- Home
- Privacy Policy - Europe
Privacy Policy - Europe
Privacy Policy of Dr. Schär AG/S.p.A.
As a data controller (hereinafter referred to as "Data
Controller") pursuant to GDPR 2016/679 (General Data Protection Regulation,
hereinafter referred to as "GDPR"), Dr. SCHÄR SPA considers the protection of
personal data to be one of the most important objectives of its business. Hence,
please read this privacy policy carefully before providing personal data to the
Data Controller, as it contains important information about the protection of
your personal data and the security measures applied to ensure the
confidentiality of such data in accordance with applicable legal provisions.
Moreover, this privacy policy:
- applies to this website and all of the Data Controller's websites offering Dr. Schär products and services (hereinafter the "website"); is an integral part of the website and the services we offer;
- is a privacy notice in accordance with section 13 GDPR for the users of this website;
- complies with Recommendation No 2/2001 on the minimum standards for online collection of personal data in the European Union, adopted by the "Article 29 Working Party on 17 May 2001";
- is drafted in accordance with the Data Protection Authority Guidelines of 10 June 2021, the European Data Protection Board Guidelines 5/2020 on consent, the ECJ ruling of 1 October 2019 C-673/17, the General Data Protection Authority Order on Cookies No. 229 of 8 May 2014, Working Document 02/2013 providing guidance on obtaining consent for cookies, WG 29 Opinion No. 4/2012 On Cookie Consent Exemption, Directive 2002/58/EC and all relevant orders.
***
The Data Controller informs you that your personal data will be
processed out in accordance with the principles of lawfulness, good faith,
transparency and protection of confidentiality and your rights. Hence, your
personal data will be processed in accordance with the legal provisions of the
GDPR 2016/679 and the confidentiality obligations provided for therein.
CONTENT
The
following overview of this privacy policy shall enable you to quickly grasp the
relevant information regarding the processing of your personal
data.
1. CONTACT DETAILS OF THE CONTROLLER, DATA
PROTECTION OFFICER, PROCESSOR AND RECIPIENT OF PERSONAL DATA
As
a result of accessing and using the website, data of identified or identifiable
persons may be processed.
The identification data of the Data Controller
and of the website operator are as follows:
Dr. SCHÄR SPA with
registered office at Winkelau No. 9, Postal (BZ), Italy, VAT number
IT00605750215, e-mail privacy@schaer.com.
The Data Controller has also appointed a Data
Protection Officer (DPO) at the registered office (Winkelau 9, 39014 Postal
(BZ), Italy, phone +39 0473 / 293 300), e-mail dpo@drschaer.com
Your personal data may be disclosed to the
employees or collaborators of the Data Controller who, depending on the
processing method, are part of the administrative, commercial, legal, accounting
staff or system administrators and are appointed as controllers or processors
under the supervision of the Data Controller in accordance with sections 28 and
29 of the GDPR and receive appropriate instructions in this regard. Further
information is provided in the section "Communication, dissemination and
transfer of data to third countries or international organisations".
2. TYPE OF THE PERSONAL DATA
PROCESSED
2.1 Navigation
data
The IT systems and software processes of
this website collect personal data during normal operation, which is
automatically transmitted when using Internet communication protocols. Although
such data is not collected to create personal user profiles, it may, due to
their type and through appropriate processing and matching with third party
data, allow users to be identified. This data includes the IP addresses or the
domain names of the computers used by the users of the website, the URI (Uniform
Resource Identifier) addresses of the resources requested, the time of the
request, the method used in the server request, the size of the response file,
the numerical code indicating the status of the server's response (successfully
completed, error, etc.) and other parameters relating to the user's operating
system and IT environment. These data are used to compile anonymous statistics
on the use of the website, to verify its correct functioning, to guarantee the
proper provision of services given the structure of the systems used, for
security reasons and to establish liability in the event of any computer crime
against the website or third parties. This data is usually deleted after seven
days.
2.2 Data provided voluntarily by the
user
Users may voluntarily provide personal data through the
website, such as by entering it in contact forms, requesting services or
information, optionally, explicitly and voluntarily sending e-mails to the
addresses indicated on the website, etc.
2.3 Cookies
- Definitions,
characteristics and application of the legal provisions
Cookies are
small text files that are sent and stored on your computer or mobile device when
you visit a website and are sent back to the website when you visit it again.
