Privacy Policy

1. Data Controller and Data Protection Officer

Data Controller through the website www.lindakristel.com is KRISTEL MEDICAL Srl, with registered office in Via Fabio Filzi, 41 - 20124 Milano, VAT 10126700961, Tel. +39 3757112192, antiagingmedicalcorporationitalia@legalmail.it. Data Protection Officer of the Company is [XXX] who can be contacted at the Company's headquarters in Via Fabio Filzi, 41 - 20124 Milano, as well as at the e-mail address info@lindakristel.com.

2. Object of the data processing

While browsing the site www.lindakristel.com the Owner processes navigation and connection data, such as the IP address of the navigator. The simple navigation on the site does not involve any registration, while the use of cookies is provided, both own and third-party, for which reference is made to the cookie policy on the site www.lindakristel.com. Access to a reserved area, on the other hand, involves a registration by entering and using an email and a password chosen by the user. The provision of personal data to receive information on the products and services of the Owner in the appropriate reserved areas involves the provision of personal data, and the related provision of data is optional but failure to provide it will make it impossible for the Owner to provide further information requested by the interested party. The provision of personal data where to deliver the ordered goods is optional but not providing the aforementioned data makes it impossible to process the order.

3. Categories of processed data

The categories of “personal data” (as defined in Article 4.1 of the GDPR) processed by the Data Controller may include, but are not limited to:

• Personal and identification data (such as name, surname, etc.);
• Contact information (such as address, email address, telephone number, social media accounts, etc.);
• Data related to any services provided, such as responses to inquiries about the products offered by the Data Controller.

4. Purpose of the data processing

Your data are processed only with your specific and distinct consent (Article 6 paragraph 1 (a) of the GDPR), informing you that you may at any time revoke the consent previously given, it being understood that for the processing carried out in the presence of explicit consent means the lawfulness of the processing until the withdrawal of consent, for the following purposes:

• Carrying out advertising or promotional activities in the broadest sense (such as newsletters via email, SMS, various messaging systems, including instant messaging and internet, also to mobile phones). Data collection carried out through the site www.lindakristel.com by accessing the restricted areas in which you will be asked to enter your personal data and your email and express your consent to the aforementioned treatments;
• Contract execution (sale and delivery of your order) (Art. 6 letter b) GDPR), if, while browsing the site www.lindakristel.com, you request the sending of the goods you order to your home or other domicile indicated by you;
• Responding to requests or inquiries made through the contact information provided on the website regarding the products, brands, and services provided by the Data Controller.

5. Legal basis

The legal basis consists of legal obligations (Italian and European laws) and consent where required, not that of the legitimate interests of the Data Controller in the relationship with the user. In the case of processing based on legitimate interest, in considering these legitimate interests, it was analyzed that they do not compromise or interfere with the interests or fundamental rights and freedoms of the interested party.

6. Processing methods

The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2 GDPR, and precisely: collection, registration, organization, structuring, storage, adaptation and modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison, interconnection, limitation, cancellation, destruction, portability at your request. Your personal data are subject to both paper and electronic and / or automated processing. Personal data are processed in compliance with the necessary legal provisions to ensure confidentiality, data security, accuracy, updating, and relevance to the stated purposes.

7. Recipients of personal data

The data collected are used only to process the services requested by the user, such as accessing reserved areas to use the related services and advice. The data provided on these occasions by the user will not be further communicated except to persons or companies duly authorized by the Data Controller and may not be disclosed without your consent. Without the need for your express consent, the owner may communicate your data to the following recipients:

• Companies and professional operators providing IT services, including electronic data processing, software management, website management, and IT consulting;
• Companies, agencies, and professionals in the field of communication and marketing;
• Supervisory Bodies, Judicial Authorities as well as to all those subjects to whom the communication is mandatory by law.

The Data Controller informs you that they have no intention to transfer your data to countries outside the EU and the EEA for the aforementioned purposes.

8. Storage times of the personal data

The Data Controller will process personal data for the times defined by the reference legislation, pursuant to Art. 13 GDPR. The data necessary to respond to specific requests may be kept until the request is fulfilled unless further conservation is provided for by current Italian and European regulations; - for legal obligations, regulations and community legislation, the data may be kept for the periods imposed by these regulatory sources; - in any case, all data may be kept for a period necessary to assert or defend a right of the company according to Italian and European regulations.

