PRIVACY POLICY
Eptamed S.r.l. (“Eptamed”), with its registered office in Cesena (FC), via Ravennate n. 979, VAT number 04107210405, registered in the Register of Companies of Forlì-Cesena under no. FO330060, can be contacted via email at [email protected]. Eptamed will process the personal data provided by buyers of the products marketed by it and/or users of its services (“Customers”) in connection with a sales contract and/or service provision, as well as data provided in any other way in the context of a contractual and/or pre-contractual relationship (“Contract”), for the supply of dental balancing devices and/or other goods marketed by Eptamed (“Products”) and the other related activities and services, unless a different privacy notice regarding the processing of personal data is provided in the context of the same.
2. TO WHOM AND TO WHAT DOES THIS PRIVACY POLICY APPLY?
2. TO WHOM AND TO WHAT DOES THIS PRIVACY POLICY APPLY?
Eptamed is the data controller regarding the personal data obtained from the Customer, which are processed in accordance with the terms of this Policy and applicable regulations. Consequently, this Policy applies to all Customers.
3. WHAT TYPE OF PERSONAL DATA OF CUSTOMERS DOES EPTAMED COLLECT?
Eptamed collects the following categories of personal data:
a) name, surname, gender, contact details (email, phone number, residential address, billing address);
b) place and date of birth;
c) tax identification number;
d) identity document (ID card, passport, or driving license);
e) banking data (credit card details or bank account details).
4. HOW ARE CUSTOMERS’ PERSONAL DATA USED?
Eptamed processes the personal data of Customers for the following purposes:
a) for the sale of Products or the provision of other additional services resulting from the Contract;
b) for the analysis and improvement of the Products;
c) to provide the Customer with technical assistance, customer support, and for the delivery, use, and maintenance of the Products covered by the Contract;
d) for compliance with applicable national and European legislation, including anti-money laundering and anti-fraud laws;
e) for managing complaints and disputes;
f) to assert and defend its rights, including in recovery procedures and the assignment of credits to authorized companies, even through third parties;
g) to carry out a potential merger, asset transfer, business transfer, or branch transfer by disclosing and transferring the Customer’s personal data to the involved third parties;
h) with the Customer’s prior consent, to send marketing communications about the products and services offered by Eptamed (for example, through sending advertising material, conducting market research). Marketing communications can be sent through traditional communication tools such as mail, email, chat, SMS, MMS, instant messaging;
The purposes from letters a) to e) are jointly defined as “Contractual Purposes”.
The purposes of letters f) and g) are jointly defined as “Legitimate Interest Purposes”.
The purpose of letter h) is also defined as “Marketing Purposes”.
In no case will the personal data of Customers be subject to dissemination or any fully automated decision-making process, including profiling.
5. WHAT ARE THE LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA CARRIED OUT BY EPTAMED?
The processing of Users’ personal data is necessary concerning the Contractual Purposes given its essentiality for:
a) executing the Contract concerning the sale of Products and the provision of requested Services;
b) complying with the provisions of applicable regulations as provided in Section 4, letters d) and e).
If the Customer does not provide the necessary personal data for the Contractual Purposes, it will not be possible to proceed with the conclusion of the Contract with the Customer by Eptamed.
The processing of Users’ personal data for the Legitimate Interest Purposes referred to in Section 3, letters f) and g) is carried out under Article 24, paragraph 1, letter d) of Legislative Decree 196/2003 (“Privacy Code”) and, effective from May 25, 2018, under Article 6, letter f) of the General Data Protection Regulation 2016/679 (“Privacy Regulation”) for the pursuit of Eptamed’s legitimate interest, which is reasonably balanced with the interest of the Customer, as the processing of personal data is limited to what is strictly necessary for carrying out the requested economic operations.
The processing for the Legitimate Interest Purposes is not mandatory, and the Customer may oppose such processing in accordance with the methods set out in Section 9 below, but if the Customer opposes such processing, their data cannot be used for the Legitimate Interest Purposes.
Finally, the processing is optional for Marketing Purposes. If the Customer denies their consent, they will not receive the commercial communications referred to in Section 4, letters h) and i). At any time, the Customer can revoke any consents given according to the methods indicated in Section 9 of this Privacy Policy.
6. HOW DOES EPTAMED PROCESS USERS’ PERSONAL DATA?
The personal data of Customers may be processed using manual or computer tools, ensuring security and confidentiality, and preventing unauthorized access, dissemination, modification, and theft of data through the adoption of appropriate technical, physical, and organizational security measures.
