INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR THIS WEB SERVICE PURSUANT TO ART. 13 REG. EU 679/2016
Dear user,
The current regulations require us to provide information regarding the processing of personal data for this web service (hereinafter also referred to as “Service”) in relation to the processing of personal data of users/visitors who consult and use it.
This notice is provided pursuant to EU Regulation 2016/679 (hereinafter also referred to as "Regulation" or “GDPR”) and its subsequent amendments, to all users interacting with the Service. The validity of the information contained on this page is limited to the Service itself and does not extend to other external websites that may be accessed via hyperlinks.
For the regulations on the processing of personal data:
a) We, Salus Labs International LLC, whose details are provided in the Who We Are section of this service, are the “Data Controller” of the Processing;
b) You are the “Data Subject”, and you have the rights and obligations that we outline below.
1. PROCESSING
1.1. The Data Controller, whose details are indicated on the official Hair Rebirth website of Salus Labs International LLC, will process the Data according to the principles of lawfulness, fairness, transparency, purpose limitation and storage limitation, data minimization, accuracy, integrity, and confidentiality.
2. CATEGORIES OF DATA PROCESSED
2.1. Browsing Data
The IT systems and software programs used for the operation of the site collect certain personal data whose transmission is implicit in the use of Internet communication protocols (e.g., IP addresses or domain names of the computers used by users connecting to the site, the URIs -Uniform Resource Identifiers- of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, a numerical code regarding the status of the response provided by the server -success, error, etc.- and other parameters related to the user's operating system and IT environment). Although this information is not collected to be associated with identified data subjects, by their nature, they could, through processing and associations with data held by third parties, allow for the identification of users. This data is used solely to derive anonymous statistical information on the use of the Service and to monitor its proper functioning. It should be noted that the aforementioned data may be used to ascertain responsibility in the event of cyber crimes against the Service or other connected or linked sites: barring this eventuality, currently, web contact data do not persist for more than 7 days.
2.2. Cookies
A cookie is a small text file in which brief information regarding a user's activity on a website is collected and stored on the device that accessed the web service. In compliance with measures no. 229 of May 8, 2014, and 231 of June 10, 2021, from the Data Protection Authority, it is informed that this web service exclusively uses Technical Cookies (which do NOT require consent): they are necessary for the functioning of the web service and allow access to its functions (so-called navigation cookies) and are mostly session cookies whose use is limited to the transmission of session identification data in the form of numbers generated automatically by the server necessary to allow secure and efficient browsing of the site and to manage authentication to online services and restricted areas. They are also used to set some preferences such as language and for analytical/monitoring functions to collect information, in aggregate form, on the number of users and how they visit the site in order to carry out anonymous statistical analyses for service optimization without the use of analytical cookies. Session cookies are not persistently stored on the user's computer and are deleted when the browser is closed. The session cookies used on this site avoid the use of other potentially harmful computer techniques for the confidentiality of users' browsing and do not allow the acquisition of personally identifiable data of the user. Other technical cookies have a longer duration specified in the list below. No cookies are used for the transmission of personal information. No profiling cookies of users are used.
The technical cookies used are as follows:
- ASP.NET_SessionId: user session data, used only by the server to ensure continuity. It does not contain personally identifiable information - session expiration
- SPID_SessionId: SPID session data, used only by the server to ensure continuity. It does not contain personally identifiable information - expiration 1 hour
- SPID_Disconnect: SPID disconnection data, used only by the server to ensure logout. It does not contain personally identifiable information - expiration 1 hour
2.3. Data provided voluntarily by the user
For consultation of the site, no personal data from the user is required. However, any contacts with the Data Controller, for example, to request information via a form, or the spontaneous sending of messages, emails, or traditional mail to the Data Controller's contacts involve the subsequent acquisition of such personal data from the sender, necessary to respond to requests, as well as any other personal data voluntarily entered by the user in the relevant communications (the communication of personal data relating to a minor must be made by both parents or by a person exercising authority over the minor).
3. PURPOSES AND LEGAL BASES OF THE PROCESSING
3.1. The Data Controller carries out the Processing for the purpose of:
- a) Allowing you to navigate and use the Service;
- b) executing the Service or the requested performance;
- c) fulfilling administrative, financial, accounting, and/or tax obligations;
- d) complying with any obligation provided by law and/or an order from Public Authority;
- e) if necessary, to assert or defend a right in court;
- f) your data may also be processed to make communications of public interest or public utility;
3.2. The legal bases for the Processing are as follows:
- a) the necessity to allow you to navigate and access the requested Web Service, as well as to provide the service itself;
- b) execute what is stated in the previous points 3.1 a-f;
- c) the processing is necessary for the performance of a task carried out in the public interest or in connection with the exercise of public powers vested in the Data Controller;
- d) any tax data: necessity to fulfill obligations as per the previous points 3.1 c-e.
4. COMMUNICATION TO RECIPIENTS AND DISSEMINATION
4.1. The Data may be communicated to third-party Recipients (including public authorities or judicial authorities) only to the extent strictly necessary in relation to the above purposes, or for the sole obligations necessary for the Service, or those required by law or by order of the Authority.
4.2. The categories of Recipients are as follows:
-
a) subjects necessary for the execution of activities related to and consequent upon the execution of the Service, bound by a data processing agreement (external processors);
-
b) Appointed persons and individuals authorized by the Data Controller who have committed to confidentiality or have an adequate legal obligation of confidentiality (e.g., employees and collaborators of the Data Controller);
4.3. The Data Controller may also need to communicate Data to comply with legal obligations or to respond to orders from public authorities, including the judicial authority.
4.4. The Data will not be subject to dissemination.
5. DATA RETENTION PERIOD
5.1. The Data Controller retains your Data for the time strictly necessary to achieve the Purposes referred to in point 3.
5.2. Such data will be deleted when they are no longer necessary for the purposes indicated above, subject to further retention obligations provided by law.
6. NATURE OF DATA COMMUNICATION
6.1. The communication of the Personal Data referred to in point 2.1 is necessary for navigation: failure to provide it would indeed make navigation impossible.
6.2. The communication of the Personal Data referred to in point 2.3 is optional.
7. CONSEQUENCES OF REFUSAL TO COMMUNICATE DATA
7.1. As specified in the previous point 6.1, it is technically not possible to refuse to communicate Navigation Data (to the extent that they are Personal Data).
7.2 In case of refusal to communicate the Personal Data referred to in point 2.3, it will not be possible to respond to requests and/or provide the service.
8. RIGHTS OF THE DATA SUBJECT
8.1. You, as the Data Subject, have the right to:
a) access your Data held by the Data Controller and obtain a copy;
b) request rectification and/or deletion, where and to the extent that the conditions are met;
c) request restriction of Processing, where and to the extent that the conditions are met;
d) object, for reasons related to your particular situation, to the processing of personal data concerning you.
e) lodge a complaint with the Data Protection Authority
9. THE DATA PROTECTION OFFICER
9.1. The Data Controller has a Data Protection Officer (also “DPO”), whom you can contact at the contact details indicated on the institutional website of the Company to which this Service is connected.
10. UPDATES TO THE INFORMATION
10.1. This information refers to the methods of processing personal data of visitors during navigation and use of the web Service. The eventual entry into force of new sector regulations, as well as the constant review and updating of the Service, may require changes to these methods over time. Therefore, we invite you to periodically consult this page. For this purpose, this document indicates the date of the last update.