Back to Home
PROLIVY SRL (IPC Method brand)
Via Foglino 25, 47922 Rimini
Cell 3895112683
Tel 0541390383
P.I. 04499630400
CCIAA: RN-349314336
REA Registration No.: RN-416867
Information pursuant to and in accordance with Regulation (EU) 2016/679 on the protection of personal data (hereinafter referred to as the "GDPR") and Legislative Decree 101 of 8 August 2018 amending Legislative Decree 30 June 2003 No. 196 "Privacy Code". In compliance with the requirements set out in the General Data Protection Regulation the Data Controller provides the Data Subject with the following information regarding the processing of personal data carried out.
| Company name and Data Controller | PROLIVY SRL |
| (hereinafter referred to as the Data Controller) | Hereinafter referred to as the Data Controller and/or structure |
| Address | Via Foglino 25, 47922 Rimini |
| PIVA / CF | P.I. 04499630400 | CCIAA: N. T349314436 |
| N° CCIAA | N° iscrizione REA : RN-416867 |
| Contacts | Cell 3895112683 | Tel 0541390383 | Email: danielapierotti@ipcmethod.com | PEC : prolivysrl@legalmail.it |
| Legal representative | Ms. Daniela Pierotti |
| Privacy Officer | Ms. Daniela Pierotti |
| Data Protection Officer (DPO) | Appointment by delegation to the data management and processing company |
| Joint Data Controllers | No joint controllers are appointed |
| Third-party Data Processors | The list of appointed third-party data processors is available at the Data Controller's headquarters upon specific request. |
| List of categories of data subjects | Individual natural persons, legal entity customers, individual natural persons suppliers, legal entity suppliers, banks and financial companies, consultants and freelancers, any employees, third parties also natural persons with whom a request for information is made through access to web and social platforms. |
Processing essential for the execution of the contract with the customer
| Description | Processing functional to the activities of providing nutritional services, processing functional to the fulfillment of accounting and tax obligations, to the fulfillment of contractual and pre-contractual obligations, to the management and execution of the activities essential to provide the customer with the requested service and the consequent relative accounting, processing deriving from obligations for the fulfillment of purchasing practices from suppliers, obligations inherent in the administrative management of personnel and/or collaborators, activities inherent in the management of customers' personalized nutritional plans. |
| Origin | The data are communicated to the Data Controller directly by the Data Subject through a WebApp platform with reserved access by means of an individual alphanumeric key. The Data Subject, upon purchasing a package of IPC Method brand food supplements, finds inside the package a unique alphanumeric code that must be entered when entering the WebApp platform, after which, once the interfaces have been compiled with the entry of the email and mobile phone number, the code used to access expires. |
a) Management of the formalities related to customer requests;
b) Monitoring and execution of the services requested by the Data Subjects;
c) Planning of service and/or performance delivery activities;
d) Relationship activities for names acquired directly through consent to the specific processing for specific dietary plan provision activities; such data are not stored in paper format but in digital format in the WebApp platform, which has its own archiving system, consent is acquired directly through an electronic form from the WebApp platform or by communication via confirmation email. Failure to consent to the processing will make it impossible to provide the dietary plan service;
e) Management of litigation and/or handling of complaints, personal data are stored in the format in which they are received (paper or electronic email) and stored for their resolution, correspondence, and any transmission to legal counsel;
f) Information to customers about the availability of new services or treatments, the data for sending such communications are acquired in a specific manner similar to point d);
g) Administrative, accounting, fiscal, treasury management, and with banks and financial and insurance institutions;
a) The processing is necessary for the execution of a contract to which the Data Subject is party or for the execution of pre-contractual measures taken at the Data Subject's request;
b) The processing is necessary for the fulfillment of a formality (request for information, request for a quote, performance and provision of the requested service, etc.) of which the Data Subject is a party or for the execution of preparatory measures taken at the Data Subject's request;
c) The processing is necessary to fulfill an administrative/accounting obligation to which the Data Controller is subject;
d) The processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
e) The processing is carried out with the specific, explicit, and informed consent of the Data Subject;
f) Processing is necessary for the fulfillment of a legal or statutory obligation to which the controller is subject;
g) Processing is necessary to fulfill a legal obligation to retain data to which the controller is subject;
h) Processing is necessary to fulfill a legal obligation to which the controller is subject and has been requested under the GDPR (right to be forgotten, correction, restriction, erasure, communication...).
