriate level of security in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
2. This data will be retained for the period stipulated under the relevant law and, anyway, for no longer than is necessary for the purposes for which the personal data are processed and/or until the data subject revokes the consent given for the purposes referred to in art. 2.
3. Vitamin Center S.r.l. will limit the number of subjects that will be allowed to have access to servers or databases, setting out a system to prevent cyber-attacks.

5. TO WHOM CAN THE COLLECTED DATA BE DISCLOSED?
1. The processing operations related to the web services of this Site are only handled by internal and/or external technical staff specifically delegated for processing. In particular, where necessary and only with prior consent, the data may be disclosed to third parties whose collaboration is needed for the performance of the services offered. The data collected via the web, or in any case arising from web services, may be disclosed to the technological and instrumental partners who cooperates with the Data Controller to provide the services required by users, always in compliance with the purposes set forth in article 2. To this purpose, the subjects who will have access to personal data will be specifically authorized for processing by the Data Controller and, if due, appointed as Data Processors, pursuant to Articles 28 and 29 of the GDPR.
2. The data collected for the aforementioned purposes may also be disclosed to subjects authorized under the relevant legislation.
3. A list of the subjects to whom the Data Controller discloses the personal data collected for the aforementioned purposes is available and can be consulted at the Data Controller’s office and can be requested at the addresses indicated above.
4. The data Vitamin Center s.r.l. processes are held in server located within the European Union. Some of the cookie service providers have registered offices outside European Union, especially in the U.S.A., as specifically explained in our Cookie Policy.
In these cases, the personal data are held in server located in the United States, in compliance with art. 45 and thereafter of GDPR.
Indeed, we will adopt all the necessary precautions in order to ensure a complete data protection. The data transfer will be based on: a) an adequacy decision of the European Commission about a third country designed as receiver; b) appropriate and explicit safeguards of the third subject designed as receiver pursuant to art. 46 GDPR; c) the adoption of Corporate binding rules. These requirements are always ensured by Vitamin Center’s suppliers.

6. DATA RETENTION PERIOD
Vitamin Center S.r.l. will process your personal data only for the period of time that will appear necessary to pursue the purposes set forth in section 2, in respect of the limits settled by the law.
At the end of the retention period, your personal data will be deleted or irreversibly anonymised and aggregated.
With regard to deletion deadline of the data processed through cookies, you can find all the information you might need at our Cookie Policy

7. PRIVACY POLICY’S CHANGES
1. This Privacy Policy could be modified, also as a consequence of legislative or regulatory changes, technological developments and the provision of new services or modifications to those already rendered. The user/visitor/customer is therefore invited to periodically consult the Vitamin Center Privacy policy.

8. WHICH ARE THE DATA SUBJECT’S RIGHTS?
With regard to your personal data and according to GDPR provisions, Vitamin Center S.r.l. informs you that you have the right to:
• access to your personal data;
• rectification of any incorrect personal data about you that is in our databases;
• erasure of your personal data that are retained in lack of legal requirements;
• restriction of processing;
• portability of data;
• object.
In the following chart we show you how to exercise your rights:

You will be able to exercise your rights in the ways pointed out in the following sections or by contacting Vitamin Center’s DPO at its registered offices in Via Bruno Buozzi n.54, Cadriano-Granarolo dell'Emilia (BO) (CAP 40057) or at the e-mail adress: privacy@vitamincenter.it. We ensure that we will answer to your requests within 30 days from the receipt. If you think that Vitamin Center S.r.l. personal data processing is unlawful or violates GDPR, you also have the right to lodge a complaint to the competent supervisory authority. For further details see next paragraph.

9. RIGHT TO WITHDRAW CONSENT, TO OBJECT AND TO LODGE A COMPLAINT
1. Each data subject has also the right to withdraw his or her consent at any time, without prejudice to the lawfulness of the processing based on consent before its withdrawal. 2. The data subject is also always entitled to object to the processing of any data concerning him or her if it was carried out for direct marketing purposes by the Data Controller; in this case, his/her data will no longer be processed for these purposes (right of objection). 3. You have the right to lodge a complaint to a supervisory authority, if you think that Vitamin Center’s personal data processing is not compliant to GDPR or any other national law. In Italy, the competent authority is Garante per la protezione dei dati personali, whose contact are accessible at the following page http://www.garanteprivacy.it/
Further information and a template to lodge a complaint are here: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524
Finally, in case there are the conditions of artt. 78 e 79 GDPR, you have the right to an effective judicial remedy at the competent court.

10. DATA PROTECTION OFFICER AND CONTACT POINT
1. The Data Controller has appointed a Data Protection Officer (DPO) that Data Subjects can contact to exercise their rights and for any question and request concerning personal data processing activities. The DPO is reachable at Data Controller register office located in via Bruno Buozzi n.54, Cadriano-Granarolo dell'Emilia (BO) (CAP 40057) and to the following e-mail address: privacy@vitamincenter.it. 2. Any request regarding the processing of personal data and any communication concerning the exercise of their rights may also be addressed to the Data Controller itself by sending a communication via e-mail, to privacy@vitamincenter.it, via PEC, to vitamincenter@pec.ascom.bo.it, by mail to Vitamin Center S.r.l. unipersonale, via Bruno Buozzi n.54, Cadriano-Granarolo dell'Emilia (BO) (CAP 40057).