PRIVACY POLICY

(pursuant to art. 13 of Reg. 2016/679/EU)

This is to inform you that our company will carry out the processing of your personal data. The processing will be carried out in compliance with the criteria set forth by the European Regulation on the Protection of Personal Data, Reg. 2016/679/EU (hereinafter referred to as G.D.P.R.) and any other national legislative texts, provisions or authorizations from the relevant competent Authority. According to the legislation referred to above, the processing shall be based on the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.

1) The Data Controller is Bioalleva S.r.l., in the person of its pro tempore legal representative, with registered office in Via Rodolfo Spineta, 1374 – 37050 Vallese di Oppeano (VR); tel.: +39 0458980943, email: info@bioalleva.it.

2) The data collected will be used for the following purposes:
A) Sending of requested information for which express consent is not required (art. 6.1 letter a), G.D.P.R.);
B) Commercial marketing for which express consent is required (art. 6.1 letter a) and f), G.D.P.R.).

3) Methods: personal data are processed by the Data Controller and by duly appointed officers for the proper fulfilment of the purposes outlined in point 2) through electronic instruments and paper archives, as well as by implementing security measures aimed at guaranteeing the confidentiality of personal data and avoiding undue access by unauthorized parties.

4) Disclosure: your data may be disclosed to duly appointed internal and external parties that carry out activities on behalf of the Data Controller.
Data disclosure to countries outside the EU and data dissemination (e.g. social networks, websites, etc.) are not envisaged. The Data Controller does not solely use automated processes to achieve the purposes set out in this policy nor does it carry out profiling activities.

5) The Data Controller will process your personal data for the time necessary to fulfil the purposes outlined above and, in any case, for no longer than 2 years from the termination of the relationship for the aforementioned purposes.

6) Data Subject has the right to ask the Data Controller to access their personal data and to rectify or erase them, to restrict the processing concerning them or to object to their processing, as well as the right to request data portability of personal data.
The request can be submitted by email, fax or registered mail with the following subject “request by the Data Subject” and including the type of right that the Data Subject wants to exercise (erasure, rectification, portability, oblivion) along with a valid email/certified email address where to receive the response.
The Data Controller or anyone appointed by the same will proceed to process the request within 30 days from the date of receipt. Should the request be complex, the period may be extended by additional 30 days with prior timely notice to the Data Subject.

Should you deem it appropriate to assert your rights, you may lodge a complaint with the competent supervisory authority, namely the Italian Data Protection Authority based in Piazza Venezia, 11 – 00187 Rome, protocollo@gpdp.it.