DATA PROTECTION NOTICE


CONTENTS
  1. INTRODUCTION
  2. DATA CONTROLLER AND CONTACT DETAILS
  3. PURPOSES OF THE PROCESSING
  4. SOURCE OF YOUR DATA
  5. RECIPIENTS OF YOUR DATA
  6. RETENTION PERIODS
  7. DATA SECURITY
  8. YOUR RIGHTS UNDER THE GDPR
  9. CHANGES TO THIS NOTICE

1. INTRODUCTION

This notice pursuant to Article 13 of the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as "GDPR") relates to the processing of personal data concerning you (hereinafter referred to as "Your Data") when you visit our website https://www.teamdrjoseph.com/ (hereinafter referred to as "Website") and interact with it, for example by registering as a customer or partner, making purchases in the web shop or subscribing to our newsletter. Please also read our [Cookie Notice], which forms an integral part of this data protection notice.
This notice does not apply to other websites, e.g. those to which we may refer by link. We are not responsible for such websites and therefore recommend that you read the data protection notices of the other websites you visit as well.

2. DATA CONTROLLER AND CONTACT DETAILS

We, the company Vitalis Dr. Joseph GmbH/S.r.l., are the data controller within the meaning of Article 4(7) GDPR.
Our contact details are as follows:
Vitalis Dr. Joseph GmbH/S.r.l.
Via Cristoforo 5
39031 Bruneck/Brunico (BZ)
South Tyrol, Italy
Telephone: +39 0474 55 47 26
Fax: +39 0474 53 11 08
E-mail: privacy@vitalisdrjoseph.com


3. PURPOSES OF THE PROCESSING

Depending on how you interact with our website and our online offers, your data may be processed for various purposes, which we have summarised for you below.
3.1 Mere consultation of our Website
If you visit our Website – as with any other website as well – your browser (e.g. Internet Explorer or Safari) automatically sends information to the server of our Website. Such information is temporarily stored in a server log file and therefore called log data. Log data may include, in particular, the IP address of your terminal equipment (e.g. computer, smartphone or tablet), the time stamp of access (date, time, time difference), the content of the request (specific page), the HTTP status code (e.g. “200” for a successful request), the amount of data sent (bytes) and information on the browser used and the operating system of your terminal equipment (e.g. Windows or iOS). Log data may be processed for the following purposes: (i) for establishing a connection between your terminal equipment and our Website; (ii) for evaluating system security and stability and for identifying errors; and (iii) for investigating abusive page accesses (e.g. DoS/DDoS attacks). Such processing is based on our overriding legitimate interests (article 6(1)(f) GDPR) clearly resulting from the said purposes.
3.2 Registering as customer or partner
You can register voluntarily on our Website as a customer or partner in order to enjoy the advantages described on the Website (e.g. for simplifying future purchases). For the registration we need the data marked as "required" in the registration procedure. All other information is not required for registration. These processing operations are based on the legal basis of your consent (Article 6(1)(a) GDPR). You can revoke your consent with effect for the future at any time.
3.3 Processing your orders
If you would like to place an order in our web shop, we need the data indicated as "required" in the ordering process, unless you have already submitted this data during the registration as a customer or partner. All other information is voluntary. The data marked as "required" is necessary for the processing of the order (e.g. for sending the order confirmation, invoicing and delivery of the goods). The basis for the processing of this data is therefore the implementation of pre-contractual measures or the fulfilment of a contract (Article 6(1)(b) GDPR). The voluntary data are not required for the order, but may, for example, enable a more personal contact with you. The basis for their processing is therefore your consent (Article 6(1)(a) GDPR), which you can revoke at any time with effect for the future.
3.4 Subscription to our newsletter
If you would like to subscribe to our newsletter, we need your e-mail address to send you the newsletter. The indication of further data (name, surname) is voluntary and serves exclusively to address you personally in the newsletter. The basis for the processing of such data is therefore your consent (Article 6(1)(a) GDPR), which you can revoke at any time with effect for the future. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by e-mail to [E-MAIL-ADRESS] or by sending a message to the contact data given in the site notice.
https://www.teamdrjoseph.com/admin#/sw/cms/detail/c771332d560c4d119702c813610307d0
If you have a customer account or are registered as a partner, we may process your contact information to inform you of products and services when we believe the information may be of interest to you in the light of our relevant and appropriate relationship. The legal basis is our legitimate interest in direct advertising for similar products or services which you have purchased from us in the past (Article 6(1)(f) GDPR). You may request at any time that you do not receive such information e-mails from us by clicking on the link provided in the relevant communication, by e-mail to privacy@vitalisdrjoseph.com or by sending a message to the contact details given in the site notice.
We may also process your data whenever and to the extent that this is necessary to assert, exercise or defend legal claims. The basis for this is our overriding legitimate interest (Article 6(1)(f) GDPR), which clearly results from said purposes.


4. SOURCE OF YOUR DATA

Your log data (see above under point 3.1) are automatically sent to the server of our Website when you access our Website. We also collect the other data described above directly from you and not from third parties.


