This information (hereinafter, “Privacy Policy”) is related to the processing of your personal data while browsing the website www.respiraskincare.com (hereinafter, the “Sito”) carried out by Italian Monster Company Pte Ltd, with registered office in Singapore – 60 Paya Lebar Road #07-54 409051, email info@respiraskincare.com (hereinafter, the “Holder”), in compliance with the current regulations on the protection of personal data, including EU Regulation 2016/679 (“GDPR”).
1. Contact details of the data protection officer
The Data Controller has appointed a Data Protection Officer (“DPO”) pursuant to art. 37 GDPR. The DPO can be contacted at the following email address: info@respiraskincare.com
2. Means of treatment
To complete the connection to the Site, some of your personal data is acquired. This set of data includes, for example:
– the IP address of the device you use;
– the date and time of access;
– the type of navigation browser;
– the operating system used.
3. Purpose of processing, legal basis of processing and optional consent
Your personal data will be processed for the following purposes:
Personal data processed while browsing the site: in this circumstance your personal data will be processed in order to allow you to correctly navigate the Site. For this purpose, the communication of your personal data is a contractual obligation, without which the Site's services could not be made available correctly. In the absence of communication of personal data, the Data Controller will not be able to provide you with the Site's services.
Personal data provided voluntarily via email or form (modules): in this circumstance your data will be processed by the Data Controller to follow up on your requests voluntarily formulated via form and/or email. The communication of your personal data for this purpose is purely optional. The legal basis of this processing is the legitimate interest of the Data Controller in following up and responding to your requests. In the absence of communication of personal data, the Data Controller will not be able to respond to the requests.
Personal data processed for sending commercial communications: in this circumstance your personal data will be processed in order to send you direct marketing communications, newsletters, advertising material, by means of traditional contact systems and automated computer systems, including commercial or promotional communications by email or SMS, or for market research and analysis. The communication of your personal data for this purpose is purely optional. The legal basis of this processing is your explicit consent to the processing of your personal data for this purpose. In the absence of your consent, the Data Controller will not proceed with sending commercial communications.
Personal data processed for profiling: in this circumstance your personal data will be processed for activities of determining your habits and preferences with profiling treatments, to provide you with a personalized service. The communication of your personal data for this purpose is purely optional. The legal basis of this processing is your explicit consent to the processing of your personal data for this purpose. In the absence of your consent, the Data Controller will not be able to provide you with personalized services.
Personal data processed for legal obligations: in such circumstance your personal data will be processed for purposes related to relevant legal obligations. The legal basis of the processing is the legal obligation of the Data Controller to process personal data in accordance with applicable law.
4. Automated decision-making and profiling
If you consent to the processing of personal data to benefit from personalized services through profiling, the personal data may be subject to an automated decision-making process, with a specific algorithm that will decide which communications are best suited to your profile or which may be of greatest interest to you. The processing carried out in this way has, as expected consequences, for example, the sending of highly profiled commercial communications, the sending of discounts, the sending of invitations to events deemed to be of interest, etc. In accordance with Article 22 GDPR, you have the right to:
– obtain human intervention in the decision-making process by the Data Controller;
– express your opinion;
– obtain an explanation of the decision reached by the Data Controller;
– challenge the decision itself.
5. Source from which the personal data originate
Only personal data provided in accordance with the Privacy Policy will be processed. The Data Controller will not process personal data from publicly accessible sources.
6. Recipients and categories of recipients of personal data
The following may be recipients of personal data:
– communications companies that carry out commercial communication and profiling activities on behalf of the Data Controller, if the relevant consent has been expressed, which have the qualification of data controllers;
– companies offering information society services, including, in particular, those offering hosting services;
– companies that carry out statistical and market research, if the relevant consent has been expressed.
7. Categories of personal data processed
In accordance with this Privacy Policy, the following categories of personal data will be processed:
– the navigation data necessary to complete your connection to the Site in accordance with the relevant purpose referred to in point 3;
– the personal and contact details provided by you via email and/or form in accordance with the relevant purpose referred to in point 3;
– contact details and any other information provided by you to receive commercial communications in accordance with the relevant purpose referred to in point 3;
– personal data relating to your habits and preferences collected through profiling mechanisms in order to provide you with personalized services in accordance with the relevant purpose referred to in point 3;
– personal data necessary to fulfill specific regulatory obligations in accordance with the relevant purpose referred to in point 3.
8. Data Transfer
The Data Controller intends to transfer personal data to subjects established in a third country to the European Union or to an international organization. Such subjects could be represented, by way of example, by:
– communications companies that carry out communication activities on behalf of the Data Controller;
– communication company service providers.
