Notice concerning the processing of Personal Data (Art. 13 of the GDPR)

In compliance with the provisions of EU Regulation No. 2016/679 (“GDPR”), we inform you that the personal data provided by you and obtained by our company will be processed in accordance with the principles of correctness, lawfulness and transparency, in compliance with current regulations. Therefore, pursuant to Art. 13 of the above-mentioned GDPR, we are providing you with the following information.

1 Identity and contact details of the data controller

1.1 The Data Controller is Bios Line S.p.A., with registered office in Ponte San Nicolò (PD), Viale Finlandia No. 4, VAT No. 02501890285.
E-mail: privacy-gdpr@biosline.com, certified email address: pec@pec.biosline.com.

1.2 According to art. 37 of the GDPR 679/2016, the Data Controller has appointed a Personal Data Protection Officer, who can be contacted by e-mail at the following address: privacy-gdpr@biosline.com.

2 Purpose of processing

Your personal data are processed:

  1. without obtaining your consent, for the following purposes:
    • for fulfilment of obligations which must be fulfilled prior to conclusion of the contract, for contractual obligations and fiscal obligations arising from existing relations with you;
    • for fulfilment of obligations provided for by law, regulation, Community legislation or an order of the Authorities;
    • for exercising the rights of the Data Controller, such as the right to defence in court;
  2. 2. only with your specific and explicit consent, for the following purposes:
    • Marketing: for sending newsletters and/or advertising and promotional material and/or communications relating to products or services offered by the Data Controller and for surveying your satisfaction with the quality of the services provided;
    • Support: to the Client/Consumer asking for advice, suggestions, recommendations and/or personalized pieces of information concerning products and their use.

3 Legal basis of processing

The legal basis of processing is the fulfilment of obligations which must be fulfilled prior to conclusion of the contract and/or fulfilment of contractual obligations.
With reference to the specific marketing purpose referred to in Art. 2, point B) above, the legal basis of the processing is the specific consent given by you.

4 Recipients or categories of recipients of your personal data

The personal data collected may be disclosed by us to employees and collaborators of the Data Controller, in their capacity as authorised data processors, and to the third parties indicated below:

  • accounting, fiscal and legal consultants;
  • banking institutions;
  • public bodies, judicial and financial authorities;
  • agents and/or representatives;
  • platform suppliers and suppliers of material dispatch service;
  • manufacturers and suppliers of the marketed products;
  • suppliers of promotional/advertising services (for Marketing activities).

5 Intention of the data controller to transfer your personal data to a third country or an international organisation

The Data Controller does not intend to transfer the data collected to a third country or to an international organisation.

In addition, the data controller is providing the data subject with the following further information necessary to ensure fair and transparent processing.

6 storage period of the personal data collected

The data collected will be stored as follows.
Data necessary for the purposes of the relationship prior to commencement of the contract: for the time strictly necessary for the conclusion of the contractual relationship and, in any case, for a period of time not exceeding one year after collection.
Data necessary for the performance of the contractual relationship: for the whole term of the contractual relationship and any warranty obligations required by law and/or the contract.
Accounting records, invoices and correspondence: ten years, as required by law.
Data required for marketing purposes: for the duration of the contractual relationship, if existing, or, in the absence of a contractual relationship, for one year from the date on which you gave consent for processing for marketing purposes and, in any case, until withdrawal of consent. Any longer storage periods remain unaffected, in the event that they are required due to legal, accounting and/or fiscal obligations.
After the storage period, as described above, the data you have provided will be erased.

7 Rights of the data subject

Data subjects have the right to:

  • access, rectify, erase, limit and object to processing of data;
  • to obtain the data without impediment from the data controller in a structured format, commonly used and legible by an automatic device in order to send them to another data controller;
  • to withdraw his/her consent although data processing operations carried out based on consent given prior to the revocation shall be legitimate;
  • to lodge a complaint with the Italian Data Protection Supervisor.

The above rights may be exercised by sending a request by email to the following address: privacy-gdpr@biosline.com.

8 Nature of Data Provision

The provision of personal data by the data subject, for the purposes referred to in point 2. A) is necessary, as failure to provide the data prevents the existence of a legal relationship and processing of your data.
On the other hand, providing personal data for the purposes referred to in point 2. B) is optional. You may therefore decide not to comply with the request.

9 Automated decision-making processes including profiling

The data provided will not be processed by automated decision-making processes, including profiling.

10 Processing methods

Processing shall be carried out both with manual and computerised (including portable devices) tools, with logics of organisation and processing strictly related to the same purposes and, in any case, in order to ensure the security, integrity and confidentiality of the data itself, in accordance with the organisational, physical and logical measures envisaged by the provisions in force.
Processing is carried out by the data controller and by the persons in charge, authorised by the data controller.