FREE EXPRESS SHIPPING ON ORDERS OVER $75 | OR FIND A STOCKIST NEAR YOU
PRIVACY POLICY
The new European regulation on the protection of personal data, commonly known as GDPR and in detail European Regulation 2016/679, is applicable in the EU from 25 May 2018. The main goal of the new regulation is to guarantee that the “personal data" of individuals is managed correctly and not used for purposes other than those duly justified.
Antica Erboristeria S.p.A. only uses information about you that is necessary to facilitate contact in progress between the customer and Antica Erboristeria S.p.A., for the commercial relationship with your company. We generally have information on the name and contact details, such as e-mail address, phone number, etc., and do not acquire or keep information that could be considered “sensitive"?.
Antica Erboristeria S.p.A. will use the related information for routine purposes, as part of commercial relations with your company, for example ordinary communication related to our products or services, including marketing information and communications, or invitations to certain events or general information on Antica Erboristeria S.p.A.
If you would like us to, we would be delighted to provide the customer with more information on what data Antica Erboristeria S.p.A. is holding and how they are used. In any case, the customer has the right to ask Antica Erboristeria S.p.A. to correct inaccurate data or erase them if not needed. He/she also has the right to object to receiving information by e-mail or in other ways, for example advertising material.
Rights granted by the regulation include you being able to ask for data to be erased, exercising your right to be forgotten. Once the request has been made, it will be examined by our staff so that we may complete the data erasure process.
With reference to what is set forth in Italian Legislative Decree 196/2003 “Personal data protection code"?, and EU Regulation 2016/679, in particular related to Articles 12 and 13, we would like to inform you that your personal data will be processed pursuant to the rules and regulations in force.
Antica Erboristeria S.p.A. with registered office at Fara in Sabina (Rieti) at SR 313 Km 2.8, continuously undertakes to adopt technical and organisational solutions to guarantee high standards of lawfulness, security and protection in the processing of personal data. It implements the requirements of the General Data Protection Regulation of the European Union (hereinafter "GDPR", acronym for General Data Protection Regulation) and other legal provisions including, in particular, those in the personal data protection code (hereinafter "Privacy Code" or "Code").
1. Who is the data controller?
Antica Erboristeria S.p.A with registered office at Fara in Sabina (Rieti) at SR 313 Km 2.8 is the controller of the processing of your personal data according to the GDPR and the Code.
2. What data do we process? Personal data are any type of information related to an identified or identifiable individual.
Data provided by you: all the data you provided to request the purchase/sale of goods and/or supply of a service. As an example that data could be: your name and surname, your contact details (including address, phone number and e-mail address), profession, date and place of birth, tax code. Providing that information, if required by the contract or essential for executing it, is a necessary requirement to finalise the Contract; not providing those data could make it impossible to finalise the Contract and/or for www.herbatint.com to provide the relative services and products.
www.herbatint.com does not acquire and does not process personal data categories such as, for example, information that reveals your racial origin, your political opinions, your religious or philosophical convictions.
3. On what legal bases and based on what laws will we process your data?
Personal data are any type of information related to an identified or identifiable individual. We will process your Data solely where permitted by the applicable laws. More specifically, we will process your Data based on Art. 6 and 9 GDPR and based on consent pursuant to Art. 7 GDPR, and in compliance with the corresponding Code regulations:
• Consent Art. 6(1) paragraph 1(a), Art. 7 GDPR): we will process certain Data solely with your prior, free, specific consent. You are free to revoke the consent given at any time, with future effects.
• Execution of a contract: in order to finalise and execute the contract requested we need access to and have to process certain Data.
• Compliance with a legal obligation Art. 6(1) paragraph 1(c) GDPR): in order to guarantee conformity with those provisions we need to process certain Data.
4. For what purposes are your Data processed?
We will only process your data for purposes permitted by data protection rules and regulations, such as: a) purposes that have your prior approval; b) processing data to execute the contract; c) execution of pre-contractual measures on your request; d) fulfilment of legal obligations we are subjected to; e) to safeguard our legitimate interests or the legitimate interests of third parties, except when your interests prevail over them; f) to ascertain, exercise or defend a right or legal claim; g) for relevant reasons of public interest; h) marketing and advertising, in particular direct marketing activities.
