Discover the latest Bioline Jatò novelties

PRIVACY POLICY

Privacy Policy

The protection of its customers' privacy is of primary importance to Bioline S.r.l. S.B., which is committed to processing personal data in full compliance with national and EU regulations and with the rights recognised by law to the data subject.

This page describes the methods of processing the personal data that the user (hereinafter "Data Subject" or "User") has communicated to Bioline S.r.l. S.B. (hereinafter "Bioline" or the "Controller") by registering on Bioline's webpage at http://www.bioline-jato.com, by subscribing to the Controller's electronic communications service (for the sending of Newsletters and/or communications relating to the Controller's activities), or by making data available to Bioline through any other means.

Personal data (hereinafter "Data") means all information that could be used to directly or indirectly identify a particular individual, as defined by applicable data protection law.

This Privacy Notice is provided (pursuant to Articles 13 et seq. of EU Regulation 679/2016 — hereinafter the "Regulation") to the User when they: – access the Bioline Website or e-shop, on which this Notice is published; – interact with Bioline via Facebook, Instagram, Twitter, and any other social network (hereinafter "Social Media"); – visit the registered offices or premises of Bioline or partner beauty centres; – purchase products or services directly from Bioline, including through the Website; – interact with Bioline in any other way, for example by contacting customer service, attending an event or trade fair organised by Bioline or in which Bioline participates.

This Notice applies to all data communicated by the Data Subject to the Controller through any means (including data communicated at events or trade fairs, or by post, email, SMS, WhatsApp, and social media channels), subject to the requirement for authorisation to process data for purposes where the legal basis is the User's consent.

This Notice also takes into account Recommendation No. 2/2001 adopted on 17 May 2001 by the European data protection authorities convened in the Working Party established under Article 29 of Directive 95/46/EC, which sets out minimum requirements for the online collection of personal data — in particular, the methods, timing, and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

PURPOSES OF PROCESSING AND LEGAL BASIS

Consultation of the Website may result in the processing of data relating to identified or identifiable individuals. Data will be processed for the following purposes:

a) to facilitate navigation of the Website and the technical use of the services described therein, to conduct web analytics, to verify the number of visitors to the Website, and to monitor trends in relations with Website Users; in such cases, the legal basis for processing is the Controller's legitimate interest in managing the Website, maintaining its proper functioning, and protecting its rights;

b) to respond to requests for information and/or to perform services requested through the Website or any other means, electronic or otherwise; in such cases, the legal basis for processing is the implementation of measures taken at the Data Subject's request, the performance of a contract to which the Data Subject is party, or pre-contractual measures taken at the Data Subject's request;

c) to send, by email, newsletter, or any other electronic communication (such as SMS, WhatsApp messages, social media chat, etc.), communications of a commercial or promotional nature concerning initiatives such as conferences, workshops, training courses, events, and/or new products and/or services offered by the Controller or by third parties in the field of wellness and personal care, including for the formulation of commercial proposals, where the Data Subject has expressly requested this or has provided specific prior consent obtained at the time of registration or communication of Data; in such cases, the legal basis for processing is the User's consent, as well as the Controller's legitimate interest (as indicated by Recital 47 of the Regulation) in making its activities known and developing them, without prejudice to the Data Subject's rights set out below, including the right to withdraw consent at any time in the manner referred to in each communication sent;

d) to analyse or predict aspects relating to the Data Subject's preferences, with a view to creating a commercial profile of the Data Subject in order to personalise the browsing experience on the Website or the sending of commercial or promotional communications in accordance with the User's interests; this purpose may only be pursued where the Data Subject has expressly requested it or provided specific consent; in such cases, the legal basis for processing is the User's consent;

e) to publish free of charge on the Website and/or on the Controller's Facebook, Instagram, Twitter, and other social media pages ("Social Media"), photographs and audio/video recordings featuring the Data Subject, taken at trade fairs attended by the Controller with its own stand and/or at events organised by the Controller, associating the Data Subject's social profile with the Data; with regard to the association of the Data Subject's data with images depicting them, the legal basis is the Data Subject's consent, whereas with regard to the publication of untagged images, the legal basis is the Controller's legitimate interest in documenting on its web and social media channels the trade fairs or events it has organised or attended;

f) to fulfil obligations arising from laws, regulations, and EU legislation; in such cases, the legal basis for processing is compliance with a legal obligation to which the Controller is subject.

Further information on the purposes of processing is provided in the "Cookie Policy" section below.

LOCATION OF PROCESSING, CATEGORIES OF RECIPIENTS, AND TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Processing operations connected to the Website's web services are carried out at the Controller's registered offices, and Data are processed, for the purposes indicated above, by the Controller's personnel, employees, and collaborators who have been authorised and/or appointed as external data processors, and not communicated to third parties. Data are not subject to disclosure, except for the purpose described in paragraph e) above.

Data may be communicated to, and processed by, the Controller's contractors and consultants — and/or their staff — for the design and/or maintenance of the technical components of the Website and for activities that are instrumental to, supportive of, or functional to the performance of contracts or services requested by the Data Subject. In this context, data may be communicated to companies controlled by or affiliated with the Controller, as well as to beauty centres and/or distributors partnering with Bioline, for the performance of their own activities connected to the supply of Bioline's products and services or those otherwise intended for wellness and personal care, and for direct marketing of such products and services. In any case, these parties will process and communicate data to further third parties in their capacity as independent "controllers" or as "processors" (pursuant to Article 28 of the Regulation) acting under the Controller's instructions, including with regard to security, for the purposes indicated above.

