Privacy Policy

INFORMATION FOR THE PROCESSING OF PERSONAL DATA

(Art. 13 of the EU General Regulation on the protection of personal data n. 679/2016)

This “Privacy Policy” describes the “processing of personal data” by Antica Farmacia del Cinghiale which here processes Users’ data through the Web pages: www.farmaciadelcinghiale.it.
“Processing of personal data” means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, registration, organisation, structuring, preservation, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.Pursuant to applicable data protection legislation (including the General Data Protection Regulation 2016/679 (the “GDPR”), Antica Farmacia del Cinghiale is the Data Controller, that is the subject who decides how and why to process your personal data.
Antica Farmacia del Cinghiale recognizes the importance of the protection of personal data and considers their protection one of the main objectives of its activity. For this, pursuant to Art. 13/14 of European Regulation 679/2016 on the protection and processing of personal data, as well as the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)Users are invited to read carefully the following information because it contains important information on the protection of personal data and security measures taken to ensure the confidentiality of data.

1.        Data controller.

The data controller is Antica Farmacia del Cinghiale with registered office in Piazza del Mercato Nuovo 4/5 red, 50123 Florence VAT 02171690411- e-mail address: info@farmaciadelcinghiale.it PEC: 0823200@pec.federfarma.it.
This information is included on the website www.farmaciadelcinghiale.it in order to provide information to interested users about the use of data held by the Data Controller

2.        Data Protection Officer (DPO).

Ancient Pharmacy of the Wild Boar

3.        Principles applied to treatment.

On the basis of Art. 5 of European Regulation 679/2016 on the protection and processing of personal data, the data are processed in a lawful, correct and transparent way towards the data subject («lawfulness, correctness and transparency»); collected for specific purposes, explicit and legitimate, adequate, relevant and limited to what is necessary for the purposes for which they are processed («minimisation of data»).

4.        Type of data processed.

The personal data that the Data Controller processes are those provided directly by the User when he concludes an order, when he signs up for the newsletter service and those that are collected while the User is browsing or using the services offered on the website www.farmaciadelcinghiale.it.
The Data Controller may, therefore, collect the following categories of “personal data”:

1. a) personal data necessary to conclude and execute the purchase of products on the website www.farmaciadelcinghiale.it such as: name and surname, e-mail address, shipping address, billing address or address of commercial documents issued against payment, telephone and payment method, tax number;
2. b) the date of birth to offer birthday gifts/promotions;
3. c) the e-mail address even when the user signs up for the newsletter service;
4. d) the personal data that is provided by the User when he contacts our Customer for assistance;
5. e) the data related to the use of the website www.farmaciadelcinghiale.it and, in particular, the information related to the way you use the site, open and forward communications including information collected through cookies (In this sense, please examine the cookie policy also on the website that regulates the details).

5.        How the data is collected.

Data Controller collects directly from the User and processes personal data:

– when the User concludes an order and purchases products offered online on the website www.farmaciadelcinghiale.it;
– when the User registers for the events promoted by Antica Farmacia del Cinghiale;
– when the User subscribes to the newsletter of Antica Farmacia del Cinghiale;
– when the User responds to the marketing campaigns of Antica Farmacia del Cinghiale;

6.        Purpose of processing

The Data Controller may process the User’s personal data for one or more of the purposes indicated below, on the basis of the legal basis described from time to time.

6.1.    Establishment and performance of contractual relations and consequential obligations

The Data Controller may process the User’s personal data for the purposes of establishing and performing any contractual relations and, therefore, to conclude and execute the contract of purchase of products offered on the website www.farmaciadelcinghiale.it to fulfill the relevant pre-contractual and contractual obligations, to provide the services requested, to manage collection/ payment of the supply, to deliver invoices and/or commercial documents issued in return for payment and to check for reports and complaints.
The Data Controller may also use the contact details, and in particular the e-mail of the User, to provide the latter with information relating to the service.
Prerequisite for processing and legal basis: fulfillment of the contractual obligations of which the User is a party and fulfillment of the legal obligations related to this contract.
The provision of data is mandatory to manage the contractual relationship; in default, the Data Controller will not be able to process it.

