Privacy and Cookie Policy

PRIVACY POLICY

This policy describes the procedures followed by DDFarma s.r.l (hereinafter also “DDFarma” or the “Data Controller” or the “Company”) in relation to the processing of the personal data collected via the website www.lazarusdrink.com (hereinafter the “Website”).

Unless otherwise specified, this policy is also valid as the note to be provided to those who interact with the Website (hereinafter the “User”) pursuant to Article 13 of EU Regulation no. 2016/679 (hereinafter the “GDPR”).

Detailed notes on the personal data processing are provided, where necessary, on the pages related to the individual services offered via the Website. These notes aim to define the limits and methods of the data processing for each service, based on which the User can freely express his or her consent where necessary and, if applicable, authorise the collection of the data and their subsequent processing.

Data Controller Data Processors.

The Data Controller is DDFarma s.r.l with registered office in Via Valcava 15, 20900 Monza (MB) , e-mail privacy@ddf.it, Ph. +39 039 461018.

The updated list of any Data Processors appointed is available from the Data Controller’s registered office.

Types of processed data.

The following types of data can be collected and processed via the Website:

browsing data;
personal data provided voluntarily by the User in the forms present within the Website.

Purposes and legal basis of the processing.

The personal data collected via the Website will be processed:

a) for managing the requests for information sent by the User and concluding a contract with the User in accordance with Article 6 (1) paragraph b;
b) for sending marketing communications about products and services via newsletter, e-mail, sms, mms, fax or similar means and/or by post or operator assisted telephone call;
c) for performing profiling activities instrumental to the execution of the activities described above in point b);
d) for the delivery of the products;
e) for sending communications with the aim of promoting and directly selling similar products or services to those you have already purchased (so-called “soft spamming”), without prejudice to your right to object at any time.

The processing of personal data for the purpose described in points a) and d) does not require the User’s consent since it is necessary in order to fulfil specific requests made by the Data Subject pursuant to Article 6, paragraph 1, point b) of the GDPR

The processing of personal data for the purposes described in points b) and c) require the User’s consent pursuant to Article 6, paragraph 1, point a) of the GDPR.

The processing of personal data for the purposes described in point e) does not require the User’s consent pursuant to Article 6, paragraph 1, point f) of the GDPR, since it is necessary for the pursuit of the legitimate interest of the Data Controller.

Data will also be processed with the aim of:

complying with tax regulations deriving from the exercise of the business activity;
fulfilling the obligations deriving from the exercise of the business activity previously described.

Data conferral and consequences of failure to confer data.

The conferral of a Data Subject’s personal data for the purposes specified above, necessary for points a) and d) for acting on a request, is optional and failure to confer the same will lead, as the sole consequence, to it being impossible for the Data Controller to manage and fulfil the Data Subject’s requests.

Data recipients and data recipient categories.

The Data can be made accessible, brought to the knowledge of or communicated to the following parties, who will be appointed by the Data Controller on a case-by-case basis as Data Processors or persons in charge of the processing:

a) companies of the group to which the Data Controller belongs (parent companies, subsidiaries and/or associates), employees and/or collaborators in any capacity of the Data Controller;
b) public or private parties, natural persons of companies used by the Data Controller for the performance of the activities conducive to the fulfilment of the above-mentioned purposes or to which the Data Controller is obliged to communicate the Data due to legal or contractual obligations;

Moreover the Data Controller shall disclose the Data with the Public authorities, in order to cooperate, on request, with the supervisory authority in the performance of its tasks and their official mission, such as tax and customs authorities, financial investigation units, independent administrative authorities.

In any case, the Data shall not be disseminated.

Retention period.

Data processing will be carried out for the period necessary to fulfil the task received. After the end of the processing, data will be retained for the duration of the contractual relationship, for the time necessary to define any accounting or administrative operation connected to the aforementioned purposes, and for fulfilling all tax obligations for 10 years following the termination of service, in compliance with the laws in force and as specified by Article 2220 C.C.

The data shall be retained for a maximum period of time equal to the period of limitation applicable from time to time for the rights that can be exercised by the Data Controller. In case of processing performed for the purposes of marketing, the data shall be retained for a maximum period of 24 months; for profiling purposes the data shall be retained for a maximum period of 12 months.

Rights of access, erasure, restriction and portability.