Amongst other things, we will process your Data for specific purposes, listed below as an example:
- for purposes related to the Contract: especially to execute the Contract you stipulated;
- contact you in relation to the Contract and to manage it;
- Customer service: to offer you a valid customer service, we will process your Data regularly, so that we may, for example, provide you with complete advice. Moreover, solely to improve the quality of the customer care and personnel training processes, we may process your personal data collected through sample registration of phone calls, in compliance with privacy regulations and the provisions of the Authority for the protection of personal data.
- management of requests for legal guarantees, product conformity, assistance, requests to withdraw, management and termination of the Contract;
- transfer of data to third parties solely to manage the request if made in the “remote"? mode through video, internet and solely for the personal Data requested of operators of the platforms used for these procedures.
Processing of your data subject to Consent: in the following cases we will process your data solely if you have specifically consented for:
i) Market surveys, possibly based on profiling activities: we conduct market surveys on the interests of our customers, to make them interesting, targeted offers. This includes, for example, studies of customer satisfaction with our services. Related to market surveys, we only process – whenever possible – anonymised, aggregated data. However, for those activities we may process your personal data.
ii) Advertising and marketing: if you previously consented, we will process your Data to inform you of any offer that could be of interest to you and will contact you using the communication channels specifically authorised by you. The promotional and marketing activities (including taking part in competitions and prize-competitions) in question could be performed by phone, sending an SMS, email. Naturally, you may object to processing for those purposes at any time.
Besides the above, www.herbatint.com may process your data to comply with legal obligations. Therefore, to comply with any legal regulation or provision that we intend to and must comply with or for the security of Data for indispensable measures to ensure the security of your and your company’s data against external attacks and/or to prevent external attacks. Also to comply with legal obligations imposed on us and/or to prevent fraud or in a dispute. Lastly, for obligatory fiscal, accounting and administrative purposes, always in compliance with the laws in force.
In some cases, certain functionalities of the website and/or the www.herbatint.com application and/or of certain promotions and/or operations may be limited for subjects who are under the age indicated in the website www.herbatint.com and/or established by the laws in force. In those cases specific additional consent could be required to use certain services and/or functionalities.
Lastly, www.herbatint.com may process your data to safeguard the legitimate interests of Antica Erboristeria S.p.A. itself, except in case where your interests should prevail. That is done with controls on sales to improve services provided and in an aggregated, anonymous form without your identity being indicated; or for studies to improve products and services and our procedures.
5. For how long will your data be processed?
As specifically set forth in Art. 5, paragraph 1, letter e) of the GDPR, we will only store your data for the time needed to process them for the processing purposes required. If the Data need to be processed for several purposes, they will be erased automatically or saved in a format that does not enable reaching any direct conclusion on your identity, as soon as the last specific purpose has been fulfilled. So that all your Data have been erased or been made anonymous in line with the data minimisation principle and in compliance with Art. 5, paragraph 1, letter e) of the GDPR.
Indicatively, your data will be stored for the following periods: - fiscal/administrative obligations: 10 years; - regulatory obligations related to the product guarantee: 28 months; - contractual obligations for additional after-sales services: from 36 to 78 months based on the service chosen.
6) How are your data protected?
www.herbatint.com will process your personal data based on the data processing security obligations pursuant to Art. 32 GDPR. In order to guarantee an adequate Data protection level to prevent the risk of the data being used improperly or illegally, technical and organisational measures have been implemented that comply with internationally recognised IT standards; those measures are checked continuously.
7) Who will your data be shared with?
Your data may be shared with third parties such as:
• persons belonging to www.herbatint.com
• external third parties to the extent to which that is needed or opportune to achieve the purposes in points 3 and 4; or external third parties when that is needed for any legal obligations related to information and reporting. In particular, those third parties are external service suppliers including IT services, external consultants or collaborators, in the following contexts:
- bagging, sorting and transmitting communications to customers, and the filing and electronic storage of data;
- supply and management of administrative procedures and information systems, communication networks and protection and security systems;
- customer assistance activities (also with call centre, help desk);
- financial statement evaluation, auditing and certification activities;
- commercial information performed by external companies with legal authorisations in compliance with the laws in force, organisation of events and advertising campaigns, measurement of the quality level of products and services, market surveys;
- professional consultancy and assistance.
www.herbatint.com will appoint all the above subjects as Processors, when the related conditions are met and, in any case, will bind those third parties to maintaining the confidentiality of your Data.
www.herbatint.com undertakes not to send your data outside the European Community.
