We endeavour to protect the privacy of those who visit our website, to make sure that they can take advantage of the services offered on the site without feeling unsafe. To that end, and pursuant to article 13 of the GDPR and article 13 of Legislative Decree 196/2003 (Personal Data Protection Code), we provide the following information.
1. Type of processed data
1.1 Data voluntarily provided by the user
The data that are provided voluntarily by the users through the email addresses and the website forms, including the user’s name, surname, address and email address, is acquired in order to correctly provide the requested services.
This site uses both session and persistent cookies. Session cookies are temporary and only last for as long as the user is on the website. Persistent cookies are saved by the browser on your computer or device and are used to customize site navigation and get access statistics.
Facebook – https://www.facebook.com/policies/cookies/
Twitter – https://twitter.com/privacy?lang=en
Youtube – https://www.google.com/intl/en/policies/technologies/types/
Linkedin – https://www.linkedin.com/legal/cookie-policy
If the user sets up their account so that no type of cookie is accepted, they will be able to view the pages of https://www.drwindle.com, but the operation of the site and related services may be compromised.
Dr.Windle uses Google Analytics to track the https://www.drwindle.com website and its usage. Google Analytics collects data regarding users’ browsing in anonymous form. Google Inc. offers the ability to disable Analytics for the web, if the user decides that they do not want the data to be collected.
2. Purpose of data collection
The data can be collected for the following purposes:
a) to complete and place orders, to send confirmation messages relating to a purchase, to handle possible complaints following a purchase;
b) to give users access to the website’s private areas and to send commercial messages, news and updates on the activities of Dr. Windle;
c) comply with the obligations stemming from law or regulation;
d) to manage contacts, to send newsletter emails and promotional materials relating to the services and products offered by Dr. Windle;
e) to obtain data and statistics on the usage patterns and traffic of the https://www.drwindle.com website;
f) for additional purposes related to Dr. Windle’s activities, such as data archiving, customers’ management and billing, and in particular to comply with legal obligation of a fiscal, accounting etc. nature.
3. Data collection methods
The data will be collected and processed in accordance with the purposes described at section 2 of this policy and in order to ensure the security and confidentiality of the data. The processing of the data can be carried out, using the same means, by third parties providing data processing services on behalf of Dr. Windle or carrying out activities that are necessary to carry out the services requested by the users.
Data is processed through the use of computer tools and is kept only for the time necessary to achieve the purposes for which it is collected, in any case not for longer than 10 years.
4. Optional nature of data transfer
The user can decide not to share the personal data that is necessary to complete the application forms on the website, bearing in mind that not providing the mandatory data will render it impossible for Dr. Windle to provide the service.
5. Sharing data with third parties
5.1 Access to data
We might give access to the data collected for the purpose of section 2 to:
a) employees and associates of the Controller, in order to comply with their working duties;
b) to third parties, such as the accountancy firm we rely on, in order to carry out their duties on behalf of the Controller.
5.2 Sharing data
Collected data may be disclosed to third parties under the following circumstances:
a) to investigate potentially fraudulent activities relating to the use of user accounts and the violation of the site’s terms and conditions;
b) in case of sale, reorganisation or merger of our company;
c) where the information is necessary to conduct judicial investigations or to collect tax data. Moreover, some data may be shared with third parties, such as legal advisors or auditors, in order to obtain their professional opinion.
The data of users who have accepted or requested informative material to be sent to them (such as newsletters) are used only on order to carry out these services and are not shared with third parties.
6. Rights of the concerned party
Pursuant to art. 15 to 21 GDPR and d.lgs. n. 196/2003, article 7 (Right of access to personal data and other rights), the concerned party who provides their personal data have specific rights, namely:
6.1 Right of access
The data subject shall have the right to obtain the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data is not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
6.2 Right to rectification
The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her.
6.3 Right to erasure
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay.
6.4 Right to restriction of processing
The data subject shall have the right to obtain from the Controller restriction of processing in the cases outlined by art. 18, par. 1 GDPR.
6.5 Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance in the cases outlined by art. 20, par. 1 GDPR.
6.6 Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.
6.7 Exercising your rights
The data subject can exercise their rights by:
a) accessing and editing their account data directly on our website https://www.drwindle.com;
b) making a request via e-mail to our e-mail address [email protected], or contacting us through our Contacts page.
The data Controller or one of their employees will reply to the request within a reasonable time and in any case within one month of receiving the request.
7. Transferring data outside of the European Union
Collected data is stored on servers located in Germany and is in no case transferred to countries outside the European Union. Some data can also be stored in our company server.
8. Data Controller and Processor
The data controller as far as statutory obligations are concerned is Dr.Windle, with registered office in 1700 116th Ave NE #100, Bellevue, WA 98004.
The data Processor, as far as the data collected on our website https://www.drwindle.com is concerned, is the hosting company
In order to take advantage of the rights protected by art. 15 to 21 GDPR and by art. 7 of the Privacy Code, you just need to get in contact with us through one of the channels listed on our Contacts page.
All data is protected through the use of antivirus, firewall and password protection.