PRIVACY POLICY FOR THE WEBSITE SUNWAVEPHARMA.COM
SUN WAVE PHARMA SRL, (“SUN WAVE PHARMA” or “we” or “us”) processes the personal data provided by the users when accessing the sunwavepharma.com website (“Site”) in accordance with the legal provisions on the processing of personal data.
Please read this policy carefully in order to learn more about the way we process your personal data and about the rights you have.
1. HOW WE COLLECT PERSONAL DATA
The personal data processed through our Site is collected:
- directly from you (e.g., when you contact us via the contact forms or contact details we provide);
- observed by us when you browse the Site (cookies, website navigation data, etc.).
1.1. Data provided by you directly
When you choose to create an account on the Site
If you choose to create an account on the Site in order to acquire products from our portfolio, we will process personal data such as your name and email address. In order to complete the account creation process you must confirm that you have read and accept the provisions contained in the Terms and Conditions of the Site by ticking the appropriate box.
After registering your account, you will receive a password to the email address registered when you created your account, which you can change by accessing your account in the control panel section. We recommend that you set a new password as soon as possible after the account creation. Accessing your account after its creation is performed by using your email address and password.
We process this personal data pursuant to the performance of a contract, as your acceptance of the Terms and Conditions constitutes the conclusion of a contract between us and you. As a general rule, we will retain this data for the duration of the existence of your account plus an additional period of up to 3 years from the time of the account’s closure. You may request us to close your account at any time and we will comply with your request, subject to the retention of certain information that may be required under applicable law (e.g. financial and accounting formalities), for internal administrative purposes or to defend our interests or those of third parties in the event of disputes or litigation.
When you choose to purchase products from our Site
You have the possibility to acquire products from the Site by means of a user account (as described in Section A above) or without first creating a user account. In both cases, after selecting the product(s) you want and placing it/them in your cart, you must proceed to the Checkout stage, at which point a page will open asking for the personal data required to place the order. The data we process on this occasion are: (i) billing data: name, surname, telephone number, email address, postal address, product(s) ordered, details provided by you in relation to the order placed; (ii) delivery data (only if different from the billing data): name, surname, telephone number, email address, postal address.
In order to complete the order placement process, you must confirm that you are aware of and accept the provisions contained in the Site Terms and Conditions by ticking the appropriate box.
B.1. When an order is placed for the benefit of an individual
If an order is placed on behalf of the natural person user, we process the personal data related to the order pursuant to the performance of a contract, as the acceptance of the Terms and Conditions and the placing of an order constitutes the conclusion of a contract between us and you. We keep this personal data for a period of 10 years from the time you placed the order, for financial and accounting purposes.
B.2. Where an order is placed on behalf of a legal person by a representative of that legal person
If an order is placed by the user, but on behalf of a legal entity, we process the personal data related to the order on the basis of our legitimate interest to manage the contractual relationship generated by placing an order for products on the Site. We need this personal data for financial-accounting purposes, which is why we will store it for a period of 10 years from the time the order is placed.
In both cases, you can choose to pay for the order you have placed by cash on delivery or by credit card online. For the online payment you will be redirected to the appropriate payment processor page in order to enter the necessary data for your payment. These personal data will be processed by the payment processor. Please read the information on the processing of personal data posted by the payment processor on its website.
When managing your user account using the “Control Panel”
After creating your account, you can configure it by changing your password and/or filling in and saving certain personal data in the “Control Panel”, such as: first name, last name, username (which will be displayed in the Account section and in reviews), billing address, delivery address. In addition, in the “Orders” section you can view the history of the orders placed.
We process this personal data on the basis of our legitimate interest in managing your account and the orders placed. As a general rule, we will retain this data for a maximum period of 3 years from the time your account is closed. You may request us to close your account at any time and we will comply with this request, subject to the retention of certain information that may be required under applicable law (e.g., accounting and tax rules), for internal administrative purposes or to defend our interests or those of certain third parties in the event of disputes or litigation.
In the case you request a newsletter subscription to receive commercial communications from us
This processing is optional. When you create an account on the Site and/or when you place an order on the Site (even if you do not have a user account), we offer you the possibility to subscribe to our newsletter in order to receive commercial communications from us.
In this case, we will process your email address to manage the sending of newsletters to you. The subscription to the newsletter takes place on the basis of the consent given by you by ticking the appropriate box for this purpose. This consent can be withdrawn at any time by using the indications provided by us in the case of each commercial communication.
Your data will be kept in our records until you withdraw your consent. However, we reserve the right to maintain a suppression list to ensure that we do not send you commercial communications in the future.
When you contact us in any way
You can contact us using the details provided on the Site (by e-mail, telephone, post or any other form or means provided). We will process your contact details, as well as any other information you choose to submit to us.
We process this personal data on the basis of our legitimate interest to respond to your requests/complaints. We will retain this data for a maximum period of 3 years from the last interaction with you, from the final resolution of the issue raised or until you request their erasure (to the extent that the right of erasure applies).
1.2. Data observed while browsing the Site
The site collects certain information automatically and stores it in log files. The information may include Internet Protocol (IP) addresses, the general region or location from which your computer or device accesses the Internet, the browser type, the operating system, and other usage information about your use of the Site, including a history of the pages you view on the Site. We use this information to help us design the Site to best meet the needs of our users.
