Privacy Policy

Privacy policy

Pursuant to art. 13 of the European Regulation 2016/679 regarding the protection of personal data (hereinafter also "GDPR"), the FD s.r.l. intends to inform you that the personal data provided by you as a user or otherwise acquired when requesting the supply of goods and services will be treated in compliance with current legislation and the principles of correctness, lawfulness, transparency and protection of confidentiality envisaged by it, as well as guaranteeing their integrity and confidentiality.

1. Data controller

The Data Controller (for brevity also "the Data Controller") is FD Srl, in the person of its legal representative pro tempore, with headquarters in via San Giovanni 6, I-39034 Dobbiaco (BZ).

Owner's email address: info@farmaciadobbiaco.it . The Owner can be contacted for any request for information or clarification.

2. E-commerce service

On the specific IT platform created by FD Srl and on the website www.fddolomites.it (hereinafter "the Site") it is possible to allow the conclusion of the purchase contract for supplements, parapharmaceutical and cosmetic products. Furthermore, through the use of the Site it is possible to correctly execute the obligations arising from the purchase contract, such as, by way of example, the delivery and payment, including online, of the products purchased, as well as to execute the requests sent by the user.

This purchase can be made through the creation of a guest account or a registered account, the latter capable of offering the use of services reserved exclusively for registered users.

3 . Subscribe to the newsletter

The interested user can request to subscribe to the Farmacia Dobbiaco newsletter by receiving information on its work or on commercial communications relating to products similar to those already purchased previously or on the products. It is always possible to unsubscribe from the newsletter via the appropriate link provided, or if you are a registered user, revoke your consent for this processing purpose from your personal account screen.

4. The personal data being processed

While browsing the Site, the user's personal data will be processed which may consist of an identifier such as a name, an identification number, an online identifier or one or more elements characteristic of his physical, physiological, economic, cultural or social identity. suitable to make the interested party identified or identifiable (hereinafter "Personal Data"). The Personal Data processed are the following:

4.1. Browsing data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to allow - given the architecture of the systems used - the correct provision of services, for security reasons and to ascertain liability in the event of hypothetical computer crimes against the Site or third parties.

4.2. Personal Data provided voluntarily by the user

The Site offers users the possibility to voluntarily and entirely optionally provide Personal Data through, for example, requests for information, sending complaints or using contact forms and forms, or by sending requests for services or e-mail messages to the addresses indicated on the Site.

4.3. Cookies

For information on the use of cookies through the Site, please consult our Cookie Policy .

5. Purpose of the processing, legal basis and mandatory or optional nature of the provision

The user's Personal Data may be processed with their consent where necessary, for the following purposes:

a) Fulfill obligations established by laws, national or community regulations or imposed by administrative authorities.

  • The legal basis on which this processing is based is the fulfillment of legal obligations.

b) Allow the provision of the requested services (including, for example: purchase and delivery of products and services; receive and manage orders, provide products and services, process payments and make communications relating to orders, products, services and promotional offers; provide and improve the services and resolve any problems connected to them; correct errors and improve the use and efficiency of the services, respond to your requests for information, provide assistance services, etc.; below also just "Provision of Services").

The provision of the user's Personal Data described above is entirely optional, but failure to provide it will make it impossible to provide the above services.

  • The legal basis of the above processing is art. 6(1)(b) of the GDPR, i.e. the execution of a contractual obligation or pre-contractual measures adopted at the user's request as they are treatments aimed at providing services of the Dobbiaco Pharmacy.

c) Subject to the user's consent, the Personal Data may be used to carry out marketing activities, such as carrying out surveys and market research including through online surveys, sending information and promotional material relating to the activities, products and services ("Marketing"). These communications may be made via e-mail, text message, social channels, through postal mail and/or the use of the telephone with an operator; it is specified that the Data Controller collects a single consent for Marketing purposes pursuant to the General Provision of the Guarantor for the Protection of Personal Data "Guidelines regarding promotional activities and combating spam", of 4 July 2013, and pursuant to the 6(1)(a) of the Regulation, as well as the Cookie Guidelines and applicable tracking tools .

If, in any case, the user wishes to object to the processing of their Personal Data for Marketing purposes, they can do so at any time by contacting the Data Controller at the contact details indicated in this information or via the unsubscribe mechanism (or "unsubscribe ) which is found in the footer of commercial emails, without prejudice to the lawfulness of the processing based on the consent given before the revocation. Furthermore, the user can also object to the use of some of the contact means used (selective opt-out).