These cookies allow the website to remember the user's behaviour and preferences
(such as login details, language selected, font size, other display settings,
etc.) so that they do not have to be re-entered when the website is visited
again or when navigating from one page to another. Hence, cookies are used for
computer authentication, session monitoring and information storage about user
behaviour on a website and may also contain a unique identification number that
tracks the user's navigation behaviour on the website for statistical or
advertising purposes. During navigation on a website, cookies from other sites
or web servers may also be placed on the user's computer or mobile device
(so-called "third-party cookies"). Some operations may not be performed properly
without the use of cookies, as some cookies are technically necessary for the
functioning of the website.
There are different
types of cookies with different features and functions that are stored for
different periods of time on the user's computer or mobile device. These include
the so-called session cookies, which are automatically deleted when the browser
is closed, and the so-called persistent cookies, which are stored on the user's
device for a certain period.
According to Italian legal provisions, the use of cookies does not
always require the express consent of the user. In particular, this is the case
for "technical cookies". These are cookies that are used to transmit a message
via an electronic communication network or those that are strictly necessary for
a process requested by the user. Hence, these are essential cookies for the
functioning of the website or necessary to carry out the processes requested by
the user.
According to the Italian Data Protection Agency, technical cookies, whose
use does not require express consent, also include the following
cookies:
- Analysis or statistics cookies, if they are used directly by the operator of the website to collect information in aggregated form about the number of users and their user behaviour on the website;
- Navigation or session cookies (for authentication);
- Functional cookies that allow the user to navigate based on a set of selection criteria (for example, language, products selected for purchase), in order to improve the service offered.
However, the prior consent of the user is required for profiling cookies,
which aim to create user profiles and serve to send advertising messages
according to the preferences expressed by the user in the context of his
navigation behaviour.
- Types of cookies on the website and
activation/deactivation option
The website uses the following types of cookies, and the user can
enable/disable them. For third-party cookies, the user should
activate/deactivate the following cookies directly via the links provided:
- Technical cookies/navigation cookies/session cookies that are necessary for the functioning of the website or that allow the user to use the respective content and services.
- Technical cookies/analytical cookies that indicate how the website is used by users. These cookies do not collect user data or personal data. The information is processed in aggregated form and anonymously.
- Technical cookies/functional cookies used to activate specific functions of the website and selected criteria (e.g. language, products selected for purchase) in order to improve the service offered.
- Third-party cookies, i.e. cookies from websites or web servers other than those of the Data Controller that are used for specific third-party purposes, including profiling cookies. The third-party providers listed below with links to their respective privacy policies are responsible for the processing of the data they collect via the cookies they use. Hence, user shall refer to their privacy policies, declarations and consent forms (activation and deactivation of the respective cookies):
For more information on the cookies installed by the website, please see the
section " Cookie policy".
Dr. SCHÄR SPA has notified the Italian data
protection authority of the profiling processes carried out on the website.
- Displaying and changing cookies via the
browser
The user can choose which cookies to accept by following
the procedure described below and which to disable, delete or block (in whole or
in part) by using the corresponding functions of the browser. Disabling all or
some cookies may mean that the website can no longer be accessed or that some
services or certain functions of the website are no longer available or no
longer function properly and/or that the user has to change or manually enter
some information or preferences upon each access to the website. For more
information on cookies settings via the browser, please refer to the relevant
instructions:
With reference to Google Analytics cookies, a special
browser add-on for deactivation can be installed on the following website:
https://tools.google.com/dlpage/gaoptout.
2.4 Data of minors
For the
processing of data of minors, the corresponding consent of the parents/legal
guardians is obtained in advance.
3. BANNER ON FIRST ACCESS
If
cookies other than technical cookies are used, a visible banner shall be
provided when the user first accesses the website (so-called cookie notice),
which shall essentially indicate the modalities of the website's management of
cookies, including a reference to the detailed privacy policy.
Dr. SCHÄR
SPA has set up the aforementioned banner and has also provided for a specific
cookie that saves the user's settings regarding the installation of cookies for
a period of 365 days. Hence, the cookie is only displayed to the user once. If
the user wishes to change this setting at a later date, the user can do so
following the instructions in the section "Displaying and changing cookies
via the browser".
