COMPLETE INFORMATION FOR WEBSITE USERS
 
Pursuant to Art. 13 European Regulation 679/2016 (hereinafter the "Regulation")  e of the national legislation, Legislative Decree 196/2003 adapted by Legislative Decree 101/2018 (hereinafter referred to as the "Applicable Regulation" ).
 
 
The BODY COOL company

​

EUROPA SQUARE 14,

CUNEO, ITALY

MAIL:INFO@BODYCOOL.IT

​

​

Owner of the processing of personal data pursuant to the Regulation, Alberto Mantelli
 
IN SHAPE
 
users who connect to the Body Cool website, registered and unregistered, and the personal data collected by the company, acquired from third parties or spontaneously provided by interested parties through the various options on the site (work with us, newsletters, contests and events , etc.), will be treated in a lawful and correct manner, in compliance with the principles sanctioned by the Community and Italian law.
 
Processed data
Navigation data: IP address, operating system and browser used for navigation, connection and disconnection date and time, time spent on the site, pages visited, activity performed, location (if the relative service is active) and anything else rendered available from your computer, based on your security settings.
Personal data: name, surname, email address, telephone, fax, physical contact details, where available, any IDs that will be communicated and data present in the CV if sent by email.
 
Purpose and legal basis of the processing
The collection and any other processing activity of the data of the interested parties acquired through the website are carried out by the Data Controller at the company headquarters, in compliance with the security measures and provisions imposed by the Applicable Regulations, or by subjects delegated by it (specially selected and equipped with the necessary professionalism), with manual and computerized procedures, to allow the user a simple and rewarding browsing experience, to collect useful elements to improve the offer of products and services via the web, to implement specific requests from the interested party (e.g. a contact request, or a spontaneous application), for pre-contractual and contractual obligations, for ordinary administrative, financial and accounting activities, to ensure the correct management of customers during the marketing and sale of products, for after-sales assistance, for the fulfillment of legal obligations. The treatment is also aimed at the elaboration of statistics in anonymised or pseudonymised form.
The processing, at the request of the interested party or after the acquisition of specific consent, can also be carried out through CRM and customer care, for the detection of the degree of satisfaction, tastes, preferences and habits of the interested party, for sending commercial information or advertising material, for direct marketing campaigns, for participation in games, competitions or prize operations, for involvement in events and shows, for the provision of services, for market research and other operations directly or indirectly attributable to marketing activity.
The legal bases of the processing are the legitimate interest of the owner in managing users' navigation data to improve the offer of products and services through the website, the consent expressed by the interested parties and the obligations relating to the pre-contractual and contractual phases of the relationship . However, it is always possible to ask the Data Controller to clarify the legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.
 
Sources and nature of the data
Data collection can take place via the company's website, through analysis of navigation or spontaneous entry by the interested party, using the specially created forms.
With regard to the registered user, the Data Controller processes the personal data, telephone and electronic contact details and bank details communicated for payments, as well as other data essential to satisfy the requests of the interested parties or fulfill the commitments undertaken.
The conferment is therefore mandatory, as it is not possible, in the event of failure to issue the consent or revocation of the same, to give rise to the treatment.
It is necessary to point out that any incorrect or insufficient communication of the requested data may lead to the total or partial impossibility of carrying out the requests of the interested party or the obligations connected to the commitments undertaken, with consequent possible mismatch of the results of the treatment with the agreements taken or to the obligations imposed by rules and regulations.
The other data, on the other hand, is collected for the sole purpose of adapting the promotional campaigns, offers and, in general, the company activity, to the interests of the customers and of the other subjects involved in any case. Their provision, therefore, is not mandatory and any refusal to process or withdraw consent does not affect the establishment or continuation of the main relationship.
 
