DERMAVET.ONLINE PRIVACY POLICY
SUMMARY INFORMATION PURSUANT TO D. Lgs. 30/06/03 n. 196 (Code for the protection of personal data
Dear Customer, in compliance with art. 13 D. Lgs. 196/2003 (hereinafter Privacy Code), we inform you that Dermavet.Online Srl (hereinafter identified as “Dermavet.Online”), owner of the website
www.dermavet.online (hereinafter “Site”), in relation to the purpose of the processing of personal data explained below, processes some of your personal data. The processing is carried out in compliance with the following conditions. In this Policy, the term “Visitor” refers to all those who browse the pages of the Site without having registered with the Site. In this Policy, the term ‘Customer’ refers to all natural and legal persons who have registered with the Site.
1. Data controller
The Data Controller (hereinafter “Controller”) is Dermavet.Online Srl. You may contact the Data Controller by e-mail info@dermavet.online, or via the “Contact Us” page of the Site.
2. Personal data processed by the Controller and purpose of processing
2.1 Personal Data
The Visitor by registering to the Site, in addition to acquiring the status of Customer, Personal Data shall provide the Controller with the following Personal Data.
Site access data E-mail address (which shall also be the Customer’s username to access the Site)
Invoicing data First name and
surnameCompany name
(if applicable, only if the customer is a legal entity)
Tax code or VAT number
Univocal Code SDIResidence
: Address – Locality – Province – Postcode – Country
Purposes: the data listed above are processed to identify the Customer, for the conclusion of the sales contract, for the pursuit of regulatory and tax obligations, for the processing of orders placed by the Customer and for the sending of promotional mailings. Storage time: subject to the provisions of section 8 concerning the Right to Obscure, the data listed above shall be stored in an electronic form that enables the Customer to be identified for as long as the subscription remains active. Thereafter, this data may be stored in an anonymous form for statistical purposes; the aforementioned data, which is recorded on invoices or other accounting documents, will be retained in accordance with the timeframe stipulated by tax regulations.
2.2 Personal data deriving from Site navigation
In order to make possible the display, consultation and navigation of the Site’s web pages, the computer systems and software procedures used to operate the Site acquire certain data of the Visitor and/or Customer whose transmission is implicit in the use of Internet Communication protocols.
This category of data includes the IP addresses or domain names of the computers used by the users who connect to this Site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. The
aforesaid data are processed in compliance with the provisions of Article 123 of the Privacy Code, therefore, when they are no longer necessary for the transmission of the electronic communication, they are deleted or made anonymous according to the timescales set out below, in order to allow the processing of statistical information on the use of the Site and to check its correct functioning. In relation to the above, we specify below the purposes and storage time of the processed data:
IP address of the Customer’s computer – by IP address we mean a string of numbers that can identify, even if only indirectly, a computer connected to the Internet; Purpose: the data listed above are processed for statistical processing on the use of the Site and to trace any illegal activities to the detriment of the Site; Storage time: each IP code registration is stored in an electronic form for a maximum of 12 months from the time of registration; subsequently, such data may be stored anonymously for statistical purposes.
Session and navigation cookies – a “cookie” is a text file present either in the temporary memory of the individual user’s computer (“session cookie”), or in a hard disk (“permanent cookie”) received through the web page of a server Purpose: the data listed above are processed to facilitate navigation on the Site and for statistical processing on the use of the Site; Storage and duration time cookies are not stored at the Controller, but are sent from the Site to the Customer’s computer (in the main browsers there is the possibility of disabling the receipt of cookies) – session cookies have a duration of 1 hour or less; no permanent cookies are generated
Server log – i.e. the recording of the pages visited by the Customer, the Customer’s IP address, the date and time of the visit and other information on navigation such as the pages visited. Purposes: the data listed above are processed for statistical processing on the use of the Site and to verify the correct functioning of the Site. Storage time: subject to the provisions of point 9 regarding the Right to Obscuration, the above data is stored in an electronic form for a maximum of 12 months from the time of registration; thereafter, this data may be stored in an anonymous form for statistical purposes.
2.3 Personal data and promotional purposes
The customer’s Personal Data, specifically first name, last name and e-mail address, subject to the customer’s consent, may be used for Commercial Communications by Dermavet.Online or third parties.
If the customer gives specific consent, the customer may receive Personal Communications sent by Dermavet.Online for commercial promotion of its services on his or her e-mail address.
If the customer gives specific consent, the customer may receive on his/her e-mail address Personal Communications sent by third parties for advertising or commercial promotion purposes
3. Modalities of data processing
Personal Data (see point 2.1) are collected by Dermavet.Online during the first registration to the Site by the Customer or, subsequently, when the Customer modifies such data. Personal Data resulting from navigation on the Site (see point 2.2) are collected by Dermavet.Online during the Customer’s navigation on the Site. Personal
Data are collected and processed by electronic and, in any case, automated means. Personal Data will be stored on servers where the software underlying the operation of the Site is resident; the servers are located at Dermavet.Online or at an external entity which will be appointed as Data Processor.
The logic of data processing is as follows:
qualitative logic – consists mainly in the identification of the Customer and his requests for the use of one or more services and in processing the data collected for the processing of the order and for the fulfilment of tax purposes, according to the regulations in force; quantitative logic – registration of the accesses to the Site and to the pages of the Site by the Customer; aggregative logic – conformation of tables, graphs, reports or similar, both with regard to the above points 1 and 2, but anonymously. Personal Data (see point 2.1 above) may also be stored in paper form for civil and tax purposes, for the time required by regulations concerning invoicing and shipping documents.
Personal Data shall be processed lawfully and fairly, exclusively for the purposes specifically set out in point 2 of this Policy.