6.2      Operational management and purposes strictly related to access to the Site, in particular to areas reserved for the same

The Data Controller may process the contact data, other personal data to allow the User to complete the registration procedure on the Site and allow him to access his personal area in order to: a) download documents relating to the services purchased by the same; b) give effect to the other requests made through the Site.
The registration to the Site may take place where the User decides voluntarily to use it.
Prerequisite for processing and legal basis: fulfillment of contractual obligations to allow the User to register on the Site.
The provision of data is mandatory to manage the contractual relationship; in default, the Data Controller will not be able to process it.

6.3      Sending periodic newsletters

The Data Controller may process the contact data in order to send the User periodic newsletters at the explicit request of the latter through the relative subscription to the service, containing news and insights on different products and topics of interest to him.
Prerequisite for processing and legal basis: fulfilment of contractual obligations to allow the User to receive the newsletter.
The provision of data is mandatory to manage the contractual relationship; in default the User will not be able to subscribe and receive the newsletter.

6.4      Purposes related to the obligations provided for by laws, regulations or EU legislation, by provisions / requests for authorities empowered by law and/or by supervisory and control bodies

The Contact Data and Payment Data may be processed by the Data Controller to fulfil the obligations to which it is bound and, in particular, to comply with the rules of civil and/or tax law, to comply with the obligations laid down by a regulation, both national and international, Community legislation or an order from the Authority (such as anti-money laundering).
Prerequisite for processing and legal basis: fulfilment of a legal obligation.
The provision of Personal Data for this purpose is mandatory because in default the Data Controller would be unable to fulfill specific legal obligations.

6.5      Analysis and improvement of services – customer satisfaction

The Data Controller may process the contact data in order to analyse, review and improve its services with a view to customer satisfaction.
Prerequisite for processing and legal basis: legitimate interest of the Data Controller to verify and improve the quality of its services, including through invitation to review systems to monitor the quality of the services provided.

6.6    Sending of communications for the promotion of products and services similar to those subject to a previous purchase pursuant to and to the extent permitted by art.130, paragraph 4, of the Privacy Code (D.Lgs. n.196/2003, as amended by D. Lgs. 101/2018)

The Data Controller may process the Contact Data relating only to the e-mail coordinates for promotional purposes relating to products and services similar to those subject to purchase by the User.
Exclusively with reference to the use of the email indicated by the interested party at the time of conclusion of the contract, the Data Controller may process the contact data to send (without the need to obtain specific consent, as provided for in article 130, paragraph 4 of the Privacy Code) informative and advertising material only if it relates exclusively to products and/ or services similar to those already used
Prerequisite for processing and legal basis: legitimate interest of the Data Controller to maintain an effective contractual relationship with the User.
It remains, in this particular case, without prejudice to the right of the data subject to object at any time to the processing (by notifying his opt-out at the e-mail address: info@farmaciadelcinghiale.it) on receipt. In any case, the Data Subject, when sending any email communication made by the Data Controller for the purposes set out herein, will be duly informed of the possibility of opposing the processing at any time, easily and free of charge. Such opposition will not have any consequences on the contractual relationship or on the obligations arising from it.

6.7    Defence of rights in the course of judicial, administrative, or out-of-court proceedings or in disputes arising in connection with the services offered

Contact Data and Payment Data may be processed by the Data Controller to defend its rights or act or even make claims against the User or third parties.
Prerequisite for processing and legal basis: legitimate interest of the Data Controller to the protection of their rights.
The provision of data for this purpose is mandatory because in default the Data Controller would be unable to defend their rights.

6.8    Carrying out promotional, advertising and marketing activities in a broad sense

The personal data provided by the user may also be processed by the Data Controller for the purposes of commercial promotion, freebies, advertising communication, solicitation of buying behaviour, market research, surveys (including telephone, online or through forms)statistical processing (in identification form), other marketing sample searches in the broad sense (including prize events, games and competitions) by automated means of contact (email, SMS, MMS, chat, instant messaging, social networks and other massive messaging tools, push notifications, etc.) and traditional modes of contact (for example, phone call with operator).
Prerequisite for processing and legal basis: consent.
In order to process promotional, advertising and marketing activities in a broad sense, it is mandatory to obtain specific, express, documented and entirely optional consent.
The failure to provide the same does not, therefore, have consequences on the contractual relationships.
Consent can be revoked at any time.

