Privacy Policy

Dear user, welcome to www.pfghealth.it!

This website and the information displayed therein are offered by PFG HEALTH Srl (hereinafter referred to as "PFG HEALTH").

This information is provided pursuant to art. 13 and 14 of EU Regulation 2016/679 (hereinafter, EU Reg.) to describe the methods of processing of personal data that will be carried out when accessing, browsing and using the website www.pfghealth.it (hereinafter the "Site").

1. DATA CONTROLLER

The data controller (hereinafter "Data Controller") is PFG HEALTH Srl with registered office in Via XX Settembre 66, 25121, Brescia (BS).

The organizational structure of the Data Controller is equipped with a data protection officer ( Data Protection Officer or " DPO "). The DPO is available for any information relating to the processing of personal data carried out by PFG HEALTH. You can contact the DPO by writing to dpo@pfghealth.it .

2. PURPOSE OF THE PROCESSING

The personal data processed by the Owner are those that are provided by the user when completing an order or that are collected while the user browses and/or uses the services offered on the Site .

PFG HEALTH may therefore collect data about the user such as, for example, personal data (name and surname), shipping address, billing address, browsing data and purchasing habits.

Personal data is processed for the following purposes:

  1. conclude and execute the purchase contract for the Products offered on www.pfghealth.it;
  2. provide the Site's services such as subscription to the newsletter;
  3. allow registration on the Site and use of the services reserved for registered users;
  4. manage requests forwarded by the user to our Customer Service;
  5. marketing and promotional activities for products and services, commercial communications both by automated means (e.g. text messages, e-mail, etc.) and traditional means (by telephone, post);
  6. statistical surveys and analyzes with data in aggregate form to understand how users interact and use the Site, to improve our offer and our services. As part of this activity, PFG HEALTH may install "cookies", which collect the user's top level domain name (for example 'provider.it' from an e-mail address such as: name.surname@provider. it), the date and time of access.

3. COOKIES POLICY

Consult the dedicated website page: https://pfghealth.it/pages/cookies

LEGAL BASIS OF THE PROCESSING 

In the cases referred to in letters a) to d), the processing of personal data does not require the express consent of the user, as the legal basis of the processing is art. 6 lett. b) (“the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same”) and e) (“the processing is necessary for the execution of a task of public interest or connected to the exercise of public powers vested in the data controller") of the GDPR.

In the cases referred to in the previous letters. e) and f), the legal basis for the processing of personal data is the express consent of the user (art. 6 letter a) and art. 7 of the GDPR). This consent concerns both the automated and traditional communication methods described above. The user will always have the right to object easily and free of charge, in whole or even in part, to the processing of data for these purposes, excluding for example automated contact methods and expressing his desire to receive commercial and promotional communications exclusively through traditional contact methods.

MANDATORY OR OPTIONAL NATURE OF THE PROVISION OF DATA

The data requested for the purposes referred to in the previous letters a), b), c) and d) must be provided for the fulfillment of legal obligations and/or for the conclusion and execution of the contractual relationship and the provision of the requested services . Therefore, any refusal by the user, even partial, to provide such data would make it impossible for the Data Controller to establish and manage the relationship itself and to provide the requested service.

The provision of personal data necessary for the purposes referred to in the previous letters e) and f) is optional, therefore, any refusal by the user to provide such data would make it impossible to carry out the activities described therein.

METHODS OF DATA PROCESSING

The processing of personal data is carried out by means of the operations indicated in the art. 4 no. 2) GDPR, for the above purposes, both on paper and electronically, by means of electronic or automated tools, in compliance with current legislation in particular regarding confidentiality and security and in compliance with the principles of correctness, lawfulness and transparency and protection of customer rights.

The processing is carried out directly by the Data Controller's organization, by its managers and/or agents.

COMMUNICATION AND DIFFUSION

PFG HEALTH will not be able to communicate your personal data to third parties without prior consent, where necessary (your consent, however, can always be revoked).

However, your personal data may be communicated without your explicit consent to third parties acting on behalf of PFG HEALTH or in connection with its activities, to remain compliant with the purposes for which such data was originally collected. For example, your data may be communicated to the following categories of subjects:

1.subjects to whom such communication must be made in order to fulfill or to require the fulfillment of specific obligations established by laws, regulations and/or community legislation (for example police forces, armed forces and other public administrations);

2. companies belonging to the Data Controller's Group or parent companies, subsidiaries or affiliates pursuant to Art. 2359 of the Civil Code, who act as data controllers or for administrative and accounting purposes (purposes connected to the performance of internal organisational, administrative, financial and accounting activities, in particular, functional to the fulfillment of contractual and pre-contractual obligations) ;

3. external natural and/or legal persons who provide services instrumental to the Data Controller's activities for the purposes referred to in the previous point 1. (e.g. call centers, suppliers, consultants, companies, bodies, professional firms). These subjects will act as data controllers.

We guarantee the utmost care so that the communication of your personal data to the aforementioned subjects concerns exclusively the data necessary to achieve the specific purposes for which they are intended.

PERIOD OF CONSERVATION OF PERSONAL DATA 

The Data Controller retains and processes the user's data only for the time reasonably necessary for the purposes pursued and more detailed in this information. In particular, your data will in any case be subject to cancellation, 10 years after the conclusion of the last contractual relationship or, alternatively, 5 years after the last contact made.

DATA TRANSFER

The personal data recorded will in no case be transferred to non-EU countries. Should, however, personal data exceptionally be transferred outside the borders of the European Union, the Data Controller will guarantee compliance with the principles and forms of guarantee identified by articles 44 et seq. of Regulation (EU) 2016/679.

RIGHTS OF THE INTERESTED PARTY

As an interested party, the user has the rights referred to in the art. 15 GDPR and precisely the right to:

1.obtain confirmation of the existence or otherwise of personal data concerning him, even if not yet registered, and their communication in an intelligible form;

2.obtain indication: a) of the origin of the personal data; b) the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, of those responsible pursuant to art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representatives in the territory of the State, managers or agents;

3.obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated, except in the case in which this fulfillment proves impossible or involves the use of means that are manifestly disproportionate to the protected right;

4. object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and/or by traditional marketing methods by telephone and/or paper mail. Please note that the interested party's right of opposition, set out in the previous point b), for direct marketing purposes using automated methods, extends to traditional ones and that in any case the possibility for the interested party to exercise the right of opposition also remains only partially. Therefore, the interested party can decide to receive only communications via traditional methods or only automated communications or neither of the two types of communication. Where applicable, you also have the rights referred to in the articles. 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object), as well as the right to complain to the Guarantor Authority

For the exercise of the rights referred to in the art. 15 of the GDPR and/or for questions and/or information regarding the processing of personal data and the security measures adopted, the user may in any case forward the aforementioned request to the following e-mail address dpo@pfghealth.it .