updated to EU Reg 2016/679
(European Data Protection Regulation)
Ansce Bio Generic S.r.l., the company manufacturer and seller of Biolybra® brand products in Italy, is aware of the importance of safeguarding personal data and is attentive to the rights of individuals and has made a serious commitment to comply with rules of conduct – in line with the European Regulation 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) – that guarantee safe, controlled and confidential web navigation.
This policy for the protection of confidentiality of information may change over time, including as a result of additions and amendments to the relevant laws and regulations, so we invite you to periodically consult this section of our site.
This information is provided only for the www.biolybra.com website and not for other websites/pages or sections owned by third parties that may be consulted by the user via links.
If you are required, in order to access certain services, to provide your personal data, a specific and detailed Information Notice on the relative processing pursuant to Art. 13 of EU Regulation 679/2016 will be issued in advance on the pages relative to the individual services, specifying the limits, purposes and methods of the processing itself.
- Data Controller
Ansce Bio Generic S.r.l. with registered office in Via Giuseppe Prina, 15 20154 – Milan (MI) (hereinafter, the “Data Controller” or “Company”) owner of the website https://biolybra.com (hereinafter, the “Site”), in its capacity as Data Controller of the personal data of the users browsing and registered on the Site, informs users that the personal data relating to the users of the Site (hereinafter, “Data Subjects”) will be processed in the manner and for the purposes indicated in this information notice, pursuant to art. 13 of Legislative Decree 196/2003 (hereinafter, the “Privacy Code”) and pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “Regulations” – the Regulations and the Privacy Code are together referred to as the “Applicable Legislation”) in relation to the processing of Users’ Personal Data (the “Data”).
- Type of Personal Data processed.
The following categories of Personal Data concerning Users may be collected:
Browsing Data: such as IP addresses or domain names of the computers used by Users who connect to the Site, URI (Uniform Resource Identifier) notation addresses of the resources requested, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This Data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site: to this effect, data on web contacts could be kept in accordance with and limited to this purpose. From the IP address and the domain name of the computers used, it will be possible, limited to the above-mentioned liability assessment purpose, to trace back further identification data of the user (in particular, name, surname, e-mail address, telephone number, etc.).
Data provided voluntarily by the User: such as personal and contact data, in particular name, surname, telephone number, e-mail address and any other data provided by the User by filling in the form in the “Contacts” section of the Site; as well as identification data, such as name, surname, e-mail address, telephone number, tax code, economic and transaction information (for example, your payment or credit card data, information on purchases you have made, orders, returns, etc.); any other data provided, for example, when registering on the Site in the relevant section, or when filling in any data collection forms on the Site, or when requesting the supply/activation of the Service. ); any other data provided, for example, when you register with the Site in the relevant section, or when you fill in any data collection forms on the Site, or when you request the supply/activation of the Newsletter service.
- Purpose of processing, legal basis and nature of conferment
Personal data provided by Data Subjects via the Site are collected and processed lawfully in accordance with Article 6 of the Regulation for the following processing purposes and legal bases:
- site navigation: during normal operation and for the sole duration of the connection, the computer systems used to operate the websites acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes, for example: IP addresses or the names of the computers used by users who connect to the websites, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the characteristics of the browser used for browsing, the size of the window in which the browser runs on the device being used, and other parameters relating to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the sites and to check their correct functioning, and is deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the sites.
Contractual obligations and provision of service in the case of online purchases: to execute requests to purchase products offered in the “SHOP” section of the Site, in accordance with the “General Terms and Conditions of Sale”, which are accepted by the User at the time of purchase and/or registration on the Site, and to fulfil subsequent notifications and requests made by the User. This type of data is marked with an asterisk symbol [*] and in this case the provision of such data is obligatory in order to allow the Company to follow up on the request, which, failing this, cannot be processed.
- management of a contact request through the “Contacts” section: the Data are provided through the optional, explicit and voluntary sending of the Data Subject. The user is free to provide the personal data indicated in the ‘Contacts’ section of the Site to request information.
The provision of personal data by the user is obligatory in order to allow the Company to manage communications, requests received from the user or to contact the user in order to follow up on his/her request. This type of data is marked with an asterisk symbol [*] and in this case the provision of such data is obligatory in order to allow the Company to follow up the request, which, if not provided, cannot be processed.
- registration and access to the reserved area “My Account” by the Data Subject: the Data are provided through optional, explicit and voluntary submission by the Data Subject. The user is free to provide the personal data indicated in the “Login or Register” section of the Site.