6.8.1 Communication and dissemination of personal data to third parties who intend to be commercial partners for promotional, advertising and marketing activities in the broad sense

For the same promotional, advertising and marketing purposes in the broad sense referred to in point 6.8 above, the Data Controller informs the User that the personal data may also be communicated to third parties commercial partners.
Prerequisite for processing and legal basis: consent.
The Data Controller shall first of all specify that the consent to the Processing given by the User for the purposes referred to in point 7.8 above and his personal data will be used only and exclusively by the latter for the promotional activity, advertising and marketing in the widest sense by himself and will not be in any way transferred to third parties.
In order to proceed with any communication and dissemination of personal data to third parties business partners who intend to process them for their separate and additional promotional, advertising and marketing purposes in a broad sense, the Data Controller shall, Therefore, acquire from the User a further and additional informed, separate, documented, express and entirely optional consent.
Failure to provide the same does not have any consequences on the contractual relations with the Data Controller

6.9    Processing of personal data for commercial profiling purposes

The Data Controller may also, for marketing and service improvement purposes, process the so-called “profiling” data or process the contact data, other personal data, the use of the Site and other data concerning the User’s interests through their statistical processing, to create an individual profile of the User and to send him commercial communications in line with his preferences, on the basis of the analysis of his habits and purchasing choices.
These personalised communications can be achieved through automated means of contact (e-mail, sms, MMS, chat, instant messaging, social networks and other mass messaging tools, push notifications, etc.) and traditional means of contact (for example, phone call with operator, traditional mail, etc.).
Profiling may concern “individual” personal data or “aggregated” personal data derived from detailed individual data.
Prerequisite for processing and legal basis: consent.
To proceed with the processing for the profiling activity, it is mandatory to obtain a specific, separate consent (also from the consent for the promotional, advertising and marketing activity in the broadest sense referred to in point 7.8 above), additional, express, documented and entirely optional.
Failure to provide the same does not affect the contractual relationships.
Consent can be revoked at any time.

6.10    Processing of personal data for hosting purposes third party promotions on custom clusters

The Data Controller may also, for hosting purposes of third party promotions dedicated to specific aggregations of interest, proceed with data profiling processing through dedicated technologies or processing of contact data, other personal data, the use of the Site and other data concerning the User’s interests through their statistical processing, to associate the User’s individual profile with particular interest groups in order to provide access to commercial communications in line with the cluster’s common preferences, based on the analysis of its habits and purchasing choices.
These personalized communications are carried out through automated modes of broadcasting on particular areas of the site while browsing.
Profiling may concern “individual” personal data or “aggregated” personal data derived from detailed individual data.
Prerequisite for processing and legal basis: consent.
To proceed with the processing for the profiling activity, it is mandatory to obtain a specific, separate consent (also from the consent for the promotional, advertising and marketing activity in the broadest sense referred to in point 7.8 above), additional, express, documented and entirely optional.
Failure to provide the same does not affect the contractual relationships.
Consent can be revoked at any time.

7.        Method of treatment

The processing will be carried out in automated and/ or manual form, using paper, computer, telematic or other telecommunications systems, in compliance with the provisions of art. 32 of GDPR 2016/679 on security measures, by subjects specifically appointed and in compliance with the provisions of art. 29 GDPR 2016/ 679

8.        Recipients of data

The Data are processed by staff duly trained by Antica Farmacia del Cinghiale as Data Controller and will not be disseminated. For organizational and functional needs, personal data are, also, shared, for the purposes indicated previously in point n.7 and its subordinates, with subjects acting as external responsible or independent owner or co-owner. These subjects have been evaluated and chosen by the Data Controller for their proven reliability and competence and belong to the following categories:

1. a) the banking institutions used for payment transactions, as well as the entities operating in them, for the sole purpose of administrative and accounting management of the contract/report and for the findings concerning the execution of payments;
2. b) companies and professionals that the Data Controller uses for advice or assistance in carrying out its business activities, including in particular lawyers, auditors, tax and labour consultants, persons, companies, professional firms providing consultancy in accounting and administrative matters, auditors, supervisory bodies, supervisory bodies, certification bodies, freight forwarders, IT and telematic service providers, IT consultants and internet security providers, subjects delegated to carry out technical maintenance activities (including maintenance of network equipment);
3. c) any contractors – subcontractors of the Data Controller for the performance of the contractual activity;
4. d) public bodies or legal authorities if required by applicable legislation or following a request from the authority;
5. e) any other third parties if deemed necessary to carry out, in whole or in part, the contractual activities and for the administrative and accounting purposes of the relationship.