"Special" data (sensitive data) is that defined by Article 4 of the Code and Article 9 of the GDPR. Such data is processed in compliance with the provisions of the Code and the GDPR and in the light of General Authorization No. 4/2016, General Authorization No. 7/2016, and the Authorizations for the processing of judicial data and sensitive data related to mediation activities aimed at the conciliation of civil and commercial disputes of 21 April 2011 adopted by the Italian Data Protection Authority (hereinafter also referred to as the "Guarantor") by the Data Controller on the legal bases as provided for in Article 9 and confirmed by Legislative Decree 101/2018
| Processed Data | a) Personal data as defined by current tax legislation, data relating to the contact persons for legal entities with which the Data Controller has various types of relationships, economic, commercial, financial, and insurance activities, tax code and other personal identification numbers, bank details, residential address, email address, mobile phone number, nature of the goods processed, name, address or other personal identification elements, names acquired through the access of data subjects to web and social platforms. |
| Processed Sensitive Data | b) Sensitive data relating to the administrative management of dependent personnel; c) Sensitive data relating to legal protection for activities to defend the property and assets of the Data Controller. |
| Legal Basis Art. 9 | a) Compliance with contractual and legal obligations (ex Art. 9 Par. 2 point (b etc.) b) Compliance with the legal protection of the Data Controller (Art. 9 Par. 2 point (f etc.) |
| Categories of recipients | Your personal data processed on the legal bases provided for in Article 6 of the GDPR "Lawfulness of processing" as previously defined may be disclosed to the following third parties: Judicial offices, Local authorities, Consultants and freelancers, Companies and businesses, including internet service providers to which all or part of the processing has been entrusted, Banks and credit institutions, Social security and welfare bodies, Other public administrations, Professional orders and associations, Employers, Employers' and business associations, Trade unions and patronage organizations, Joint bodies in the field of labor, Any associated companies, INPS (National Institute for Social Security), Ministries (Economy and Finance), INAIL (National Institute for Insurance against Accidents at Work), ASL (Local Health Authorities), Hospitals and Regions, Judicial authorities, Chambers of Commerce, Industry, Crafts, and Agriculture. These entities, bodies, companies, and professionals act as Data Processors appointed by the Data Controller or are themselves autonomous Data Controllers of the personal data transmitted to them. |
Your personal data, or the personal data of third parties of which you are the owner, may also be disclosed to external companies identified from time to time to which the Data Controller entrusts the execution of obligations deriving from the received assignment and to which only the data necessary for the activities requested of them will be transmitted. All employees, consultants, temporary workers, and/or any other "natural person" who carry out their work on the basis of the instructions received from the Data Controller pursuant to Article 30 of the Code and Article 29 of the GDPR are appointed "Data Processors or persons authorized to process data" (hereinafter also referred to as "Processors"). The Data Controller provides the Processors or Responsible Parties as may be appointed with appropriate operating instructions, with particular reference to the adoption and observance of security measures in order to guarantee the confidentiality and security of the data. With specific reference to the aspects of personal data protection, you are invited, pursuant to Article 33 of the GDPR, to report to the Data Controller any circumstances or events from which a potential "personal data breach" may arise in order to allow an immediate assessment and the adoption of any actions to counteract such an event by sending a communication to the Data Controller. The Data Controller is obliged to communicate the data to Public Authorities and to the Guarantor in the manner prescribed by law upon specific request.
| Transfers to foreign countries (EU and non-EU) or to international organizations | Any transfers to foreign countries or to international organizations are limited to the satisfaction of any order fulfillment practices for customers residing in other EU and non-EU countries; the respective privacy regulations apply to the latter. These transfers do not include data used on the website for access and visit statistics but made anonymous. Information on Cookies with the related consent checkboxes is then made available on the website as well as a copy of this document and the appropriate consent collection form for the processing. |
The transfer of your personal data abroad may take place if it is necessary for the management of the assignment received (e.g. shipping practices from or to abroad in another EU country or for purchases from a foreign resident). For the processing of information and data that may be communicated to these parties, the equivalent levels of protection adopted for the processing of personal data of their own employees will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools provided for by Articles 44 and 45 of the Code and Chapter V of the GDPR will be applied.
| Duration of processing | The processing of data will have a duration equal to that provided for by specific legal norms and in any case not exceeding 10 years from the end of the relationship. The duration of processing for data relating to purely informative commercial relationships will instead be only 5 years from the last request. |
Your data is and will be collected and recorded lawfully and fairly for the purposes indicated above in compliance with the principles and prescriptions of Article 11 of the Code and 5 c 1 of the GDPR. The processing of personal data takes place using manual, computerized, and telematic tools with logic strictly correlated to the purposes themselves and in any case in such a way as to guarantee security, confidentiality, and protection.
