Privacy policy | Kanso - Nutrition with joie de vivre and pleasure

As a data controller (hereinafter referred to as "Controller" for short) pursuant to DSGVO 2016/679 (General Data Protection Regulation, hereinafter referred to as "GDPR" for short), Dr. SCHÄR AG considers the protection of personal data to be one of the most important objectives of its business activities. We therefore request that you read this Privacy Policy carefully before disclosing personal data to the Controller, as it contains important information about the protection of your personal data and the security measures applied to ensure the confidentiality of such data in accordance with the relevant legal provisions.

In addition, this Privacy Policy applies:

for this website and all websites of the responsible party on which products and services of Dr. SCHÄR AG (hereinafter the "Website") are offered;
as an integral part of the website and the services we offer;
as an information letter according to Art. 13 DSGVO for the visitors of this website;
as being consistent with Recommendation Letter No. 2/2001 on the minimum requirements in the context of online collection of personal data in the European Union, adopted by the Article 29 Working Party on May 17, 2001;
in compliance with the Italian Data Protection Authority Guidelines of June 10, 2021, the European Data Protection Board Guidelines 5/2020 on consent, the ECJ ruling of October 1, 2019 C-673/17, the General Decree of the Italian Data Protection Authority on Cookies No. 229 of May 8, 2014, the "Working Document 02/2013 providing guidance on obtaining consent for cookies", the Article 29 Working Party Opinion No. 4/2012 On Cookie Consent Exemption, Directive 2002/58/EC and all relevant decrees.

***

The Controller informs you that the processing of your personal data will be carried out in accordance with the principles of lawfulness, good faith, transparency and protection of confidentiality and your rights. Your personal data will therefore be processed in accordance with the legal provisions of the GDPR 2016/679 and the confidentiality obligations provided therein.

CONTENTS
The following overview of this privacy policy is intended to provide you with a quick overview of the relevant information on the processing of your personal data.

1. CONTROLLER, CONTACT DETAILS OF THE DATA PROTECTION OFFICER, PROCESSORS AND RECIPIENTS OF PERSONAL DATA
2. TYPE OF PERSONAL DATA PROCESSED
2.1 Navigation data
2.2 Data provided voluntarily by the user
2.3 Cookies

2.4 Data of minors

3. BANNER ON FIRST ACCESS
4. PURPOSE OF DATA PROCESSING AND OPTIONAL OR MANDATORY DATA TRANSFER
5. PROCESSING METHOD, SECURITY AND LOCATION OF DATA PROCESSING
6. COMMUNICATION, DISSEMINATION AND TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
7. YOUR RIGHTS
8. CHANGES
9. CONTACT DETAILS

1. CONTROLLER, CONTACT DETAILS OF THE DATA PROTECTION OFFICER, PROCESSORS AND RECIPIENTS OF PERSONAL DATA

As a result of accessing and using the website, data of identified or identifiable persons may be processed.

The identification data of the data controller and the website operator are as follows:

Dr. SCHÄR AG with registered office at Winkelau No. 9, Burgstall (BZ), Italy, VAT number IT00605750215, e-mail: privacy@schaer.com.

The Controller has also appointed a Data Protection Officer (DPO), at the registered office (Winkelau 9, 39014 Burgstall (BZ), Italy, Tel.: 0473 / 293 300), e-mail dpo@drschaer.com appointed.

2. NATURE OF THE PERSONAL DATA PROCESSED

2.1 Navigation data

The IT systems and software processes of this website collect personal data during normal operation, which is automatically transmitted when using Internet communication protocols. Although this information is not collected in order to create personal user profiles, it could, due to its nature and through appropriate processing and comparison with third party data, allow users to be identified. This data includes the IP addresses or domain names of the computers used by users of the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used in the server request, the size of the response file, the numerical code indicating the status of the server's response (successfully completed, error, etc.) and other parameters relating to the user's operating system and IT environment. These data are used to compile anonymous statistics on the use of the website, to verify its correct functioning, to ensure proper provision of services given the structure of the systems used, for security reasons and to establish liability in the event of any computer crime against the website or third parties. This data is usually deleted after seven days.

2.2 Data provided voluntarily by the user

Users may voluntarily provide personal data through the Website, such as by entering it in contact forms, requesting services or information, optionally, explicitly and voluntarily sending e-mails to the addresses indicated on the Website, etc.

2.3 Cookies

- Definitions, characteristics and application of the legislation
Cookies are small text files that are sent and stored on your computer or mobile device when you visit a website and are sent back to the website when you visit it again. Using these cookies, the website remembers the user's behavior and preferences (such as login data, language selected, font size, other display settings, etc.) so that these do not have to be entered again when the website is called up again or when navigating from one page to another. Cookies are therefore used for computer authentication, session monitoring and to store information about user behavior on a website and may also contain a unique identification number that tracks the user's navigation behavior on the website for statistical or advertising purposes. During navigation on a website, cookies from other sites or web servers may also be placed on the user's computer or mobile device (so-called "third-party cookies"). Some processes may not be able to be carried out correctly without the use of cookies, as some cookies are technically necessary for the functioning of the website.

