This Privacy Policy is made pursuant to Article 13 of European Regulation N.679/2016 and applies exclusively to all Data collected through www.dermolab.it website. This Privacy Policy is subject to updates that will be published on the Website on a timely basis. This Privacy Policy and the Cookie Policy, establish the basis on which the Personal Data of the Data Subject will be processed.

Data Controller

The Data Controller of the Data collected by this Website is Deborah Group S.r.l., Via Solferino n.7, 20121 Milano email: privacypolicy@sodalisgroup.com.

Data Protection Officer (DPO)

The Data Controller has appointed a DPO pursuant to Articles 37-39 of the GDPR, whose name and reference can be found at the Data Controller. To contact the DPO, e-mail: stefano.modena@assiteca.it

Web platform

WordPress is an open source platform or rather a programme that, running server-side, allows the creation and distribution of an Internet site made up of text or multimedia content, which can be managed and updated dynamically. Personal Data processed: surname; Usage Data; email; billing address; shipping address; payment information; device information; name; phone number; Tracking Tool. Place of processing: Ireland – Privacy Policy

Personal Data

Personal Data means any information concerning an identified or identifiable natural person (Data Subject). An identifiable natural person is any natural person who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, one or more characteristic elements of his/her physical identity.

Category of Personal Data processed

The Personal Data processed by this Website, either independently or through third parties, includes Common Data such as:

• Personal data (such as name and surname);
• Contact data (e-mail and telephone number);
• Geo-localisation data (including ‘IP’ addresses);
• Internet browsing data (including data from the use of social icons and social login buttons – e.g. Facebook, Instagram, TikTok) collected via cookies installed on your computer or mobile device (for more information please consult the Cookie Policy);
• If a request is sent via the ‘Contact’ section of the Site, the provision of certain Personal Data is necessary for the Controller to be able to fulfil the requests, therefore the relevant fields of the registration form are marked as mandatory;
• In addition to the aforementioned categories of Personal Data, further data directly conferred by the Data Subject (the so-called ‘Contributions’) and shared on the pages of Social Networks such as likes, comments, images and in general any content and information that you may have published on the Social Network pages of the Data Controller may be processed;
• Cookies and Usage Data;
• Personal cookie preferences.
  

Methods of Processing Personal Data

The Personal Data provided or acquired will be processed in accordance with the principles of correctness, lawfulness, transparency and protection of confidentiality pursuant to the laws in force. The Data Controller processes the Personal Data of Users by adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of Personal Data. Processing is carried out using computer and/or telematic tools, with organisational methods and logics strictly related to the purposes indicated.

Purpose of Processing of Personal Data and Legal Basis

Personal Data may be collected autonomously by the Data Controller or through third parties. In this case, the computer systems and software procedures used to operate this Website acquire certain Personal Data of the Users, of a technical-informatics nature (e.g. the IP address, the type of browser used, the operating system, the domain name and addresses of the websites from which access or exit was made, etc.), the transmission of which is inherent to the normal operation of the Internet. Such Data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the site and/or to check its correct functioning and will be deleted immediately after processing.
The Data that the Data Subject chooses to voluntarily provide will be processed in compliance with the conditions of lawfulness pursuant to Article 6 GDPR and will be processed to enable the Website to provide its services, as well as for the Purposes indicated below and will be kept for the time necessary for the fulfilment of the aforesaid Purposes.
The Purposes of the processing are:

1) Responding to requests and providing information
The Data will be processed in order to be contacted or to follow up on specific requests made to the Data Controller by the Data Subject for communications of a nature relating to the Services and/or Content of the Data Controller itself, by e-mail or other communication tools such as telephone.
Legal basis: this processing is optional and based on the consent of the Data Subject, but the provision of the Data is necessary for the pursuit of the stated purpose.
Period of data retention: until consent is revoked by the data subject.

2) Statistics
The Data will be processed to perform statistical analysis on aggregated and anonymous data to analyse the behaviour of the Data Subject in order to improve the products and services provided by the Data Controller and to meet the Data Subject’s expectations.
Legal basis: this processing is based on the consent freely given by the data subject.
Period of data retention: until consent is revoked by the data subject.

3) Profiling
Data will be processed for the analysis and evaluation of interests, habits, consumption choices, including the creation of profiles in order to be able to send personalised information and promotional material on the Services offered by the Data Controller.
Legal basis: this processing is based on the consent freely given by the Data Subject pursuant to Article 6(1)(A) of the GDPR.
Period of data retention: until consent is revoked by the data subject.