Data of minors
Children under the age of 16 cannot provide data without the consent of their parent or guardian.
The holder will not be in any way responsible for any false declarations that may be provided by minors and, should he ascertain the falsity of the declaration, he will immediately cancel any personal data and any information acquired. In any case, consent to the processing of data by minors over sixteen is authorized for under-18s only for access to information society services. However, minors under the age of 18 cannot approve and sign the terms and conditions of service.
 
Navigation data
The IT system and the software used for the corporate website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication products. This information is not stored to identify the interested parties but, due to their nature, they can, through processing and association with other data managed by third parties, allow the identification of the user.
This category of data concerns the IP addresses and domain names of the computer used by the user to connect to the site, the URL addresses (Uniform Resource Locator) of the requested resource, the time of the request, the method used to send the request to the server, the size of the file received, the numerical code used to indicate the status of the response given by the server (executed or error, etc.) and other parameters relating to the operating system and the user's computer. These data are used only to create anonymous statistics on the use of the site and to check its correct functioning. They are usually deleted immediately after processing. They can be used and provided to the police and the judiciary to ascertain responsibility in the event of damage to the site or of offenses perpetrated via the network.
 
Data transferred by the user
The compilation of the forms that may be present on the pages of the site involves the acquisition of data in the system memory. The information is protected by an authentication system and can only be used by those in possession of the credentials. They are also kept up-to-date and adequately protected, based on the best practices available.
Requests for information by e-mail involve the storage of the user's e-mail address, necessary to respond to the sender's requests. The data stored in the message is included. The Data Controller advises its customers, during their requests for services and information, not to transmit the data or personal information of third parties, unless absolutely necessary.
 
Cookies
As with most websites, information about site navigation is kept for statistical purposes. The collection of information is possible thanks to the use of cookies. A cookie is a small file that is transferred to your computer's hard drive when you connect to a site.
These data are not of a personal nature, as they do not allow specific identification of the user. The data collected concern the geographical location of the service provider, the type of browser used, the IP address, the pages visited, etc. The information collected in this way makes it possible to see the frequency of visits to a site and the activity carried out while browsing.
In this way, over time, it is possible to improve the contents of the site and facilitate its use.
Even companies that transmit content to the site or whose sites are accessible via links can use cookies when the user selects the relevant link.
In these cases the use of cookies is not under the direct control of the Data Controller. Most browsers automatically accept cookies, but it is possible to refuse them or select only some, according to the preferences set by the user. However, if the user inhibits the loading of cookies, some components of the site may stop working and some pages may be incomplete.
 
Essential technical cookies
These are cookies necessary to ensure correct and fluid functioning of the site: they allow page navigation, content sharing, memorization of access credentials to speed up access to the site and to keep preferences and credentials active during navigation and improve the browsing or shopping experience. Without these cookies it is not possible to provide, in whole or in part, the services for which users access the site.
 
Statistical cookies
These cookies make it possible to understand how users use the site in order to then be able to evaluate and improve its functioning and create content that is increasingly appropriate for user preferences. For example, these cookies allow you to know which pages are the most and least visited, how many visitors there are, how much time the average user spends on the site and how visitors arrive on the site. In this way it is possible to determine which are the optimal functioning and the most welcome contents and how the contents and functionality of the pages can be improved. All information collected by these cookies is anonymous and not linked to the user's personal data.
 
Third-party profiling cookies
These are cookies used by third parties not directly controlled by the owner. The company cannot provide guarantees regarding the use that will be made of the data, the treatment of which is directly operated by an external subject. Cookies from these third-party operators allow us to offer advanced features, as well as more information and personal functions. This includes the ability to share content through social networks and to have a personalized site experience based on the preferences expressed through the pages visited.
If you have an account or if you use the services of these other data controllers, they may be able to know that the user has visited the company site. The use of data collected by these external operators through cookies is subject to their privacy policies. Third-party profiling cookies are identified with the names of the respective operators and can be deactivated.
 