The processing of personal data will be carried out for the following purposes:
| Purposes that do not require consent |
|
| Purposes that require consent |
Only with your express consent, to be given at the foot of this information or by ticking the corresponding requests inserted in the Website of the Data Controller, the data, the purposes of which require consent, will be processed for the specific purposes for which consent has been given. The provision of data is in any case optional with the exception of point 1 and will not prejudice the contractual relationship in place with the Data Controller, except for the exclusion of the formality for which specific consent has been requested. |
For data collected and used for needs related to the execution of activities inherent to the contractual relationship and the observance of the indicated legal obligations, your consent is not required but a copy of this information on the processing will be provided in any case. Failure to communicate the personal data referred to above will make it impossible to proceed with the relationship in question. For data collected and used for the legitimate interest of the Data Controller, your consent is not required (letter f, art. 6 of the GDPR). The communication of the personal data referred to above is optional but necessary for the execution of the services offered by the Data Controller. Any refusal to communicate such data will make it impossible to provide all or part of the requested services.
| 1) Right to information | This right gives the data subject the possibility to ask a Data Controller for information on which of their personal data are processed and the criteria on which such processing is based. For example, a customer can request a list of the data processors with whom their personal data are shared. |
| 2) Right of access | This right gives the data subject the possibility to request which personal data are processed. This request gives data subjects the right to receive communication of which personal data are processed, as well as to request copies of the personal data in the possession of the Data Controller. |
| 3) Right to rectification | This right gives the data subject the possibility to request changes to their personal data if the data subject considers that such personal data are not up-to-date or accurate. |
| 4) Right to withdraw consent | This right gives the data subject the possibility to withdraw any consent previously given for the processing of their personal data for a purpose. The request therefore requires the Data Controller to discontinue the processing of personal data based on the consent previously provided. |
| 5) Right to object | This right gives the data subject the possibility to object to the processing of their personal data. Normally, this would be equivalent to the right to withdraw consent if consent has been requested in an appropriate manner and no processing is carried out other than for legitimate purposes. However, a specific exclusion scenario may be when a customer requests that their personal data not be processed for certain purposes while a legal dispute is pending in court. |
| 6) Right to object to automated processing | This right gives the data subject the possibility to object to a decision based on automated processing. Using this right, a customer may request that their request be examined manually because they believe that automated processing cannot take into account the customer's health situation. |
| 7) Right to be forgotten | Also known as the right to erasure, this right gives the data subject the possibility to request the erasure of their data. This generally applies to situations where a customer relationship has ended. It is important to note that this is not an absolute right and depends on the retention schedule and retention period in line with other applicable laws. |
| 8) Right to data portability | This right gives the data subject the possibility to request the transfer of their personal data. As part of such a request, the data subject may request that their personal data (his/her) be returned or transferred to another Data Controller. In doing so, the personal data must be provided or transferred in a machine-readable electronic format. |
| Automated processes | Personal data are processed automatically using electronic processors and management, archiving, and specific administrative processing software equipped with adequate protection and saving measures. This also applies to any data acquired on the Data Controller's Web platform. |
| Automated processes or profiling methods | Customer classification, analysis by therapeutic classes, analysis by geographical area, classification for sending specific communications such as price lists, information on the availability of new services or assistance promotions such as forwarding and reporting on social platforms. |
| Legal basis | Legal bases for processing connected to the fulfillment of legal obligations and the completion of commercial formalities. Explicit and voluntary consent provided by the data subject to the Data Controller and to the various social platforms to which the various data subjects have freely adhered and whose operating methods are respected. |
PROLIVY SRL
PROLIVY SRL (IPC Method brand)
Via Foglino 25, 47922 Rimini
Cell 3895112683
Tel 0541390383
P.I. 04499630400
CCIAA: RN-349314336
REA Registration No.: RN-416867