Language
global_en English
  • Vip Card Points
  • Create an Account
Toggle Nav
My Cart
Menu
Account
Settings
Language
global_en English
Search
Advanced Search
  • Home
  • Customer Privacy Notice

Vitaminity - Customer Privacy Notice

PRIVACY INFORMATION FOR CUSTOMERS PURSUANT TO ART. 13 AND 14 OF REGULATION (EU) 201 6/679

relating to the protection of individuals with regard to the processing of personal data, as well as to the free movement of such data and that repeals Directive 95/46 / EC

WILCO S.R.L. with headquarters in RANICA (BG) VIA MANZONI 16 CAP 24020; e-mail: [email protected] in your capacity as Data Controller , Informs you that EU Regulation no. 2016/679 (so-called GDPR) regulates the protection of personal data. WILCO S.R.L. bases the processing of data on the principles of correctness, lawfulness, transparency and necessity, as required by the aforementioned regulations.

1. WHO WE ARE AND WHAT DATA WE PROCESS (art. 13 and 15 lett. B) GDPR)

WILCO SRL., in the person of the legal representative pro-tempore , collects and receives the information concerning the interested party such as, by way of example and not limited to:

CATEGORY OF DATA EXAMPLE TYPE OF DATA LEGAL BASIS
Master data Name, surname and / or company name, address, date and place of birth, nationality and citizenship, tax code of the province and municipality of residence or headquarters, landline, mobile, email address. Contract execution: art. 6, no. 1 letter b) EU Reg. 2016/679 and legal obligations under letter c)
Banking, financial data.

IBAN, bank details. Contract execution: art. 6 c. 1 letter b) EU Reg. 2016/679 and legal obligations under letter c)

WILCO SRL. as part of its ordinary activity, it does not require the data subject to provide particular data, or personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs o union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health and / or sexual life (art.9 GDPR). In the event that the service requested from WILCO S.R.L. requires the processing of such data, the interested party will receive specific information in advance and will be required to give specific consent.

2. FOR WHAT PURPOSE WE PROCESS THE DATA OF THE INTERESTED PARTY (art. 13 paragraph 1 letter c) GDPR)

The processing of the data subject's personal data takes place for:

  1. to carry out the contractual and pre-contractual activities necessary for wholesale and retail trade also through the "internet network", both directly and entrusted to third parties, of COSMETIC AND HERBALIST products, OF FOOD SUPPLEMENTS AND DIET PRODUCTS, EQUIPMENT, EVEN ELECTROMEDICAL, FOR FITNESS, BEAUTY AND COSMETICS IN GENERAL, and the consequent fulfillment of the supply of the service and / or the product requested or any other contract aimed at carrying out the company activity;
  2. normal internal needs of an operational, administrative, managerial and accounting type ; to fulfill any type of obligation under applicable laws or regulations, in particular in the field of tax and safety at work;
  3. any external professional collaborations for the fulfillment of the legal obligations ;
  4. for the protection of contractual rights and the credit positions deriving from them;
  5. The issue of points accumulation cards aimed at collecting customer points to access discount coupons and participate in promotional initiatives;
  6. Marketing, advertising and commercial offers by sending newsletters ;
  7. Carry out market research and purchase preferences readings to improve the commercial offer and carry out personalized promotions of products and / or services.

The legal basis of this treatment is the fulfillment of the services requested by the customer (art.6 n.1 lett. b) EU Reg. 2016/679 as regards the purpose referred to in point 1), as well as respect of legal obligations (art.6 n.1 lett. c) EU Reg. 2016/679 as regards the purpose referred to in points 2 and 3). The legal basis for the protection of contractual rights (point 4) can be identified in the legitimate interest while points n. 5, 6, 7 and 8 require specific and express consent, freely given on the appropriate form and revocable free of charge at any time.

3. HOW WE PROCESS THE DATA OF THE INTERESTED PARTY (art. 32 GDPR)

The processing of data may consist, in addition to their collection, in their registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction, according to what provided by art. 4 no. 2) of the GDPR. It can be carried out both with the use of paper support and with the aid of electronic, IT and telematic tools, in a manner and with suitable tools to guarantee the security and confidentiality of the data. In particular, all technical and organizational measures appropriate to data protection will be adopted in order to meet the legal requirements and to protect the rights of the interested parties.

The treatment will be carried out in an automated and / or manual form, with methods and tools, in compliance with the security measures referred to in art. 32 of the GDPR 2016/679, by specifically appointed subjects, in compliance with the provisions of art. 29 GDPR 2016/679.

We would like to point out that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR, the retention period of your personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed and in compliance with the times prescribed by law.

