data privacy

I. Name and address of the responsible person

The person responsible under the General Data Protection Regulation and other national data protection laws of member states, as well as other data protection regulations - if applicable - is:

natural beauty&health solutions srl

Via dei masadori 16

IT-38121 Gardolo (TN)

Tel.: +39 0461 993099

Fax: +39 0461 956343

info@natural-beauty-health.com

 

II. Name of the person responsible for data protection

The person responsible for privacy is:

Dr. Hans Joachim Tröbinger

email: info@natural-beauty-health.com

 

III. General information about data processing

  1. Scope of processing of personal data

In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which a prior consent is not possible for reasons of fact and allows therefore the processing of the data by law.

  1. Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis. When processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR serves as legal basis for processing.

For processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that the vital interests of the person affected or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the interest mentioned first, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

  1. Data deletion and storage period

The personal data of the persons affected will be deleted or blocked as soon as the purpose of the storage is omitted. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the responsible person is subject to. Blocking or deletion of the data also takes place when a storage period prescribed to the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

 

IV. Provision of the website and creation of logfiles

  1. Scope of processing of personal data

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data are collected hereby:

(1) Information about the browser type and version used

(2) The operating system of the user

(3) The Internet service provider of the user

(4) The IP address of the user

(5) Date and time of access

(6) Websites through which the system of the user comes to our website

(7) Web sites accessed by the user's system through our website. The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

  1. Legal basis for processing personal data

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

  1. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to allow the delivery of the website to the computer of the user.

To do this, the user's IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website. If the data is stored in log files, the IP addresses of the users are alienated so that the calling client can no longer be assigned. The data is used to optimize the website and to ensure the security of our information technology systems. The log files with the alienated IP addresses are also evaluated for statistical purposes. For these purposes, we see our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f GDPR.    

  1. Data deletion and storage period

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

 If the data is stored in log files,this can be done for max. seven days. A longer storage but in this case the IP addresses of the users are alienated so that it is no longer possible to assign the calling client.

  1. Option for objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

V. Usage of Cookies

  1. Scope of processing of personal data

Our website uses cookies. Cookies are text files that are stored in the Internet browser or are stored from the Internet browser of the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.  

We use cookies to make our website more user‐friendly. Some elements of our website require that the calling browser be identified even after a page break. The cookies are used to manage the sessions.

The data of the users collected in this way are pseudonymized by technical precautions.

  1. Legal basis for processing personal data

The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR.

  1. Purpose of the data processing

The purpose of using cookies for technical reasons is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.

We need cookies for the following applications:

(1) shopping carts

(2) the adoption of language settings

(3) memorization of terminologies of search

User data collected via technically necessary cookies will not be used to create user profiles.

For these purposes, our legitimate interest in the processing of personal data pursuant to Article 6, paragraph 1, let. f. of the RGPD

  1. Data deletion and storage period; option to object or for cancellation

Cookies are stored on the computer of the user and transmitted by this on our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

 

VI. Newsletter

  1. Scope of processing of personal data

On our website you can subscribe in the future to a free newsletter. When registering for the newsletter, the e‐mail address from the input mask will be sent to us. The other input fields are optional. In addition, for registration purposes, the date and time of registration are collected upon registration. For the processing of the data your consent is obtained as part of the registration process and it is referred to the privacy statement.

In connection with the processing of data for the sending of newsletters, there is no disclosure of the data to third parties. The data will be used exclusively for sending the newsletter.

  1. Legal basis for processing personal data

The legal basis for the processing of the data after the user has registered for the newsletter is the consent of the user Art. 6 para. 1 lit. a GDPR.

  1. Purpose of the data processing

The collection of the user's e‐mail address serves to deliver the newsletter.

  1. Data deletion and storage period

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e‐mail address of the user is therefore stored as long as the subscription to the newsletter is active.

This also applies to the other personal data collected during the registration process.

  1. Option to object or for cancellation

Subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, there will be a corresponding link in each newsletter.

This also allows a revocation of the consent to the storage of the personal data collected during the registration process.

 

VII. Contact form and e‐mail contact

  1. Scope of processing of personal data

A contact form is available on our website, which can be used for an electronic contact. If a user takes advantage of this opportunity, the data of the input form will be transmitted to us and saved. This data can be:

  • Last name
  • First name
  • E-mail adress
  • business
  • message

When the message is sent, the following data is also stored:

(1) The IP address of the user

(2) Date and time of registration

  1. Legal basis for processing personal data

For the processing of your personal data, your consent will be collected and they will not be transmitted to third parties.