The transfer of personal data to such subjects, if established in a third country or an international organization, is carried out in the presence of an adequacy decision by the European Commission, which has verified that the third country, the territory or one or more specific sectors within the third country, or the international organization in question guarantee an adequate level of protection of rights. In any case, the Data Controller, if it deems it appropriate, reserves the right to conclude specific separate agreements that oblige such subjects to adopt adequate security measures, including organizational ones, aimed at offering appropriate guarantees for your rights. To obtain a copy of such data or the place where they have been made available, simply send the relevant request to the Data Controller, at the addresses indicated above.
9. Period of retention of personal data
In relation to personal data processed in accordance with this Privacy Policy, the Data Controller adopts the following retention periods:
– the navigation data necessary to complete your connection to the Site will be stored for 6 months starting from the moment the browsing session is closed;
– the personal and contact details provided by you via email and/or form will be stored for the time strictly necessary to follow up only and exclusively on your requests;
– contact details and any other data provided by you to receive commercial communications will be processed and stored until you revoke the consent previously provided for this type of processing. The Data Controller, once the request has been handled, will proceed without unjustified delay to delete all your personal data relating to this processing;
– personal data relating to your habits and preferences collected through profiling mechanisms will be processed and stored until you revoke the consent previously provided for this type of processing. The Data Controller, once the request has been handled, will proceed without unjustified delay to delete all your personal data relating to this processing;
– personal data necessary to fulfill specific regulatory obligations will be stored in compliance with the relevant legal provisions.
10. Right to object
As an interested party, you have the right to object under the following terms:
– the right to object at any time, for reasons related to your particular situation, to the processing of Personal Data concerning you pursuant to Article 6, paragraph 1, letters e) or f) of the GDPR. The Data Controller shall refrain from further processing your personal data, unless the Data Controller demonstrates the existence of compelling legitimate grounds for the processing that prevail over your interests, rights and freedoms or for the establishment, exercise or defense of a right in court;
– where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing;
– in case of opposition to the processing for direct marketing purposes, the personal data will no longer be processed for such purposes. You may oppose the processing of your personal data for direct marketing purposes even only in part, for example by opposing only the sending of promotional communications carried out through automated and/or digital tools, or the sending of paper communications and/or the receipt of telephone communications;
– where your personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89, paragraph 1 of the GDPR, you have the right to object, on grounds relating to your particular situation, to the processing of personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
11. Other rights
The Data Controller also wishes to inform you of the existence of the following rights:
– Right of access: you have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed and to access your personal data and specific information, in accordance with Article 15 of the GDPR;
– Right to rectification: you have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, including by providing a supplementary statement, in accordance with Article 16 of the GDPR;
– Right to erasure of data, including the right to withdraw consent: you have the right to obtain from the Data Controller the erasure of your personal data without undue delay or to withdraw consent to the processing, if the reasons defined in Article 17 of the GDPR exist. You have the right to withdraw consent at any time, without prejudice to the lawfulness of the processing based on the consent given by you before the withdrawal;
– Right to restriction of processing: you have the right to obtain from the Data Controller the limitation of processing, when the hypotheses defined by Article 18 of the GDPR apply;
– Right to data portability: you have the right to receive in a structured, commonly used and machine-readable format, your personal data provided to the Data Controller and you have the right to transmit them to another Data Controller without impediments from the Data Controller indicated in this Privacy Policy, as provided for by Article 20 of the GDPR;
– Right of opposition of the contractor to commercial communications: as a contractor, you have the right to object at any time, free of charge, to receiving commercial communications from the Data Controller;
– Right to lodge a complaint with the Guarantor Authority: you have the right to lodge a complaint with the Data Protection Authority, to complain about a violation of the regulations on the protection of personal data, in accordance with Article 77 of the GDPR.
12. How to exercise your rights
You may exercise the rights indicated in the Privacy Policy by addressing requests directly to the Data Controller at the email address info@respiraskincare.com You may also lodge a complaint with the Authority for the Protection of Personal Data according to the methods provided on the official website, addressing it to the contact details available at the address https://www.garanteprivacy.it/web/garante-privacy-en/home_en
13. Accessibility of the Privacy Policy
The Privacy Policy is available on the Website.
14. Changes
The Owner may modify the Privacy Policy, also to adapt to changes in national and/or European Union legislation, or to technological innovations. Any new versions of the Privacy Policy will be reported on the Site. We invite you to periodically check the Privacy Policy. Any modification will be communicated to you through a pop-up on the Site or different methods and/or IT tools.
If the Data Controller substantially modifies the Privacy Policy, providing for new processing purposes and/or categories of personal data processed, the same will inform you, requesting the necessary consents, via a pop-up on the site or different methods and/or IT tools.