The Personal Data shall be correct and accurate in terms of its imputation and updating by the Customer; the Controller shall ensure that the Personal Data is complete, relevant and not excessive in relation to the purposes for which it is collected or subsequently processed.
The Personal Data, however stored, are protected against theft or alteration by means of appropriate security, management and storage systems.
4. Nature of data provision and consequences in the event of non-provision of data
Notwithstanding the provisions of point 8 on the Right to Obscure of this Information Notice and the right not to consent to the processing of personal data for the purpose of sending promotional Personal Data, the provision of Personal Data by the Customer, for the purposes set out in detail in point 2 of this document, is optional, as explained below.
The provision of Personal Data (see point 2.1) by the Customer is optional; in order to avoid the provision of such data, the Visitor shall not register to the Site. Failure to provide Personal Data shall result in the impossibility to register on the Site, to identify the Customer, to conclude the sale and purchase contract, to pursue the regulatory and tax obligations consequent to the sale and purchase contract, to process orders placed by the Customer and to send promotional Personal Data.
The provision by the Customer of Personal Data deriving from navigation on the Site (see point 2.2) – IP address and server log – is optional; in order to avoid the provision of such data, the Customer will have to use special software available on the network, which allows to surf the Internet anonymously.
Failure to provide such data will preclude the achievement of the purposes of statistical processing on the use of the Site and tracking of any illegal activities to the detriment of the Site.
The Customer may object to the receipt of cookies – Common data resulting from navigation on the Site – by setting their Internet navigation program (browser) to prevent the receipt of such data. However, deactivating cookies will prevent full use of the Site’s functionalities, including purchase procedures.
5. Communication of data
Personal Data (see point 2.1) may be communicated, to the extent strictly necessary to achieve the purposes set out in point 2 or for the reasons set out below, to the following external parties
Webidoo SpA, of Milan (subject in charge of the management, maintenance and implementation of software and computer systems responsible for the operation of the Site) – the communication of data to Webidoo will take place only for the needs of management, maintenance and implementation of the Site;
tax consultants of Dermavet.Online – to such entities will be disclosed only the Personal Data strictly necessary to comply with tax regulations
public subjects and / or police bodies who request it in the cases provided for by law.
Personal
Data deriving from navigation on the Site may be communicated, to the extent strictly necessary to achieve the purposes referred to in paragraph 2 or for the reasons set out below, to the external entities listed below:
Webidoo
SpA of Milan (subject in charge of the maintenance and implementation of the software and computer systems responsible for the operation of the Site) – the Communication of data to Webidoo SpA
will take place only for the needs of management, maintenance and implementation of the Site;
Public subjects and/or Police Bodies who request it in the cases provided for by law.
If the customer gives his or her consent, Personal Data such as name, surname and e-mail address may be disclosed to third parties such as sponsors of the site or other companies for the purpose of sending commercial communications.
6. Category of persons who may become aware of personal data
The Personal Data processed by Dermavet.Online may be known by the following Persons, limited to the tasks performed and assignments received by appointment as Data Processor or Person in charge of processing:
Legal Representative of Dermavet.Online; Collaborators of Dermavet.Online; Subjects listed in point 5 of this Policy and natural persons working within such Subjects.
The aforesaid Natural and Legal Persons will process Personal Data only to the extent strictly necessary for the performance of the services to be requested by the Customer and will protect the confidentiality by respecting the rules in force.
7. Data dissemination
By dissemination, the Privacy Code means ‘the making known of Personal Data to unspecified persons, in whatever form, including by making them available or consulting them’, for example by publishing Personal Data on a website accessible to all or by posting them on a school notice board.
The Controller specifies that the Customer’s Personal Data will not be disclosed to third parties in the event that the Customer refuses consent for this purpose.
8. Rights of the data subject
The customer may contact Dermavet.Online to assert their rights as provided for and regulated by Articles 7-10 of the Privacy Code, the main aspects of which are listed below:
- right to obtain from the Owner confirmation of the existence or otherwise of their personal data and their provision in intelligible form;
- the right to be informed of the origin of the data, the purposes and methods of processing, the logic applied to the processing, the identification details of the data controller and the subjects to whom the data may be communicated
- the right to obtain the updating, rectification and integration of data, the cancellation, transformation into anonymous form or blocking of data processed in violation of the law – the right to oppose, for legitimate reasons, the processing of data.
Right to blackout
The Customer has the right to ask the Controller to anonymise its Personal Data, subject to the limits and timeframe set out below. The Customer’s request for deletion of his/her Personal Data shall entail the following
- deletion of the Website access account attributed to the Customer within 1 week
from the request; anonymisation of such data except as provided for in the following points, 1 week from the request;
- storage of such data with the Data Controller and/or Appointed Managers and Appointed Persons, in the form of an invoice in electronic and paper format, for the sole purpose of complying with current tax regulations – only the Personal and Sensitive Data necessary and not excessive for this purpose shall be retained
- keeping a copy of such data on back-up 15 days prior to its request for deletion from the Site – such backup copies after 15 days will be overwritten by new back-up copies where no Personal and Sensitive Data of the Customer requesting deletion will appear.
The Customer may exercise all rights set forth in this paragraph by sending an e-mail to info@dermavet.online.
SECURITY AND PRIVACY OF FINANCIAL DATA
Online payments via Paypal, credit card or prepaid card are completely risk-free. Payment information is encrypted during transmission by the SSL (Secure Socket Layer) protocol. Under no circumstances will we have knowledge of your credit card number, nor will we retain or store the data provided on our systems. The Dermavet.Online website will only receive notification of the successful outcome of the transaction. If you have any doubts or require further information on how to pay for products on our site, you can write an e-mail to info@dermavet.online.