4. PURPOSES OF DATA PROCESSING AND OPTIONAL OR
MANDATORY DATA TRANSFER
The data obtained through the website will
be processed by the Data Controller for the following purpose:
a) Request for information, contact details and support
Providing your data for the above purpose (a) is optional. However, if not
provided, the requested services may not be performed.
Pursuant to section 6
(1) (b) GDPR, we do not obtain your consent to the processing of your personal
data for the aforementioned purpose, as such is indispensable for the fulfilment
of obligations arising from a contractual relationship with the data subject or
for the fulfilment of specific requirements of the data subject prior to the
conclusion of the contract.
b) Research purpose/statistical
analyses of aggregated or anonymous data, without possible identification of the
user, to record the effectiveness of any web marketing campaigns, to survey
traffic and to evaluate user-friendliness and interest.
The GDPR
2016/679 does not apply to the processing of aggregated and anonymous data.
c) Fulfilment of obligations arising from laws, regulations or
EU rules.
The provision of your data for the above purpose (c) is
mandatory. Failure to provide it will prevent the Data Controller from
fulfilling its obligations under laws, regulations or EU rules.
Please
note that pursuant to section 6 (1) c) GDPR your consent to the processing of
your personal data for this purpose is not required.
d) Club
membership to participate in the loyalty programme
The provision of
the requested data is necessary to create a user account and join the loyalty
programme, which allows the accumulation of points based on certain activities
(e.g. purchase of products, interaction with social media, etc.). Such points
may be used to redeem benefits in accordance with the technical documentation of
the promotion. The legal basis for the processing derives from section 6(1)(b)
of the GDPR and is the performance of a contract to which the data subject is
party or the performance of pre-contractual measures implemented at the request
of the data subject. The data processed in connection with your registration
will be stored until you request deletion and deregistration, subject to any
further deletion for tax compliance and the like.
e)
Purchases
The provision of the required data is necessary to make
purchases in the online shop. The legal basis for the processing is derived from
section 6(1)(b) of the GDPR and is the performance of a contract to which the
data subject is party or the performance of pre-contractual measures implemented
at the request of the data subject. The data processed in connection with your
request will be stored for the time required by civil, accounting and tax law,
i.e. for 10 years.
f) Advertising purposes.
Should
you give your consent to receive information about promotional activities,
including market research, from the Data Controller, please note that these
activities may be carried out by post, by telephone via a provider ("traditional
modalities"), by email, SMS, push notifications and via social media ("automated
modalities"), in accordance with the applicable legislation. Please also note
that you may withdraw the consent previously given for traditional or automated
modalities at any time by informally notifying the Data Controller in writing to
privacy@schaer.com or, for the
newsletter only, by unsubscribing via the link at the end of each newsletter.
The provision of your data for the above purpose (d) is optional and
requires your prior consent. If not provided, you may use the requested service,
but the Data Controller may not send you any promotional material. You may
withdraw your consent at any time for all or any of these modalities.
g) Participation in contests, events, surveys and other proposed
activities
The provision of your data for the purposes listed above
is optional, but failure to provide data may make it impossible to provide the
requested services. Pursuant to Art. 6 paragraph 1 lett. b) of the GDPR, we do
not ask for your consent to the processing of your personal data for the
aforementioned purposes, as your data are necessary to fulfill requirements
deriving from a contract to which the Data Subject is a party, and/or to meet
specific requests from the Data Subject before a contract is signed.
h) Abandoned cart reminders
This processing
consists of a reminder to the user that previously selected items are left in
the shopping cart and will be deleted if the purchase is not completed. The
legal basis for the processing is indicated in section 6(1)(f) of the GDPR: The
legitimate interest of the Data Controller is to invite the buyer to complete
the purchase process already started.
i) Profiling purposes
(e.g. creating user profiles based on preferences, habits and consumption
patterns using electronic tools).
Profiling can be carried out by
using cookies or other online profiling technologies such as trackers (see
section 2.3) and/or by intersecting the personal data collected in the context
of the user's provision and use of multiple functionalities.
The
provision of your data for the above purpose is optional and requires your
express prior consent. In the absence of such consent, you may use the requested
service, but the Data Controller may not carry out profiling or send you
communications according to your preferences. We also inform you that you may
withdraw your consent to profiling by cross-referencing information or any other
profiling technology used by the Data Controller at any time by informally
informing the Data Controller by email to privacy@schaer.com communicate.
j) Evaluation requests
In order to evaluate the
service, the Data Controller uses the contact details of the buyer to obtain an
evaluation and to consider possible improvement measures. This operation is
considered similar to a contract (the legal basis for the processing is
indicated in section 6(1)(b) GDPR). Subject to prior and voluntary consent, the
evaluation may be published on the website and visible to other users.