The provision of Personal Data for these purposes is therefore completely optional and does not affect the provision of the Services, without prejudice to the fact that in this case the user will not receive Marketing communications.

  • The legal basis on which this processing is based is the consent of the interested party freely expressed and freely revocable at any time.

d) Allow the user, if he is not yet registered among Farmacia Dobbiaco customers registered for newsletters and promotions, to register, so as to allow the enjoyment of the advantages provided therein.

  • The legal basis on which this processing is based is the consent of the interested party, freely expressed and freely revocable at any time.

e) Allow the analysis of the customer's purchasing propensities through the recording, identification and profiling of data relating to purchasing volumes, habits and consumption choices, also with automated procedures, possibly also making use of information provided by third parties and legitimately acquired and processed, to improve our commercial offer towards the registered customer, with offers dedicated to the same ("Personalization of services"). This purpose of personalizing services can also be pursued through the use of cookies for targeted advertising (see the Cookie Policy) and the analysis of its interaction with social channels (such as Instagram, Facebook, LinkedIn, Twitter, etc. " Social Pages”). In these cases, the processing of your Personal Data is carried out by FD Srl as co-data controller with the provider of the social network used (in accordance with the Guidelines of the EDPB, the European Data Protection Committee, n.8 /2020 on the use of social networks); The privacy policies of these providers therefore also apply and we invite you to consult them.

  • This processing is based on the user's consent pursuant to art. 6(1)(a) GDPR which you can express or revoke through the banner present on your first visit to the Site regarding the Personal Data collected by browser and device, the data collection forms in which you are asked to express your preferences for regarding the Personal Data provided.

The provision of Personal Data for this purpose is therefore completely optional and does not prejudice the provision of the Services. If the user does not want personalized services or useful content, he can revoke his consent at any time by contacting the Data Controller at the contact details indicated in this Policy; to revoke consent to the use of third-party cookies and for targeted advertising, we invite you to consult the Cookies Policy of the Site.

f) Allow registration to the newsletter service to receive information and updates on the institutional work of the Joint Controllers or on commercial communications relating to products similar to those already purchased previously or on products for which the customer has expressed consent to receive offers commercial or customized.

  • The legal basis on which this processing is based is the consent of the interested party freely expressed and freely revocable at any time.

g) Prevent fraud and abuse in the use of the Site and allow FD srl to defend its rights and legitimate interests (“Abuse/Fraud”). This processing takes place on the basis of a legitimate interest of the Data Controller pursuant to art. 6(1)(f) of the Regulation to prevent and detect fraudulent or potentially illicit activities.

  • The legal basis on which this processing is based is the legitimate interest of the Data Controller, which does not prevail over the personal rights and freedoms of the interested party as it is exercised only where necessary and with the supervision of suitable precautionary and safeguard measures and in compliance with the current laws.

h) Improve and increase the effectiveness of the services rendered and increase the efficiency of the security measures put in place to protect the personal data processed.

  • The legal basis on which this processing is based is the legitimate interest of the Data Controller, which does not prevail over the personal rights and freedoms of the interested party as it is exercised in a predominantly anonymous manner and with the supervision of suitable precautionary and safeguard measures and in compliance of the current legal provisions.

i) Comply with legal obligations (e.g. in tax matters) to which FD srl is subject (“Compliance with legal obligations”). The provision of Personal Data may be mandatory (e.g. because it is necessary for billing purposes).

  • The legal basis of this processing is art. 6(1)(c) of the GDPR.

j) Carry out statistical purposes, without it being possible to trace the user's identity ("Statistics"). This activity does not involve the processing of Personal Data as FD srl is not able to trace your identity.

6. Recipients of Personal Data

FD srl shares the Personal Data collected with the following categories of subjects (“Recipients”):

- persons authorized by FD srl: these are employees and collaborators of FD Srl who have signed a confidentiality agreement and specific rules for the processing of Personal Data;

- the Data Controllers of FD srl: these are the external parties to whom the Data Controller entrusts some processing operations. For example, this category includes suppliers of the IT platform or systems security, consultants, accountants, hosting providers, suppliers of technological platforms for sending e-mails, etc.;

- the police or other competent authorities : this happens for example when the owner must comply with a judicial order, a legal obligation or when it is necessary for the defense of the owner in court;

It is specified that this Privacy Policy is not intended to apply to the processing activities carried out by third-party websites accessible via the links on the Site, for which we invite you to consult the privacy policies published there.