Data Subjects shall have the rights set forth in Articles 15 to 20 of the GDPR. For example, each Data Subject can:

a) obtain confirmation as to whether or not personal data concerning him or her are being processed;
b) access any personal data being processed and the information about the processing, and request a copy of the personal data;
c) have incorrect personal data corrected and incomplete personal data completed;
d) obtain the erasure of personal data concerning him or her where one of the grounds set forth by Article 17 of the GDPR applies;
e) obtain the restriction of the processing in the cases envisaged by Article 18 of the GDPR;
f) in the cases envisaged by Article 20 of the GDPR, receive the personal data concerning him or her in a structured, commonly used and machine-readable format and request that the data be transmitted to another controller, if technically feasible;
g) if the Data Subject’s consent is required for the processing of the personal data, revoke his or her consent to the processing of the personal data, without compromising the lawfulness of the processing performed based on consent granted prior to said revocation.

Right to object to the processing performed due to legitimate interest.

Each Data Subject can object at any time to the processing of their personal data for the purpose of pursuing a legitimate interest of the Data Controller. Should he or she object, their data will no longer be processed, unless there are legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

Right not to be subject to a decision based solely on automated processing (art.22 GDPR)

Each Data Subject have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.This shall not apply if the decision:
(a) is necessary for entering into, or performance of, a contract between the data subject and a data controller;
(b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
(c) is based on the data subject's explicit consent.
In the cases referred to in points (a) and (c), the data controller has implemented suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Right to object to processing performed for marketing purposes.

Each Data Subject is entitled to object at any time to the processing of his or her personal data performed for marketing purposes by writing an email to the address privacy@ddf.it. Objections to processing raised by these means also apply to the sending of marketing communications by post or operator-assisted telephone call, without prejudice to the possibility to exercise this right partially, for example by objecting only to the processing performed using automated communication systems.

Right to submit a complaint to the Italian Data Protection Authority.

Additionally, each Data Subject can submit a complaint to the Italian Data Protection Authority should he or she consider that their rights pursuant to the GDPR have been breached, using the methods indicated on the website of the Data Protection Authority, accessible at the address: www.garanteprivacy.it.

COOKIE POLICY

Cookies are small text files that the websites visited by a user send to his or her device where they are memorised and later sent back to the same sites when the user visits them again.

The Website uses both its own and third party technical cookies to improve the operating, analytics cookies collected anonymously to monitor the use of the site, for which the user's consent is not required.

Specifically, the cookies used in the Website can be placed in the following sub-categories:

- browsing or session cookies, which guarantee the normal browsing and use of the Website. As these are not saved on the user’s computer, they disappear when the browser is closed;

- analytics cookies, used to anonymously collect and analyse statistical information about the number of Website users and their visits;

- social widgets and plug-ins: some widgets and plug-ins provided by the social networks can use their own cookies to facilitate the interaction with the reference website.

The User can disable the cookies by modifying their browser settings based on the instructions provided by the relative providers at the links listed below.

Updates

This Privacy Policy will be subject to updates. The Data Controller therefore invites the Users who intend to learn about the ways of processing the personal data collected via the Website to regularly visit this page.

Cookies Necessary for the Functioning of the Store:

Name	Function
_ab	Used in connection with access to admin.
_secure_session_id	Used in connection with navigation through a storefront.
Cart	Used in connection with shopping cart.
cart_sig	Used in connection with checkout.
cart_ts	Used in connection with checkout.
cart_ver	Used in connection with shopping cart.
checkout_token	Used in connection with checkout.
Secret	Used in connection with checkout.
Secure_customer_sig	Used in connection with customer login.
storefront_digest	Used in connection with customer login.
_shopify_u	Used to facilitate updating customer account information.

Reporting and Analytics

Name	Function
_tracking_consent	Tracking preferences.
_landing_page	Track landing pages.
_orig_referrer	Track landing pages.
_s	Shopify analytics.
_shopify_fs	Shopify analytics.
_shopify_s	Shopify analytics.
_shopify_sa_p	Shopify analytics relating to marketing & referrals.
_shopify_sa_t	Shopify analytics relating to marketing & referrals.
_shopify_y	Shopify analytics.
_y	Shopify analytics.
tracked_start_checkout	Shopify analytics relating to checkout.

Cookies Necessary for the Functioning of the Sites

Name	Function
_Brochure_session	Used in connection with browsing through site.

Reporting and Analytics

Name	Function
_landing_page	Tracks landing pages.
_orig_referrer	Tracks landing pages.
_s	Shopify analytics.
_shopify_fs	Shopify analytics.
_shopify_s	Shopify analytics.
_shopify_sa_t	Shopify analytics relating to marketing & referrals.
_shopify_uniq	Shopify analytics.
_shopify_y	Shopify analytics.
_y	Shopify analytics.
ab_test_*	Shopify analytics.
cart_sig	Shopify analytics.
ki_r	Shopify analytics.
ki_t	Shopify analytics.