There are different types of cookies with different features and functions that are stored for different periods of time on the user's computer or mobile device. These include the so-called session cookies, which are automatically deleted when the browser is closed, and the so-called persistent cookies, which are stored on the user's device for a certain period of time.

In accordance with the applicable data protection regulations, the user's express consent does not always have to be obtained for the use of cookies. In particular, this is the case with "technical cookies". These are cookies that are used to transmit a message through an electronic communication network or those that are strictly necessary for a process requested by the user. They are therefore cookies that are essential for the functioning of the website or necessary to carry out the operations requested by the user.

Technical cookies, the use of which does not require explicit consent, also include the following cookies in accordance with the applicable data protection regulations:

Analysis or statistics cookies, if they are used directly by the operator of the website to collect information in aggregate form about the number of users as well as their user behavior of the website;
Navigation or session cookies (for authentication);
Functional cookies that allow the user to navigate based on a set of selection criteria (for example, language, products selected for purchase), which improves the service offered.

On the other hand, the prior consent of the user is required for profiling cookies, which aim to create user profiles and are used to send advertising messages according to the preferences expressed by the user in the context of his navigation behavior.

- Types of cookies on the website and activation/deactivation option

The website uses the following types of cookies and the user can enable/disable them. In the case of third-party cookies, the user must activate/deactivate the following cookies directly via the links provided:

Technical cookies/navigation cookies/session cookies that are necessary for the functioning of the website or that allow the user to use the respective content and services.
Technical cookies/analytical cookies that indicate how the website is used by users. These cookies do not collect user data or personal data. The information is processed in aggregated form and anonymously.
Technical cookies/functional cookies used to activate specific functions of the website and selected criteria (e.g. language, products selected for purchase) in order to improve the service offered.

ATTENTION: In case of disabling technical cookies/functional cookies, the website may not be accessed or some services or certain functions of the website may not be available or may not work properly and the user may have to change or manually enter some information or preferences each time the website is accessed.

Third-party cookies, i.e. cookies from websites or web servers other than those of the controller that are used for specific third-party purposes, including profiling cookies. The third-party providers listed below with links to their respective privacy statements are themselves responsible for the processing of the data they collect via the cookies used. The user should therefore refer to the respective privacy policies, statements and declarations of consent (activation and deactivation of the respective cookies):

For more information about the cookies installed by the Website, see "Cookie Settings" on the Website.

Dr. SCHÄR AG has notified the data protection authority of the profile-generating processing operations carried out on the basis of the website.

- View and change cookies via your own browser

The user can choose which cookies to accept using the procedure described below and which to disable (in whole or in part), delete or block using the corresponding functions of their browser: in the event of disabling all or some cookies, the website may no longer be accessible or some services or certain functions of the website may no longer be available or may not function properly and/or the user may have to change or manually enter some information or preferences each time the website is accessed.
For more information on how to set the use of cookies through the browser, please refer to the relevant instructions:

With reference to Google Analytics cookies, a special browser add-on for disabling can be installed on the following website: https://tools.google.com/dlpage/gaoptout.

2.4 Data of minors

When processing data of minors, the corresponding consent of the parents/guardians is obtained in advance.

3. BANNER ON FIRST ACCESS

If cookies other than technical cookies are used, a visible banner must be provided when the user first accesses the website (so-called brief information), which must essentially state the modalities of the management of cookies by the website, including a reference to the detailed privacy policy.

Dr. SCHÄR AG has set up the aforementioned banner and has also provided for a specific cookie that stores the user's settings regarding the installation of cookies for a period of 365 days. This means that the cookie is only displayed to the user once. If the user wishes to change this setting at a later date, this can be done using the instructions in the section "Viewing and changing cookies via your own browser".

4. PURPOSE OF DATA PROCESSING AND OPTIONAL OR MANDATORY DATA TRANSFER

The data obtained through the website will be processed by the data controller for the following purposes:

a) Information request, contact details and support

The provision of your data for the above purpose (a) is optional. However, in case of lack of provision, the requested services may not be provided.
Pursuant to Art. 6 (1) (b) DSGVO, we do not obtain your consent to the processing of your personal data for the aforementioned purpose, as this data is indispensable for the fulfillment of obligations arising from a contractual relationship with the data subject or for the fulfillment of specific requirements of the data subject prior to the conclusion of the contract.

b) research purposes/statistical analysis of aggregated or anonymous data, without possible identification of the user, to record the effectiveness of any web marketing campaigns, to collect traffic and to evaluate the user experience and interest.