7. Transfer of Personal Data

FD srl may transfer some of the Personal Data to Recipients who may be located outside the European Economic Area. It is ensured that the processing of Personal Data by these Recipients takes place in compliance with the Regulation. Indeed, transfers can be based on an adequacy decision, on the Standard Contractual Clauses approved by the European Commission or on another suitable legal basis. Further information is available from the Data Controller by writing to the contact details indicated in the appropriate section of this information.

8. Storage of Personal Data

The Personal Data processed for the purpose of providing the Services will be kept for the time strictly necessary to achieve those same purposes. In any case, since these are treatments carried out for the provision of services, FD srl will process the Personal Data for up to the time permitted by Italian legislation to protect its interests (Art. 2946 cc et seq.).

Personal Data processed for the purposes of Marketing and Personalization of services will be retained, as a general rule, until your consent is revoked.

For more information on cookies, please refer to the Site's Cookie Policy .

Personal Data processed for the purposes of fulfillment of legal obligations will be retained for the time required by the specific obligation or applicable law.

Your Personal Data processed for the purpose of Abuse/Fraud will be kept for the time necessary for the aforementioned purpose and therefore until the moment in which FD Srl is required to keep them to protect itself in court and communicate said data to the competent authorities in the event of an Abuse /Fraud.

Further information regarding the retention period of Personal Data and the criteria used to determine this period can be requested by writing to the Data Controller at the contact details indicated in this information.

9. Rights of interested parties

Interested users (hereinafter "Interested Party/s") can exercise their rights as provided for by the articles. 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR; in particular, the interested party has the right to obtain the following information from the Data Controller:

  • confirmation of whether or not Personal Data concerning him is being processed;
  • in this case, to obtain access to the personal data and the following information:

1. the purposes of the processing;

2. the categories of Personal Data in question;

3. the recipients or categories of recipients to whom the Personal Data have been or will be communicated, in particular if recipients are from third countries or international organizations;

4. when possible, the expected retention period of personal data or, if this is not possible, the criteria used to determine this period;

5. the existence of the right of the interested party to ask the Data Controller to rectify or delete personal data or to limit the processing of personal data concerning him or to oppose their processing;

6. the right to lodge a complaint with the supervisory authority;

7. if the data are not collected from the interested party, all available information on their origin;

8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.

9. the adequate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred.

  • The right to obtain a copy of the Personal Data being processed, provided that this right does not harm the rights and freedoms of others; In case of further copies requested by the interested party, the Data Controller may charge a reasonable fee based on administrative costs.
  • The right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning him without unjustified delay, pursuant to art. 16 GDPR.
  • The right to obtain from the Data Controller the deletion of personal data concerning him without unjustified delay, if the reasons provided for by the GDPR in art. exist. 17, including, for example, in the event that they are no longer necessary for the purposes of the processing or if this is considered unlawful, and always if the conditions established by law exist; and in any case if the processing is not justified by another equally legitimate reason.
  • The right to obtain from the Data Controller the limitation of processing, in the cases provided for by the art. 18 of the GDPR, for example where the accuracy has been contested, for the period necessary for the Data Controller to verify its accuracy. The interested party must also be informed, within a reasonable time, of when the suspension period has been completed or the cause of the limitation of processing has ceased to exist, and therefore the limitation itself revoked.
  • The right to obtain communication from the Data Controller of the recipients to whom the requests have been sent of any rectifications or cancellations or limitations of processing carried out, unless this proves impossible or involves a disproportionate effort.
  • The right to receive the Personal Data concerning him in a structured, commonly used and machine-readable format and the right to transmit such Data to another data controller without impediments on the part of the Data Controller to whom he provided them, in cases provided for by the art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.

For any further information and in any case to send a request, you can contact the Owner at info@farmaciadobbiaco.it .

In order to guarantee that the above-mentioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the interested party to provide any further information necessary for this purpose.

The right to object (art. 21 GDPR)

For reasons relating to the particular situation of the interested party, the same can object at any time to the processing of his/her Personal Data if it is based on legitimate interest or if it takes place for commercial promotional activities, by sending the request to the Data Controller at the address indicated in the point previous.

