Dear Customer, 

According to the above-mentioned regulation, personal data shall be processed by us in full compliance with the principles of correctness, lawfulness, transparency and protection of your privacy and rights. Therefore, in pursuance of article 13 of the GDPR 2016/679, Laboratori Hur S.r.l. provides the following information: 

Purpose of personal data processing:

Internet Website Surfing; E-Commerce Customer Data Management; General Marketing, Newsletter and "Loyalty Card Points" management

Personal Data Subjects: Customers, Potential Customers

Personal Data Recipients:

The customer's data shall be processed by the company's staff in charge of said processing and specifically trained for correct and lawful data processing. 

The customer's data shall not be disseminated, but  they may be communicated to third parties providing services necessary to carrying out the order (by way of an example: Consultants and self-employed professionals individually or in partnership, Banks and credit institutions, other government offices, Suppliers, Insurance Companies, Forwarding Agents, Associate Companies and/or Controlled Companies,  “Laboratori Hur” retail stores) appointed, if necessary, External Data Controllers. The full list of External Data Controllers is available at the company's headquarters and/or upon the customer's request.

Types of processed data:

Credentials to access the website (Personal Data), Web Surfing Data ( Personal Data), Customer Identification Data ( Personal Data), Customer Contact Data ( Personal Data), Electronic Mail- Email Data- Address Book ( Personal Data), "Loyalty Card" Data ( Personal Data); 

Handling of personal data :

By electronic and paper mode.

Purpose of personal data processing:

Internet Website Surfing

The data processing systems and software procedures relied upon to operate this website collect personal data as part of their standard functioning. The transmission of such data is an inherent feature of Internet protocols. This data category includes: IP addresses, the type of browser used, the operating system, the domain name and the websites' addresses from which the access is allowed, the information of the pages visited by the users within the website, the time of access, average time on a single page and other parameters related to the user's operating system and computer environment. Such data are only used for anonymous statistical purposes related to the use of the website and to check its correct functioning. In any case, please check out the separate cookie policy. 

 E-Commerce Customer Data Management

The Laboratori Hur S.r.l. company, through the process of  "E-commerce Customer Data Management", shall use the above-mentioned data for the following purposes:

- to register and authorize Customers/Users to access the Website and use its services, including the possibility to purchase online through the Website ( as for the use of surfing data, please check out the relevant cookie policy);

- to formalize, manage and carry out the purchase order and/or the Service and/or the Performance requested, through the e-commerce platform;

- to perform any pre-contract activity, such as providing a quote and/or any other information requested;

- to ship products;

- to manage invoicing and payments. In case of payments through credit card and/or Paypal, the data used for the payment shall be acquired directly by the managers of the payment service requested without being handled by Laboratori Hur S.r.l. in any way;

- to manage complaints and requests for assistance;

- to communicate by any means ( through e-mail, Mail, SMS, telephone contacts) with the user and/or suppliers in order to fulfill the request;

- to manage any contentious issues;

- to fulfill any accounting or fiscal obbligation;

- to fulfill any contract obbligation; - to fulfill any legal obligation or obligation resulting from court orders or injunctions from any other Authority;

- to store for statistical purposes in the interests of the company's activity.

 

Generic Marketing, Newsletter and Loyalty Card Points management purposes

The company Laboratori Hur s.r.l., through the "Generic Marketing, Newsletter and Loyalty Card Points  management purposes" processing, subject to agreement by the User/Party Interested, shall process the above-mentioned data for the purpose of forwarding information and promotional material, including newsletters, discount vouchers and special offers, regarding products and/or services commercialized by the company for the purpose of direct selling or market research, through the forwarding of e-mails and/or ordinary means of communication (fax, second-class mail etc.). By giving one's consent to the data processing, the Party Interested gives also his/her consent to the processing of personal data within the advertising campaign “Tessera Punti Fedeltà” (Loyalty Card Points). By giving one's consent, the Party Interested gives his/her consent to the above-mentioned advertising campaign which, by reaching specific purchase goals that are further described in the company's website,allows him/her to obtain discount vouchers on Laboratori Hur products. The Loyalty Card shall be  issued and managed only electronically. The Interested Party will, however, always  be able to show the Card's bar code at the pyhsical stores ( External Data Controllers) joining the Laboratori Hur initiative. 

The Interested Party has the right to revoke, at any time, his/her given consent and/or oppose the processing of personal data for marketing purposes through the special link provided in any promotional communication or by contacting the Data Controller. It is understood that, by not giving his/her consent or by revoking it, the Interested Party shall not be able to benefit from the Data Controller's Promotional Campaigns.