5. RECIPIENTS OF YOUR DATA

If and to the extent necessary for at least one of the above-mentioned purposes, the following categories of recipients may become aware of Your Data: (i) our employees who, under our direct responsibility, are authorised to process Your Data and who we have bound to confidentiality; (ii) our external IT service providers (e.g. hosting providers) who act as processors and whom we have bound to us by an appropriate contract for the processing of orders and have undertaken to maintain confidentiality; (iii) our external consultants (e.g. IT and tax consultants) whom we have either bound to confidentiality or are subject to an appropriate statutory duty of confidentiality; and (iv) other external service providers (e.g. postal, shipping and payment service providers) typically used in online commerce. Disclosure of your data to these categories of recipients also corresponds to our overriding legitimate interests (Article 6(1)(f) GDPR) in efficient business management.
If we are required to issue an invoice, we are also legally obliged to send the invoice data to the Revenue Agency. This is thus done on the basis of a legal obligation (Article 6(1)(c) GDPR in conjunction with Article 1(3) or 1(3-bis) of the Italian Legislative Decree of 5 August 2015, no. 127).
If the processing of your data should be necessary for the assertion, exercise or defence of legal claims, Your Data can typically also be disclosed in particular to lawyers, experts and court authorities.


6. RETENTION PERIODS

How long Your Data is retained primarily depends on the purposes for which they were collected as described above under point 3. A distinction can be made as follows:
6.1 Mere consultation of our Website (see point 3.1 above)
The log data is automatically deleted after 7 days, unless a security incident occurs (e.g. a DoS or DDoS attack). In this case the log data will be stored until we have resolved the incident. If legal claims are asserted, exercised or defended in this context, the further storage period will depend on applicable prescription periods.
6.2 Registering as customer or partner (see point 3.2 above)
The data provided in the course of registration as a customer or partner will be stored until your consent is revoked.
6.3 Processing your orders (see point 3.3 above)
The data mentioned above in this context will primarily be stored until the purchase contract has been completely processed. Further storage will then be in accordance with the relevant accounting and tax retention periods, and will therefore be based on legal obligations (Article 6(1)(c) GDPR in conjunction with Article 2220 of the Italian Civil Code, Article 39(2) of the Italian Presidential Decree of 26 October 1972, No. 633 and the Italian Legislative Decree of 7 March 2005, No. 82 in conjunction with the Italian Ministerial Decree of 17 June 2014). Furthermore, any further storage is subject to applicable prescription periods if legal claims are asserted, exercised or defended in connection with your purchase. This is based on our overriding legitimate interests (Article 6(1)(f) GDPR), which result from the said purposes.
6.4 Subscribing to our newsletter (see point 3.4 above)
The registration data for our newsletter will be stored until you withdraw your consent.
6.5 Direct marketing for similar products or services (see point 3.5 above)
Your Data will be stored for these purposes until you either request us to stop receiving such communications from us or until a correspondingly relevant and appropriate relationship no longer exists for other reasons.


7. DATA SECURITY

The transmission of information over the internet is, unfortunately, never completely secure. However, we protect our Website against data breaches through appropriate technical and organisational measures. In particular, data in our Website is transmitted in encrypted form. For such purposes, we use the cryptographic protocol SSL (Secure Sockets Layer).


8. YOUR RIGHTS UNDER THE GDPR

We are required to mention the following rights under the GDPR:
(a) Access:
Subject to the conditions of Article 15 GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Where this is the case, you have the right to obtain the information listed in the said provision and a copy of Your Data.
(b) Rectification:
Subject to the conditions of Article 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate data and to have incomplete data completed.
(c) Erasure:
Subject to the conditions of Article 17 GDPR, you have the right to obtain from us the erasure of Your Data without undue delay. Such “right to be forgotten” shall not apply to the extent that processing is necessary, for example, for the establishment, exercise or defence of legal claims.
(d) Restriction:
Subject to the conditions of Article 18 GDPR, you have the right to obtain from us restriction of processing where one of the prerequisites set forth in the said provision are met. Such a prerequisite is met, for example, where you contest the accuracy of Your Data. In this case, restriction can be obtained for a period enabling us to verify the accuracy of the data.
(e) Data portability:
Subject to the conditions of Article 20 GDPR, you have the right to receive Your Data in a structured, commonly used and machine-readable format and to have them transmitted directly to another controller, where technically feasible.
(f) Objection:
Where Your Data is processed based on our legitimate interests (Article 6(1)(f) GDPR) and subject to the conditions of Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of Your Data. Where the legal requirements are met, we will then no longer process Your Data.
You can exercise these rights by sending us a relevant e-mail to privacy@vitalisdrjoseph.com. Please note, however, that further restrictions and possibly an exclusion of these rights may result from the GDPR itself.
Moreover, and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of Your Data infringes the GDPR (Article 77 GDPR).
The lead supervisory authority competent for us is:
Garante per la protezione dei dati personali
Piazza Venezia n. 11
00187 Roma
https://www.garanteprivacy.it/


9. CHANGES TO THIS NOTICE

We may change this notice at any time with effect for the future. This may occur, for example, as a result of the further development of data protection law (also in light of new court rulings) or a change in our processing activities.


Version: 29.07.2020