Data Communication

In addition to the Data Controller, in some cases, they may have access to the Data:
a) categories of specially trained employees involved in the organisation of the website (administrative, sales, marketing, legal, system administrators);
b) external parties (such as third party technical service providers, hosting providers, IT companies, communication agencies) also appointed as Data Processors by the Controller pursuant to Article 28 GDPR. The updated list of Data Processors, if appointed, can always be requested from the Data Controller;
c) public or private entities that can access the Data in compliance with legal obligations;
d) subjects that perform ancillary and instrumental tasks with respect to the Controller’s activity.

Data Processing Times

As expressly provided for in Article 5(1)(e) of the GDPR, Data are kept for the time necessary for the Processing of the same in relation to the performance of the service requested by the Data Subject, or required by the Purposes described above in this document.
At the end of the retention period, Personal Data will be deleted, and therefore, the rights of access, deletion, rectification and portability of Data can no longer be exercised.

Cookies

This Website uses cookies. Cookies are small text files that can be used by websites to make the experience more efficient for you and to personalise content and ads, provide social networking features and traffic analysis. Cookie Policy

Place of Processing and Transfer of Data Abroad

The Data are processed at the operational headquarters of the Data Controller. For further information, please contact the Data Controller. The Data may be processed by natural persons and/or legal entities operating on behalf of the Controller and under specific contractual obligations and based in EU or non-EU countries. In the event that the Data is transferred outside the EEA, the Controller will take all appropriate contractual measures to ensure adequate protection of the Data.

Exercise of data subject’s rights

The Data Subject has the right to exercise the faculties provided for in Articles 7, 15-22 of European Regulation 679/2016. In particular, he/she has the right to revoke his/her consent at any time and, upon simple request to the Data Controller, he/she may request access to the Personal Data, receive the Personal Data provided to the Data Controller and, where possible, transmit it to another Data Controller without hindrance (so-called portability), obtain the updating, limitation of the processing, rectification of the Data and the deletion of the Data processed in breach of the applicable legislation. He/she has the right, for legitimate reasons, to object to the Processing of Personal Data concerning him/her and to the Processing for the purpose of sending advertising material, direct sales and for carrying out market research. He/she also has the right to lodge a complaint with the Garante della Privacy as supervisory authority for the protection of personal data or to take legal action. The interested party may exercise his or her rights by contacting the Data Controller by e-mail at: privacypolicy@sodalisgroup.com.

Tools used for the Processing of Personal Data

EMAIL ADDRESS MANAGEMENT
These services allow for the management of a database of email contacts, telephone contacts or any other contacts used to communicate with the Data Subject. These services may also collect data on the date and time of viewing of messages by the Data Subject, as well as on the Data Subject’s interaction with them, such as information on clicks on links in messages.

STATISTICS
Statistical services only allow the Data Controller to monitor and analyse traffic data and serve to keep track of the behaviour of the Data Subject. This Website uses the following services:

Google Analytics 4 (Google Ireland Limited)
Google Analytics is an analysis service provided by Google LLC. Google uses the Personal Data collected in order to track and examine the use of this Website, compile reports and share them with other services developed by Google. Google may use the Personal Data to contextualise and personalise the advertisements of its advertising network. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. In Google Analytics 4, IP addresses are used at the time of collection and then deleted before the data is stored in any data centre or server. To find out more, you can consult Google’s official documentation. At the following link https://tools.google.com/dlpage/gaoptout?hl=it the browser add-on for deactivating Google Analytics is made available by Google. Personal data collected: Cookies and Usage Data. Place of processing: USA – Ireland Privacy Policy

Facebook pixel conversion monitoring (Meta Platforms, Inc.)
The Facebook conversion tracking (Facebook pixel) is a statistics service provided by Facebook. The Facebook pixel monitors conversions that can be attributed to Facebook advertisements. Personal data collected: Cookie; Usage data. Place of processing: Ireland – Privacy Policy.

Instagram pixel conversion monitoring (Meta Platforms, Inc.)
The Instagram conversion tracking (Instagram pixel) is a statistics service provided by Meta Platforms, Inc. The Instagram pixel monitors conversions that can be attributed to Facebook ads. Personal Data Collected: Cookies; Usage Data. Place of processing: Ireland – Privacy Policy

Google Search Console (Google Ireland Limited)
Is an analysis service provided by Google Ireland Limited. Google uses the Personal Data collected in order to track and examine the use of this Website, compile reports and share them with other services developed by Google. Google may use the Personal Data to contextualise and personalise the ads on its advertising network. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Personal Data collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

TAG MANAGEMENT

Google Tag manager (Google Ireland Limited)
Google Tag manager is a service that allows you to manage and monitor all the third-party tags on the Website in order to obtain information on the interest shown by Users towards the Website itself and consequently on the quality of the content. Personal Data collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

INTERACTION WITH SOCIAL NETWORKS

These services allow interactions with social networks directly from the pages of this Website. The interactions and information acquired by this Website are in any case subject to the privacy settings of the Data Subject related to each social network. In case a social network interaction service is installed, it is possible that, even if Users do not use the service, it collects traffic data related to the pages where it is installed.