In particular, the data will be retained for the duration necessary for the fulfillment of the stipulated contract and will be kept in principle for a period between 5 and 10 years following the end of the contractual mandate according to the following scheme:

CATEGORY DURATION REGULATORY REFERENCES
Contract management and administrative / accounting and legal obligations 5-10 years art. 2946 and 2948 of the Italian Civil Code which provides for a 5-year prescription for periodic payments; art. 2220 of the Italian Civil Code which provides for the keeping of accounting records for 10 years; art. 22 of the Presidential Decree September 29, 1973, no.600.
Management of preliminary activities (offers and quotes etc ...) 1 year in case the deal is not concluded
Points accumulation card Until revoked or deactivation request
Marketing, advertising, newsletters, market research in compliance with the terms prescribed by law for the type of activity and in any case until the withdrawal of consent or until the exercise of the right of opposition Provv. Gen. Of the Privacy Guarantor of 15/05/13; art. 21 EU Reg. 2016/679.

4. WHO WILL THE DATA INTERESTED BE DISCLOSED? (art. 13 paragraph 1 GDPR)

The collected data will never be disclosed and will not be disclosed without your explicit consent, except for the communications necessary for the purpose of carrying out the purposes referred to in points 1, 2, 3 and 4 and the legal obligations.

The data of the interested party may be made accessible for the purposes referred to in points 1, 2, 3 and 4

  • to employees and collaborators of the Owners in Italy, in their capacity as agents and / or system administrators;
  • to third-party companies or other subjects (for example, professional firms, consultants, insurance companies for the provision of insurance services, banking institutions and companies specialized in the management of payments, public authorities or administrations for legal obligations etc.) who carry out outsourcing activities on behalf of the owners, marketing and hosting companies in their capacity as external data processors. This only for purposes related to the stipulation and fulfillment of the contract or to comply with legal obligations imposed on the Owner or on companies and third parties. A list of the persons appointed as external managers is present at the company headquarters.

For all the purposes indicated in this statement, the data will not be disclosed abroad.

5. WHAT ARE THE INTERESTED RIGHTS? (articles 15 and ss. GDPR)

At any time, the interested party may exercise, pursuant to articles 15-22 of the GDPR 2016/679, the right to:

  1. ask for confirmation of the existence or not of your personal data and their communication in an intelligible form;
  2. get the indication :
  3. a) the origin of the personal data;
  4. b) the purposes and methods of the processing;
  5. c) the logic applied in case of treatment carried out with the aid of electronic instruments;
  6. d) of the identification details of the owner, of the managers and of the representative appointed pursuant to art. 3, paragraph 1, GDPR;
  7. e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;

III) obtain:

  1. a) the update , the correction or, when interested, the integration of the data or the limitation of the treatment that concern them;
  2. b) the cancellation , the transformation into anonymous form or the blocking of data processed in violation of the law, including those which need not be kept for the purposes for which the data are been collected or subsequently processed (so-called right to be forgotten);
  3. c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
  4. d) the so-called portability of the data, i.e. the return of the data provided in a commonly used format with the right to request transmission to a different owner;
  5. e) the revocation , at any time, of the consent to the processing of personal data where possibly provided. It should be noted that the withdrawal of consent does not affect the lawfulness of the treatment based on the consent given before the revocation;
  6. IV) to oppose , in whole or in part for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection.

For further clarifications regarding this information or on the subject of privacy, or to exercise your rights, the interested party can send a written request sent to the Data Controller at the e-mail address: [email protected] .

It is also your right, if you find a violation, to lodge a complaint with the supervisory authority (Privacy Guarantor). In the event that you exercise any of the aforementioned rights, it will be our responsibility to verify that you are entitled to exercise it and we will reply to you within one month.

For any complaints or reports on how we process your data, we will make every effort to respond to your concerns. However, if you wish, you can forward your complaints or reports to the authority responsible for data protection, using the relevant contact details: Guarantor for the protection of personal data - Piazza di Monte Citorio n. 121 - 00186 ROME - Fax: (+39) 06.69677.3785 - Telephone: (+39) 06.696771 - E-mail: [email protected] - Certified mail: [email protected]

POLICY FOR THE CASE OF DATA BREACH

  1. In the context of the GDPR, the "violation of personal data" (cf data breach) occurs in cases where (a) accidentally or illegally (following a violation of the Company's security system), (b ) access and / or destruction and / or loss and / or modification and / or unauthorized disclosure occurs, (c) personal data stored or transmitted on electronic networks by the Company.

In cases of violation of personal data, the GDPR requires that the data controller notify the violation to the competent supervisory authority (for Italy, the Guarantor for the protection of personal data ) within 72 hours from the time you learned about it , unless the violation of personal data is unlikely to present a risk to the rights and freedoms of individuals.

When the violation of personal data is likely to present a high risk for the rights and freedoms of natural persons, the data controller also communicates the violation to the interested party unless (a) the data controller has implemented adequate technical and organizational protection measures (e.g. encryption); (b) the owner has taken measures to avoid the occurrence of a high risk for the rights and freedoms of the data subjects; or (c) such communication would require disproportionate efforts. In this case, a public communication or similar measure is carried out, through which the interested parties are informed with similar efficacy.

  1. Wilco srl with headquarters in Ranica cap. 24020 (Bg) via Manzoni n. 16 (hereinafter the Company ) has decided to entrust the management of this policy to the Legal Representative pt. All communications relating to this procedure - outgoing and incoming, internal and external - must take place at the address of the company indicated above or at the email address [email protected] or [email protected] .