The updated and analytical list of Managers involved in the contractual relationship with the User can be obtained by contacting the Holder at the addresses indicated above and precisely: Antica Farmacia del Cinghiale, Piazza del Mercato Nuovo 4/5 r 50123 Florence e-mail address: info@farmaciadelcinghiale.it, PEC: 0823200@pec.federfarma.it.
Personal data may also be transmitted to police forces and to judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection from threats to public security, to allow the Data Controller to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
Upon acquisition of further informed, separate, additional, documented, express and entirely optional consent, personal data may be, In addition, communicated to third parties business partners who intend to process personal data for their separate and further promotional, advertising and marketing purposes in the broad sense as indicated above in point 6.8.1.

9.      Transfer of personal data to non-EU countries

Unless otherwise indicated, the recipients will not have offices outside the European Community or in any case in countries not adapted to Community legislation.
The data will not be transferred or processed outside the European Community or any other place considered not appropriate to the relevant Community legislation.
Any such transfers will be duly reported to the data subject with the relevant instrument used to guarantee the rights and freedoms of the data subject.
In any case, the transfer of personal data to countries that do not belong to the European Union and that do not ensure adequate levels of protection, will be carried out only after conclusion between the Data Controller and the third party receiving the data of specific agreements, containing safeguard clauses and appropriate safeguards for the protection of personal data.

10.      Retention times of personal data and other information

The Data Controller will retain the personal data of the User only for the time necessary to achieve the purposes for which they were collected or for any other legitimate related purpose.
Therefore, if the personal data will be processed for two different purposes, such data will be retained until the purpose with the longest term ceases, however, personal data will no longer be processed for the purpose for which the retention period has expired.
The Data Controller will limit access to personal data only to those who need to use it for relevant purposes.
Personal data that are no longer necessary, or for which there is no longer a legal basis for its storage, will be irreversibly anonymized (and thus can be stored) or safely destroyed.
Below are the storage times in relation to the different purposes listed above:
– establishment and execution of contractual relationships and consequential obligations: the Data processed to fulfill any contractual obligation may be stored for the duration of the contract and in any case no later than the following 10 years; in order to verify any dependencies including accounting documents (such as invoices);
– operational management and purposes strictly related to access to the Site, in particular to the reserved areas of the Site: the Data processed for this purpose may be stored for the duration of the contract and in any case not later than 10 years from the last access to the Site;
– sending periodic newsletters: the data processed for this purpose may be stored for the duration of the relationship and in any case no later than the following 2 years from the last purchase;
– purposes related to the obligations laid down by laws, regulations or Community legislation, by provisions / requests for authorities empowered to do so by law and/or by supervisory and control bodies: in such cases, the Data Controller will keep the Data for the time strictly necessary to achieve these purposes;
– analysis and improvement of services – customer satisfaction: the data processed for this purpose may be stored for 24 months from the last purchase;
– sending communications for the promotion of products and services similar to the one subject to a previous purchase (pursuant to and to the extent permitted by art. 130, paragraph 4 of the Privacy Code (D. Lgs. n. 196/2003, as amended by Legislative Decree 101/2018): Data processed for the purpose of promoting similar services or products may be stored for 24 months from the date of the previous purchase;
– the defence of rights in the course of judicial, administrative or out-of-court proceedings, and in disputes arising in relation to the services offered: in such cases, the Data Controller will process and store the Data for the time strictly necessary to achieve these purposes;
– marketing to meet the needs of the User and marketing profiled to provide promotional offers also in line with the User’s preferences: the Data processed for these purposes may be stored for 24 months from the last purchase;
– execution on behalf of third parties of marketing activities on products and services of Group companies and also of third parties: the Data processed for marketing purposes may be stored for 24 months from collection.