We may also use your IP address to help diagnose problems we may have with the server and to administer the Site, analyse trends, track visitor fluctuations and gather broad demographic information to help us identify our visitors’ preferences. This data is retained for a period of 2 years.
Our website also uses cookies and similar technologies, which you can read at length about in our cookie policy.
2. TO WHOM WE DISCLOSE PERSONAL DATA
We will only disclose your personal data for the purposes and to the persons described below. We will take the appropriate measures to make sure that your data is processed, secured and transferred in accordance with the applicable law.
2.2. Disclosure of data to various third parties
We may disclose your personal data to third parties in the following situations:
(a) companies providing products and services to us such as:
(i) media or marketing agencies, such as those which manage our Site or promote our business;
(ii) site services: analytical, advertising;
(iii) providers of information technology systems and support, including email archiving, back-up and disaster recovery and cyber security services.
(b) other entities, such as public authorities and institutions, accountants, auditors, lawyers and other external professional advisors, where their business requires knowledge on the data or where the law requires us to disclose it.
We may also disclose your personal data to other third parties:
(a) if you request or agree to this;
(b) persons who can demonstrate that they have the legal authority to act on your behalf;
(c) in case it is in our legitimate interest to do so in order to administer, expand or develop the business;
(d) in case we are obliged to disclose your personal data in order to comply with a legal obligation or a request from the authorities.
The third parties to whom we choose to distribute your personal information as set out above are limited (by law and contractually) in their ability to use your personal data strictly for the specific purposes identified by us. We will always make sure that any third parties with whom we choose to share personal data are subject to the data protection obligations. However, for the avoidance of doubt, this may not be applicable where the disclosure is not our decision (for example, if we need to provide personal data as a result of a mandatory request from a public authority).
3. DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
We generally process your personal data within the EEA and do not transfer or disclose your personal data to third parties outside the EEA. In the case we will use non-EEA suppliers who might have access to your data for the provision of services to SUN WAVE PHARMA , we will implement the appropriate measures to make sure that they adequately protect your personal information in accordance with this policy. These measures include, in the case of the service providers based in other countries outside the EEA, the guarantee represented by the adequacy decision issued by the European Commission or the conclusion of standard contractual agreements approved by the European Commission.
4. YOUR RIGHTS
As a data subject, you have certain rights under the law regarding the way we process your data. We will respect your individual rights and address your concerns appropriately.
(a) The right to withdraw your consent: Where you have given your consent to the processing of your personal data, you may withdraw your consent at any time.
(b) The right of rectification: You can benefit of a rectification of your personal data if they are incorrect or incomplete.
(c) Restrictions: You can obtain from us the implementation of restrictions on the processing of your personal data. This right is applicable if:
- you challenge the accuracy of your personal data, for the period necessary for us to verify its accuracy,
- the processing is unlawful if you request the restriction of the processing instead of the erasure of your personal data,
- we no longer need your personal data but you request them for bringing an action, for the exercise or defence of legal claims, or
- you object to the processing while we check whether our well-founded reasons prevail.
(d) The right to access: You may request information about the personal data we hold about you, including information about the categories of data we hold or control, what it is used for, how long it is processed and to whom it is disclosed, if at all. Upon request we will provide you with a copy of your personal data. In case you request further copies of your personal data, then we may charge you a reasonable fee, based on our administrative costs.
(e) The right to erasure of data: You have the right to ask us to delete the personal data we process about you. We must comply with this request if we process your personal data, except for the data which is necessary:
- for the exercise of the right to freedom of expression and information;
- for complying with a legal obligation that binds us;
- for achieving purposes in the public interest, for scientific or historical purposes or for statistical purposes; or
- for instituting, prosecuting or defending legal proceedings.
(f) The right of objection: You may object at any time to the processing of your personal data because of your specific situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this case, we will no longer process your personal data, unless we can demonstrate the legitimate grounds that oblige us and a prevailing interest for the processing or for bringing an action, for the exercise or defence of legal claims. If you object to the processing, please indicate whether you also want your personal data to be deleted, otherwise they will only be restricted.
You can always object to the processing of your personal data for direct marketing purposes which was based on our legitimate interest, for whatever reason. In the case the marketing was based on your consent, you can withdraw your consent.
(g) The right to register a complaint: In case you have a complaint, please let us know first so that we could try to remedy the situation. If we are not successful, you can contact the National Supervisory Authority for Personal Data Processing through the procedure described on the Authority’s website.
Noteworthy:
- Time period: We will try to settle your request within one month, which may be extended by up to two months for specific reasons related to a particular legal right or the complexity of your request. In all cases, if this time limit is extended, we will inform you regarding the length of the extension and the reasons leading to it.
- Lack of identification: In some cases, we may not be able to locate your personal data based on the identifiers you have provided in your request. In such cases, in which we cannot identify you as a data subject, we cannot comply with your request to exercise your legal rights described in this section unless you provide us with additional information that allows us to identify you. We will inform you and give you the opportunity to provide such additional details.
- Exercise of rights: In order to exercise your rights, please contact us in writing (including electronically) at the contact details provided in the section below.
5. CONTACT INFORMATION
Please address your questions and requests about the personal data protection by following the contact instructions in the contact section of this Site or directly by e-mail to dataprotection@sunwavepharma.com.
6. AMENDMENTS TO THIS POLICY
This policy may be amended whenever we deem it necessary and will be notified by posting it on our Website.