Your rights. Based on the GDPR and other data protection provisions applicable, you have specific rights that cannot be restricted.
As the data subject, you have the following rights pursuant to the GDPR, with www.herbatint.com:
-Access rights (Art. 15 GDPR): you may request at any time to receive information on your Data stored by us. Amongst other things, that information refers to the data categories processed by us, processing purposes, where the data come from if we have not obtained them from your directly, and the recipients we could transfer your Data to, if applicable. You may receive a free copy of your Data forming the purpose of the contract.
-Right to rectification (Art. 16 GDPR): you may request that your Data be rectified. We will adopt suitable measures to make sure your Data stored by us continuously, are kept correct, complete, updated and pertinent, based on the most recent information provided to us.
- Right to erasure (Art. 17 GDPR): you may request that your Data be erased, under the relative legal conditions. For example, that could occur based on Art. 17 of the GDPR:
• if the Data are no longer needed for the purposes for which they were collected or otherwise processed;
• if you revoke the consent the data processing is based on, and there is no further legal reason for processing;
• if you object to your Data being processed and there are no prevalent legitimate reasons for processing, that is if you object to data being processed for direct marketing purposes;
• if the Data are processed illegally; with no prejudice to processing being necessary: - to comply with a legal obligation requiring the processing of your Data; in particular related to the storage period for documents established by law; - to ascertain, exercise or defend a right or legal claim.
- Right to restriction of processing (Art. 18 GDPR): you may obtain a restriction of the processing of your Data if they are not correct or are no longer needed;
- Right to data portability (Art. 20 GDPR): You have the right to receive a copy of your Data, previously supplied by you directly to www.herbatint.com, and if you specifically request it we undertake to transfer the data - where that is possible technically – to another controller indicated by you;
- Right to object (Art. 21 GDPR): You may object at any time, for reasons connected to your specific situation, to your Data being processed, pursuant to Art. 6, paragraph 1, letters e) or f) of the GDPR, or if the personal data are processed for direct marketing purposes. In that case we will no longer process your Data. This latter condition does not apply if we can prove there are binding legitimate reasons justifying processing and which prevail over your interests, or if we need your Data to ascertain, exercise of defend a right in court.
- Right to revoke consent at any time (Art. 13 GDPR) if processing is based on consent – without prejudice to the lawfulness of processing based on consent granted before it was revoked, sending the relative request to the contact details given below or through the technical methods possibly made available by www.herbatint.com.
www.herbatint.com will try to manage all the requests in a suitable period and, indicatively, within 30 days except for an extension justifiably indicated and notified.
- Complaint: You always have the right to notify and present a complaint to the competent data protection authority, pursuant to Art. 77 of the GDPR:
The process Controller is Antica Erboristeria S.p.A. with registered office at Fara in Sabina (Rieti) at SR 313 Km 2.8.
For all requests for information and to exercise your rights please contact Antica Erboristeria S.p.A. with registered office at SR 313 Km 2.8, 02032, Fara in Sabina (Rieti):
- by post to Antica Erboristeria S.p.A., at SR 313 Km 2.8, 02032, Fara in Sabina (Rieti).
- by phoning 064193852;
- by e-mail to privacy@ herbatint.com
The Data Protection Officer may be contacted directly at the following e-mail address: privacy@herbatint.com.
Antica Erboristeria S.p.A. will notify you promptly if there should be any substantial changes referred to how your Data are processed. You will be informed promptly of those changes.
Types of data collected
The Controller does not provide a list of Personal Data types collected. Complete details of each data type collected are provided in the sections dedicated to this privacy policy or in specific information displayed before the data are collected. Personal data can be provided freely by the User or, for Use Data, be collected automatically while this Application is being used. All Data requested by this application are obligatory and, if not provided, could make it impossible for the application to supply the service. In cases where this Application indicates some Data as optional, Users are free not to provide those Data without that having any consequences on the availability of services or the Application’s operations. Users who have any doubts on what Data are obligatory are encouraged to contact the Controller. Any use of Cookies - or of other tracking tools - by this Application or the controllers of third-party services used by this Application, if not specified otherwise, is to provide the service requested by the User, and the further purposes described in this document and in the Cookie Policy, if available. The User takes responsibility for the Personal Data of third parties published or shared through this Application and guarantees that he/she has the right to communicate or disseminate them, freeing the Controller of any responsibilities towards third parties.
