Privacy Policy


The protection of the privacy of its customers is of primary importance for Bioline S.r.l S.B., which undertakes to process their personal data in full compliance with national and EU provisions and with the rights recognized by the law of the interested party.
This page describes the modality of processing personal data that the user (hereinafter, "Interested" or "User") has communicated to Bioline S.r.l (hereinafter, "Bioline" or the "Data Controller") by registering on the Bioline webpage at http://www.bioline-jato.com, for the service of sending electronic communications by the Data Controller (for sending newsletters and / or communications relating to the latter's activity) or however made available to Bioline, with every possible tool.
By personal data (hereinafter, the "Data"), we mean all information that could be used to directly or indirectly identify a particular person, as defined by the applicable law on data protection.
The information is provided (pursuant to Articles 13 et seq of EU Regulation 679/2016 - hereinafter the "Regulation" -) to the User when these:
- Access the Site or the Bioline e-shop, on which the information is published;
- Interact with Bioline via Facebook, Instagram, Twitter and any other social network (hereinafter, the "Social");
- Visit the Bioline headquarters or offices or partner beauty salons;
- Purchase products or services directly from Bioline, also through the website;
- Interact with Bioline in any other way, for example by contacting customer service, participating in event or fair organized by Bioline or in which Bioline participates.
The information is valid with reference to any data that the Interested party has communicated to the Data Controller, with each tool (therefore also for data communicated during events or Fairs, or by mail, including electronic mail, sms, whatsapp and social channels), without prejudice to the need for authorization to process for the purposes for which the legal basis is identifiable in the User's consent.
The privacy policy is also based on Recommendation no. 2/2001 which the European Data Protection Authorities, together in the Working Party instituted by Article 29 of EC Directive 95/46/EC, adopted on 17th May 2001 to identify minimum requirements for the collection of personal data on-line, and, in particular, the methods, the timescales and the nature of information that Data Controllers must provide to users when they access web pages, regardless of the purpose of access.



Purposes of processing and legal basis


After consulting the Website, data relating to identified or identifiable persons may be processed. Data are processed for the following purposes:

a) to facilitate navigation of the Website and technical usage of the services described here, to carry out web analysis, to check the number of visitors to the Website, to check the status of relationships with Users of the Website; in these cases, the legal basis for processing is to pursue the Data Controller’s legitimate interests in managing the Website, to ensure that the Website functions correctly and to protect the Data Controller’s rights;

b) to reply to any information requests and/or to perform services requested via the Website; in this case, the legal basis for processing is to execute the measures adopted on request of the Data Subject, to execute a contract to which the Data Subject is a party or pre-contractual measures adopted on request of the Data Subject;

c) to send, via e-mail, through newsletters and any other electronic communication (such as sms, whatsapp messages, chat on social channels, etc.), communications, including commercial or promotional ones, regarding initiatives such as meetings, workshops, training courses, gatherings and / or new products and / or services offered by the Data Controller or by third parties, in any case relating to the field of well-being and personal care, in the event that the interested party has made an express request or in any case only after expressing his specific consent, requested on the occasion of the registration or in any case of the communication of the Data, however occurred, by the interested party; in this case the legal basis of the processing is the consent of the User but also the legitimate interest of the Data Controller (as indicated by Recital 47 of the Regulation) to make known and develop its business, without prejudice to the rights of the interested party indicated below, without prejudice to the rights of the interested party indicated below, including the right to withdraw their consent at any time, in the manner that will in any case be referred to in any communication sent to them;

d) to analyse or predict aspects concerning the preferences of the interested party, with the intention of creating a commercial profile of the interested party, so as to make the browsing experience on the Site easier and more personalized depending on the User's tastes; this purpose will be pursued only in the event that the Interested party has made an express request or in any case has given specific consent; in this case the legal basis of the processing is the consent of the User but also the legitimate interest of the Data Controller (as indicated by Recital 47 of the Regulation) to make known and develop its business, without prejudice to the rights of the Interested party indicated below, including the right to withdraw their consent at any time, in the manner that will in any case be referred to in any communication sent to them;

e) to publish free of charge on the Site and / or on Facebook, Instagram, Twitter and any other social network (hereinafter, "Social") of the Data Controller, photographs and audio / video footage that portray the User, acquired on the occasion of trade fairs in which the Data Controller participates with its own stand and / or events organized by the Data Controller, associating the Data Subject's social profile with the Data; with regard to the association of the data of the Interested party to the images that portray them, the legal basis of the processing is the consent of the Interested party, while with regard to the publication of images without "tags" the legal basis is the legitimate interest of the Data Controller to document on its web and social channels the fairs or events it has organized or in which it has participated;

f) to fulfil obligations resulting from laws, regulations, community legislation; in the latter case, the legal basis of the processing is to fulfil a legal obligation to which the Data Controller is subject.

Further information on the purposes of processing is available in the "Privacy policy relating to cookies" below.