The legal basis for the processing of the data transmitted in the course of sending an e‐ mail is Article 6 (1) lit. f GDPR.

  1. Purpose of the data processing

The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e‐mail, this also includes the required legitimate interest in the processing of the data. The time stamp stored during the sending process is used to prove the orderly dispatch and receipt.

  1. Data deletion and storage period

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e‐mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

  1. Option to object or for cancellation

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e‐mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue.

The revocation of the consent and the objection to the storage can also be made via the contact form.

All personal data stored in the course of making contact will be deleted in this case.

 

VIII. Web analysis by Matomo

  1. Scope of processing of personal data

On our website we use the open‐source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software sets a cookie on the computer of the users (for cookies see section above). If individual pages of our website are called, the following data are stored:

  • Two bytes of the IP address of the calling system of the user
  • The called website
  • The website from which the user came to the accessed website (referrer)
  • The subpages that are called from the called web page
  • The length of stay on the website
  • The frequency of calling the website. The software runs exclusively on the servers of our A storage of the personal data of the users takes place only there. A transfer of the data to third parties does not take place.

The software is set so that the IP addresses are not completely stored, but two bytes of the IP address is masked (eg 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible.

  1. Legal basis for processing personal data

The legal basis for processing users' personal data is Article 6 (1) lit. f GDPR.

  1. Purpose of the data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user‐friendliness. For these purposes, our legitimate interest lies in the processing of the data according to Art. 6 para. 1 lit. f GDPR

The anonymisation of the IP address sufficiently takes into account the interest of users in their protection of personal data.

  1. Data deletion and storage period

The anonymized data will not be deleted because it will continue to be needed for our recording purposes, in particular for statistical analysis.

In our case, the data will be deleted after 36 months.

  1. Opposition and possibility of deletion

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full. We offer our users the option of opting out of the analysis process in the privacy policy of our website.

For more information on the privacy settings of the Matomo software, please see the following link: https://matomo.org/docs/privacy/.

 

IX. Rights of the data subject

  1. Right to information

You may ask the responsible person to confirm if personal data concerning you are processed by us.

If such treatment is available, it is possible to ask the responsible person for information about the following information:

(1) the purposes for which the personal data are processed;

(2) categories of personal data processed;

(3) the recipients or categories of recipients to whom the personal data concerning the user has been disclosed or is still disclosed;

4) the expected duration of the storage of the personal data or, in the absence of specific information, the criteria for determining the storage period;

(5) the existence of a right to rectify or delete personal data about you, a right to limit the processing by the responsible person or the right to oppose such treatment;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the source of the data if the personal data are not collected by the interested party;

(8) the existence of automated decision-making processes, including profiling in accordance with Article 22 (1) and (4) of the GPSD and, at least in such cases, meaningful information on the logic involved, as well as the scope and the expected impact of this treatment for the interested party.

You have the right to request information about the transmission of your personal information to a third country or an international organization. In this respect, it is possible to request the appropriate guarantees in accordance with Art. 46 of the GDPR with regard to the transfer.

  1. Right to rectification

You have a right to rectification and / or completion opposite the responsible person, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.

  1. Right to restriction of processing

You may require the restriction of the processing of your personal data concerning you, if one of the conditions in Art. 18 GDPR exists.

(1) if you dispute the accuracy of your personal information during a period that allows the responsible person to verify the accuracy of your personal information;

(2) if the processing is illegal and the user refuses to delete the personal data and instead of that requires the limitation of the use of personal data;

(3) the responsible person no longer needs personal data for processing purposes, but you need data for the purpose of asserting, exercising or defending legal rights;

(4) if you have challenged the treatment under section 21 (1) of the GDPR and it is not yet certain that the legitimate reasons of the person in charge outweigh your reasons.

If the processing of personal data has been limited, this data may be processed - except with their archiving and - only with your consent, or to constitute, exercise or defend a right by judicial process or to protect another person or entity's rights or for reasons of significant public interest of the Union or a Member State.

If a process limitation has been made after the above conditions, you will be notified by the responsible person before the restriction is revoked.