How and where Data collected are processed
Processing methods. The Controller processes the Personal Data of Users adopting security measures to block the unauthorised access, dissemination, modification and erasure of Personal Data. Processing is carried out using IT and/or data transmission tools, applying organisational methods and logics that are strictly linked to the purposes indicated. Besides the Controller, in some cases personnel involved in website organisation (administrative, commercial, marketing, legal, system administrators personnel) could have access to Data categories, as could external parties (such as suppliers of third-party technical services, postal couriers, hosting providers, computer companies, communication agencies) appointed, if necessary, as Processors by the Controller. The updated list of Processors can always be requested from the Data Controller. Data are processed in the operating offices of the Controller and in any other place where parties involved in processing are located. For further information please contact the Controller. Data are processed for the time needed to perform the service requested by the User, or required by the purposes described in this document. The User may always ask for Processing to be interrupted or for Data to be erased.
Purpose of the Processing of collected Data
User Data are collected to enable the Controller to provide its services, and for the following purposes: Access to accounts on third-party services. The types of Personal Data used for each purpose are indicated in the specific sections of this document.
Facebook permission requested by this Application
This Application may request some permissions from Facebook enabling it to execute actions on the User’s Facebook account and to collect information, including Personal Data, from it. This service allows this Application to connect to the User’s account on Facebook, supplied by Facebook Inc. For more information on the following permissions please refer to the documents on Facebook permissions and the Facebook privacy policy.
Google permissions requested by this Application
This Application may request some permissions from Google enabling it to perform actions on the User’s Google account and to collect information, including Personal Data, from it. This service allows this Application to connect to the User’s account on Google, supplied by Google Inc. For more information on the following permissions, please refer to documents on Google permissions and the Google privacy policy.
Amazon permissions requested by this Application
This Application may request some permissions from Amazon enabling it to perform actions on the User’s Amazon account and to collect information, including Personal Data, from it. This service allows this Application to connect to the User’s account on Amazon, supplied by Amazon Inc. For more information on the following permissions, please refer to documents on Amazon permissions and the Amazon privacy policy.
Further information on processing
Defence before the law
The User’s Personal Data may be used by the Controller in court or in the preliminary stages of legal proceedings for defence against abuse by the User during the use of this Application or connected services. The User declares that he/she is aware that the Controller could be required to reveal the Data at the request of public authorities.
Specific information
On a request from the User, in addition to the information in this privacy policy, this Application could provide the User with additional, contextual information on specific services, or the collection and processing of Personal Data.
System logs and maintenance
For needs linked to its functioning and maintenance, this Application and third-party services used by it could collect system Logs; i.e. files recording interactions that may contain Personal Data, such as the User’s IP address.
Information not contained in this policy
More information on the processing of Personal Data can be requested at any time from the Process Controller using the contact details provided.
Exercising User rights
The persons to whom the Personal Data refer have the right, at any time, to receive confirmation of whether their data are being held by the Data Controller or not, to know their contents and where they came from, check that they are accurate and request integration, erasure, updating, rectification, that they be made anonymous or that Personal Data processed violating the law be blocked; and object, in any case, for legitimate reasons, to the data being processed. Requests must be sent to the Data Controller. This Application does not support “Do Not Track�? requests. To know whether any third-party services used support them, the User is kindly asked to consult the respective privacy policies.
Amendments to this privacy policy
The Data Controller reserves the right to make amendments to this privacy policy at any time, notifying Users on this page. You are therefore kindly requested to consult this page often, taking the date of the last amendment indicated at the bottom as reference. If the amendments made to this privacy policy should not be accepted, the User is kindly asked to stop using this Application and may ask the Data Controller to remove his/her Personal Data. Unless specified otherwise, the previous privacy policy will remain applicable to the Personal Data collected until that moment.
Access to accounts on third-party services
Registration and authentication
Direct registration
Personal Data: email and password
Remarketing and behavioural targeting
AdRoll, AdWords Remarketing, Facebook Remarketing, Twitter Remarketing and Remarketing with Google Analytics for display advertising
Personal Data: Cookies and use Data
Facebook Custom Audience
Personal Data: Cookies and e-mail
PayPal and Banca Sella
Personal Data: various types of Data according to what is specified by the service’s privacy policy
Mailing List or Newsletter
Personal Data: e-mail
Access to Facebook account
Permissions: Email, Management of pages and Insight