7. WHO CAN ACCESS CUSTOMERS’ PERSONAL DATA?
For the Contractual Purposes mentioned above, Users’ personal data may be transferred to the following categories of recipients, located both within and, within the limits of Section 8 below, outside the European Union:
a) third-party service providers assisting and consulting Eptamed in activities in sectors (by way of example) such as technology, accounting, administration, legal, insurance, IT;
b) banks and credit card issuing institutions;
c) Eptamed group companies;
d) the commercial network (e.g., agents, distributors) of Eptamed;
e) subjects and authorities whose right of access to Customers’ personal data is expressly recognized by law, regulations, or measures issued by competent authorities. These recipients, depending on the circumstances, will process personal data as controllers, processors, or authorized personnel.
For the Legitimate Interest Purposes mentioned above, Customers’ personal data may be transferred to the following categories of recipients, located both within and, within the limits of Section 8 below, outside the European Union:
a) third-party service providers assisting and consulting Eptamed regarding recovery and credit assignment activities;
b) Eptamed group companies;
c) potential buyers of Eptamed and entities resulting from mergers, spin-offs, or any other form of transformation concerning Eptamed;
d) competent authorities.
For the Marketing Purposes mentioned above, Users’ personal data may be transferred to the following categories of recipients, located both within and, within the limits of Section 8 below, outside the European Union:
a) third-party service providers assisting and consulting Eptamed regarding sending commercial communications;
b) Eptamed group companies.
The external data processors appointed by Eptamed can be found, upon request, through the methods indicated in Section 9 below.
8. ARE CUSTOMERS’ PERSONAL DATA TRANSFERRED ABROAD?
Users’ personal data may be freely transferred outside the national territory to countries located within the European Union. Regarding transfers outside the European Union to countries not deemed adequate by the European Commission, Eptamed adopts suitable and appropriate security measures to protect Customers’ personal data. Consequently, any transfer of Customers’ data to countries outside the European Union will occur, in any case, in compliance with appropriate and suitable guarantees for the transfer itself, such as standard contractual clauses for data protection, pursuant to applicable legislation and in particular Articles 45 and 46 of the Privacy Regulation.
9. WHAT ARE CUSTOMERS’ RIGHTS REGARDING THEIR PERSONAL DATA?
Customers may, at any time and free of charge, by sending an email to [email protected], exercise the following rights:
a) to obtain from Eptamed confirmation of the existence or absence of data concerning them and to be informed about the content and source of the data, verify its accuracy, and request its integration, updating, or modification;
b) to obtain the deletion, transformation into anonymous form, or blocking of data that may have been processed in violation of applicable law;
c) to oppose in whole or in part, for legitimate reasons, the processing;
d) to revoke, at any time, the consent to data processing (in relation to processing for which such consent may be necessary), without affecting the lawfulness of the processing based on consent given before the revocation;
e) to request that Eptamed limit the processing of their personal data if: the Customer contests the accuracy of their personal data, for the time necessary for Eptamed to verify the accuracy of such data; the processing is unlawful, and the Customer opposes the deletion of their personal data and instead requests that its use be limited; although Eptamed no longer needs them for processing, the data are necessary for the Customer to ascertain, exercise, or defend a right in court; the Customer has opposed the processing under Article 21, paragraph 1 of the Privacy Regulation pending verification of the possible prevalence of compelling legitimate grounds for continuing the processing.
f) to oppose the processing of their personal data;
g) to request the deletion of personal data concerning them without undue delay;
h) to receive a copy in electronic format of their personal data, where the Customer wishes to transfer the personal data concerning them to themselves or to another service provider, in cases where Eptamed processes personal data based on the Customer’s consent or based on the circumstance that processing is necessary for the provision of Services and the personal data is processed through automated tools;
i) to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).
Eptamed has not appointed a data protection officer since the appointment is not mandatory in the case described in this information. It is stated that pursuant to Article 37 of the GDPR, data controllers and processors must appoint a data protection officer whenever: a) processing is carried out by a public authority, agency, or public body; b) the main activities of the data controller and processor require regular and systematic monitoring of data subjects on a large scale; c) the main activities of the data controller or processor consist of the large-scale processing of special categories of personal data referred to in Article 9 (Processing of special categories of personal data) or data related to criminal convictions and offenses referred to in Article 10 (Processing of personal data related to criminal convictions and offenses).
