As required by the General Data Protection Regulation of the European Union (GDPR 2016/679, Article 13), before proceeding with the processing, the Data Subject (user of the website www.doctorgskincare.com) is informed that the personal data collected through the website are processed by the Company using computer and/or telematic tools, for the purposes indicated in this notice.
The Data Controller for the processing of personal data is TREELON SRL, with registered office in Rome, Via di Vigna Stelluti, No. 150, 00191, Tax Code/VAT Number 16541301004, contactable at the following email address: firstname.lastname@example.org
Information about the processing
The personal data subject to processing are collected directly by DOCTOR G or by third parties expressly authorized by it, or they are communicated by the Company to such third parties for the pursuit of the purposes described below.
Legal basis and purposes of the processing
The personal data provided by the user when browsing the website www.doctorgskincare.com are processed by the Data Controller in accordance with the current regulations on the protection of personal data.
The legal basis for the processing is the provision of the Company's services, the management and facilitation of the website, as well as the establishment, execution, and possible resolution of the online sales contract concluded between the parties and the obligations connected to the same contract, directly and/or indirectly arising therefrom.
The processing of personal data by DOCTOR G is aimed at pursuing the following purposes:
1) SUBSCRIPTION TO DOCTORGSKINCARE.COM NEWSLETTER: In the event that the user decides to subscribe to the "DOCTOR G Newsletter," only after obtaining specific and optional consent, the personal data will be processed by the Data Controller for the purpose of sending commercial or promotional communications, updates related to, for example, the latest trends, new arrivals, exclusive offers, special events, and promotions. To unsubscribe from the newsletter, it is sufficient to click on the appropriate unsubscribe link at the bottom of the received emails or write to the address email@example.com
To compare and potentially improve the results of the communications, the Data Controller uses systems for sending newsletters and promotional communications equipped with a reporting mechanism, through which the Data Controller may know, for example: the number of readers, openings, and clicks; the type of device used to read the communication (desktop, mobile); the number of users pending confirmation of subscription; the number of emails sent by date/time/minute; the breakdown of emails delivered compared to those sent; the list of unsubscribed users from the newsletter; email openings and clicks on individual links; issues with message display; link tracking (i.e., the number of clicks on message links); click tracking (which links were clicked). All this data is used to compare and potentially improve the results of communications.
2) REGISTRATION ON DOCTORGSKINCARE.COM: In the event that the user decides to register on the doctorgskincare.com website, only after obtaining specific and optional consent, the personal data will be processed by the Data Controller for the purpose of registering on doctorgskincare.com. In particular, upon providing their name, surname, email address, and setting a login password, this information will be processed for the creation of a personal account, to expedite the purchasing process, allow the user to view order statuses and receive updates on purchases made, set and modify personal data and any "Preferences" that enhance navigation, update the account, view return history and merchandise exchange requests, save favorite items in the Wishlist.
3) ONLINE SHOPPING ACTIVITY: The personal data provided will be used for the establishment, management, execution, and/or conclusion of the online sales contract. The data provided will be processed by the Data Controller for the management of the purchase order, including, but not limited to, payment activities, shipping, handling any returns, customer assistance, administrative-accounting purposes related to order management, compliance with obligations under applicable regulations. In the case of credit card payment, the essential information for transaction execution (credit card holder, credit/debit card number, expiration date, security code) will be processed by Paypal - Stripe or, if applicable, by companies responsible for fraud control through encrypted protocol without any third parties having access to it. However, such information will never be displayed or stored by the seller (TREELON SRL).
4) PROFILING OF INDIVIDUALS: Only after obtaining specific and optional consent, the personal data provided may be processed by the Data Controller for profiling activities, i.e., analysis of preferences aimed at creating personalized content and offers.
Nature of the processing
With regard to the purposes mentioned in point 1) of the previous paragraph, the provision of personal data and consent to their processing is optional. The possible failure to provide consent will result in DOCTOR G being unable to allow newsletter subscription or send commercial or promotional communications, updates related to the latest trends, new arrivals, exclusive offers, special events, and promotions.
With regard to the purposes mentioned in point 2) of the previous paragraph, the provision of personal data and consent to their processing is mandatory. The possible failure to provide consent will result in DOCTOR G being unable to allow registration on doctorgskincare.com, the creation of a personal account, acceleration of the purchasing process, viewing order status and receiving updates on purchases made, modifying personal settings and updating the account, viewing return history and merchandise exchange requests, and saving favorite items in the Wishlist.
With regard to the purposes mentioned in point 3) of the previous paragraph, the provision of personal data and consent to their processing is mandatory. The possible failure to provide consent will result in DOCTOR G being unable to establish, manage, execute, and/or conclude the online sales contract, thus preventing activities related to payment, shipping, handling of returns, customer support, administrative and accounting purposes related to order management, and compliance with legal obligations.