Data may be transferred to countries within the European Union and to non-EU countries solely within the scope of the purposes indicated above (any transfer of data to a third country will in all cases comply with the Regulation and will therefore be based on a European Commission adequacy decision regarding the level of personal data protection guaranteed by the third country — for example, on the basis of Decision 1250/2016 EU-USA — or on the basis of adequate safeguards established through ad hoc agreements between the Controller and the third-party provider, or, in their absence, on the basis of the Data Subject's consent).

TYPES OF DATA PROCESSED

Browsing data

The IT systems and software procedures used to operate this website automatically acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified data subjects, but by its very nature could — through processing and association with data held by third parties — allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's response (success, error, etc.), and other parameters relating to the User's operating system and computing environment.

These data are used solely to obtain anonymous statistical information on the use of the Website (e.g. to obtain statistical information on the use of services — most visited pages, number of visitors by time of day or daily, geographic areas of origin, etc.; to monitor the proper functioning of the services offered) and to check that the services are functioning correctly. The data may be used to establish liability in the event of hypothetical cybercrimes against the Website.

Data voluntarily provided by the user

The optional, explicit, and voluntary sending of emails to the addresses indicated on the Website results in the subsequent acquisition of the sender's address, which is necessary to respond to requests, as well as any other personal data included in the message.

Specific summary notices will be progressively included or displayed on the Website pages set up for particular services upon request.

Cookies and other tracking systems

No cookies are used for user profiling, nor are any other tracking methods employed.

Session cookies (non-persistent) are used in a strictly limited manner, to the extent necessary for safe and efficient browsing of the sites. The storage of session cookies on terminals or browsers is under the user's control; on servers, information relating to cookies is retained in service logs at the end of HTTP sessions, for a retention period not exceeding seven days, in the same way as other browsing data.

OPTIONAL NATURE OF DATA PROVISION

Except as specified with regard to browsing data, Users are free to provide their personal data by completing the request forms on the Website or Social Media, or by communicating them by any means to the Controller, for example to request the newsletter, informational material, or other communications.

Consent to the processing of Data for the purposes referred to in letters b), c), d), and e) above is optional, and refusal to provide the Data concerned will merely prevent the Controller from processing the Data and, consequently, from responding to the User's requests, sending communications (including commercial communications), profiling the User, and tagging the Data Subject in images featuring them on the Controller's Social Media pages.

For the sake of completeness, it should be noted that in certain cases the Data Protection Authority may request the Controller, the processor, the data subject, or even third parties to provide information and produce documents, including pursuant to Article 58 of the Regulation, for the purpose of supervising the processing of personal data. In such cases, a response is mandatory under penalty of administrative sanction.

METHODS OF DATA PROCESSING AND RETENTION

Data will be processed in a manner designed to ensure security and confidentiality, and may be processed in paper form or using electronic, automated, IT, or manual tools and methods, always aimed at ensuring that data are processed securely, remain accurate and accessible, and are processed in compliance with the principles set out in EU Regulation 679/2016 and solely for the purposes specified. Specific security measures are in place to prevent data loss, unlawful or improper use, and unauthorised access.

Data are retained at the Controller's registered offices and on the Website's servers, located at the Website owners' premises or at the premises of third-party hosting service providers, as well as on the servers of companies that manage Social Media. Any transfer of Data outside the EU will be carried out in strict compliance with EU Regulation 679/2016.

To view the Social Media Privacy Policies, please refer to the relevant notices at the following links: www.facebook.com/about/privacy/update; https://help.instagram.com/519522125107875; https://twitter.com/it/privacy (these social media platforms adhere to the EU-US agreement known as the PRIVACY SHIELD, which provides adequate guarantees regarding the protection of personal data transferred to the United States, thus rendering such transfers outside the EU lawful under the Regulation).

Data are retained for as long as necessary for the pursuit of the purposes indicated in this Notice.

RIGHTS OF DATA SUBJECTS

Data Subjects have the right to exercise the following rights (as specifically set out in Articles 15 to 22 of EU Regulation 679/2016) by contacting the Controller without any particular formality at the email address indicated below: to request confirmation from the Controller as to whether or not processing of their data is taking place and, if so, to obtain access to such data; to request their rectification and/or completion, erasure, or restriction of processing; to object to their processing; to request their portability; to lodge a complaint with a supervisory authority; to obtain all available information about the origin and categories of data, where it has not been collected directly from the Data Subject; to obtain information on the existence of automated decision-making, including profiling, and — at least in such cases — meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject; not to be subject to a decision based solely on automated processing, including profiling.

Where the legal basis for processing is consent (e.g. for the sending of electronic communications relating to the Controller's activities, transfer of data to non-EU countries in the absence of an adequacy decision or adequate safeguards), the Data Subject has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

AMENDMENTS TO THIS NOTICE

This Notice is governed by Italian law.

The Controller reserves the right to amend this Notice at any time in response to ongoing legal, technical, or commercial developments, by publishing the updated Notice on the Website. Bioline will request the User's consent for any material changes to this Notice, where required by applicable data protection laws. Any changes, modifications, deletions, or additions will take effect immediately upon notification by publication on the Website. The date of the most recent version of this Notice will be indicated at the top of the page.

DATA CONTROLLER

The data controller is Bioline S.r.l. S.B., with registered offices at Viale Bolognini 78, Trento. Data Subjects may exercise the rights indicated above and obtain further information by contacting the Controller at the telephone number +39 0461 933209, at the email address bioline@bioline-jato.com, or by visiting www.bioline-jato.com/privacy-policy.