  1. Right of deletion
  2. a) Obligation to cancel

You may request the responsible person to delete your personal information immediately and he must immediately remove that information if one of the following conditions is met:

(1) that personal data about you is no longer necessary for the purposes for which it was collected or processed.

(2) that you revoke the consent, upon which the elaboration according to art. 6 paragraph 1 let. or art. 9 paragraph 2 let. of the RGPD and there is no other legal basis for treatment.

(3) that you resort to treatment according to art. 21 paragraph 1 of the RGPD and there are no valid reasons for treatment, or appeal according to art. 21 paragraph 2 of the GDPR

(4) that your personal data has been processed illegally.

(5) that the deletion of your personal data is necessary to fulfill a legal obligation arising from the law of the Union or from the legislation of the Member States to which the c responsible person is subject.

(6) that personal data about you have been collected in connection with the services of the information society  offered pursuant to art. 8 paragraph 1 of the GDPR.

  1. b) information to third parties

If the manager has made public the personal data about you and is therefore obliged to delete them in accordance with art. 17 (1) of the GDPR, he will have to take appropriate measures, including technical means, to inform the responsible person who processes the personal data you have requested taking into account the technology and costs available the implementation of the deletion of all links or copies or answers concerning such personal data.

  1. c) Exceptions

The right of cancellation does not exist if the processing is necessary for:

1) exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation laid down by the EU or Member State legislation to which the responsible person is subject, or to perform a public interest mission or exercise of the public authority which has been entrusted to the treatment manager;

(3) for reasons of public interest in the field of public health in accordance with Article 9 (2) (and Article 9 (3) of the GDPR);

(4) for archival purposes of public interest, scientific or historical research or for statistical purposes in accordance with Article 89 (1) of the GDPR, to the extent that the law referred to in point (a) may make it impossible or seriously undermine the achievement of the objectives of this treatment;

(5) assert, exercise or defend legal claims.

  1. Right of notification

If you claimed your right of rectification, restriction of processing or erasure to the responsible person, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort. You have the right that the responsible person informs you about these recipients.

  1. Right to data portability

You have the right to receive the personal data relating to you provided to the responsible in a structured, common and machine‐readable format. In addition, you have the right to transfer this data to another person without hindrance by the responsible person, provided that

(1) the treatment is based on a consensus according to art. 6 paragraph 1 let. of the RGPD or art. 9 paragraph 2 of the RGPD or on a contract pursuant to art. 6 paragraph 1 let. b of the RGPD

(2) the treatment is performed by automated means.

In exercising this right, you also have the right to have your personal data about you transferred directly from one person to another, as far as technically possible. The freedoms and rights of others may not be affected.

The right to the transmission of data does not apply to the processing of personal data necessary for the performance of a public interest mission or the exercise of a public authority delegated to the responsible person.

  1. Right to object

You have the right at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to a profiling based on these provisions.

As a result, the responsible person will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending of legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. Regardless of Directive 2002/58 / EC, you have the option ‐ in the context of the use of information society services‐  of exercising your right to object through automated procedures that use technical specifications.

  1. Right to revoke a declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

  1. Automated decision in single cases incl. profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - that will have legal effect on you or cause you significant damage. This does not apply if the decision.

(1) is required for the conclusion or performance of a contract between you and the Manager,

(2) is authorized by the laws of the Union or the Member States to which the responsible person is subject and this legislation contains adequate measures to protect your rights, liberties and vital interests,

(3) with your explicit consent.

However, such decisions should not be based on particular categories of personal data within the meaning of Article 9 (1) of the GMPR unless Article 9 (2) applies to GDPR and that reasonable steps have been taken to protect your rights and freedoms and your legitimate interests.

Regarding the cases related to points (1) and (3), the manager takes the necessary measures to protect the rights and freedoms and your legitimate interests, which are at least part of the right to obtain the intervention of a person from part of the leaders, a statement of their position and a challenge to the decision.

  1. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its place of residence, place of work or place of alleged infringement, if you believe that the processing of your personal data relates to you Data violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

This data will not be disclosed to third parties without your explicit consent. Note that data transmission over the Internet (for example, when communicating via e-mail) may have security vulnerabilities. Full data protection against access by third parties is not possible. The use of contact data published in the context of editorial obligation by third parties formally excludes the sending of unsolicited advertising material and information. Site operators reserve the right to take legal action in the case of unsolicited promotional information, such as spam.