Privacy Policy
PERSONAL DATA PROCESSING POLICY AND CONSENT FORM
(Articles 13 and 14 of Regulation (EU) 2016/679)
Dear Sir/Madam,
We hereby inform you that Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter Reg. (EU) 2016/679), entered into force on 25 May 2016 and became operational as of 25 May 2018.
It is for this reason that WHITESSENCE (ETHIMO) provides you with this policy pursuant to Articles 13 and 14 of the aforementioned Regulation and informs you that the processing of your personal data will be based on principles of correctness, lawfulness and transparency, protecting your privacy and your rights.
1. Data Controller
The Data Controller is WHITESSENCE with registered office in Via Brisa 16 - 20123 Milan (MI)
Contact details:
- e-mail [email protected]
- tel. +39 0761 300 400
2. Nature of personal data
The personal data that will be processed by the Company, following the request for provision of the service, concern not only biographical data, contact data and accounting data pertaining to you, but also those that Article 9 of Reg. (EU) 2016/679 calls “special categories of personal data” (which include data that may reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation).
3. Purposes of the processing
Your personal data will be processed by our organisation for the following purposes:
- sales activities;
- marketing activities;
- logistics activities relating to order delivery;
- closely-related administrative/accounting management, linked to the activity carried out by the Company;
- sending information material relating to initiatives concerning the services offered by the Company, only with your specific consent.
4. How data processing takes place
Your data are processed in the manner prescribed by law and in compliance with professional and official secrecy. The data are kept in such a way as to ensure their confidentiality and prevent them being destroyed or used by unauthorised third parties and in full compliance with the security measures provided for by current legislation.
The data are organised into “databases” whose processing is carried out using paper, IT and online supports and via video surveillance devices, by authorised personnel only.
The processing of your personal data for Purposes of Legitimate Interest is carried out pursuant to Section 24(2)(d) of the Italian Privacy Code and for the pursuit of the legitimate interest of Whitessence and its counterparties in carrying out the economic transactions indicated therein pursuant to Article 6(f) of European Regulation No 679/2016 on the protection of personal data (the “Privacy Regulation”), in force since 25 May 2018, adequately mitigated with your interests as the processing takes place within the limits strictly necessary for such transactions to be carried out.
5. Provision of data
It is our duty to inform you that the provision of your data is essential for carrying out all the operations necessary for the requested service.
You will be asked to express your consent to the processing of data relating to the additional purposes indicated in this policy.
6. Data retention period
The personal data provided by you and collected by the undersigned will be retained by the latter for the time strictly necessary for the purposes for which they are collected and on the basis of the criteria defined internally by WHITESSENCE SRL. The duration of these terms is indicated in an internal document which you may access upon specific request.
7. Categories of subjects to whom the data may be disclosed
The personal data collected may be disclosed to the following categories of subjects who carry out activities connected and instrumental to the provision of the healthcare services provided:
- debt collection companies;
- debt transfer companies;
- logistics operators;
- financial companies.
Furthermore, subjects within and/or external to the organisation (employees and consultants) may access your personal data as authorised subjects and/or data processors for the purpose of fulfilling the duties and tasks assigned to them according to the purposes set out above.
You may contact the undersigned to obtain updated information on the scope of disclosure of your data at any time.
Your data are not intended for dissemination.
8. Data transfer to non-EU countries
WHITESSENCE SRL does not intend to transfer your data to third countries (non-EU countries).
9. Withdrawing consent
In any case, you have the right to withdraw your consent to the processing of your personal data at any time, in accordance with the provisions of Article 7(3) of Reg. (EU) 2016/679, without compromising the legality of the processing carried out on the basis of this consent up until the time of withdrawal.
10. Complaint to the competent authority
Should you encounter a violation of your rights in accordance with Reg. (EU) 2016/679, you have the right to lodge a complaint through the competent supervisory authority in your country of residence or the Italian data protection authority (http://www.garanteprivacy.it).
11. Data subject rights
The rights that you can exercise by addressing your request to the contact details of the Data Controller and following the procedure defined internally by filling in the appropriate form are as follows (for more detailed information, please refer to the articles of the EU Reg. indicated below):
- Right of access by the data subject (Article 15 of Reg. (EU) 2016/679)
The data subject shall have the right to obtain information from the Data Controller on certain aspects of processing and to receive a copy of the processed Data; - Right to rectification (Article 16 of Reg. (EU) 2016/679)
The data subject shall have the right to verify the correctness of his/her data and request their updating or correction. - Right to erasure [“right to be forgotten”] (Article 17 of Reg. (EU) 2016/679)
When certain conditions are met, the data subject may request the erasure of his or her data by the Data Controller; - Right to restriction of processing (Article 18 of Reg. (EU) 2016/679)
When certain conditions are met, the data subject may request the restriction of the processing of his or her data, in which case the Data Controller will not process the data for any purpose, except for their conservation; - Right to data portability (Article 20 of Reg. (EU) 2016/679)
The data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and, where technically feasible, to transmit those data to another controller without hindrance. This provision is applicable when the data are processed using automated tools and the processing is based on the consent of the data subject, on a contract to which the data subject is a party or on contractual measures related to it; - Right to object (Article 21 of Reg. (EU) 2016/679)
The data subject shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her; - Right not to be subjected to an automated decision-making process, including profiling (Article 22 of Reg. (EU) 2016/679)
The data subject shall have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
12. How to exercise rights
You may exercise your rights at any time by sending:
- a registered letter with acknowledgement of receipt to Whitessence Srl Via La Nova 6, 01030 Vitorchiano VT
- an e-mail to [email protected]
- a certified e-mail to the following address: [email protected].
13. Responsabile della protezione dei dati personali (RPD)
Il titolare del trattamento dei dati personali ha nominato il DPO (Responsabile della protezione dei dati personali) ai sensi dell’art. 37 del GDPR. Il DPO è raggiungibile scrivendo alla email [email protected]