Privacy Policy | Biopoint

This Privacy Policy is issued pursuant to Article 13 of Regulation (EU) 2016/679 and applies solely to all Data collected via the Biopoint.it Website. This Privacy Policy is subject to updates that will be published promptly on the Website. This Privacy Policy and the Cookie Policy establish the bases on which Users’ Personal Data will be processed.

Data Controller

The Data Controller for all Data collected on this Website is Deborah Group S.r.l, with registered office at Via Solferino 7, Milan, email: privacypolicy@sodalisgroup.com.

DPO’s email address: stefano.modena@assiteca.it

Personal Data Processing Methods

The Personal Data provided or acquired will be subject to Processing based on the principles of fairness, lawfulness, transparency and confidentiality, in accordance with current regulations. The Data Controller processes Users' Personal Data by taking appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of Personal Data. Data are processed using IT and/or electronic tools, with organisational methods and logics that are strictly related to the indicated purposes of Data processing.

Purposes and Legal Basis of Personal Data Processing

Personal Data may be collected independently by the Data Controller or through third parties. In this case, the computer systems and software procedures used to operate this Website acquire Personal Data of a technical or IT nature concerning Users (e.g. their IP address, type of browser, operating system, domain name and the address of websites accessed or left thereby, etc.), the transmission of which is implied in the ordinary operation of the internet. Such Data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the Website and/or to check its correct operation and will be deleted immediately after processing.

Data spontaneously supplied by Data Subjects will be processed in compliance with the conditions of lawfulness laid down by Article 6 GDPR and to allow the Website to provide its services, as well as for the purposes indicated below, and will be kept for the time necessary to fulfil such purposes. Specifically, Data are processed for the following Purposes:

1) To respond to requests and provide information

Data will be processed to contact Data Subjects or to follow up on any specific requests addressed thereby to the Data Controller for communications relating to the latter’s Services and/or Content, via email or other communication tools such as telephone or instant messaging - WhatsApp Business/Messenger live, etc.

Legal basis: this processing is optional and based on Data Subjects’ consent; however, the provision of Data is required for this purpose.

Data storage period: until the Data Subject’s consent is withdrawn.

2) Information and pre-contractual obligations

Data will be processed to contact Data Subjects and to follow up on their specific requests for information, such as information concerning the products and services offered by the Data Controller, requests for quotes and/or pre-contractual support for the purchase of products. Data Subjects may be contacted by email, by telephone or using the contact form on the Website.

Legal basis for processing: Execution of steps at the request of the Data Subject prior to entering into a contract (Article 6(1)(b) GDPR) Where processing is necessary to respond to requests for information or quotes.

Consent of the Data Subject (Article 6(1)(a) GDPR) Where data are collected for future commercial contacts and/or promotional offers.

Data storage period: Data provided for requests for information or quotes will be stored for no more than 12 months, unless a contract is entered into. If Data Subjects consent to be contacted for future offers, their data will be stored until consent is withdrawn.

3) Newsletter

Personal data provided by Data Subjects will be processed to send newsletters containing promotional, commercial and advertising communications, as well as updates on any initiatives and events of the Data Controller. To send its newsletter, the Data Controller may process Data Subjects’ name, surname (if provided) and email address. The Data Controller may also interact with any emails sent (e.g. opening of the newsletter, clicking on links), where allowed by the tracking systems used thereby.

Legal basis for processing: processing is based on the express and free consent of the Data Subject, pursuant to Article 6(1)(a) GDPR. Newsletter subscription is optional and failure to provide data does not affect the use of other Website services.

Data storage period: Data will be processed until consent is withdrawn by the Data Subject, who may unsubscribe at any time:

By clicking the unsubscribe link at the bottom of each newsletter.

By sending a direct request to the Data Controller by email.

4) Marketing

Data will be processed for the direct sale of Products/Services, for market research purposes, for the sending of communications and promotional, commercial and advertising material or relating to initiatives and events, either by e-mail or SMS, WhatsApp, Chat, Direct Messaging from social media or social networks, telephone calls, paper mail and other informational material.

