Select Store
en en
  • Compare Products
My Cart
Go to Home PageGo to Home Page

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

Art. 13 of EU Regulation 2016/679
General Data Protection Regulation

 

In accordance with Regulation (EU) 2016/679 (“GDPR”), this information notice describes the methods of processing the personal data of users who browse the Enervit S.p.A. website and make use of the services offered.

1. Data Controller and Data Protection Officer (DPO)

The Data Controller is Enervit S.p.A. (hereinafter also the “Company”), with registered office in Viale Achille Papa, 30 - 20149 Milan (MI), VAT no.: 02375690134. For any matter relating to the processing of your personal data, you may contact the Data Controller at the following email address: privacy@enervit.it

The Data Controller has appointed a Data Protection Officer (DPO), who may be contacted at the following email address: dpo@enervit.it.

2. Types of Data Processed

Enervit S.p.A. processes the following categories of personal data:

  • Browsing data: The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature may, through processing and association with data held by third parties, allow users to be identified.
  • Data voluntarily provided by the user:
    • For the management of purchases: Personal details (first name, last name), email address, telephone number, shipping and billing address, tax data (tax code or VAT number) for the request of an invoice;
    • For the creation of a personal account: First name, last name, email address, telephone number, gender, date of birth, password, as well as information relating to your interests (e.g. Sport, Fitness & Active Nutrition, Balance & Wellness Nutrition, Diet Nutrition);
    • For subscription to newsletter services: Email address;
    • For registration and participation in webinars and events: Personal and contact details required in the specific registration form;
    • Data relating to purchases: Information on orders placed, products purchased and consumption preferences.

3. Purposes of Processing, Legal Basis and Data Retention Period

Your personal data will be processed for the following purposes:

privacy_policy_table_ENG

 

4. Nature of the Provision of Data

The provision of data for the purposes referred to in points A, B, C and F is necessary in order to make use of the requested services and to fulfil contractual and legal obligations. Failure to provide such data will result in the impossibility for Enervit S.p.A. to follow up on your requests.

The provision of data for Direct Marketing (D) and Profiling (E) purposes is optional and subject to your explicit consent. Failure to give consent will not in any way affect the possibility of creating an account, purchasing products or using the other services offered.

 

5. Methods of Processing

The processing of personal data is carried out by the Data Controller in compliance with the provisions of the applicable privacy legislation. The Data Controller processes personal data by means of IT and/or telematic tools and with organisational and logical methods strictly related to the achievement of the purposes indicated in this information notice, as well as by adopting appropriate security measures in order to prevent unauthorised access, disclosure, modification or destruction of personal data, their loss and their unlawful and improper use (pursuant to Art. 32 of the GDPR). However, the Company cannot guarantee to its users that the measures adopted for the security of the website, the transmission of data and the information on the website are able to limit or exclude any risk of unauthorised access or data dispersion by devices belonging to the user. For this reason, users of the website are advised to ensure that their computer is equipped with adequate software to protect network data transmission (for example, updated antivirus software) and that their Internet Service Provider has adopted appropriate measures for the security of data transmission over the network. The Company also undertakes to process data according to the principles of fairness, lawfulness and transparency, to collect them to the extent necessary and accurate for processing, and to allow their use only by personnel authorised for that purpose.

In relation to the different purposes for which they are collected, personal data will be retained for the time strictly necessary to achieve such purposes and, in any case, in accordance with the applicable legal and regulatory provisions.

In any case, the Company will take care to avoid the use of data for an indefinite period by periodically verifying compliance with the applicable legislation and the actual persistence of the data subject’s interest to which they relate.

 

6. Data Recipients

Your personal data may be communicated to:

  • employees/collaborators of the Company on the basis of adequate operational instructions provided (for example, administrative, sales, marketing, legal staff, system administrators, etc.), appointed as persons authorised to process data pursuant to Art. 29 of the GDPR and Art. 2-quaterdecies of Legislative Decree 196/2003;
  • third parties – appointed as External Data Processors pursuant to Art. 28 of the GDPR – whom the Data Controller uses or may use in the context of managing the contractual relationship, providing the services offered and for technical/organisational needs of its business;
  • public and private entities that may access the data by virtue of a legal provision, regulation or EU legislation, within the limits provided by such rules;
  • entities that need to access the data for purposes connected to the contractual relationship between the parties, within the limits strictly necessary to carry out ancillary tasks (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, postal couriers and shipping companies);
  • collaborators and/or consultants, within the limits necessary to perform their professional assignment.

The data will not be transferred to third parties for their own independent marketing purposes without your specific consent. The complete list of Data Processors is available upon request from the Data Controller.

 

7. Transfer of Data Abroad

If personal data are transferred outside the European Economic Area (EEA), the Data Controller ensures that the transfer will take place in compliance with the applicable legal provisions, entering into, where necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

 

8. Data Subject’s Rights

As a data subject, you may exercise at any time the rights provided for by Articles 15–22 of the GDPR, including:

  • Right of access (Art. 15): Obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access the data and information relating to the processing.
  • Right to rectification (Art. 16): Obtain the correction of inaccurate personal data without undue delay.
  • Right to erasure (“right to be forgotten”, Art. 17): Obtain the deletion of your personal data.
  • Right to restriction of processing (Art. 18): Obtain the restriction of processing in certain cases.
  • Right to data portability (Art. 20): Receive, in a structured, commonly used and machine-readable format, the personal data concerning you and transmit them to another controller.
  • Right to object (Art. 21): Object at any time to the processing of your data for direct marketing and profiling purposes.
  • Right to withdraw consent (Art. 7): Withdraw consent given at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You may exercise these rights by:

  1. Accessing your personal area on the website (“My account”), where you can manage your data and privacy consents;
  2. Sending a written communication to the email address privacy@enervit.it or contacting the DPO at dpo@enervit.it.

You also have the right to lodge a complaint with the competent supervisory authority, which for Italy is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) (www.garanteprivacy.it).

 

9. Changes to this Information Notice

The Data Controller reserves the right to amend and update this information notice. Any changes will be made known to users through publication on the website. Users are advised to periodically consult this section to check the most up-to-date version.