The Data Controller also informs the Interested Party that the email address provided by him/her when purchasing a product shall be used- without having to ask for the Interested Party's consent- for the purpose of forwarding information and promotional material regarding services and products similar to those on sale, without prejudice to the Interested Party's possibility to oppose at any time such use through the link provided in all communications and/or by sending a writtten communication to the Data Controller. 

The Data Processor and Data Controller shall make sure that the interested parties' data shall be used only for the declared purposes and for the time strictly necessary to achieve such purposes. They also pledge, within reasonable limits, to modify and correct all data which, in the meantime, appear to differ from the original ones, to keep them always updated and delete all data appearing to be in excess of the declared data processing. 

Criteria of Lawfulness:

With the exception of the "Generic Marketing, Newsletter and Loyalty Card Points management" purposes, for which the Interested Party's explicit consent is required, the remaining data processings referred to in this privacy policy are grounded in:

- fulfillment of contract obbligations;

- fulfillment of legal obbligations, that is, any obbligation arising from the law, regulations, EC regulations, orders and instructions of the relevant authorities, in particular, administrative, accounting and tax obligations;

- the Data Controller's  prevailing legitimate interest, in pursuance of art.6 paragraph f),that is, any data processing necessary to pursue the legitimate interest of the Data Controller or of third parties, provided that the interest or the rights and fundamental liberties of the Interested Party that require personal data protection do not prevail, in particular, when the Interested Party is an under-age person. We hereby refer to the Data Controller's interest in managing complaints, contentious issues and, more generally speaking, the Data Controller's interest in defending its rights before a court. 

Having such data processings legal ground in the above-mentioned criteria of lawfulness, we specify that the Interested Party's consent shall not be required. 

The provision of data by the Interested Party is not compulsory, although it is necessary for the fulfillment of the performance requested and to enable the company to meet its legal obligations and to fulfill the contract. The refusal to provide data for this purpose shall entail the impossibility to conclude the contract with the company.

Data of under-age persons (ex art. 8 GDPR): The data of under-age persons shall not be processed.

Special Categories of Personal Data (ex art. 9 GDPR): Data concerning health, biometric and judicial data shall not be processed. 

Duration of data processing:

Data shall be processed for the purposes described in this privacy policy for the time strictly necessary to meet the Interested Party's request, without prejudice to the storing of data to allow the Data Controller to fulfill the legal, tax and accounting obbligations that survive the termination of the relationship.

As for the data collected for the purposes of "Generic Marketing, Newsletter and Loyalty Card Points management", the  Laboratori Hur S.r.l. company will process the data for a period of two years, at the end of which it shall be obliged to ask for the Interested Party's consent again. 

The Data Controller and Data Processor shall make sure that, once fulfilled the purposes of the data processing, the Interested Party's data will be deleted. 

Transfer of data: The data shall not be transferred to countries outside the EU. 

DATA CONTROLLER: Laboaratori Hur S.r.l. (info@laboratorihur.com)

DATA PROCESSOR: Roberto Bonfanti (info@robertobonfanti.it)

THE INTERESTED PARTIES' RIGHTS

You are entitled at any time to receive confirmation of the existence or otherwise of personal data and be informed about their content and origin, verify their accuracy or demand the integration or updating, or else rectification of data. You are also entitled to demand the deletion, anonymization or blocking of processed data in violation of the law, and to oppose in all cases, for legitimate reasons, the processing of personal data.

All requests shall be forwarded to the Data Controller Laboratori Hur S.r.l.  at the headquarters at 90 Viale dei Mille , Firenze – 50131 or to the email address info@laboratorihur.com. You are entitled to lodge a complaint to the Data Protection Autority should the data controller  not fulfill your requests. The GDPR UE 2016/679 Regulation recognizes to the user the following rights  (http://www.garanteprivacy.it/web/guest/home/autorita): the Right of Access ( art.15); the Right to Rectification ( art.16); the Right to Erasure ( right to be forgotten) (art.17); the Right to Restrict Processing ( art.18);  the Right to be informed in case of data rectification or erasure or restriction on processing (art 19); the Right to Data Portability ( art.20); the Right to Object (art.21);  Rights in relation to automated decision making, inlcuding profiling (art.22). You have a right, at any time, to lodge a complaint to the Data Protection Authority by sending a letter by certified mail with advice of delivery to: Garante per la protezione dei dati personali, Piazza Venezia 11, 00186, Roma. Or by certified email (PEC) to protocollo@pec.gpdp.it