Legal basis: this processing is based on the consent freely given by the Data Subject pursuant to art. 6(1) (a) GDPR.

Data storage period: until the Data Subject’s consent is withdrawn.

5) Statistical analyses

Data will be processed to carry out statistical analyses and market research aimed at understanding user preferences and behaviours so as to improve the products and services offered, analyse user interaction with the Website and thus optimise browsing and user experience. Analyses will be carried out on aggregate and anonymous data, where possible. If data cannot be completely anonymised, they will be processed in pseudonymised form and subject to the protections of the GDPR.

Legal basis for processing: Consent of the Data Subject (art. 6(1)(a) GDPR) If data are collected by using analysis tools that track user behaviour. Legitimate interest of the Data Controller (Article 6(1)(f) GDPR) If the analyses are carried out solely on anonymous and aggregate Data.

Data Subjects may withdraw consent at any time and disable tracking:

Via the cookie management banner on the Website.

Via their browser settings, which can be used to block tracking cookies.

By sending a direct request to the Data Controller at [enter email address].

Data storage period: Data will be kept until consent is withdrawn or for the maximum period set in each analysis tool.

6) Profiling for advertising campaigns

The personal data of Data Subjects will be processed to analyse and evaluate their interests, habits and consumption choices for the purpose of creating personalised profiles based on users’ preferences, sending information and promotional material regarding the Services/Products offered by the Data Controller, and publishing personalised advertisements on third-party platforms (e.g. Facebook Ads, Google Ads, email marketing).

Legal basis for processing: Processing is based on the express and free consent of the Data Subject, pursuant to Article 6(1)(a) GDPR.

Data Subjects may withdraw consent at any time, without this affecting the lawfulness of processing based on consent before its withdrawal.

Data Subjects may object to profiling and interrupt processing:

- Via the privacy management settings in their account (if any).

- Via the unsubscribe link contained in each promotional communication received thereby.

- By sending a direct request to the Data Controller’s email address.

Data storage period: Data will be processed until consent is withdrawn.

7) Participation in quizzes and prize competitions

Data will be collected and processed for the purpose of Data Subjects’ participation in quizzes and/or competitions and prize events.

Legal basis: the legal basis for this processing is the taking of steps prior to entering into a contract to which the Data Subject is party.

Data storage period: the period indicated by law and, in any case, no more than 10 years for the purpose of fulfilling the related administrative and tax obligations.

Category of Personal Data processed

The Personal Data processed by this Website, either independently or through third parties, include Common Data such as: Cookies, Usage data, name, email, phone. The optional, express and voluntary sending of emails via the Contact Form or the addresses indicated on this Website implies the subsequent acquisition of the sender’s address, which is necessary to respond to the latter’s requests, as well as any other Personal Data included in the email. The User’s consent to the provision of Data is necessary to be entered in the Data Controller’s databases. It is also required for the establishment and due supply of the services offered by the Data Controller to its Users, as well as for third parties to carry out their requested activities. Therefore, the User’s failure to provide such information prevents the latter’s registration in the Data Controller’s databases, the completion and performance of possible contracts as well as any other activities.

Communication of Data

In addition to the Data Controller, the following may sometimes have access to Data:

a) categories of Appointees specifically trained for this purpose and involved in Website organisation (administrative staff, commercial staff, marketing staff, legal staff, system administrators);

b) external parties (such as third-party technical service providers, hosting providers, IT companies, communication agencies), appointed also as Data Processors by the Data Controller pursuant to Article 28 GDPR. The updated list of Processors, if any, may always be requested from the Data Controller;

c) public or private parties accessing Data in compliance with legal obligations;

d) parties performing ancillary and instrumental tasks with respect to the activity of the Data Controller;

e) Data Processors appointed to carry out activities related to prize competitions and to accounting, tax and administrative management services connected thereto.

Duration of Processing

As expressly provided for by Article 5 (1)(e) GDPR, Data are kept for no longer than is necessary for their processing in relation to performance of the service requested by Users or for the Purposes described in this document. Specifically:

- Data collected for contractual obligations will be kept for no longer than is necessary to fulfil the aforementioned purposes and in accordance with the law;

- Data collected for tax/administrative or contractual obligations will be kept for no longer than is necessary to fulfil the aforementioned purposes and in accordance with the law;

- Data collected for purposes attributable to the legitimate interest of the Data Controller will be kept until such interest is fulfilled; Users may obtain further information about the legitimate interest pursued by the Data Controller by contacting the latter.

- Data collected on the basis of Users’ Consent may be kept until such Consent is withdrawn;

Data may be kept by the Data Controller for a longer period in compliance with legal obligations or by order of an authority.

At the end of the storage period, Personal Data will be erased and Data Subjects’ rights to access, erasure, rectification and data portability may no longer be exercised.

Cookies

This Website uses cookies. Cookies are small text files that can be used by websites to improve user experience and to personalize content and ads, provide social network functions and analyse traffic. Cookie Policy

Place of Processing and Transfer of Data Abroad

Data are processed at the Data Controller’s operational headquarters. For more information, please contact the Data Controller. Data may be processed by natural and/or legal persons, based in EU or non-EU member countries, operating on behalf of the Data Controller pursuant to specific contractual arrangements. If Data are transferred outside the EEA, the Data Controller will take all appropriate contractual measures to ensure their adequate protection.

Exercise of the rights of Data Subjects

Data Subjects may exercise the rights provided for in Articles 7, 15–22 of Regulation (EU) 2016/679. In particular, they have the right to withdraw consent at any time and, upon simple request to the Data Controller, they may request access to their Personal Data, receive Personal Data provided to the Data Controller and, where possible, transmit them to another Data Controller without hindrance (so-called portability), obtain updates, restrict processing, rectify Data and delete any Data processed in breach of current legislation. They have the right, on legitimate grounds, to object to the processing of Personal Data concerning them and to their Processing for the purpose of sending advertising material, conducting direct sales and carrying out market research. They also have the right to lodge a complaint with the Data Protection Authority as the supervisory body in charge of personal data protection or to bring proceedings before the competent courts. Data Subjects may exercise their rights by contacting the Data Controller by email at: privacypolicy@sodalisgroup.com.

Tools used for Personal Data Processing

CONTACT FORM
By completing the contact form with their data, Users consent to the use of such Data in order to respond to their requests for information or for any other purpose indicated in the form header. Personal Data collected via the Contact form: Email, Telephone, Name and Surname.

EMAIL ADDRESS MANAGEMENT
With these services, a database of email/telephone or other contacts is managed to communicate with Users. These services may also imply the collection of Data concerning the date and time when messages are viewed by Users.

NEWSLETTER
By subscribing to the newsletter, Users’ email addresses are automatically included in a list of contacts to which email messages may be sent containing information, including commercial and promotional information, relating to this Website. Users may unsubscribe from the newsletter at any time, by clicking on a specific button shown in their emails. After clicking the delete button, Users’ Data will be removed immediately from the email marketing software. Personal data collected: email address and Name.

SECURITY MEASURES
This Website has an SSL certificate and uses the HTTPS protocol to secure the submission of Personal Data. With this protocol, transactions and data transmitted on websites take place according to the highest level of safety, and the contents of communications are not read or manipulated in any way by third parties.

reCAPTCHA
This website uses reCAPTCHA, a service regulated by Google’s privacy policy and terms and conditions of use.

STATISTICAL SERVICES
Statistical services allow the Data Controller solely to monitor and analyse traffic data and are used to keep track of the User's behaviour. This Website uses the following services:

This Website uses Google Analytics 4 (GA4), an analytics service provided by Google LLC, to collect anonymous statistical information about website usage with a view to improving its services. Google uses the Personal Data collected to:

Track and review usage of this website.

Prepare reports on website activities.

Share data with other Google services for analysis and optimization purposes.

Google may also use Personal Data to personalize the ads of its advertising network and may transfer such information to third parties where required by law or if such parties process data on Google's behalf. Within Google Analytics 4, IP addresses are only used at the time of collection and are then deleted before storage.

Legal basis for processing: data processing via Google Analytics 4 is based on:

Consent of the Data Subject (Article 6(1)(a) GDPR) if data are collected via non-anonymised tracking cookies.

Legitimate interest of the Data Controller (Article 6(1)(f) GDPR) if data are collected anonymously and in aggregate form without identifying the user.

Personal Data collected: Usage data (information about user interactions with the website) and Cookies (if enabled).

Data storage period: Data collected via Google Analytics are kept for no more than 14 months, unless otherwise set by the Data Controller.

Data Subjects may disable tracking:

Via the cookie management banner on the Website.

The browser add-on for deactivating Google Analytics, available at the following link.

Place of processing: USA – Ireland Privacy Policy

Meta Pixel Conversion Tracking (Meta Platforms, Inc.)

This website uses the Facebook Pixel, a conversion tracking service provided by Meta Platforms, Inc., to assess the effectiveness of advertising campaigns carried out on Facebook and Instagram. The Facebook Pixel monitors the conversions that can be attributed to ads published on Facebook, allowing the Data Controller to:

Assess the performance of advertising campaigns.

Create custom audiences based on user interactions.

Retarget users who have visited the website.

Personal Data collected: Cookies, Tracking tools and usage data (user interactions with the website and advertisements).

Legal basis for processing: the use of the Facebook Pixel for marketing and tracking purposes is based on:

Express consent of the Data Subject (Article 6(1)(a) GDPR) The Facebook Pixel is activated only with the user’s prior consent via the cookie banner.

Legitimate interest of the Data Controller (Article 6(1)(f) GDPR) If tracking is limited to anonymous statistical analyses.

Data storage period: Data collected by the Facebook Pixel are kept for no more than 180 days, unless otherwise set by Meta.

Data Subjects may withdraw consent and disable the Facebook Pixel via the following link:

The cookie management banner on the Website.

The Data Subject’s Facebook account settings, in the "Ad Preferences" section.

The Facebook deactivation tool.

Place of processing: Ireland - Privacy Policy

INTERACTION WITH SOCIAL NETWORKS

With these services, users can interact with social networks directly from this Website. The interactions and information acquired by this Website are subject to Users’ privacy settings relating to each social network. If a service enabling interaction with social networks is installed, it may collect traffic data relating to the pages on which it is installed even if the service is not used by Users.

Facebook (Meta Platforms, Inc.)

Facebook buttons are interactive services for the Facebook social network, provided by Meta Platforms, Inc. Personal Data collected: Cookies and Usage Data.

Legal basis for processing: The incorporation of these services may involve the processing of Personal Data, which is based on:

Express consent of the Data Subject (Article 6(1)(a) GDPR) If the website uses tracking cookies for marketing or personalisation purposes.

Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If data are collected only for the purpose of interaction with social networks without further tracking.

Data Subjects may withdraw consent and limit social network tracking via:

The cookie management banner on the Website.

The privacy settings of their social network account.

Their browser settings, which can be used to block third-party cookies.

Place of processing: Ireland – Privacy Policy

Instagram (Meta Platforms, Inc.)

Instagram buttons are interaction services with the Instagram social network, provided by Meta Platforms, Inc. Personal Data collected: Cookies and Usage Data.

Legal basis for processing
The incorporation of these services may involve the processing of Personal Data, which is based on:

Express consent of the Data Subject (Article 6(1)(a) GDPR) If the website uses tracking cookies for marketing or personalisation purposes.

Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If data are collected only for the purpose of interaction with social networks without further tracking.

Data Subjects may withdraw consent and limit social network tracking via:

The cookie management banner on the Website.

The privacy settings of their social network account.

Their browser settings, which can be used to block third-party cookies.

Place of processing: Ireland – Privacy Policy

Youtube (Google Ireland Limited)

YouTube buttons are services for interaction with the Google‑owned video viewing platform. Personal Data collected: Cookies and Usage Data. Legal basis for processing
The incorporation of these services may involve the processing of Personal Data, which is based on:

Express consent of the Data Subject (Article 6(1)(a) GDPR) If the website uses tracking cookies for marketing or personalisation purposes.

Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) If data are collected only for the purpose of interaction with social networks without further tracking.

Data Subjects may withdraw consent and limit social network tracking via:

The cookie management banner on the Website.

The privacy settings of their social network account.

Their browser settings, which can be used to block third-party cookies. Place of Processing: Ireland – Privacy Policy

REMARKETING AND RETARGETING

With these services, this Website can communicate, optimise and serve advertisements based on Users’ past use of this Website. This activity is carried out by tracking Usage data and using cookies. This Website uses the following services:

Facebook Remarketing (Meta Platforms, Inc.)

The website uses the Facebook Remarketing service, provided by Meta Platforms, Inc., which links user activity on the website with the Facebook and Instagram advertising network. The website uses Facebook Pixel to:

Show personalized ads to users who have visited the website.

Create target audience groups for specific ads.

Analyse conversions and assess the effectiveness of advertising campaigns.

Personal Data collected:

Cookies and Tracking Tools.

Usage data (user interactions with the website and with advertisements).

Legal basis for processing

The use of Facebook Remarketing is based on:

Express consent of the Data Subject (Article 6(1)(a) GDPR) The Facebook Pixel is activated only with the user’s prior consent via the cookie banner.

Legitimate interest of the Data Controller (Article 6(1)(f) GDPR) If data are collected only anonymously for statistical analyses.

The information collected by the Facebook Pixel is anonymous to the Website owner, though Facebook may connected it with the user’s profile. Facebook may use such data for its own advertising purposes, including on third-party websites, in accordance with its Privacy Policy.

The Data Controller has no direct control over the use of data by Facebook.

Data storage period: The data collected by the Facebook Pixel are kept for no more than 180 days, unless otherwise set by Meta.

Data Subjects may withdraw consent and disable Remarketing via:

The cookie management banner on the Website.

The Data Subject’s Facebook account settings, in the "Ad Preferences" section.

The Facebook deactivation tool: Ad preferences.

Place of processing: Ireland - Privacy Policy

2) Google ADS

Google ADS is a service provided by Google Ireland Limited that connects this Website to Google’s advertising network. This Website uses Google Analytics’ Remarketing features together with Google ADS’ possibility to adapt to different devices. This means that target groups for promotional campaigns created by the Google Analytics Marketing function can be connected with the ability of Google ADS to adapt to different devices. Advertising can thus be shown based on users’ personal interests, identified through an analysis of their behaviour on the web, whether on a mobile device or other devices. Targeting and remarketing features can be permanently turned off by disabling the “ personalised advertising” feature in one’s Google Account. To do this, it is sufficient follow this link.

Personal Data collected: Cookies and Usage Data.

Place of processing: Ireland – Privacy Policy

CONTENT ON EXTERNAL PLATFORMS

These services allow users to view and interact with content hosted on external platforms directly from this Website.
If a service of this kind is installed, it may collect Traffic Data relating to the pages on which it is installed even if the service is not used by Users.

This Website uses:

Youtube (Google Ireland Limited)
YouTube is a service for viewing video content operated by Google that allows this Website to integrate such content within its pages. Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy
Amazon (Amazon Europe) is a platform on which users can buy, sell and deliver products. This web site provides a link to the Amazon platform to facilitate the purchase of products. Personal data collected: Cookies, Usage Data. Place of Processing: Luxembourg - Privacy Policy

Changes to this Privacy Policy

The Data Controller may change this Privacy Policy at any time, notifying Users on this page. Therefore, please visit this page regularly, having regard to the date when the Policy was last changed, as shown at the bottom. In the event of non-acceptance of the changes made to this Privacy Policy, Data Subjects must cease using this Website and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous version of this Privacy Policy will continue to apply to all Personal Data collected until then. The Data Controller is not responsible for updating all the links shown in this Privacy Policy. Therefore, whenever a link is not working and/or not updated, Users acknowledge and accept that they must always consult the document or section of the website referenced by that link.