With regard to the purposes mentioned in point 4) of the previous paragraph, the provision of personal data and consent to their processing is optional.
The possible failure to provide consent will result in DOCTOR G being unable to perform profiling activities, such as analyzing preferences to create personalized content and offers.
Processed personal data
The personal data processed by the Data Controller are those provided by the user during navigation on the website www.doctorgskincare.com, during registration on doctorgskincare.com, and/or during the purchase of products provided by DOCTOR G. These may include, for example, name, surname, email address, as well as data necessary for the provision of online sales services, such as those required for payment execution and shipping/product exchange.
Data Processing and Storage Methods
The processing of personal data is carried out by the Data Controller in compliance with the current privacy legislation. The Data Controller processes personal data using computer and/or telematic tools and with organizational and logical methods strictly related to the purposes indicated in this information notice. Appropriate security measures are also adopted to prevent unauthorized access, disclosure, alteration, or destruction of personal data, as well as unauthorized and incorrect use. However, the Company cannot guarantee its users that the measures taken to secure the website and the transmission of data and information on the site are able to limit or exclude any risk of unauthorized access or data dispersion by devices belonging to the user. For this reason, it is recommended that users of the website ensure that their computer is equipped with suitable software for the protection of data transmission over the network (e.g., updated antivirus) and that their Internet Service Provider has adopted appropriate measures for the security of data transmission over the network. The Company also undertakes to treat data in accordance with the principles of fairness, lawfulness, and transparency, to collect them to the extent necessary and accurate for processing, and to allow their use only by authorized personnel. The management and storage of acquired personal data will take place in archives or on servers located within the European Union, owned by the Data Controller and/or third-party companies appointed as External Data Processors and currently located in Italy.
With regard to the various purposes for which they are collected, personal data will be kept for the time strictly necessary to achieve those purposes and, in any case, in accordance with the current legal provisions.
In any case, the Company will take care to avoid the indefinite use of data by periodically verifying the continued interest of the data subject.
Recipients and Data Processors
The collected data will not be disclosed in any way, but will be processed within the limits and for the purposes described by the Company's employees based on appropriate operational instructions (e.g., administrative, commercial, marketing, legal, system administrators, etc.). Some data processing may also be carried out by third parties appointed as External Data Processors, whom the Data Controller may use or may use in the context of managing the contractual relationship, providing the services offered, and for organizational needs of its activity. In particular, the data may be communicated to:
a) subjects, public and private, who can access the data under the provisions of law, regulation, or European legislation, within the limits provided by these norms;
b) subjects who need to access the data for purposes connected to the existing contractual relationship between the parties, within the strictly necessary limits for the performance of ancillary tasks (such as banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, postal couriers, and shipping companies);
c) consultants, within the limits necessary for the performance of their professional duties.
The up-to-date list of External Data Processors and authorized persons is kept at the Data Controller's office and is available to the data subject upon request by email to firstname.lastname@example.org.
Data Transfer Abroad
Personal data is not transferred outside the territory of the European Union.
Rights of Data Subjects
As a Data Subject, you have the right to exercise, at any time, the rights provided for in Articles 15, 16, 17, 18, 20, and 21 of the GDPR, which include the following:
a) Obtain from the Data Controller, according to Article 15, confirmation of whether or not personal data concerning you is being processed and, if so, access to the data and information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly if they are recipients in third countries or international organizations; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
b) Obtain from the Data Controller, according to Article 16, the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement;
c) Obtain from the Data Controller, according to Article 17, the erasure of personal data concerning you without undue delay. The Data Controller has the obligation to erase personal data without undue delay if one of the reasons listed in paragraph 1 of Article 17 applies;
d) Obtain from the Data Controller, according to Article 18, the restriction of processing where one of the conditions set out in paragraph 1 of Article 18 applies;
e) Obtain from the Data Controller, according to Article 20, the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another Data Controller without hindrance, where the conditions set out in Article 20(1) are met. Furthermore, you have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible;
f) Object, in whole or in part, according to Article 21, to the processing of personal data concerning you.
To exercise your rights, you can send your requests to email@example.com.
Please note that you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal, without prejudice to the consequences described above regarding a possible refusal to provide such personal data. You also have the right to lodge a complaint with a Supervisory Authority.
You can make requests regarding the exercise of these rights by contacting the following address: firstname.lastname@example.org
TREELON SRL undertakes to respond to the requests of the Data Subject within one month, except in cases of particular complexity where it may take up to three months. In any case, the Data Controller will provide the Data Subject with an explanation of the delay within one month of the request. The outcome of the request will be provided in writing or in electronic format. In the case of a request for rectification, erasure, or restriction of processing, the Data Controller undertakes to communicate the outcomes of the requests received from the Data Subject to each recipient of the data, unless this proves impossible or involves disproportionate effort.
The Company specifies that the Data Subject may be asked to provide a reasonable fee if the requests are manifestly unfounded, excessive, or repetitive.