The interested party has the right to have their personal data deleted if there is no overriding legitimate reason of the Data Controller compared to that which gave rise to the request, and in any case in the event that the interested party has objected to the processing for commercial promotion activities.

Please remember that to revoke your consent (for the purposes of Marketing and Personalizing our services) you can write an email to info@farmaciadobbiaco.it

The right to lodge a complaint (art. 15 GDPR)

Without prejudice to any other administrative or judicial action, the interested party may submit a complaint to the competent supervisory authority on Italian territory (Personal Data Protection Authority) or to the one that carries out its tasks and exercises its powers. in the Member State where the violation of the GDPR occurred.

All useful information and indications in this regard are available on the Guarantor Authority's website: https://garanteprivacy.it .

10. Changes

The possible entry into force of new sector regulations, as well as the constant examination and updating of the services, could lead to the need to modify the methods and terms described in this Information. It is therefore possible that this document may undergo changes over time. We therefore invite you to periodically consult this page. We will publish any changes to this Policy on this page and, if the changes are relevant to your rights and freedoms, we will report them in further ways and contact you directly using your Personal Data held by FD Srl.

11. Contacts

To exercise the above rights or for any other request regarding the processing of your Personal Data you can contact the Data Controller at any time:

FD Srl via San Giovanni 6, I- 39034 Dobbiaco (BZ) Tel: + 390474 972165 – info@farmaciadobbiaco.it

 

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

  • Contact the user

Mailing list or newsletter (this Website)

By registering on the mailing list or newsletter, the User's email address is automatically added to a contact list to which email messages containing information, including commercial and promotional information, relating to this Website may be sent. The User's email address may also be added to this list as a result of registering on this Website or after making a purchase.

Personal Data processed: surname; Usage data; e-mail; first name; Tracking Tools.

  • Managing contacts and sending messages

This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User.
These services may also allow the collection of data relating to the date and time of viewing of messages by the User, as well as the User's interaction with them, such as information on clicks on links included in messages.

Mailchimp (Intuit Inc.)

Mailchimp is an address management and email message sending service provided by Intuit Inc.

Personal Data processed: surname; Data communicated during use of the service; e-mail; first name; various types of Data.

Place of processing: United States – Privacy Policy .

  • Payment management

Unless otherwise specified, this Website processes all payments by credit card, wire transfer or other means through external payment service providers. In general, and unless otherwise indicated, Users are asked to provide payment details and personal information directly to such payment service providers.
This Website is not involved in the collection and processing of such information: instead it will only receive a notification from the payment service provider in question that the payment has been made.

PayPal (Paypal)

PayPal is a payment service provided by PayPal Inc., which allows the User to make online payments.

Personal Data processed: surname; purchase history; Usage data; e-mail; billing address; payment information; device information; first name; telephone number; password; Tracking Tools; username; various types of Data as specified in the privacy policy of the service.

Place of processing: Consult the PayPal privacy policy – ​​Privacy Policy .

  • Tag management

This type of service is functional to the centralized management of tags or scripts used on this Website.
The use of these services involves the flow of User Data through them and, if applicable, their retention.

Google Tag Manager

Google Tag Manager is a tag management service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the processing of Data.

Personal Data processed: Usage data; Tracking Tools.

Place of processing: United States – Privacy Policy ; Ireland – Privacy Policy .

  • Interaction with social networks and external platforms

This type of service allows you to interact with social networks, or other external platforms, directly from the pages of this Website.
The interactions and information acquired from this Website are in any case subject to the User's privacy settings relating to each social network.
This type of service may still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out of the respective services to ensure that the data processed on this Website is not linked to the User's profile.

Facebook Like button and social widgets

The "Like" button and Facebook social widgets are interaction services with the Facebook social network, provided by Meta Platforms, Inc. or by Meta Platforms Ireland Limited, depending on how the Data Controller manages the processing of Data,

Personal Data processed: Usage data; Tracking Tools.

Place of processing: United States – Privacy Policy ; Ireland – Privacy Policy .

  • Location-based interactions

Geolocation (this Website)

This Website may collect, use and share Data relating to the User's geographic location in order to provide location-based services.
Most browsers and devices provide tools to deny geographic tracking by default. If the User has expressly authorized this possibility, this Website may receive information on its actual geographical position.

Personal Data processed: geographical position; precise location.