10. RETENTION PERIODS FOR DATA APPLICABLE TO CUSTOMERS
Customers’ personal data will be kept for the period necessary to pursue the purposes for which such data was collected, as stated in this Information. In any case, the following retention periods will apply regarding the processing of Customers’ personal data for the purposes listed below:
a) for Contractual and Legitimate Interest Purposes referred to in Section 4, letters a) to g), Customers’ personal data will be kept for a period equal to the duration of the Contract (including any renewals) and for the ten years following its termination, resolution, or withdrawal, unless retention for a longer period is required for any disputes, requests from competent authorities, or under applicable legislation;
b) for Marketing Purposes, Users’ personal data will be kept for the duration of the Contract and for a period of twenty-four months following its termination.
11. MODIFICATIONS AND UPDATES
This Information is updated as of May 25, 2018, and may be subject to changes and additions, including as a result of the applicability of the Privacy Regulation and any subsequent amendments and/or regulatory additions that will be promptly available on the site www.eptamed.com.
Customers can view the constantly updated text of the Information on the website www.eptamed.com.
COOKIE POLICY
WHAT ARE COOKIES
A cookie is a small text file that is stored on your device (computer, tablet, or smartphone) when you visit a specific website. The text stores information that the website can read when consulted again by the same device. Essentially, cookies are useful because they allow a site to recognize your device.
Cookies serve various functions: they help you navigate through the various pages of the site more efficiently, store your preferences, and generally improve your browsing experience. In some cases, cookies allow you to see promotions that may interest you the most. Some of these cookies are necessary for the proper functioning of the site, while others are useful because they can securely store, for example, the username or language settings. The advantage of having cookies installed on your PC is that you no longer need to fill in the same information every time you want to access a previously visited site.
Some cookies are automatically deactivated at the end of the session (from when the user opens the browser to when they exit the browser) while others are saved on the user’s device for a longer period (usually, these cookies are used to store user preferences and choices when visiting the site or to profile commercial promotions).
The site may contain both first-party cookies and third-party cookies, which are cookies activated by a domain other than that of the site.
Visit AboutCookies.org for more information on cookies and how they affect your browsing experience.
COOKIE TYPES
The website maintains the following types of cookies:
1. Technical Cookies (or Session Cookies): these are essential technical cookies that allow navigation of the site and its various functionalities. Without these cookies, the area dedicated to the cart for requesting a quote cannot function.
2. Analytical Cookies that Improve the Functioning of the Site (Google Analytics): these cookies collect information about how the site is visited, such as which pages are viewed the most. These cookies do not collect identifying information about individual users, but only aggregated and anonymous data. They are used exclusively to improve the services offered by the website.
By using our site, the user agrees that such cookies may be installed on their device.
WHICH COOKIES DO WE USE
You can modify your browser to disable cookies through a very simple procedure (note: disabling cookies in your browser may cause malfunctions on the website, and you may not be able to save your username and password for reserved areas).
Firefox:
1. Open Firefox
2. Press the button on your keyboard
3. In the toolbar at the top of the browser, select Tools and then Options
4. Then select the Privacy tab
5. Go to History Settings: and then to Use custom settings. Uncheck “Accept cookies from sites” and save preferences.
Internet Explorer:
1. Open Internet Explorer
2. Click the Tools button and then Internet Options
3. Select the Privacy tab and move the slider to the privacy level you want to set (up to block all cookies or down to allow all)
4. Then click OK
Google Chrome:
1. Open Google Chrome
2. Click the Tools icon
3. Select Settings and then Advanced Settings
4. Select Content Settings under Privacy
5. In the Cookies tab, you can deselect cookies and save preferences
Safari:
1. Open Safari
2. Choose Preferences from the toolbar, then select the Security panel in the following dialog window
3. In the Accept cookies section, you can specify whether and when Safari should save cookies from websites. For more information, click the Help button (marked with a question mark)
4. For more information on the cookies stored on your computer, click Show cookies.
GOOGLE ANALYTICS
This website uses Google Analytics (analytical cookies), a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer to allow the website to analyze how users use the site. The information generated by the cookie about your use of the website (including your anonymous IP address) will be transmitted and stored on Google’s servers in the United States. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators, and provide other services related to website activity and internet usage. Google may also transfer this information to third parties where required by law or where such third parties process the information on behalf of Google. Google will not associate your IP address with any other data held by Google. You may refuse to use cookies by selecting the appropriate settings on your browser, but please note that if you do this, you may not be able to use all the features of this website. By using this website, you consent to the processing of your data by Google in the manner and for the purposes set out above.
You can prevent Google from detecting a cookie that is generated due to and related to your use of this website (including your IP address) and the processing of such data by downloading and installing this browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en