11.      Security measures

The Data Controller protects personal data with specific technical and organizational security measures, aimed at preventing it from being used in an illegal or fraudulent manner.
In particular, the Data Controller uses security measures that guarantee:
– pseudonymisation or encryption of personal data;
– the confidentiality, integrity, availability and resilience of the systems and services which process them;
– the ability to restore data in the case of data Breach.

12.      Rights of the data subject

Pursuant to Article 7 of the Privacy Code and pursuant to Articles 13, paragraph 2, letters (b) and (d), 15, 18, 19 and 21 of the Regulation, the Data Subject has the following rights:

1. a) has the right to ask Antica Farmacia del Cinghiale as data controller for access to personal data, to rectify or delete them or to restrict the processing of personal data concerning him or to oppose their processing, in the cases provided for;
2. b) has the right to lodge a complaint with the Data Protection Authority as a data subject, following the procedures and indications published on the official website of the Authority on www.garanteprivacy.it;
3. c) any corrections or cancellations or limitations of the processing carried out at the request of the Data Subject – unless this proves impossible or involves a disproportionate effort – will be communicated by the Data Controller to each of the recipients to whom the personal data have been transmitted. The Data Controller may inform the Data Subject of such recipients if the data subject so requests.

In particular, the interested party may:

1°) obtain confirmation of the existence or otherwise of personal data relating to him, even if not yet recorded, and their communication in an intelligible form;

2°) obtain the indication:

1. a) the origin of personal data;
2. b) the purposes and methods of processing;
3. c) the logic applied in the case of treatment carried out with the help of electronic tools;
4. d) the identification details of the owner, the managers and the representative designated pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR;
5. e) the persons or categories of persons to whom personal data may be disclosed or who may become aware of them in their capacity as designated representatives in the territory of the State, in charge or in charge;

3°) obtain:

1. a) the updating, rectification or, where relevant, integration of the data;
2. b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including those whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
3. c) proof that the operations referred to in paragraphs a) and b) have been brought to the attention, including as regards their content, of those to whom the data have been communicated or disseminated, except where such compliance proves impossible or involves the use of means manifestly disproportionate to the protected right;

4°) oppose, in whole or in part:

1. a) for legitimate reasons relating to the processing of personal data concerning them, even if relevant to the purpose of the collection;
2. b) the processing of personal data concerning him for the purpose of sending advertising material or direct sales or for the performance of market research or commercial communication, by the use of automated call systems without the intervention of an operator by e-mail and/or by traditional marketing methods by telephone and/or paper mail.

Please note that the right of opposition of the interested party, set out in point b), for purposes of direct marketing by automated means extends to traditional ones and that however remains the possibility for the interested party to exercise the right of opposition even in part.

Therefore, the interested party may decide to receive communications only through traditional methods or only automated communications or neither of the two types of communicatione.

13.      How the data subject exercises his rights

The exercise of rights is not subject to any formal constraint and is free of charge.
The address for exercising your rights is: info@farmaciadelcinghiale.it PEC: 0823200@pec.federfarma.it.
Alternatively, the interested party can, at any time, exercise the rights by sending a registered letter a.r. to the following address: Antica Farmacia del Cinghiale, Piazza del Mercato Nuovo 4/5 r – 50123 Florence

14.      Amendments to this policy

The constant evolution of the Data Controller’s services may involve changes in the characteristics of the processing of personal data described so far. Consequently, this privacy policy may be subject to changes and additions over time, which may also be necessary in reference to new regulatory measures regarding the processing of personal data.
Users are therefore invited to periodically check the contents: where possible, we will provide timely information about the changes made and their consequences
The updated version of the privacy policy, in any case, will be published on the site, with an indication of the date of its last update.

15.      Legislative references and useful links

The processing of personal data is carried out by Antica Farmacia del Cinghiale in full compliance with the relevant legislation provided for by Regulation (EU) 2016/679 General Data Protection Regulation, the rules on the processing of Italian personal data and the provisions of the Italian Supervisory Authority (http://www.garanteprivacy.it).