Information pursuant to EU regulation 2016/678 (gdpr)
This information is given pursuant to art. 13 of the European Regulation 2016/679 on the protection of personal data (hereinafter “GDPR”) and subsequent amendments and additions and the Italian reference legislation, including Legislative Decree no.101 of August 10, 2018, by the company Ice spa – via Sicilia, 8/10 – 42122 Reggio Emilia – vat number 01227810353 (hereinafter also only “Company “), in its capacity as Data Controller, and is provided to those who interact with the web services of the Company accessible at the address https://www.icepharma.com
This information is provided with the aim of informing the user about the methods of processing of the relevant personal Data.
This Data may be collected because you voluntarily disclose it (for example, by writing to the Company through the “contact” section) or simply by analyzing the pages you browse on the site. The Personal Data processed through the site are specified in the following paragraphs.
Types of data collected and purposes
While browsing the site https://www.icepharma.com the Data Controller may acquire information about the visitor, in the following ways.
The computer systems and software procedures used to run this website acquire, during their normal operation, some data whose transmission is implicit when using Internet communication protocols. This information CANNOT be associated with identified data subjects or include personal data. This data category only includes IP addresses, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained as answer, the numerical code indicating the status of the answer given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing; currently the data on web contacts do not persist for more than 30 days.
Data provided voluntarily by the User
The optional, explicit and voluntary sending of electronic mail to the addresses mentioned on this site involves the acquisition by the Company of the sender’s e-mail address and any other data eventually requested such as name, surname, address, telephone number (landline or mobile phone).
The data acquired in this way will be used only to process the user’s request; to send the information specifically requested; to fulfil any obligations laid down by current laws, regulations or Community legislation and to satisfy any requests from the Authorities (tax, judicial, etc.)
They will not be used for marketing purposes without your prior express consent and will not be sold, transmitted, given or passed on to third parties in any way.
The legal basis for the processing of Personal Data for the purposes set out in the preceding sections is contained in Articles 6(1)(b); 6(1)(c), 6(1)(f), 9(2)(a), 9(2)(b) of EU Regulation 2016/679.
Optionality of data providing
Apart from that which is specified for browsing data, the user is free to provide or not personal data and browse anyway the various sections of the site, but failure to provide them will make it impossible to obtain any reply to requests made to ice spa.
Cookies are used on our website to provide users with a better service and experience. For any information about this type of data and its Processing, please refer to the specific section https://www.icepharma.com/cookies-policy
Processing rules and modalities
Personal data are processed by computer and/or telematic tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
The Processing is carried out by means of organizational methods and logic strictly related to the purposes indicated.
In addition to the Data Controller, the data may be accessed by some internal staff tasked with processing involved in the organization of the site or in the provision of services (administrative staff, system administrators or other employees, all of whom are committed to confidentiality where they are not subject to specific formal legal obligations) formally appointed as Authorized Persons to the Data processing i.e. external persons/entities (such as third party technical service providers, hosting providers, IT companies, business partners responsible for processing online requests or other external consultants) formally appointed as Data Processors by the Data Controller. The updated list of the Data Processors can always be requested from the Data Controller by sending a specific communication to the addresses indicated in the “Contact details” section of this information.
Personal Data Protection
The Data Controller has implemented a study on the impact and risk assessment in relation to the Data processing according to GDPR regulations: it has, therefore, implemented specific security measures, observed by all staff tasked with the processing, to prevent data loss, illegal or incorrect use and unauthorized access.
These measures take into account:
- state-of-the-art technology
- the costs of its implementation
- the nature of the data
- the risk of processing
The purpose is to protect them from accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access, and other forms of unlawful processing. Moreover, when managing your personal data, ice spa:
- collects and processes personal data that are adequate, relevant and not excessive, as required to meet the above purposes
- ensures that such personal data remains up-to-date, accurate and appropriately erased
Browsing data are deleted immediately after processing; at present, web contact data are not retained for more than 30 days.
Personal data are processed by computer and/or automated tools for the time strictly necessary to achieve the purposes for which they were collected. The data of the User who interacted through the section “Contacts” or “request for online services” will be erased after 12 months from the completion of the last useful contact.
Rights of the data subject
As Data Subject, you enjoy the rights under Art. 15 et seq. GDPR, namely the following rights:
- to obtain from the Data Controller confirmation as to whether or not your personal Data are being processed and, if so, to obtain access to the Personal Data and the following information: -the purposes of the processing; -the categories of Personal Data concerned; -the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular if they are recipients from third countries or international organizations; -where possible, the proposed storage period of Personal Data or, if this is not possible, the criteria used to determine that period -if the Data are not collected directly from the data subject, any available information on their source; -the existence of an automated decision-making , including profiling and, at least in such cases, significant information on the logic used, as well as the importance and the envisaged consequences of such processing for the data subject.
- to obtain from the Data Controller the rectification of your incorrect Personal Data without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal Data, even by providing a supplementary declaration.
- to obtain from the Data Controller the erasure of your Personal Data without undue delay, if any of the following reasons apply: (a) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws the consent on which the processing is based in accordance with GDPR Article 6(1)(a) or Article 9(2)(a), and if there is no other legal ground for the processing; (c) the data subject objects to the processing pursuant to Article 21(1) and there is no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to GDPR Article 21(2); (d) the Personal Data have been unlawfully processed; (e) the Personal Data must be erased for compliance with a legal obligation imposed by the Union or Member State law to which the Data Controller is subject; (f) the Personal Data have been collected in connection with the offer of information society services referred to in GDPR Article 8(1).
- to obtain from the Data Controller the restriction of the processing when one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the Personal Data; (b) the processing is unlawful and the data subject opposes the erasure of the Personal Data and requests the restriction of their use instead; (c) the Data Controller no longer needs the personal Data for processing purposes, but the Personal Data are necessary for the establishment, exercise or defence of legal claims; (d) the Data Subject has objected to the processing pursuant to GDPR Art. 21(1), pending the verification as to whether the legitimate grounds of the Data Controller prevail over those of the Data Subject.
- to receive in a structured, commonly used and machine-readable format your Personal Data provided to a Data Controller and transmit such Data to another Data Controller without hindrance from the Data Controller to which the Personal Data have been provided where: a) the processing is based on consent or on a contract; b) the processing is carried out by automated means. In exercising his or her rights in relation to Data portability, the data subject has the right to have the Personal Data transmitted directly from one Data Controller to another, where technically feasible.
- to object at any time, on grounds relating to your particular situation, to the processing of your Personal Data pursuant to GDPR Art. 6(1) (e) or (f), including profiling on the basis of those provisions.
- not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you similarly significantly affects you.
- to lodge a complaint with a supervisory authority.
For any need or to exercise the rights referred to in the preceding article write to the Data Controller of ice s.p.a. –via sicilia, 8/10 – 42122 reggio emilia or send an e-mail to firstname.lastname@example.org