6. DISCLOSURE, DISSEMINATION AND TRANSFER OF
DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
Your personal
data may be disclosed to third parties external to the company whose activities
are necessary and appropriate for the provision of the services.
Your
personal data may be disclosed to the following third parties:
- persons, companies or professional firms providing auxiliary and advisory services to the Data Controller and appointed as data protection officers;
- legal entities, bodies or public authorities to whom your personal data must be disclosed by virtue of legal provisions or orders issued by the competent authorities;
- persons authorised and/or appointed by the Data Controller to carry out activities closely related to the pursuit of the above purposes (including technical maintenance of systems, software providers for sending newsletters, transport companies and firms, agencies), who are appointed as data processors;
- Payment system providers (Adyen and PayPal) as data controllers on their own behalf;
- Schär Group companies, which will be involved in various initiatives depending on the destination. The Data Controller shall not carry out any processing that entails the dissemination of the data without your prior express consent.
5. PROCESSING METHOD, SECURITY AND PLACE OF
DATA PROCESSING. AUTOMATED DECISION MAKING AND DATA STORAGE PERIOD.
Your personal data will be processed by the Data Controller - or by third
parties carefully selected on the basis of their reliability and competence and
duly appointed as data protection officers - only for the aforementioned
purposes, mainly by automated means, although also in paper form, for the time
strictly necessary to achieve the aforementioned purposes. The processing of
your personal data will not be carried out through automated decision-making.
In accordance with the provisions of section 32 of the GDPR, specific
security measures are applied to prevent the loss of data, unlawful use or use
not in good faith and unauthorised access to your data.
Data processing
in connection with the web services of this website is mainly carried out at the
registered office of the Data Controller. The data centres of the Data
Controller are located within the European Union.
Your personal data
collected via forms on our website will be stored:
- for the time necessary to respond to your enquiries via contact forms or other enquiry modalities;
- 10 years in the event of purchases via the online shop;
- until the user deletes the user account or after a request by the Data Controller in case of non-use;
- until the newsletter is cancelled or after 2 years for other marketing purposes; for a longer period of time if there are any subsequent legal provisions providing for a longer storage period.
The data collected by means of cookies is stored for as
long as specified in the respective cookie.
7. YOUR RIGHTS
You are entitled at
any time to request access to your data, its rectification, completion, erasure
or the restriction of its processing and to object to its processing on
legitimate grounds, as well as to request the transfer of the same to another
controller. We will respond to you in writing within 30 days. You may at any
time withdraw the consents given on this website by contacting one of the
addresses listed in the section "Contact details of the Data Controller and
DPO". You are also free to lodge a complaint with the Italian supervisory
authority if you consider that your data has been processed unlawfully.
Please send your request by e-mail to the following address: privacy@schaer.com.
8. AMENDMENTS
The Data Controller
may amend or update this website's Privacy Policy in whole or in part, including
as a result of changes to the relevant legislation and regulations protecting
your rights. These changes and updates to the privacy policy will be displayed
to users on the home page and will be considered binding upon publication on the
website. Hence, please visit this section regularly in order to always be
informed of the current and updated version of this privacy policy, so that you
are always aware of what information we collect and how we use it.
9. CONTACT DETAILS
For information
on data processing by the Data Controller, please contact the Company as Data
Controller by letter, fax or e-mail at privacy@schaer.com.
WARNING
in accordance with the
directive of the Italian data protection authority of 23 January 2012. As the
operator of the website, Dr. Schär SPA shall inform the user that:
- the user shall carefully check whether it is advisable to enter his personal data (including e-mail address) when calling up the website, which may - even indirectly - reveal the identity;
- the user shall check whether it is appropriate to publish photos and videos from which persons and locations can be identified or made identifiable;
- the user shall pay particular attention to the entry of data which may reveal, even indirectly, the identity of third parties, such as other persons who may be linked to the author of the posting by the same illness, experience or medical history;
- the postings in this forum/community are indexed and accessible to general search engines (Google, Yahoo, etc.). Please note that the data entered in this forum/community can only be viewed by other users registered on this website.