9. Rights of the data subject

Regarding the personal data subject to this Privacy Policy, the data subject has the right to exercise the rights provided by the EU Regulation as listed below:

• Right of access of the data subject (Article 15 of the EU Regulation) (which allows the data subject to be informed about the processing of their personal data and to obtain a copy of the data if applicable);
• Right to rectification of personal data (Article 16 of the EU Regulation) (the data subject has the right to request the rectification of inaccurate personal data concerning them);
• Right to erasure of personal data without undue delay (“right to be forgotten”) (Article 17 of the EU Regulation) (the data subject has the right to have their data deleted);
• Right to restriction of processing of personal data in cases specified in Article 18 of the EU Regulation, including cases of unlawful processing or the data subject contesting the accuracy of the personal data;
• Right to data portability (Article 20 of the EU Regulation) (the data subject can request their personal data in a structured, commonly used, and machine-readable format in order to transmit it to another data controller, in cases specified by the same article);
• Right to object to the processing of personal data (Article 21 of the EU Regulation) (the data subject has the right to object to the processing of their personal data in cases provided and regulated by Article 21 of the EU Regulation);
• Right not to be subject to automated decision-making (Article 22 of the EU Regulation) (the data subject has the right not to be subject to a decision based solely on automated processing).

Regarding the purposes for which consent is required, the data subject may revoke their consent at any time, and the effects will be applied from the moment of revocation, without prejudice to the terms provided by law. In general terms, the revocation of consent only has effects for the future. The aforementioned rights can be exercised as provided by the EU Regulation by contacting the contact details indicated in section 1 of this Privacy Policy. In compliance with Article 19 of the EU Regulation the Company informs the recipients to whom personal data has been disclosed about any rectifications, erasures, or restrictions of processing requested, to the extent possible.

10. Complaints

Where the interested party considers that the processing of data takes place in violation of the provisions of the GDPR, he has the right to lodge a complaint with the Italian Supervisory Authority (Guarantor for the protection of personal data whose references can be found on the site www.garanteprivacy.it), as required by Article 77 of the GDPR, or to take appropriate legal action (Article 79 of the GDPR).

11. Profiling

The Data Controller informs you that your personal data will not be processed by means of an automated decision-making process (including profiling) without express consent from the user. For the processing of data by third-party cookies, independent data controllers, please refer to their privacy policy and cookie policy regarding the profiling or not-profiling of the user.

12. Nature of the provision of personal data and consequences of any refusal to provide them

The provision of personal data is optional, except in specific cases where there is a legal obligation. Any refusal to provide them will make it impossible to provide information on the products and services of the Data Controller. The data subject may revoke their consent at any time, and the effects will apply from the moment of revocation, without prejudice to the terms provided by law. In general terms, the revocation of consent only has effects for the future. Therefore, the processing that has been carried out prior to the revocation of consent will not be affected and will maintain its lawfulness. Failure to provide or partial withdrawal of consent may result in the incomplete provision of services or activities related to the specific purposes for which consent is denied. However, it will not prejudice or hinder other purposes (and related activities) that are not explicitly affected by the denial of consent or not based on such legal basis. Please note that regarding the request for information, while the consent to the processing of personal data is voluntary, it is necessary for the processing of the request. Therefore, submitting the request or an equivalent expression of will shall be considered as giving consent, which can always be revoked with the consequences described above. When the data is no longer necessary, it will be regularly deleted. If deletion is not possible or can only be achieved through disproportionate effort due to a particular storage method, the data cannot be processed and must be stored in inaccessible areas.

13. Processing of data for navigation purposes

The computer systems and software procedures used to operate this website acquire certain personal data as part of their normal operation, the transmission of which is implicit in the use of Internet communication protocols. These are pieces of information that are not collected to be associated with identified individuals, but which, by their nature, could, through processing and association with data held by third parties, allow users to be identified. Among the information that may be collected are IP addresses, the type of browser or operating system used, URI (Uniform Resource Identifier) addresses, the domain name, and the addresses of the websites from which access or exit was made (referring/exit pages), the time of the request to the server, the method used, information about the response obtained, further information about the user’s navigation on the website (see also the section on cookies), and other parameters related to the user’s operating system and computer environment. These same data may also be used to identify and ascertain responsibilities in the event of any computer crimes against the website.

14. Additional Controllers

Within the site the sale is carried out by Shopify International Ltd. Please refer to Shopify’s website for the data processing carried out by it: https://www.shopify.com/legal/privacy