Facebook (Meta Platforms, Inc.)
Facebook buttons are interaction services with the social network Facebook, provided by Meta Platforms, Inc. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

Instagram (Meta Platforms, Inc.)
Instagram buttons are services for interaction with the social network Instagram, provided by Meta Platforms, Inc. Personal Data collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

Tik Tok (TikTok Technology Limited)
Tik Tok buttons are social networking interaction services provided by TikTok Technology Limited. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy

REMARKETING AND RETARGETING
These services allow this Website to communicate, optimise and serve advertisements based on the User’s past use of this Website. This activity is carried out through the tracking of Usage Data and the use of Cookies. This Website uses the following services:

Facebook Remarketing (Meta Platforms, Inc.)
Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, which links the activity of this Website with the Facebook advertising network. This Website makes use of the Facebook Pixel tool in order to measure conversions. Thanks to the Facebook Pixel, you can understand the actions that people perform on the Website. The Data that is collected can be used for:
– ensure that advertisements are shown to the right people;
– create target audience groups for advertisements;
– take advantage of the additional advertising tools of the platform on which you advertise.
The information collected is anonymous to the operators of this Site and cannot be used to identify an individual Data Subject. However, the information is stored and analysed by Facebook, which may link the action back to an individual profile and use this information for internal Facebook advertising purposes, as outlined in Facebook’s privacy policy. This will allow Facebook to show advertisements both on Facebook and on third-party sites. The Site Owner has no control over how this data is used. For more information on how users can protect their privacy, please refer to Facebook’s privacy policy.

Facebook Forms (Meta Platforms, Inc.)
Facebook Forms is a service provided by Facebook. The service allows you to create a campaign with an advertising objective Contacts in Ad Management, you can select interactive forms as the place of conversion. Interactive forms are designed to help generate and qualify contacts by asking people to fill out a form. The Site Owner has no control over how this data is used. For more information on how users can protect their privacy, please refer to Facebook’s Privacy Policy.

Google ADS
Google ADS is a service provided by Google Ireland Limited that links this Website with Google’s advertising network. This website makes use of the Remarketing functionality of Google Analytics combined with the device adaptability of Google ADS. This functionality makes it possible to link target groups for promotional campaigns created by the Marketing function of Google Analytics with the adaptability to different Google ADS devices. This makes it possible to show advertisements based on the Data Subject’s personal interests, identified by an analysis of the Data Subject’s web behaviour, whether on a mobile device or on other devices. You can permanently disable the targeting and remarketing functions by disabling the ‘personalised advertising’ function in your Google account. To do so, simply follow this link: https://www.google.com/settings/ads/onweb/ Personal data collected: Cookies and Usage data. Place of processing: Ireland – Privacy Policy

Instagram Remarketing (Meta Platforms, Inc.)
Instagram Remarketing is a Remarketing and Behavioral Targeting service provided by Meta Platforms, Inc. which links the activity of this Website with the Instagram advertising network. This Website makes use of the Pixel tool in order to measure conversions and understand the actions that people perform on the Website. The information collected is anonymous to the operators of this Website and cannot be used to identify an individual Data Subject. However, the information is stored and analysed by Facebook, which may link the action back to an individual profile and use this information for internal Facebook advertising purposes, as outlined in Facebook’s privacy policy. For more information on how users can protect their privacy, please refer to Instagram’s privacy policy.

TikTok Ads (TikTok Technology Limited)
TikTok Ads is a Remarketing and Behavioral Targeting service provided by (TikTok Technology Limited) that links the activity of this Website with the TikTok advertising network. This Website makes use of the Pixel Tracking tool in order to measure conversions and understand the actions people take on the Website. For more information on how users can protect their privacy, please refer to the TikTok Privacy Policy.

CONTENT ON EXTERNAL PLATFORMS
These services make it possible to display content hosted on external platforms directly from the pages of this Website and to interact with them.
If a service of this type is installed, it is possible that, even if Users do not use the service, it may collect traffic data relating to the pages where it is installed.
This Web Site uses:

Youtube (Google Ireland Limited)
Youtube is a video content display service operated by Google that allows this Website to integrate such content into its pages. Personal data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy

Google Maps
Google Maps is a map display service operated by Google that enables this website to integrate such content into its pages. Personal data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by publicising them to Users on this page. Therefore, please consult this page often, taking as reference the date of last modification indicated at the bottom. If you do not accept the changes made to this Privacy Policy, you must cease using this Web Site and you may request the Data Controller to remove your Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to the Personal Data collected up to that point. The Data Controller is not responsible for updating all the links displayed in this Privacy Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they shall always refer to the document and/or section of the websites referred to by such link.

Privacy Policy updated to April 2024