Cookie management
By selecting the ACCEPT button shown by the superimposed banner on the Homepage, you authorize the installation of cookies on the device used by the interested party. You can change the settings of the cookies downloaded through the browser functions. By doing so, it is also possible to prevent the installation of third-party cookies and to remove previously installed cookies, including those containing cookie preferences. To adjust or change your browser settings, you need to consult the help from the software or application manufacturer. Disabling cookies can cause the site or part of it to malfunction.
 
Third Party Sites
The site, even only periodically, may contain links to third-party sites and applications (Google Adwords Widget, Analitycs, Youtube, Vimeo, etc.), to provide additional services and information to the user. When the user uses these links, he leaves the company site and accesses other resources that are not under the direct control of the Data Controller, who, therefore, will not be responsible for the procedures relating to navigation, security and data processing. personal data operated by other sites, even in the presence of co-branding or display of the company logo. A careful examination of the security and confidentiality procedures of the site visited is recommended, which could transmit additional cookies, read those already present on the user's hard drive and request / acquire further personal information.
 
Interaction with social networks and external platforms
The site, through widgets and buttons, can interact with external platforms and social networks. In this case, the information acquired depends on the settings of the profiles used by the user on each social network and not on the administrator of this site.
More information can be obtained from the websites of the companies that offer the service. In this case, the data are not managed by the website of the data controller, which connects these buttons only to offer a further service to the interested party but has no control over them
 
Communication and dissemination
The data processed through the website are exclusively of a common nature and are not intended for dissemination. The Data Controller does not request and has no interest in collecting and processing data classified by the Regulation as "particular" (health, genetic, biometric, etc.) or "criminal", without prejudice to legal obligations.
The data must be transferred to third parties in the fulfillment of obligations deriving from laws or regulations (Institutions, Law Enforcement, Judicial Authorities, etc.) or for activities directly or indirectly connected to the established relationship. By way of non-exhaustive example, the following are mentioned:
Subjects who need to access the data of the interested party for purposes concerning the relationship with the Data Controller (Credit institutions, Financial intermediaries, Electronic money and payment management institutions, Debt collection companies, Customer verification companies, Carriers, etc. .);
Consultants, collaborators, service companies, within the limits necessary to carry out the task assigned by the Data Controller;
Subsidiary and/or associated companies that can access the data, within the limits strictly necessary to carry out tasks entrusted by the Data Controller.
The data may be communicated to subjects operating within the European Union, or in countries that guarantee the same level of protection provided for by the Applicable Regulations. The updated list of data processors is available at the headquarters of the Data Controller.
The data of the interested party may be communicated to subjects operating in non-EU countries where expressly permitted by the interested party. In any case, the data processing carried out in the various countries will be adapted to the most restrictive regulations, in order to ensure the maximum level of protection in any case.
They may be transferred to third parties, even for a fee, if the interested party has given express consent, for purposes directly or indirectly connected to the activity of the Data Controller.
 
Data retention times
The data processed by the Data Controller, without prejudice to legal obligations, are kept until an express request for cancellation by the interested party and in any case periodically verified, even with automatic procedures, in order to guarantee their updating and effective compliance with the purposes of the treatment. If the purpose for which they were acquired has ceased to exist, the data will be deleted, unless they must be processed to protect rights in court, for regulatory obligations or by express request of the interested party. At the end of the treatment and following the cancellation, the rights of the interested party can no longer be exercised.
​
Rights of the interested party
The interested parties are entitled to the rights referred to in articles from 15 to 22 of the GDPR 679/2016 and of the Applicable Law in general. In particular, the interested party has the right to revoke consent to the processing of data at any time, request its rectification, updating, transformation into anonymous form, limit its use, even partially, request its portability and possible cancellation. The rights can be exercised to the extent that the processing is not mandatory by law or regulation. 
 
Requests relating to the exercise of the rights of the interested party can be addressed to the Data Controller. If the interested party is not satisfied with the response provided to his requests by the Data Controller or by the Data Protection Officer, he can lodge a complaint with the Guarantor Authority for the Protection of Personal Data.