Processing location, categories of recipient and transferring personal data to a third country


The treatments, connected to the web services of the Site, take place at the headquarters of the Data Controller and the Data are processed, for the purposes indicated above, by the Data Controller's staff, employees and collaborators, authorized and / or appointed by the latter appointed / authorized and / or named external data processor and not to third parties. The Data are not subject to disclosure, except for the purpose illustrated in the previous paragraph, sub point e).
The Data may be communicated to, and processed by, the Data Controller's companies and consultants - and / or by their appointees - for the design and / or maintenance of the technological part of the Site and for the performance of instrumental, support or functional activities to the execution of contracts or services requested by the interested party; in this context, the data may be disclosed to subsidiaries and affiliates of the Data Controller, as well as to beauty salons and / or distributors partners of Bioline, for the performance of their own activities, connected to the supply of Bioline products and services or in any case intended for well-being. and personal care, and for direct marketing of such products and services. In any case, these subjects will process and communicate the data to other third parties as independent "Data Controllers" or "Persons in charge" of the treatment (pursuant to Article 28 of the Regulation) according to the directives of the Data Controller, also in terms of security, for the purposes indicated above.
The data may be transferred to Countries of the European Union and to non-EU Countries exclusively for the purposes indicated above (any transfer of data to the third Country will in any case take place in compliance with the Regulation and therefore on the basis of a decision of the European Commission for the adequacy of the level of protection of personal data guaranteed by the third country - for example on the basis of decision 1250/2016 EU-USA - or on the basis of adequate guarantees - consisting of ad hoc agreements between the Data Controller and the third supplier -, or, failing that, on the basis of the consent of the Interested party).



Types of data processed


Navigation data
The computer systems and software procedures put in place to make this Website function will acquire, during normal operation, some personal data for which transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated to identified Data Subjects, but by their nature could enable users to be identified, by means of processing and association with data held by third parties.
This category of data includes: IP addresses or the domain names of computers used by users who connect to the Website, URI addresses (Uniform Resource Identifier) for the requested resources, the time of the request, the method used to make the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s computing environment.
These data will only be used to receive anonymous statistical information regarding use of the Website (e.g. to obtain statistical information on use of services pages most visited, number of visitors by time of day or by day, geographical area of origin, etc. ; to check that services offered are functioning correctly) and to check that the Website functions correctly. Data could be used to ascertain responsibility in the event of hypothetical computer offences committed against the Website.

Data provided voluntarily by the User
The voluntary sending of e-mail to the e-mail addresses indicated on the Websites requires the subsequent acquisition of the sender’s e-mail address, which is necessary for responding to requests, as well as any other personal data included in the communication.
Specific summary information will be subsequently made available on the Website pages provided for particular services to be requested.

Cookies and other tracking systems
Cookies will not be used to profile users, nor will any other method of tracking be used.
Session cookies (non-permanent cookies) will be used instead for strictly limited purposes which ensure that the Website can be navigated safely and efficiently. Storage of session cookies on computers or in browsers can be controlled by the user, where, at the end of the HTTP session, information regarding cookies will remain stored on service logs on servers for no longer than seven days, as with other navigation data.



Voluntary provision of data


Apart from that specified for navigation data, the User is free to provide their personal data, by filling in the request forms of the Site or social networks, or by communicating them by any means to the Data Controller, for example to request the sending of the newsletter, informative material or other communications.
The consent to the processing of data for the purposes referred to in the previous points b), c), d) and e) is optional and the refusal to provide the data, only makes impossible for the Data Controller to process the data and, consequently, to respond to the requests from the User, to send communications, including commercial ones, to profile the User and to tag the Data Subject in the images that portray them on the Social of the Data Controller.
For the sake of completeness, it must be pointed out that in some cases the Italian Data Protection Authority (Garante) may also request the Data Controller, the Data Processor, the Data Subject or any third party, to provide information and to present documents also in accordance with Article 58 of the Regulation, for the purposes of checking the processing of personal data. In these cases, failure to provide this information will result in administrative penalties.



Method of processing data and storing personal data


Data will be processed in a way that will guarantee its security and confidentiality and may be processed on paper or through electronic means or means that are in any way automated, computerised, manual and using approaches that are aimed at ensuring that data are processed securely, are always complete and available and will be processed in accordance with the principles of EU Regulation 679/2016 and only for the purposes set out in this policy. Specific security measures are taken to prevent loss, illegal or improper use of unauthorised access to data.
Data will only be stored for the amount of time that is strictly necessary to pursue the purposes set out in this policy.



Rights of Data Subjects


A Data Subject has the right to exercise the following rights (specifically described in Articles 15 to 22 of EU Regulation 679/2016), by contacting the Data Controller (at the e-mail address indicated below): to ask the Data Controller to confirm whether or not data regarding them have been processed and, if so, to obtain access to the data that has been processed; to ask the Data Controller to rectify and/or supplement, delete or limit the processing of their data; to oppose processing; to ask for the data to be made portable; to lodge a complaint with a supervisory authority; to obtain all the information available on the origin of data and the categories of data, where these have not been collected from the Data Subject; to obtain information as to whether automated decision-making processes, including profiling, have been used, significant information on the approach used, and the importance and consequences these processes have for the Data Subject; to not be subject to a decision based solely on automated processing, including profiling.
In cases where the legal basis for processing is consent (e.g. for sending electronic communications inherent in the activities carried out by the Data Controller, transfer of data to non-EU Countries without suitability decisions or appropriate guarantees), a Data Subject has the right to revoke consent at any time without affecting the legality of the processing based on consent given prior to revocation.



Modification of the information


This information is governed by Italian law.
The Data Controller reserves the right to modify the information at any time, in response to continuous legal, technical or commercial developments, by publishing the new information on the Site. Bioline will request the User's consent for any substantial modification of the information, if required by applicable data protection laws. Any change, modification, cancellation or addition will take effect immediately after the communication of the same by publication on the Site. The date of the most recent version of this information will be indicated at the top of the page.



The Data Controller


The Data Controller is Bioline S.r.l. S.B., with registered office in Trento, viale Bolognini 78. A Data Subject may exercise the rights indicated above and obtain further information by contacting the Data Controller by phone on +39 0461933209, by e-mail to bioline@bioline-jato.com or by visiting the website www.bioline-jato.com/privacy-policy.