Privacy Policy

Privacy Policy

This policy is provided pursuant to Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/03 (Privacy Code) and describes the methods of collection, processing, and protection of personal data of users of the site https://www.hatropina.com/

1. Identity of the Data Controller

Data Controller:
IQ of Antonio Giglio VAT 03763101205 CF:GGLNTN71D03L049E
Registered office: Via Olinto Cremaschi 273, 41123 Villanova MODENA
Contacts:

  • Email: hatropina@gmail.com
  • Phone: +39 3454727111

2. Purposes and Legal Bases of Processing

Your personal data are processed for the following purposes, with the respective legal bases:

a) Customer Service WhatsApp Channel

  • Purpose: Provide assistance and support to users.
  • Legal Basis: Consent of the data subject.
  • Retention Period: Retained for the time strictly necessary to provide the service, unless a deletion request is made.

b) Account Creation

  • Purpose: Allow access to the Site and facilitate purchases.
  • Legal Basis: Consent of the interested party.
  • Retention Period: Retained for 5 years from the last activity, unless contractual or legal obligations exist.

c) Contact Form

  • Purpose: Receive requests for information or assistance.
  • Legal Basis: Consent of the interested party.
  • Retention Period: Retained for 2 years from the date of the request, unless a deletion request is made.

d) Newsletter and Email Marketing

  • Purpose: Keeping the user updated on news, promotions, and commercial initiatives.
  • Legal Basis: Explicit consent of the data subject.
  • Retention Period: Retained until consent is withdrawn, with periodic checks every 3 years.

e) Request for Reviews and Feedback

  • Purpose: Collection of reviews and feedback to improve our services.
  • Legal Basis: Consent of the interested party.
  • Retention period: Retained for 2 years from collection.

f) Abandoned Cart

  • Purpose: Remind the user to complete the purchase of the products in the cart.
  • Legal Basis: Legitimate interest of the company.
  • Retention period: Retained for 30 days.

g) Purchase

  • Purpose: Allow the user to complete the purchase of our products and enable us to send them.
  • Legal Basis: Execution of the contract and fulfillment of legal obligations (including accounting and tax obligations).
  • Additional Details:
    • The data necessary for the purchase (name, surname, email, phone number, address, etc.) are communicated to the courier responsible for the shipment, duly appointed as Data Processor.
    • The purchase data is exported to a CRM for sending commercial information.
    • Pursuant to art. 130 c.4 of Legislative Decree no. 196/03, the explicit consent of the data subject is not required for this processing; however, the user can exercise the opt-out at any time.
  • Retention Period: Retained for 10 years, in compliance with accounting and tax obligations.

3. Methods of Processing and Security Measures

Data processing is carried out using manual, IT, and telematic tools, in ways that ensure the security, confidentiality, and integrity of the information. Adequate technical and organizational measures are adopted (e.g., encryption, access controls, regular backups) to prevent unauthorized access, loss, or accidental disclosures.

4. Rights of the Data Subjects

In accordance with Articles 15-22 of the GDPR, you have the following rights:

  • Right of Access: Request confirmation on the existence of your data and obtain a copy.
  • Right to Rectification: Request correction or integration of inaccurate or incomplete data.
  • Right to Erasure (Oblivion): Request the deletion of your data, except for legal obligations.
  • Right to Restriction of Processing: Request the restriction of processing under certain circumstances.
  • Right to Data Portability: Obtain your data in a structured, commonly used, and machine-readable format.
  • Right to Object: Object to the processing of your data, particularly for marketing purposes.
  • Right not to be subject to automated decisions: If processing involves automated decision-making processes, you have the right to obtain human intervention and contest such decisions.

To exercise these rights, you can contact the Data Controller at the contact details provided above. If you believe that your rights have not been respected, you can also contact the Data Protection Authority.

5. International Data Transfers

Should your personal data be transferred outside the European Economic Area (EEA), the Data Controller will adopt the necessary security measures to ensure an adequate level of protection, such as:

  • Standard Contractual Clauses: Transfers will take place through standard contractual clauses approved by the European Commission.
  • Other Guarantees: If applicable, further measures (e.g., adequacy decisions) will be adopted to ensure the protection of your data.

Information regarding such transfers will be disclosed upon request.

6. Methods of Revocation and Updating of Consent

When data processing is based on consent, you have the right to revoke it at any time. Revocation does not affect the legality of processing carried out before revocation.

To revoke or update consent, you can:

  • Access the "Consent Preferences" Section: If the Site has a reserved area, you can modify your settings online.
  • Contact the Data Controller: Send a request via email to [Insert email address] or use other indicated contacts.

The changes will take immediate effect and will stop data processing for the purposes for which consent has been revoked.

7. Transparency and Cookie Information

The Site uses cookies and other tracking technologies to ensure proper functioning, statistical analysis, and, where provided, profiling purposes.

  • Technical Cookies: They are essential for the functioning of the Site and do not require consent.
  • Profiling and Analytical Cookies: They require the explicit consent of the user.
    The Site presents an informational banner that explains which cookies are used, their purposes, and how to manage them or revoke consent.

 

8. Disabling Cookies

Users can disable cookies by changing the settings of their browser. Below are some examples:

  • Google Chrome:
    Go to "Settings" > "Privacy and security" > "Site settings" > "Cookies and other site data" and disable the option "Allow sites to save and read cookie data".
  • Mozilla Firefox:
    Go to "Options" > "Privacy & Security" > "Cookies and site data" and select "Block cookies and site data".
  • Safari:
    Go to "Preferences" > "Privacy" and enable "Block all cookies".

For detailed and personalized instructions based on the browser used, it is recommended to consult the help section of your browser. Disabling cookies may affect the functionality of the Site.

9. Data Retention Period

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected, according to the following standard terms:

  • Purchases: 10 years (for tax and accounting purposes).
  • Accounts and Registrations: 5 years from the last activity.
  • Contact Form, Reviews, and Feedback: 2 years from collection.
  • Newsletter: Retained until consent is withdrawn, with periodic checks every 3 years.
  • Abandoned Carts: 30 days.
  • Customer Service WhatsApp: For the time necessary to provide support, then deleted upon request.

10. Methods for Exercising and Withdrawing Consent

Consent for data processing is obtained through appropriate checkboxes (opt-in) that are not pre-selected. The user can withdraw or update consent at any time through the "Consent Preferences" section of the Site or by directly contacting the Data Controller.

11. Contacts for Information and Complaints

For any information regarding the processing of your personal data or to exercise the above rights, you can contact:

Data Controller: IQ by Antonio Giglio
E-mail: hatropina@gmail.com
Phone: +39 3454727111

Furthermore, you have the right to lodge a complaint with the Data Protection Authority.