Italy
Privacy Policy
Privacy Policy AQUAVIVA ITALIA S.R.L.
I. FULL NAME AND ADDRESS OF THE CONTROLLER
The controller in terms of the EU General Data Protection Regulation and other related national laws of EU member states, along with any other applicable data protection legal requirements:
Компания AQUAVIVA ITALIA S.R.L.
Via Ausa, 117
Provincia Rimini (RN) 47853 Coriano (RN);
Tel.: +390549941140
E-mail: info_it@siberianhealth.com
Директор: Enzo Georgi
II . GENERAL INFORMATION ON PERSONAL DATA PROCESSING
- Personal data processing extent
- Legal basis for personal data processing
- Data removal and storage duration
- Recipient categories
We collect and use our users' personal data only to the extent necessary to provide a functional website, our content, and service. The collection and use of our users' personal data is generally carried out with the user's consent.
Exceptions apply in cases where obtaining prior consent is not possible due to factual circumstances, and data processing is authorized by applicable legislation.
In the event of consent to the processing of personal data by the data subject, the legal basis is Article 6, paragraph 1, letter A of the EU General Data Protection Regulation (GDPR). When data processing is essential to perform a contract involving the data subject, the legal basis is Article 6, paragraph 1, letter B of the EU General Data Protection Regulation (GDPR). This also applies to processing operations that are necessary to take actions prior to entering into a contact.
If the processing of personal data is required to fulfill a legal obligation of our company, Article 6, paragraph 1, letter C of GDPR serves as the legal basis. In cases where processing is crucial to protect the vital interests of the data subject or another individual, Article 6, paragraph 1, letter D of GDPR applies. For processing necessary to protect legitimate interests of the company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override those interests, the legal basis is Article 6, paragraph 1, letter F of GDPR.
Personal data of the data subject shall be deleted or blocked as soon as the reason for storage no longer exists. Retention may also continue if required by European or national legislation, directives, laws, or other regulatory acts applicable to the controller. Data blocking or erasure will also take place upon the expiration of the legally prescribed storage period, unless further storage of the data is necessary for the conclusion or performance of a contract.
Unless otherwise indicated, the recipient of personal data processed through our website is the controller and/or responsible entity (see clause I of this privacy policy). The data is not shared with third parties. The transfer of data to third parties, however, shall only be carried out in compliance with the requirements of the GDPR, as well as any other applicable data protection legislation, where such transfer is necessary for the performance of a contract concluded through our website (including preparation for the contract conclusion, contract execution, and contract formalization) or is required by applicable law (in each case, within the limits prescribed by the relevant legal provisions and taking into account the potentially affected interests of other parties). This may include situations such as criminal investigation. Such transfer of data shall also be carried out where valid consent has been provided.
III. WEBSITE USAGE AND LOG FILE CREATION
- Data processing description and extent
- Information on the type of web browser and its version used;
- User's operating system;
- User's IP address;
- Device type;
- Date and time of access;
- Websites from which the user’s system was referred to ours.
- Legal basis for data processing
- Storage duration
- Right to withdraw consent and request erasure
Each time our website is visited, our system automatically collects data and information from the computer system used to access the page.
In this process, the following data is collected:
The temporary storage of data and log files is based on Article 6, paragraph 1, letter F of GDPR.
Purpose of data processing.
The temporary storage of IP addresses is required to make it possible to transfer the website content to the user's device. For this, the user's IP address is stored only for the duration of the session. Data stored in log files ensures the website's functionality. Additionally, the data helps us optimize the website and secure our IT systems. The data is not evaluated for marketing analysis.
The processing fulfills our legitimate interest as established in Article 6, paragraph 1, letter F of GDPR.
Data is removed as soon as it is no longer necessary for the intended collection purpose. For website usage data, this occurs upon session termination. For log file data, it is deleted within seven days after collection. Extended storage beyond this period is possible. In this case, user IP addresses are deleted or anonymized to prevent being linked back to the user.
Data collection is necessary to provide website usage, while storing data in log files is essential for the website operation. Therefore, users cannot object to this data processing.
IV. COOKIES USAGE
- a) Data processing description and extent
Our website uses cookies. Cookies are text files stored inside the browser program or by the browser on the user's computer system. When visiting the website, a cookie may be saved in the user's operating system. This file contains a unique combination of characters that helps the browser to be identified upon subsequent visits to the website.
We use cookies to make our website more user-friendly. Certain features require the browser to be recognized when navigating between pages. Cookies store and share the following data:
Language settings.
We also use cookies to analyze user behavior on our website.
The following data may be transferred:
The referrer if the user comes through a referral link.
All collected user data is pseudonymized using technical methods. Linking data back to the user is no longer possible. The data is not stored together with other personal user data. - b) Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6, paragraph 1, letter F of GDPR.- c) Data processing purpose
The purpose of using technically necessary and functional cookies is to make the website easier to navigate. Some website features cannot be provided without the cookies usage, as the browser must be recognized when navigating to a new page.
Cookies are required for the following uses:
We use cookies that are technically or functionally essential. By using our website, the following cookies are stored for the specified duration:
location Stored the selected city 1 year mentorContract Sets the Mentor's Registration number from the referral link 2 days mentorFullName Fills in Mentor's full name from the referral link 2 days nutritionVipCandidate Fills in the Mentor during the registration, when nutrition products are in the cart 1 months sibvaleoSIN Unified authentication across all Company Internet resources 1 day cardAttemptFailedFastExpire Limits the time for inputting bank card details and passwords 10 min. cookieVersion Keeps cookies updated and current 1 year tabletVersion Identifies device type Adjusts the appropriate page layout 30 days actionsPromptDisplayed Displays a notification about product participation in promotions 30 days showThresholdModal Displays a notification about product participation in promotions 1 day countryDeliveryCode Determines the country of delivery to display appropriate prices 1 session geoPosition Determines the selected city if user has allowed the browser to use geolocation 7 days shopenSIN Retains user login data when navigating between pages 2 months cookieAgreement Logs user's consent for the use of cookies 1 year
For these purposes, the personal data processing fulfills our legitimate interest as established in Article 6, paragraph 1, letter F of GDPR.- d) Data storage duration, right to withdraw consent and request erasure
Cookies are stored on the user's computer and sent to our website. This gives you as a user full control over cookies. By adjusting settings in your browser, you can disable or limit the transmission of cookies. Previously saved cookies can be deleted at any time. This can also happen automatically. If cookies are disabled for our website, some website features may not work properly.
V. MAILOUT
- Data processing description and extent
- IP address of the computer used to connect;
- Registration date and time;
- Country;
- Town/city;
- Last name, first name;
- Gender;
- Telephone number;
- Date of birth; li>
- Mentor's last name;
- Identity document information.
- Legal basis for personal data processing
- Purpose of data processing
The collection of users' e-mail addresses is necessary for sending newsletters. Additional personal data retained during registration is used to prevent misuse of services and e-mail addresses. - Storage duration
- Right to withdraw consent and request erasure
On our website, you can sign up for a free newsletter subscription. Upon registration for the mailout, the data entered in the fields is sent to us. Your e-mail address is saved and used for this purpose.
Additionally, the following data is collected during the registration:
No personal data collected for mailout delivery is shared with the third parties. The data is only used to send the mailout.
The personal data processing following newsletter subscription is legal with the user's consent under Article 6, paragraph 1, letter A of GDPR.
Data is removed as soon as it is no longer necessary for the intended collection purpose. E-mail addresses are kept as long as the newsletter subscription is active. Other registration data is usually deleted after seven days.
Users may unsubscribe from the newsletters at any time. Each newsletter contains an unsubscribe link. This also allows you to cancel consent and retain your personal data collected during the registration.
VI. REGISTRATION
- Data processing description and extent
- E-mail;
- IP address of the computer used to connect;
- Registration date and time;
- Country;
- Town/city;
- Last name, first name;
- Gender;
- Telephone number;
- Date of birth;
- Mentor's last name;
- Identity document information.
- User's IP address;
- Registration date and time.
- Legal basis for data processing
- Purpose of data processing
- Storage duration
- Right to withdraw consent and request erasure
The user has the option to register when providing personal data on our website. The data entered during this process is sent to us and stored; no data is shared with the third parties. The following data is collected during the registration:
The legal basis for data processing with user's consent is Article 6, paragraph 1, letter A of GDPR. Otherwise, the legal basis for data processing is Article 6, paragraph 1, letter F of GDPR.
User registration is required to perform contracts with the user or to carry out pre-contractual actions. On our website, you can register to open a Client account to use our services. This may include both contractual relationships (provision of independent services) and the purchase of goods. This constitutes our legitimate interest.
Personal data is removed as soon as it is no longer necessary for the intended collection purpose. During the registration for contract fulfillment or pre-contractual actions, this shall applies if the data is no longer required for the performance of the contract. After the contract is concluded, data may still be stored to fulfill contractual obligations or to comply with applicable law.
As a user, you may cancel your registration anytime and request changes to your stored data. You may submit your objection and/or request for erasure to us in any form (e.g., by phone or e-mail). Upon receiving such a request, your account will be deleted or modified accordingly. If the data is necessary for the performance of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible to the extent that contractual or statutory obligations do not preclude such deletion.
VII. FEEDBACK AND E-MAIL INQUIRES
- Data processing description and extent
- Last name, first name;
- Registration number;
- Phone number;
- e-mail;
- Your inquiry typed in the "Message text" field.
- User's IP address;
- Registration date and time.
- Legal basis for data processing
- Purpose of data processing
- Storage duration
- Right to withdraw consent and request erasure
Our website features a feedback form which allows you to send us electronic inquires. The data you provide is sent to us and stored. This includes:
You may also contact us via the provided e-mail. In such cases, personal user data received via e-mail is stored. No data is shared with third parties. It is only used for handling your inquiry.
The legal basis for data processing with user's consent is Article 6, paragraph 1, letter A of GDPR. The legal basis for data processing received during e-mail messaging is Article 6, paragraph 1, letter F of GDPR. If an e-mail message (as in the case of the feedback form) is aimed at concluding a contract, then an additional basis for processing is Article 6, paragraph 1, letter B of GDPR.
Personal data processing collected via feedback form is necessary for handling your inquiry. When contacting us by e-mail, we ensure the protection of your rights regarding personal data processing. Other data collected during submission is required to protect the feedback form from misuse and to secure our IT systems. This also constitutes our legitimate interest in retaining such data.
Data is removed as soon as it is no longer necessary for the intended collection purpose. For personal data from the feedback form or e-mail, this applies once the corresponding communication with the client is concluded. It is considered to be completed when the issue has been fully resolved. Additional data collected during the submission is deleted within seven days.
This does not apply to cases where the data provided to us pertains to the preparation, execution, and formalization of contractual relationships, and its further retention is necessary under the requirements of personal data protection legislation. In such cases, the retention periods are determined by the requirements of applicable law or the contractual relationship.
Users may withdraw their consent to personal data processing at any time. If the user has contacted us via e-mail, they may object to the retention of their personal data at any time. In this case, it will prevent further communication.
Withdrawal can be sent to us at any time in any form, for example, by phone or e-mail. All personal data collected during the correspondence will be deleted. This does not apply to cases when the information provided is required for the contract preparation, fulfillment, or conclusion and where continued storage is necessary under the provisions of personal data protection legislation.
VIII. DOUBLE CLICK
- Personal data processing extent
- Your browser type;
- Product search keywords;
- Previously visited web pages.
- Legal basis for personal data processing
- Purpose of data processing
- Storage duration
- Right to withdraw consent and request erasure
We use Google Inc's Double Click software (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyze users' behavior on our website. This software helps us effectively show advertising materials and banners tailored to your interests and behavior while using the website. Inc.'s personal data protection provisions . The software places one or more cookie files on the user’s end device (we have already described cookies above), which help identify which advertising links the user clicks on. When accessing certain website pages, the following data is stored without linking it to the user:
Google is certified under the EU/US Privacy Shield, ensuring (in accordance with EU/EEA requirements) an adequate level of personal data protection is maintained when data is transferred outside the EU/EEA to the USA (https://policies.google.com/privacy/frameworks).
The use of Google Ad Exchange Buyer software is legally based on Article 6, paragraph 1, letter F of GDPR, Article 45 of GDPR, and the EU/US Privacy Shield.
Processing users' personal data allows us to analyze user behavior while browsing web pages. By analyzing this data, we can appropriately create our advertising materials and ads, as well as perform statistical analysis of their effectiveness. This enables us to continuously improve our website and enhance its usability. For these purposes, the personal data processing fulfills our legitimate interest as established in Article 6, paragraph 1, letter F of GDPR. By anonymizing the IP address to a sufficient degree, the users' interest in the protection of their personal data is adequately safeguarded.
Data collected from using our website is deleted automatically by Google Analytics after 14 months. Expired data is deleted automatically once a month. Otherwise, data is stored only as needed for service operation.
As a user, you have a full control over the cookies used by Google within the Services Ad Exchange Buyer. By adjusting settings in your browser, you can disable or limit the transmission of cookies. Cookies previously stored can be deleted at any time, including automatically. If cookies are disabled for our website, some website features may not work properly. You can also set your browser to block cookies from the googleadservices.com domain while still allowing cookies from other providers.
By adjusting the security settings of the web browser you use, you can prevent cookie files from being stored on the devices it operates on; however, this may lead to limitations in browsing web pages.
IX. SOCIAL NETWORKS
- Data processing description and extent
- Legal basis for data processing
- Purpose of data processing
- Storage duration
- Right to withdraw consent and request erasure
You can reach our social media pages through our website (hereinafter referred to as "Social network"):
(1) Facebook is a social network operated by Facebook Ireland Limited Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland. We have integrated a page for our Company on Facebook.
(2) Instagram is a social network operated by Instagram LLC 1601 Willow Rd, Menlo Park, CA, USA. Our Company has created a page on Instagram's platform.
By clicking on a link (hyperlink) on our website page, leading to a social network page, you are directed to the social network operator's platform. To access our page, you must log into your account on that social network. In this case, if applicable, we may access your public information and any data you share publicly for applications within that network. Public data can be viewed by anyone. Such information includes, in particular, your first and last name, profile details, cover images and photos, gender, username (also known as Facebook URL on Facebook), comments, and posts (user-generated content). According to agreements between the operators of these social networks, information exchange may also occur between the respective social networks. For example, on Pinterest, when you sign up using your Facebook or Google account, your data may be shared between those services under their agreements. Decisions regarding specific provisions on personal data processed within the social network are made by the social network operator in accordance with your contractual relationship with them, the relevant terms and conditions, and the data protection laws and regulations to which reference is made. The latter can be viewed on the social network's page. Such data is used and processed by us only within the social network, according to the functions and procedures provided there. Personal data used by us in our Facebook presence is not shared with third parties.
According to its own disclosures, Facebook (https://it-it.facebook.com/privacy/policies/data_privacy_framework/ has been certified under EU/US Privacy Shield, in accordance with EU/EEA requirements to ensure proper personal data protection (https://policies.google.com/privacy/frameworks) when transferring data outside the EU/EEA to the USA.
The legal basis for data processing with user's consent is Article 6, paragraph 1, letters A and F of GDPR.
We use your personal data to provide services within the social network, to regularly review and optimize the services offered there, as well as the presentation of our page. This constitutes the lawfulness of data processing. Any use beyond this scope occurs only when there is valid consent or obligations under applicable law.
Data is stored as long as it remains on our social network page and until the latter is deleted/closed.
The user may withdraw consent to the processing of their personal data at any time via e-mail, postal mail, fax, or phone. Besides, you may use the feedback form or contact details provided in the "Contacts" section of our website, as well as the contact information placed next to the feedback form.
All personal data collected during your use of our social network services will be deleted unless provisions of personal data protection legislation that require the retention of certain data preclude such deletion.
You can also adjust your social network account settings to cancel or restrict the linkage of your data to our Internet-based services.
X. E-SHOP
- Data processing description and extent
- Last name, first name;
- Bank card number;
- Bank card expiration date;
- Security code (if required););
- Address (if required);
- Purchase total (including all related fees).
- Legal basis for data processing
- Purpose of data processing
- Data storage duration
- Right to withdraw consent and request erasure
(1) When placing an order via our E-shop (details of which are described on our website), we collect your personal data that you enter into the required fields on our website, to the extent necessary for the contract conclusion, fulfillment, or processing for the purchase of specific products available in our E-shop. br> For this purpose, you may fill in details using the data entry form – your data will be stored by us once submitted (see the "Registration" section above).
(2) By concluding a Sales and Purchase Agreement through our E-shop, you may also choose a payment method that suits you. The payment service provider of the company that issued your bank card receives the following data:
The legal basis for data processing with user's consent is Article 6, paragraph 1, letter A of GDPR. The legal basis for processing data related to the conclusion, execution, or fulfillment of a contract is Article 6, paragraph 1, letter B of GDPR.
The purpose of data processing is to prepare, perform, and formalize contractual relations with you, concluded via our online platform or any platform through which the contract is intended to be concluded. This processing is based on legitimate interest.
We delete data used for contract preparation, execution, or fulfillment in compliance with legal retention requirements as outlined by tax or commercial laws. Additionally, data is deleted once it is no longer needed for the contract.
You do not have the right to withdraw consent or request the erasure of data processed during E-shop transactions, as outlined in Article 21 of the GDPR.
XI. RIGHTS OF INTERESTED PARTY
In accordance with GDPR, you are considered a data subject when your personal data is being processed. Pursuant to the requirements of applicable law, you are granted the following rights in relation to the data controller:
- Right to access information
- Right to rectification
- Right to restrict processing
- Right to erasure
- Right to notification
- Right to data portability
- Right to object
- Right to withdraw the consent under data protection legislation
- Automated decision-making in individual cases, profiling
- Right to lodge a complaint with a supervisory authority
You may request that the data controller provide a statement detailing which of your personal data are being processed by us.
If processing is carried out, you can request the following details from the data controller:
(1) The purposes of data processing;
(2) The categories of personal data being processed;
(3) The recipients or a group of recipients to whom your personal data have been or will be disclosed;
(4) The planned storage period of your data, or if the specific details cannot be provided, the criteria used to determine the duration;
(5) Information on your right to rectify or erase personal data about you, to restrict its processing by the controller, or to object to such processing;
(6) Information on your right to lodge a complaint with a supervisory authority;
(7) All available information about the origin of the data, if it was not collected from the data subject;
(8) Whether automated decision-making, including profiling, is being used (according to Article 22, paragraphs 1 and 4 of the GDPR) and information about the necessity of such processing for the data subject.
You are also entitled to receive written confirmation about whether your personal data is transferred to another country or to international organizations. In this regard, you may request details on the appropriate safeguards pursuant to Article 46 of GDPR in relation to the data transfer.
You have the right to have your personal data rectified and/or supplemented if it is inaccurate or incomplete. The data controller is obligated to take immediate actions to update the information.
You can request the restriction of your personal data processing in the following cases:
(1) If you contest the accuracy of your personal data, for a period enabling the controller to verify their accuracy;
(2) If the processing is unlawful and you oppose the erasure of the data, requesting restriction instead;
(3) If the controller no longer needs the personal data for processing purposes, but you require them for the establishment, exercise, or defense of legal claims;
(4) If you have objected to processing under Article 21, paragraph 1 of the GDPR, pending the verification whether the legitimate grounds of the controller override your grounds.
When the processing of your personal data is restricted, such data, apart from its storage, may only be processed with your consent for the protecting your rights, or the right of another person or entity, or for important public interest reasons of the EU or an EU Member state.
If the processing has been restricted for the reasons indicated above, you will be notified by the controller before the restriction is lifted.
a) Obligation to erase data
You have the right to request that the controller immediately erase your personal data, and the controller is obliged to erase such data without undue delay where one of the following grounds applies:
(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent for processing under Article 1, paragraph 1, letter A and Article 9, paragraph 2, letter A of GDPR, and there is no other legal ground for the processing.
(3) You object to the processing under Article 21, paragraph 1 of GDPR and there are no overriding legitimate reasons for processing, or you object to the processing under Article 21, paragraph 2 of GDPR.
(4) Your personal data was unlawfully processed.
(5) Erasing your data is required to comply with EU or an EU member state legal requirements applicable to the controller.
(6) Your personal data was collected via online services, according to Article 8, paragraph 1 of GDPR.
b) Disclosure to third parties.
If the controller has made the personal data concerning you public and is obliged to delete it under Article 17, paragraph 1 of GDPR, it shall, taking into account available technology and implementation costs, take reasonable actions, including technical measures, to inform data controllers that you as a data subject, request the deletion of all links, copies, or replications of your personal data.
c) Exceptions.
The right to erasure does not apply if the processing is necessary as follows:
(1) To ensure the right of freedom of speech and access to information;
(2) To meet legal obligations requiring processing under the laws of EU member states where the controller is established, or to perform tasks carried out in the public interest or in the exercise of public authority vested in the controller;
(3) For reasons of public interest in the field of public health under Article 9, paragraph 2, letters H and I, as well as Article 9, paragraph 4 of GDPR;
(4) For archiving purposes in the public interest, scientific or historical research, or statistics under Article 89, paragraph 1 of GDPR, where erasure would prevent or seriously restrict achieving the processing purposes;
(5) To establish, exercise, or protect legal claims.
If you have the right to rectification, erasure, or restriction of processing of your personal data and you have exercised this right, the controller is obliged to communicate this to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to receive information about those recipients from the controller.
You have the right to receive your personal data that you provided to the controller in a complete, structured, and computer-readable format. Furthermore, you may transmit this data to another controller without hindrance from the controller to whom the personal data was originally provided, in the following cases:
(1) If the processing is based on Article 6, paragraph 1, letter A of GDPR or Article 9, paragraph 2, letter A of GDPR or on an agreement according to Article 6, paragraph 1, letter B of GDPR;
(2) The processing is carried out automatically.
In the exercise of this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This right must not affect the rights and freedoms of others.
The right to data portability does not apply to processing necessary for tasks carried out in the public interest or in the exercise of public authority vested in the controller.
You are entitled to object at any time to your personal data processing based on Article 6, paragraph 1, letters E and F of GDPR; it also applies to profiling based on such provisions.
The controller will cease processing your data unless one can demonstrate compelling legitimate reasons that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct advertising purposes, you have the right to object; this also applies to profiling related to direct advertising.
If you object to processing for direct advertising, your personal data will no longer be processed for these purposes.
You also have the opportunity, regardless of Directive 2002/58/EU, to exercise your right to object by automated technologies with technical specifications.
You have the right to withdraw your consent given under data protection law at any time. Processing based on your consent before withdrawal remains lawful.
You have the right not to be a subject to decisions made through automated processing (including profiling) that legally affect or limit you in other way. This does not apply if the decision:
(1) Is necessary for the contract conclusion or its performance between you and the controller.
(2) Is authorized by EU or EU member states law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests.
(3) Is based on your explicit consent.
However, such decisions may not be based on special categories of personal data according to Article 9, paragraph 1 of GDPR, unless Article 9, paragraph 2, letters A and G of GDPR applies and appropriate actions to protect your rights and freedoms, as well as your legitimate interests are in place.
For cases, outlined in clauses a) and b), the controller shall take appropriate actions to protect your rights as well as legitimate interests (including at least the right to interference by the controller to express their own point of view and appeal the decision).
Without affecting other judicial or administrative remedies, you have the right to lodge a complaint with a relevant supervisory authority, in particular in your EU country of residence or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The authority will keep you informed about the progress and results of your complaint, including options for judicial appeal under Article 78 of GDPR.