The provision of personal data by the User is obligatory in order to allow the Company to manage and execute requests for the purchase of products offered in the “SHOP” section of the Site, in accordance with the “General Terms and Conditions of Sale”, which are accepted by the User at the time of purchase. This type of data is marked with an asterisk symbol [*] and in this case its provision is obligatory in order to allow the Company to process the purchase request, which, if not provided, cannot be processed.
- management of payments and/or finalisation of product purchase orders: The Data are provided through optional, explicit and voluntary sending of the Data Subject. The User is free to provide the personal data indicated in the “SHOP” section of the Site. The provision of personal data by the User is obligatory in order to allow the Company to manage and execute requests to purchase the products offered in the “SHOP” section of the Site, according to the “General Terms and Conditions of Sale”, which are accepted by the User during the purchase process. This type of data is marked with an asterisk symbol [*] and in this case its provision is obligatory in order to allow the Company to process the purchase request, which, if not provided, cannot be processed.
- legal obligations: to fulfil obligations required by law, by an authority, by a regulation or by European legislation with which the Controller is obliged to comply. The provision of User Data is in fact mandatory.
Failure to provide Contact Data will make it impossible for the User to browse the Site, register on the Site and use the services offered by the Controller on the Site.
The relevant legal basis for processing is the performance of a contractual relationship requested by the User (pursuant to Article 6(1)(b) of the Regulations and Article 24(1)(b) of the Privacy Code) or the fulfilment of legal obligations (pursuant to Article 6(1)(c) of the Regulations)
Failure to provide Contact Data will make it impossible for the User to browse the Site, register on the Site and use the services offered by the Controller on the Site.
Further processing purposes: marketing (sending newsletters, advertising material and commercial communications).
Only with the User’s free and optional consent, the User’s Contact Data and any other Personal Data provided may also be processed by the Data Controller for marketing and newsletter purposes (sending of advertising material, direct sales, commercial communication, sending of newsletters containing information in relation to news relevant to the sector related to the Site’s activities), or so that the Data Controller can contact the User by mail, e-mail, telephone (fixed or mobile, with automated calling systems or through the intervention of an operator), SMS/MMS to present the User with the products and services of the Data Controller, to communicate invitations, promotions and commercial opportunities.
The provision of Personal Data is optional and, if consent is not given, the possibility of registering on the Site will not be affected in any way.
The relevant legal basis for the processing is the consent, if any, freely expressed by the User, for the performance of the aforesaid marketing purposes (pursuant to Article 6(1)(a) of the Regulation and Article 24(1)(b) of the Privacy Code).
In the event of consent, the User may revoke it at any time by making a request to the Data Controller in the manner indicated in paragraph 8 ‘Rights of the interested parties’.
The User may also easily object to further sending of promotional communications and email newsletters by clicking on the appropriate link for revoking consent, which is present in each promotional email and newsletter. Once consent has been withdrawn, the Controller will send the User an email message confirming that consent has been withdrawn.
The Data Controller informs that, following the exercise of the right to object to the sending of promotional e-mails and newsletters, it is possible that, for technical and operational reasons, the User may continue to receive some further messages. Should the User continue to receive promotional messages and/or newsletters, please report the problem to the Data Controller, using the contacts indicated in paragraph 8 “Rights of interested parties”.
- Methods of processing.
Personal Data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. The Data Controller uses all the security measures necessary to improve the protection and maintenance of the security, integrity and accessibility of the Users’ Data.
- Place of data processing
The processing operations connected to the web services of this site take place at the headquarters of the Company and are carried out by technical personnel authorised to the processing. In case of need, the connected data may be processed by the staff of third party companies that take care of the maintenance of the technological part of the site (Data Processors pursuant to Art. 28, GDPR), at their own premises.
- Data storage.
Data is retained for as long as necessary to fulfil the purposes for which it was collected or for any other related legitimate purpose, or to the extent required to comply with legal requirements. Data that is no longer required, or for which there is no longer a legal basis for its retention, will be irreversibly anonymised or securely destroyed. Personal Data functional to the fulfilment of any legal obligations will also be retained at a later date, in compliance with said obligations and in accordance with the retention periods provided for by the applicable regulations.
The Data provided for “Further processing purposes: marketing (sending newsletters, advertising material and commercial communications)” in paragraph 3, will be retained by the Data Controller until the consent given is revoked. The User will in any case be asked to renew consent periodically to the processing of Data by the Company for the same purposes. Once consent is revoked, the Company will no longer use the Data for such purposes and it will be irreversibly anonymised or securely destroyed.
