WEBSITE PRIVACY POLICY pursuant to art. 13 of EU Regulation 679/2016

Dear User, In compliance with the provisions of art. 13 of the General Data Protection Regulation 2016/679 ("GDPR") and the Italian regulations in this regard, in its capacity as Data Controller ("Data Controller"), Società Cosmetici SpA provides you with certain necessary information on the personal data and the special categories of personal data that it may process following your sending an e-mail containing questions or requests for information to Società Cosmetici's e-mail address.

Data Controller

The Data Controller is Società Cosmetici S.p.A., VAT number 08935000011, represented by its pro tempore legal representative, Chairman of the Board of Directors, Mr. Ermanno Langè, with registered office at Via San Francesco d'Assisi, 14, 10122, Torino (TO).

Nature of the data to be processed

The Data Controller may process certain categories of your personal data that you provide while browsing the Site www.biomed.it or on sending e-mails optionally, expressly and voluntarily to the Data Controller's e-mail address. Specifically:
a) The e-mail address you use to contact the Data Controller;
b) Identification data (name, surname, nickname);
c) All the personal data included in the communication you send.
d) Browsing data (e.g. IP address, computer domain names) the transmission of which is implicit in the use of Internet communication protocols.
The Data Controller does not process special categories of personal data.

Purpose and legal basis of processing

Your data as specified under Art. 2 lett. a), b) and c) above are processed by the Data Controller exclusively to contact you in response to the e-mail you send. The legal basis for processing the personal data that you provide is Art. 6, par. 1 lett. b) - processing is necessary for the performance of a contract to which you are a party –, lett. c) - processing is necessary to fulfil a legal obligation to which the Data Controller is subject - and lett. f) – legitimate interest of the Data Controller - of Regulation 2016/679. The provision of data is optional. However, if you fail to provide the data, it will not be possible to respond to the questions posed and requests for information made.

The browsing data as specified in Art. 2 lett. d) above are used for:
• Extracting anonymous statistical information on the use of the site, which are cancelled immediately after processing;
• Managing supervision requirements of the methods of use of the Site;
• Checking liability in the event of hypothetical computer crimes.
The legal basis for this processing is the need to render the Site functions usable following access of the User and the legitimate interest of the Data Controller.

Methods of data processing

The data you provide will be processed by the Data Controller and the parties authorised thereby for processing, principally with electronic and manual systems according to the principles of fairness, honesty and transparency provided for under the applicable regulations regarding personal data protection and protecting the confidentiality of the data subject to whom the data refer by means of technical and organisational security measures to guarantee an adequate level of security.

Data storage

The Data you provide are gathered using digital and/or analogue methods, with or without the aid of electronic or, in any case, automated tools, also suitable for storing, managing or transmitting the data themselves, but nevertheless suitable to ensure the security of the data, and will be kept in the Data Controller's digital and analogue files. The Data Controller adopts the precautions and physical, organisational and computer security measures to avoid the misuse and disclosure of third-party data. In any case, the data will be processed by the Data Controller in compliance with the security measures provided for by law - with particular reference to art. 32 of the Regulation - and, in general, to the legal provisions in force. The personal data that are processed are generally kept for 10 years in compliance with statutory and tax obligations (limitation period). At the end of that period the data will be eliminated or converted into anonymous form.

Communication, disclosure and transfer of data

Without prejudice to the communications made in compliance with legal and contractual obligations, the data may be communicated to:
a) Employees and associates of the Data Controller appointed and authorised for the purpose;
b) External data processing managers appointed for the purpose;
c) Third parties, independent data controllers, for the provision of certain services necessary for the Data Controller that involve personal data processing (e.g. tax consultants, legal advisers, employment consultants and credit institutions);
d) Where necessary, public bodies and authorities;
e) Parties entitled by law to receive such information;
f) Italian and foreign legal authorities and other public authorities (for purposes linked to the fulfilment of legal obligations or for the performance of obligations assumed and arising from the contractual relationship, including for representation in legal proceedings).
The full list of independent third-party data controllers and Data Managers is available on request at the Data Controller's headquarters. The personal data will not be subject to distribution. The data are not transferred outside the European Union.

Data subject rights

In relation to the data described until this point, you will be able to exercise the rights provided for under the Regulation (articles 15-21), at any time, by sending a certified e-mail (PEC) to e-mail address soco@pecimprese.itor by writing by registered letter with return receipt to the address of the registered office as indicated above. These rights include the right to:

  1. Receive confirmation of the existence of your personal data and access their contents (rights of access);
  2. Update, amend and/or correct your personal data (right to rectification);
  3. Request the deletion or restriction of processing of data processed in breach of the law, including data for which storage is not necessary for the purposes of which the data were collected or otherwise processed (right to erasure and right to restrict processing);
  4. Object to processing (right to object to processing);
  5. Withdraw consent, where given, without prejudice to the lawfulness of processing based on consent given prior to withdrawal;
  6. File claims with the Data Protection Authority in the event of breach of the regulations regarding personal data protection;
  7. Receive a copy in electronic format of the data that regard you, given within the context of the contract, and request that those data be transmitted to another data controller (right to data portability);

Social Network Plugin

This Site includes plugins for the social networks, designed to allow easy sharing of the content on your social networks, programmed not to set any cookies on accessing the page. Cookies may be set, if provided for by the social networks, only if the you actually and voluntarily use the plugin. Please bear in mind that if you access the Site while you are logged on to a social network, you will have already consented to the use of cookies transmitted through this Site when you register on the social network. The gathering and use of the information obtained through the plugin are governed by the respective privacy notices of the social networks. Please refer to those notices for further information:
• Facebook: https://www.facebook.com/help/cookies
• Instagram: https://help.instagram.com/1896641480634370
• Twitter: https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter