Privacy policy

INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA (Art. 13 of the General EU Regulation on the Protection of Personal Data No. 679/2016)

1. Introduction.


This "privacy notice" describes the "processing of personal data" by Waldner Tecnologie Medicali S.r.l. a Socio Unico, which hereafter processes users' data through the web pages: www.waldnercare.com.

For "processing of personal data" means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Under the applicable data protection legislation (including the General Data Protection Regulation 2016/679 ("GDPR")), Waldner Tecnologie Medicali S.r.l. a Socio Unico is the Data Controller of personal data, meaning the entity that decides how and why to process your personal data.

Waldner Tecnologie Medicali S.r.l. a Socio Unico recognizes the importance of protecting personal data and considers their protection one of the main objectives of its activity. Therefore, pursuant to Articles 13/14 of European Regulation 679/2016 concerning the protection and processing of personal data, as well as the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), Users are invited to carefully read the following information as it contains important information on the protection of personal data and the security measures adopted to ensure data confidentiality.

2. Data Controller.

The Data Controller is Waldner Tecnologie Medicali S.r.l. a Socio Unico with registered office in Piazza Brà, 26/D - 37121 Verona (VR), VAT number 01542210222, email address: info@waldner.it.
This information is inserted on the website www.waldnercare.com in order to provide information to interested users about the use of data held by the Data Controller.

3. Principles applied to processing.

In accordance with Article 5 of European Regulation 679/2016 concerning the protection and processing of personal data, data is processed lawfully, fairly, and transparently to the data subject ("lawfulness, fairness and transparency"); collected for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes ("data minimization").

4. Types of data processed.

The personal data processed by the Controller are those provided directly by the User when placing an order, when subscribing to the newsletter service, and those collected while the User browses or uses the services offered on the website www.waldnercare.com.

The Data Controller may therefore collect the following categories of "personal data":

a) personal data necessary to conclude and execute the purchase of products on the website www.waldnercare.com such as: name and surname, email address, shipping address, billing address, telephone number, and payment method, tax code;
b) the email address even when the user subscribes to the newsletter service;
c) personal data provided by the User when contacting our Customer Service for assistance;
d) data relating to the use of the website www.waldnercare.com, in particular, information regarding the ways in which the website is used, communications opened and forwarded including information collected through cookies (in this regard, please refer to the cookie policy also present on the website that regulates the details).

5. How data is collected.

The Data Controller collects directly from the User and processes personal data:

- when the User places an order and purchases products offered online on the website www.waldnercare.com;
- when the User registers for events promoted by WaldnerCare;
- when the User subscribes to the WaldnerCare newsletter;
- when the User responds to WaldnerCare marketing campaigns.

6. Purposes of processing.

The Data Controller may process the User's personal data for one or more of the purposes indicated below, based on the legal basis described below.

6.1. Establishment and execution of contractual relationships and related obligations.

The Data Controller may process the User's personal data for the purpose of establishing and executing contractual relationships, and therefore to conclude and execute the contract for the purchase of products offered on the website www.waldnercare.com to fulfill pre-contractual and contractual obligations, to provide the requested services, to manage payments, and to respond to reports and complaints. The Data Controller may also use contact details, particularly the User's email, to provide the User with information regarding the service.

Legal basis for processing: fulfillment of contractual obligations to which the User is a party and fulfillment of legal obligations connected to such contract.

The provision of data is mandatory to manage the contractual relationship; otherwise, the Data Controller will not be able to proceed.

6.2. Operational management and purposes strictly related to access to the Website, particularly to areas reserved for it.

The Data Controller may process contact details and other personal data to allow the User to complete the registration procedure on the Website and to allow access to the User's personal area for: a) downloading documents related to services purchased; b) responding to other requests made through the Website. Registration on the Website may take place if the User voluntarily decides to use it.

Legal basis for processing: fulfillment of contractual obligations to allow the User to register on the Website.

The provision of data is mandatory to manage the contractual relationship; otherwise, the Data Controller will not be able to proceed.

6.3. Sending periodic newsletters.

The Data Controller may process contact details to send periodic newsletters upon explicit request by the User through the related subscription service, containing news and insights on various products and topics of interest.

Legal basis for processing: fulfillment of contractual obligations to allow the User to receive the newsletter.

The provision of data is mandatory to manage the contractual relationship; otherwise, the User will not be able to subscribe and receive the newsletter.

6.4. Purposes related to obligations provided by laws, regulations or EU legislation, by provisions / requests of authorities authorized by law and / or supervisory and control bodies.

Contact details and payment data may be processed by the Data Controller to comply with the obligations to which it is bound, and in particular, to comply with civil and/or tax law provisions, to respect obligations under a regulation, whether national or international, EU legislation, or an order from the Authority (such as anti-money laundering regulations).

Legal basis for processing: compliance with a legal obligation.
The provision of Personal Data for this purpose is mandatory as otherwise the Data Controller would be unable to fulfill specific legal obligations.

6.5. Analysis and improvement of services - customer satisfaction.

The Data Controller may process contact details to analyze, review, and improve its services in terms of customer satisfaction.

Legal basis for processing: legitimate interest of the Data Controller in verifying and improving the quality of its services, also through review invitation systems to monitor the quality of the services provided.


6.6 Sending communications for the promotion of products and services similar to those subject to a previous purchase, in accordance with and within the limits allowed by Article 130, paragraph 4, of the Privacy Code (Legislative Decree no. 196/2003, as amended by Legislative Decree no. 101/2018).

The Data Controller may process contact data related solely to email addresses for promotional purposes related to products and services similar to those purchased by the User. Solely with reference to the use of the email address provided by the Data Subject at the time of concluding the contract, the Data Controller may process contact data to send (without the need to obtain specific consent, as provided for in Article 130, paragraph 4 of the Privacy Code) informational and advertising material only if it is related exclusively to products and/or services similar to those already used.

Assumption for processing and legal basis: legitimate interest of the Data Controller in maintaining an effective contractual relationship with the User.

In this particular case, the Data Subject has the right to object at any time to the processing upon receipt by canceling the subscription to the email marketing service.

6.7 Defense of rights in judicial, administrative, or extrajudicial proceedings or in disputes arising in relation to the services offered.

Contact and payment data may be processed by the Data Controller to defend its rights or to take action or make claims against the User or third parties. Assumption for processing and legal basis: legitimate interest of the Data Controller in protecting its rights. Providing data for this purpose is mandatory as otherwise the Data Controller would be unable to defend its rights.

6.8 Execution of promotional, advertising, and marketing activities in a broad sense.

Personal data provided by the user may also be processed by the Data Controller for the purpose of commercial promotion, gifts, advertising communication, solicitation for purchasing behaviors, market research, surveys (including by phone, online, or through forms), statistical analysis (in identifiable form), other broad-sense marketing sample surveys (including prize events, games, and contests) through automated contact methods (email, SMS, MMS, chat, instant messaging, social networks, and other mass messaging tools, push notifications, etc.) and traditional contact methods (for example, phone calls with operators). Assumption for processing and legal basis: consent. To proceed with processing for promotional, advertising, and marketing activities in a broad sense, it is mandatory to obtain specific, express, documented, and entirely optional consent. Failure to provide it therefore does not affect contractual relationships. Consent can be revoked at any time.

6.8.1 Communication and dissemination of personal data to third-party commercial partners intending to process them for promotional, advertising, and marketing activities in a broad sense.

For the same promotional, advertising, and marketing purposes as outlined in point 6.8 above, the Data Controller informs the User that personal data may also be communicated to third-party commercial partners. Assumption for processing and legal basis: consent. The Data Controller first clarifies that the consent to Processing provided by the User for the purposes outlined in point 6.8 above and their personal data will be used solely and exclusively by the Data Controller for promotional, advertising, and marketing activities in a broad sense carried out by the Data Controller itself and will not be in any way transferred to third parties. To proceed with any communication and dissemination of personal data to third-party commercial partners intending to process them for their separate and additional promotional, advertising, and marketing purposes in a broad sense, the Data Controller must therefore obtain informed, documented, express, and entirely optional consent from the User. Failure to provide it does not have any consequences on contractual relationships with the Data Controller.

6.9 Processing of personal data for commercial profiling purposes.

The Data Controller may also, for marketing purposes and service improvement, proceed with the processing of so-called "profiling" data, meaning processing contact data, other personal data, website usage, and other data regarding the interests of the User through their statistical analysis, to create an individual profile of the User and send them commercial communications in line with their preferences, based on the analysis of their habits and purchase choices. These personalized communications may be carried out through automated contact methods (email, SMS, MMS, chat, instant messaging, social networks, and other mass messaging tools, push notifications, etc.) and traditional contact methods (for example, phone calls with operators, traditional mail, etc.). Profiling activity may concern "individual" personal data or "aggregated" personal data derived from detailed individual data. Assumption for processing and legal basis: consent. To proceed with processing for profiling activity, it is mandatory to obtain consent (also from consent for promotional, advertising, and marketing activities in a broad sense as outlined in point 6.8 above), additional, express, documented, and entirely optional. Failure to provide it does not have any consequences on contractual relationships. Consent can be revoked at any time.

6.10 Processing of personal data for the purpose of hosting third-party promotions on customized clusters.

The Data Controller may also, for the purpose of hosting promotions of third parties dedicated to specific interest groups, proceed with data profiling through dedicated technologies, meaning processing contact data, other personal data, website usage, and other data regarding the interests of the User through their statistical analysis, to associate the individual profile of the User with particular interest groups in order to provide them with commercial communications in line with the common preferences of the cluster, based on the analysis of their habits and purchase choices. These personalized communications are carried out through automated broadcasting methods to specific areas of the website during navigation. Profiling activity may concern "individual" personal data or "aggregated" personal data derived from detailed individual data. Assumption for processing and legal basis: consent. To proceed with processing for profiling activity, it is mandatory to obtain consent, express, documented, and entirely optional. Failure to provide it does not have any consequences on contractual relationships. Consent can be revoked at any time.

7. Processing Methods

The processing will be carried out in automated and/or manual form, using paper, computerized, telematic, or other telecommunication systems, in compliance with what is provided for in Article 32 of the GDPR 2016/679 regarding security measures, by specifically appointed subjects and in compliance with what is provided for in Article 29 GDPR 2016/679.

8. Data Recipients

The Data are processed by personnel duly trained by Waldner Tecnologie Medicali S.r.l. a Socio Unico as Data Controller and will not be subject to disclosure. For organizational and functional needs, personal data are also shared, for the purposes indicated above in point 6 and its subordinates, with subjects acting as external data processors or autonomous or co-controllers. These subjects have been assessed and chosen by the Data Controller for their proven reliability and competence and belong to the following categories:

a) banks used for payment transactions, as well as the subjects operating in them, for the sole purposes of administrative and accounting contract/relationship management and for checks concerning payment execution;

b) companies and professionals used by the Data Controller for consultancy or assistance in carrying out its business activities, including in particular lawyers, auditors, tax and labor consultants, individuals, companies, professional firms providing consultancy services in accounting and administrative matters, auditors, supervisory bodies, oversight bodies, certification bodies, shippers, IT and telematics service providers, IT and internet security consultants, subjects delegated to carry out technical maintenance activities (including maintenance of network equipment);

c) any contractors - subcontract

ors of the Data Controller for the execution of the contractual activity;

d) public bodies or law enforcement authorities if required by applicable regulations or following a request from the authority itself;

e) other third-party subjects if deemed necessary to carry out, in whole or in part, contractual activities and for administrative-accounting purposes of the relationship;

f) with suppliers or other third parties providing services on our behalf (e.g., IT management, payment processing, data analysis, customer support, cloud storage, order fulfillment, and shipping).

g) with commercial and marketing partners, including Shopify, to provide services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services. Our commercial and marketing partners will use your information in accordance with their privacy policies.

h) when you direct us, request us, or otherwise consent to our disclosure of certain information to third parties, such as to ship products to you or through your use of social media widgets or log-in integrations, with your consent.

i) with our affiliates or otherwise within our corporate group, in our legitimate interests to manage a successful business.

l) in connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

The following categories of personal information may be subject to possible disclosure:

Identifiers such as basic contact details and certain order and account information.
Commercial information such as order information, purchase information, and customer support information.
Internet activity or similar, such as Usage Data.
Recipient Categories:

Providers and third parties performing services on our behalf (such as Internet service providers, payment processors, fulfillment and shipping partners, customer support partners, and data analytics providers).
Commercial and marketing partners.
Affiliates.
We do not use or disclose sensitive personal information to deduce characteristics about you.

User-Generated Content:

The Services may allow you to post product reviews and other user-generated content. If you choose to submit user-generated content to any public area of the Services, this content will be public and accessible to anyone.

We do not control who will have access to the information you choose to make available to others, and we cannot guarantee that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information you make publicly available, nor for the accuracy, use, or misuse of any information you disclose or receive from third parties.

Third-Party Websites and Links:

Our website may provide links to websites or other online platforms operated by third parties. If you follow links to non-affiliated or non-controlled sites or platforms, you should review their privacy and security policies and other terms and conditions. We do not warrant and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide in public or semi-public areas, including information you share on third-party social networking platforms, may also be visible to other users of the Services and/or users of such third-party platforms without limitations on its use by us or by third parties. Our inclusion of such links does not imply, by itself, any endorsement of the content on such platforms or their owners or operators, except as disclosed on the Services.

Children's Data:

The Services are not intended for use by children, and we do not knowingly collect any personal information from children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details provided below to request its deletion.

As of the effective date of this Privacy Policy, we do not have actual knowledge of sharing or selling (as defined by applicable law) personal information of individuals under the age of 16.

Security and Storage of Your Information:

Please note that no security measure is perfect or impenetrable, and we cannot guarantee "perfect security." Additionally, the information you send to us may not be secure during transmission. We advise you not to use non-secure channels to communicate sensitive or confidential information to us.

How Long We Retain Your Personal Information:

How long we retain your personal information depends on various factors, such as whether we need the information to maintain your account, to provide the Services, to comply with legal obligations, to resolve disputes, or to enforce other applicable contracts and policies.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below regarding your personal information. However, these rights are not absolute, they may apply only in certain circumstances, and in some cases, we may deny your request as permitted by law.

Right to Access / Knowledge. You have the right to request access to the personal information we hold about you, including details about how we use and share your information.
Right to Erasure. You have the right to request the erasure of personal information we hold about you.
Right to Rectification. You have the right to request the correction of inaccurate personal information we hold about you.
Right to Portability. You have the right to receive a copy of the personal information we hold about you and to request that it be transferred to a third party, in certain circumstances and with certain exceptions.
We use Shopify's advertising services such as Shopify Audiences to personalize the advertising you see on third-party websites. To limit Shopify merchants using these advertising services from using your personal information for such services, visit https://privacy.shopify.com/en.

Personal data may also be transmitted to the police forces and judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention and protection against threats to public security, to enable the Data Controller to ascertain, exercise, or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.

Upon acquisition of additional informed, separate, additional, documented, express, and entirely optional consent, personal data may also be disclosed to third-party commercial partners intending to process the data for their separate and additional promotional, advertising, and marketing purposes in a broad sense as previously indicated in point 6.8.1.

9. Data Subject Rights

In accordance with Article 7 of the Privacy Code and Articles 13, paragraph 2, letters (b) and (d), 15, 18, 19, and 21 of the Regulation, the Data Subject is informed of the following rights:

a) the right to request from Waldner Tecnologie Medicali S.r.l. a Socio Unico, as the data controller, access to personal data, rectification, or erasure of the same, or restriction of processing concerning them or to object to their processing, in cases provided for;
b) the right to lodge a complaint with the Garante for the Protection of Personal Data as a Data Subject, following the procedures and indications published on the Authority's official website at www.garanteprivacy.it;
c) any rectifications, erasures, or restrictions of processing carried out at the request of the Data Subject - unless this proves impossible or involves a disproportionate effort - will be communicated by the Controller to each of the recipients to whom the personal data have been transmitted. The Controller may inform the Data Subject of these recipients if requested by the Data Subject.

In particular, the Data Subject may:

1) obtain confirmation of whether or not personal data concerning them are being processed, even if not yet registered, and their communication in an intelligible form;

2) obtain information about:

a) the origin of the personal data;

b) the purposes and methods of the processing;

c) the logic involved in case of processing carried out with the aid of electronic tools;

d) the identifying details of the data controller, processors, and the designated representative pursuant to Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR;

e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representatives in the territory of the State, processors or persons in charge;

3) obtain:

a) the updating, rectification, or, where interested, integration of data;

b) the erasure, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

c) certification that the operations referred to in letters a) and b) have been notified, including their contents, to those to whom the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right being protected;

4) object, in whole or in part:

a) on legitimate grounds, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;

b) to the processing of personal data concerning them for the purpose of sending advertising materials or direct selling or for the performance of market research or commercial communication, using automated calling systems without the intervention of an operator, by email and/or by traditional marketing methods by phone and/or postal mail.

It should be noted that the Data Subject's right to object, as outlined in the previous point b), to direct marketing purposes through automated means extends to traditional methods, and in any case, the Data Subject retains the option to exercise the right to object only in part.

Therefore, the Data Subject can choose to receive communications only through traditional methods or only through automated communications or none of the two communication types.

10. Amendments to this Notice

The address to exercise rights via registered mail with return receipt requested is as follows: Waldner Tecnologie Medicali S.r.l. a Socio Unico, Piazza Brà, 26/D - 37121 Verona (VR).

COOKIES POLICY:

Like many websites, we use Cookies on our Site. For specific information about the Cookies we use to power our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including remembering your actions and preferences), to perform analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve, and optimize the Services). We may also allow third parties and service providers to use Cookies on our Site to better tailor services, products, and advertising on our Site and on other websites.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies via browser controls. Please note that removing or blocking Cookies may negatively impact your user experience and may cause malfunctions in some of the Services, including certain specific services and features. Additionally, blocking Cookies may not completely prevent the way we share information with third parties such as our advertising partners.

Disclosure of Personal Information:

Under certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

With providers or other third parties performing services on our behalf (such as IT management, payment processing, data analytics, customer support, cloud storage, order fulfillment, and shipping partners).
With commercial and marketing partners, including Shopify, to provide services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services. Our commercial and marketing partners will use your information in accordance with their privacy policies.
When you direct us, request us, or otherwise consent to our disclosure of certain information to third parties, such as to ship products to you or through your use of social media widgets or log-in integrations, with your consent.
With our affiliates or otherwise within our corporate group, in our legitimate interests to manage a successful business.
In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.
In the past 12 months, we have disclosed the following categories of personal information and sensitive personal information (indicated by *) about users for the purposes outlined above in "How We Collect and Use Your Personal Information" and "How We Disclose Personal Information":

Category:

Identifiers such as basic contact details and certain order and account information.
Commercial information such as order information, purchase information, and customer support information.
Internet activity or similar, such as Usage Data.
Recipient Categories:

Commercial and marketing partners.
User-Generated Content:

The Services may allow you to post product reviews and other user-generated content. If you choose to submit user-generated content to any public area of the Services, this content will be public and accessible to anyone.

We do not control who will have access to the information you choose to make available to others, and we cannot guarantee that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information you make publicly available, nor for the accuracy, use, or misuse of any information you disclose or receive from third parties.

Third-Party Websites and Links:

Our website may provide links to websites or other online platforms operated by third parties. If you follow links to non-affiliated or non

-controlled sites or platforms, you should review their privacy and security policies and other terms and conditions. We do not warrant and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide in public or semi-public areas, including information you share on third-party social networking platforms, may also be visible to other users of the Services and/or users of such third-party platforms without limitations on its use by us or by third parties. Our inclusion of such links does not imply, by itself, any endorsement of the content on such platforms or their owners or operators, except as disclosed on the Services.

Children's Data:

The Services are not intended for use by children, and we do not knowingly collect any personal information from children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details provided below to request its deletion.

As of the effective date of this Privacy Policy, we do not have actual knowledge of sharing or selling (as defined by applicable law) personal information of individuals under the age of 16.

Security and Storage of Your Information:

Please note that no security measure is perfect or impenetrable, and we cannot guarantee "perfect security." Additionally, the information you send to us may not be secure during transmission. We advise you not to use non-secure channels to communicate sensitive or confidential information to us.

How Long We Retain Your Personal Information:

How long we retain your personal information depends on various factors, such as whether we need the information to maintain your account, to provide the Services, to comply with legal obligations, to resolve disputes, or to enforce other applicable contracts and policies.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below regarding your personal information. However, these rights are not absolute, they may apply only in certain circumstances, and in some cases, we may deny your request as permitted by law.

Right to Access / Knowledge. You have the right to request access to the personal information we hold about you, including details about how we use and share your information.
Right to Erasure. You have the right to request the erasure of personal information we hold about you.
Right to Rectification. You have the right to request the correction of inaccurate personal information we hold about you.
Right to Portability. You have the right to receive a copy of the personal information we hold about you and to request that it be transferred to a third party, in certain circumstances and with certain exceptions.
We use Shopify's advertising services such as Shopify Audiences to personalize the advertising you see on third-party websites. To limit Shopify merchants using these advertising services from using your personal information for such services, visit https://privacy.shopify.com/en.

Claims:

If you have complaints about how we handle your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live, you may have the right to appeal our decision by contacting us using the contact details provided below, or by filing your complaint with the local data protection authority.

International Users:

Please note that we may transfer, store, and process your personal information outside of the country where you live, including the United States. Your personal information is also processed by staff and third-party service providers and partners in these countries. If we transfer your personal information outside of Europe, we will rely on recognized transfer mechanisms such as the European Commission's Standard Contractual Clauses, or any equivalent contract issued by the relevant competent authority of the United Kingdom, as applicable, unless data transfer occurs to a country deemed to provide an adequate level of protection.

Contacts:

If you have questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of the rights available to you, please email us at ecommerce@waldner.it or contact us by registered letter with return receipt requested addressed to Piazza Bra 26/D, Verona, VR, 37121, Italy.

For the purposes of applicable data protection laws, we are the data controller of your personal information.