- Scope of processing, communication and dissemination
Data processing is carried out by internal staff duly appointed for this purpose as Data Processor or person in charge of processing. The Data collected for the performance of the aforesaid purposes will also be processed by third parties appointed for this purpose as external Data Processors, or, as the case may be, communicated to the same as autonomous data controllers, such as persons, companies, associations or professional firms that provide assistance and consultancy activities in favour of the Data Controller, as well as in accounting, administrative, legal, tax and financial matters, as well as companies, bodies, associations that perform services connected and instrumental to allowing the surfing on the Site by the Data Subjects, as well as couriers for the delivery of purchased products, credit card payment management companies, computer system maintenance.
Moreover, the Data may be made accessible, communicated and transferred to Public Bodies, Judicial Authorities, Law Enforcement Agencies, which will process them as autonomous data controllers in order to follow up on requests for investigation or where expressly provided for by law.
In any event, any communication of User Data shall take place in full compliance with the provisions of the GDPR and the Privacy Code.
Finally, please note that the Company does not sell and/or disseminate personal data to third parties.
- Rights of the Interested Parties.
The persons to whom the personal data refer may exercise, in relation to the data processing described therein, at any time, by writing to the postal address indicated above or by sending an e-mail to firstname.lastname@example.org, the rights provided for in the G.D.P. Regulations ex art.15-22, including:
- withdraw consent at any time. The User may revoke the consent previously given to the processing of his or her Personal Data.
- oppose the processing of their Data. The User may object to the processing of its Data when it is done on a legal basis other than consent. Further details on the right to object are set out in the section below.
- access to their Data. The User has the right to obtain information on the Data processed by the Controller, on certain aspects of the processing and to receive a copy of the Data processed.
- verify and request rectification. The User may verify the correctness of its Data and request that it be updated or corrected.
- obtain the restriction of the processing. When certain conditions are met, the User may request the restriction of the processing of its Data. In this case, the Data Controller will not process the Data for any purpose other than its preservation.
- obtain the deletion or removal of their Personal Data. When certain conditions are met, the User may request the deletion of its Data by the Data Controller.
- receive their Data or have them transferred to another Data Controller. The User has the right to receive its Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another data controller. This provision is applicable when the Data are processed by automated means and the processing is based on the User’s consent, on a contract to which the User is party or on contractual measures related thereto.
- Proposing a complaint. The User may lodge a complaint with the competent Data Protection Authority or take legal action.
Requests to exercise the rights listed above should be addressed to the Company by sending an e-mail to email@example.com or by ordinary mail to the following address Ansce Bio Generic S.r.l., Via Giuseppe Prina, 15 20154 – Milan (MI) – Italy
Right of opposition
If the conditions set out in Article 21 of the G.D.P.R. Regulation apply, the User shall have the right to object to the processing of Personal Data concerning him/her, unless there are legitimate reasons for the Controller to continue the processing, by simply sending a request by e-mail to firstname.lastname@example.org.
Withdrawal of consent
The User has the right to revoke the consent given at any time, without prejudice to the lawfulness of the processing based on the consent acquired before the revocation, pursuant to Art. 7, par. 3 of the G.D.P.R. Regulation.
Such revocation may make it impossible for the Controller to provide the service any further and pursue the purposes indicated above.
Complaint to the Supervisory Authority
If the Data Subject considers that the processing that concerns him/her violates the Regulations or the Code, he/she has the right to apply to the Supervisory Authority to assert his/her rights.
For Italy, the Garante per la Protezione dei Dati Personali, Piazza Venezia 11, 00187 Rome – Italy www.garanteprivacy.it, to which the complaint may be sent at email@example.com, using the garante privacy form made available by the Authority or in free form.
- Social media presence
On our Site we integrate links to our company profile on social media.
If you click on the link, you will be redirected directly to the website of the respective social media provider and your personal data is processed by the respective social media provider.
The processing of Users’ personal data complies with the policies in use on the platforms used.
– Instagram: https://help.instagram.com/155833707900388
– Facebook: https://it-it.facebook.com/privacy/explanation/
- Timing of data storage
The data you provide will only be stored for as long as is necessary for the respective purposes for which you provided your data, or to the extent required to comply with legal or official requirements.
- Updates and revisions.
Date of last update: December 2022