PRIVACY POLICY
This policy describes the procedures followed by DDFarma s.r.l (hereinafter also “DDFarma” or the “Data Controller” or the “Company”) in relation to the processing of the personal data collected via the website www.lazarusdrink.com (hereinafter the “Website”).
Unless otherwise specified, this policy is also valid as the note to be provided to those who interact with the Website (hereinafter the “User”) pursuant to Article 13 of EU Regulation no. 2016/679 (hereinafter the “GDPR”).
Detailed notes on the personal data processing are provided, where necessary, on the pages related to the individual services offered via the Website. These notes aim to define the limits and methods of the data processing for each service, based on which the User can freely express his or her consent where necessary and, if applicable, authorise the collection of the data and their subsequent processing.
Data Controller Data Processors.
The Data Controller is DDFarma s.r.l with registered office in Via Valcava 15, 20900 Monza (MB) , e-mail privacy@ddf.it, Ph. +39 039 461018.
The updated list of any Data Processors appointed is available from the Data Controller’s registered office.
Types of processed data.
The following types of data can be collected and processed via the Website:
Purposes and legal basis of the processing.
The personal data collected via the Website will be processed:
The processing of personal data for the purpose described in points a) and d) does not require the User’s consent since it is necessary in order to fulfil specific requests made by the Data Subject pursuant to Article 6, paragraph 1, point b) of the GDPR
The processing of personal data for the purposes described in points b) and c) require the User’s consent pursuant to Article 6, paragraph 1, point a) of the GDPR.
The processing of personal data for the purposes described in point e) does not require the User’s consent pursuant to Article 6, paragraph 1, point f) of the GDPR, since it is necessary for the pursuit of the legitimate interest of the Data Controller.
Data will also be processed with the aim of:
Data conferral and consequences of failure to confer data.
The conferral of a Data Subject’s personal data for the purposes specified above, necessary for points a) and d) for acting on a request, is optional and failure to confer the same will lead, as the sole consequence, to it being impossible for the Data Controller to manage and fulfil the Data Subject’s requests.
Data recipients and data recipient categories.
The Data can be made accessible, brought to the knowledge of or communicated to the following parties, who will be appointed by the Data Controller on a case-by-case basis as Data Processors or persons in charge of the processing:
Moreover the Data Controller shall disclose the Data with the Public authorities, in order to cooperate, on request, with the supervisory authority in the performance of its tasks and their official mission, such as tax and customs authorities, financial investigation units, independent administrative authorities.
In any case, the Data shall not be disseminated.
Retention period.
Data processing will be carried out for the period necessary to fulfil the task received. After the end of the processing, data will be retained for the duration of the contractual relationship, for the time necessary to define any accounting or administrative operation connected to the aforementioned purposes, and for fulfilling all tax obligations for 10 years following the termination of service, in compliance with the laws in force and as specified by Article 2220 C.C.
The data shall be retained for a maximum period of time equal to the period of limitation applicable from time to time for the rights that can be exercised by the Data Controller. In case of processing performed for the purposes of marketing, the data shall be retained for a maximum period of 24 months; for profiling purposes the data shall be retained for a maximum period of 12 months.
Rights of access, erasure, restriction and portability.
Data Subjects shall have the rights set forth in Articles 15 to 20 of the GDPR. For example, each Data Subject can:
Right to object to the processing performed due to legitimate interest.
Each Data Subject can object at any time to the processing of their personal data for the purpose of pursuing a legitimate interest of the Data Controller. Should he or she object, their data will no longer be processed, unless there are legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
Right not to be subject to a decision based solely on automated processing (art.22 GDPR)
Each Data Subject have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.This shall not apply if the decision:
(a) is necessary for entering into, or performance of, a contract between the data subject and a data controller;
(b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
(c) is based on the data subject's explicit consent.
In the cases referred to in points (a) and (c), the data controller has implemented suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Right to object to processing performed for marketing purposes.
Each Data Subject is entitled to object at any time to the processing of his or her personal data performed for marketing purposes by writing an email to the address privacy@ddf.it. Objections to processing raised by these means also apply to the sending of marketing communications by post or operator-assisted telephone call, without prejudice to the possibility to exercise this right partially, for example by objecting only to the processing performed using automated communication systems.
Right to submit a complaint to the Italian Data Protection Authority.
Additionally, each Data Subject can submit a complaint to the Italian Data Protection Authority should he or she consider that their rights pursuant to the GDPR have been breached, using the methods indicated on the website of the Data Protection Authority, accessible at the address: www.garanteprivacy.it.
COOKIE POLICY
Cookies are small text files that the websites visited by a user send to his or her device where they are memorised and later sent back to the same sites when the user visits them again.
The Website uses both its own and third party technical cookies to improve the operating, analytics cookies collected anonymously to monitor the use of the site, for which the user's consent is not required.
Specifically, the cookies used in the Website can be placed in the following sub-categories:
- browsing or session cookies, which guarantee the normal browsing and use of the Website. As these are not saved on the user’s computer, they disappear when the browser is closed;
- analytics cookies, used to anonymously collect and analyse statistical information about the number of Website users and their visits;
- social widgets and plug-ins: some widgets and plug-ins provided by the social networks can use their own cookies to facilitate the interaction with the reference website.
The User can disable the cookies by modifying their browser settings based on the instructions provided by the relative providers at the links listed below.
Updates
This Privacy Policy will be subject to updates. The Data Controller therefore invites the Users who intend to learn about the ways of processing the personal data collected via the Website to regularly visit this page.
Cookies Necessary for the Functioning of the Store:
Name |
Function |
_ab |
Used in connection with access to admin. |
_secure_session_id |
Used in connection with navigation through a storefront. |
Cart |
Used in connection with shopping cart. |
cart_sig |
Used in connection with checkout. |
cart_ts |
Used in connection with checkout. |
cart_ver |
Used in connection with shopping cart. |
checkout_token |
Used in connection with checkout. |
Secret |
Used in connection with checkout. |
Secure_customer_sig |
Used in connection with customer login. |
storefront_digest |
Used in connection with customer login. |
_shopify_u |
Used to facilitate updating customer account information. |
Reporting and Analytics
Name |
Function |
_tracking_consent |
Tracking preferences. |
_landing_page |
Track landing pages. |
_orig_referrer |
Track landing pages. |
_s |
Shopify analytics. |
_shopify_fs |
Shopify analytics. |
_shopify_s |
Shopify analytics. |
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
_shopify_y |
Shopify analytics. |
_y |
Shopify analytics. |
tracked_start_checkout |
Shopify analytics relating to checkout. |
Cookies Necessary for the Functioning of the Sites
Name |
Function |
_Brochure_session |
Used in connection with browsing through site. |
Reporting and Analytics
Name |
Function |
_landing_page |
Tracks landing pages. |
_orig_referrer |
Tracks landing pages. |
_s |
Shopify analytics. |
_shopify_fs |
Shopify analytics. |
_shopify_s |
Shopify analytics. |
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
_shopify_uniq |
Shopify analytics. |
_shopify_y |
Shopify analytics. |
_y |
Shopify analytics. |
ab_test_* |
Shopify analytics. |
cart_sig |
Shopify analytics. |
ki_r |
Shopify analytics. |
ki_t |
Shopify analytics. |