  • Remarketing and behavioral targeting

This type of service allows this Website and its partners to communicate, optimize and serve advertisements based on the User's past use of this Website.
This activity is facilitated by tracking Usage Data and the use of Tracking Tools to collect information which is then transferred to partners who manage remarketing and behavioral targeting activities.
Some services offer a remarketing option based on email lists.
Generally, services of this type offer the possibility of deactivating such tracking. In addition to any opt-out feature provided by any of the services listed in this document, you can read more about how to opt-out of interest-based advertising in the "How to opt-out of interest-based advertising" section in this document.

Google Ads Remarketing

Remarketing Google Ads is a remarketing and behavioral targeting service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the processing of Data, which connects the activity of this Website with the Google Ads advertising network and the DoubleClick Cookie.

 

For an understanding of Google's use of Data, please review Google's partner policies .

 

Users can opt out of using Google Tracking Tools for ad personalization by visiting Google's Ad Settings .

Personal Data processed: Usage data; Tracking Tools.

Place of processing: United States – Privacy Policy​​Opt Out ; Ireland – Privacy Policy​​Opt Out .

  • Platform and hosting services

These services are intended to host and operate key components of this Website, making it possible to deliver this Website from a single platform. These platforms provide the Owner with a wide range of tools such as, for example, analytical tools, for managing user registration, for managing comments and the database, for e-commerce, for payment processing, etc. The use of these tools involves the collection and processing of Personal Data.
Some of these services work through servers that are geographically located in different locations, making it difficult to determine the exact location where Personal Data is stored.

Shopify (Shopify International Limited)

Shopify is a platform provided by Shopify Inc. that allows the Owner to develop, operate and host a website dedicated to electronic commerce.

Personal Data processed: surname; Usage data; e-mail; billing address; shipping address; payment information; device information; first name; telephone number; Tracking Tools.

Place of processing: Ireland – Privacy Policy .

  • Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and serve to keep track of the User's behavior.

Meta ads conversion tracking (Meta pixel)

Meta ads conversion tracking (Meta pixel) is a statistics service provided by Meta Platforms, Inc. or by Meta Platforms Ireland Limited, depending on how the Data Controller manages the processing of Data, which connects data from the network Meta ads with actions taken within this Website. The Meta pixel tracks conversions that can be attributed to Facebook, Instagram and Audience Network ads.

Personal Data processed: Usage data; Tracking Tools.

Place of processing: United States – Privacy Policy​​Opt out ; Ireland – Privacy Policy​​Opt out .

Google Analytics 4

Google Analytics is a statistics service provided by Google LLC or by Google Ireland Limited, depending on how the Data Controller manages the processing of Data, (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Website, compiling reports and sharing them with other services developed by Google.
Google may use Personal Data to contextualize and personalize the ads of its advertising network.
In Google Analytics 4, IP addresses are used at the time of collection and then deleted before the data is recorded in any data center or server. To learn more, you can consult Google's official documentation .

Personal Data processed: city; Usage data; browser information; device information; latitude (of the city); longitude (of the city); number of Users; session statistics; Tracking Tools.

Place of processing: United States – Privacy Policy​​Opt Out ; Ireland – Privacy Policy​​Opt Out .

Meta Events Manager

Meta Events Manager is a statistics service provided by Meta Platforms Ireland Limited or by Meta Platforms, Inc., depending on how the Data Controller manages the processing of Data. By integrating the Meta pixel, Meta Events Manager can give the Data Controller information on the traffic and interactions on this Website.

Personal Data processed: Usage data; Tracking Tools.

Place of processing: Ireland – Privacy Policy​​Opt out ; United States – Privacy Policy​​Opt out .

Google Ads conversion tracking

Google Ads conversion tracking is a statistics service provided by Google LLC or by Google Ireland Limited, depending on how the Data Controller manages the processing of data, which connects data from the Google Ads advertising network with the actions performed on the website. inside this Website.

Personal Data processed: Usage data; Tracking Tools.

Place of processing: United States – Privacy Policy ; Ireland – Privacy Policy .

  • Viewing content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them.
This type of service could still collect data on web traffic relating to the pages where the service is installed, even when users do not use it.

Google Fonts

Google Fonts is a character style visualization service managed by Google LLC or by Google Ireland Limited, depending on how the Data Controller manages the processing of Data, which allows this Website to integrate such content within its pages.

Personal Data processed: Usage data; Tracking Tools.

Place of processing: United States – Privacy Policy ; Ireland – Privacy Policy .