The DGSVO 2016/679 does not apply to the processing of aggregated and anonymous data.

c) fulfillment of obligations arising from laws, regulations or EU rules.

The provision of your data for the above purpose (c) is mandatory. In the event of failure to provide it, the responsible party will not be able to fulfill its obligations under laws, regulations or EU rules.

It should be noted that, pursuant to Art. 6 (1) (c) DSGVO, your consent to the processing of your personal data for this purpose is not required.

d) Creation of an account

The provision of the requested data is necessary to create a user account and join the loyalty program, which, based on certain activities (e.g. purchase of products, interaction with social media, etc.), allows the accumulation of points that can be used to redeem prizes in accordance with the technical documentation of the promotion. The legal basis for the processing derives from Article 6(1)(b) of the GDPR and is the performance of a contract to which the data subject is party or the performance of pre-contractual measures implemented at the request of the data subject. The data processed in connection with your registration will be stored until you request deletion and deregistration, subject to possible further deletion for tax compliance and the like.

e) Purchases

Please note that purchases are made through the online store of Foodoase, which is also the responsible party for the personal data thus acquired.

f) advertising purposes.

Should you give your consent to receive information about promotional activities, including market research, from the responsible party, we inform you that, in accordance with applicable legislation, these activities may be carried out by mail, by telephone through a provider ("traditional modalities"), by email, SMS, push notifications and through social networks ("automated modalities"). We also inform you that you may revoke the consent previously given for traditional or automated modalities at any time by informally notifying the responsible party in writing to privacy@schaer.com or, for the newsletter only, unsubscribing via the link at the end of each newsletter.

The provision of your data for the above purpose (d) is optional and requires your prior consent. In the absence of such consent, you may use the requested service, but the responsible person may not send you any promotional material. You may withdraw your consent at any time for all of these modalities or only for one or more of them.

g) Participation in competitions, events, surveys and other proposed activities.

Providing your data for the above purposes is voluntary, but failure to provide it may result in not being able to provide the requested services.
Pursuant to Art. 6(1)(b) of the GDPR, we do not ask for your consent to process your personal data for these purposes, as these data are used to fulfill obligations arising from a contract to which the data subject is a party and/or to fulfill specific requests of the data subject prior to the conclusion of the contract.

h) profiling (e.g., creating user profiles based on preferences, habits, and consumption patterns using electronic tools).

Profiling can be performed using cookies or other online profiling technologies such as trackers (see Section 2.3) and/or based on the intersection of the personal data collected in connection with the provision and use of multiple functionalities by the user.

The provision of your data for the above purpose is optional and requires your express prior consent. In the absence of such consent, you may use the requested service, but the controller may not carry out profiling or send you communications according to your preferences. We also inform you that you may withdraw your consent to profiling by crossing information or other profiling technologies of the Responsible at any time by informally notifying the Responsible by e-mail to. privacy@schaer.com communicate.

5. METHOD OF PROCESSING, SECURITY AND PLACE OF DATA PROCESSING. AUTOMATED DECISION MAKING AND DURATION OF DATA STORAGE.

Your personal data will be processed by the data controller - or by third parties carefully selected on the basis of their reliability and competence and duly appointed as data protection officers - only for the aforementioned purpose, mainly by automated means, although also in paper form, for the time strictly necessary to achieve the aforementioned purpose. The processing of your personal data will not be carried out through automated decision-making.

In accordance with the provision of Art. 32 GDPR, specific security measures are applied to prevent the loss of data, unlawful use or use not in good faith, as well as unauthorized access to your data.

Data processing in connection with the web services of this website mainly takes place at the registered office of the controller. The data centers of the controller are located within the European Union.

Your personal data collected via forms on our website will be stored:

for the time necessary to respond to your inquiries via contact forms or other inquiry modalities;
until the deletion of the user account by the user or after a request by the responsible person in case of non-use;
until the newsletter is cancelled or for 2 years for other marketing purposes;
for a longer period of time, if there are additional legal regulations that require a longer storage period.

The data collected by means of cookies is stored for as long as specified in the respective cookie.

6. COMMUNICATION, DISSEMINATION AND TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

Your personal data may be disclosed to third parties external to the Company whose activities are necessary and appropriate for the provision of the Services.

Your personal data may be disclosed to the following third parties: 1. persons, companies or professional firms that provide auxiliary and consulting services to the data controller and that have been appointed as data protection officers; 2. legal entities, bodies or authorities to whom your personal data must be disclosed by virtue of legislation or orders issued by the competent authorities; 3. Persons authorized and/or appointed by the data controller to carry out activities closely related to the pursuit of the above purposes (including technical maintenance of systems, software providers for sending newsletters, transport companies and firms, agencies), who are appointed as data processors; 4. Payment system providers (Adyen and PayPal) as data controllers in their own right; 5. Companies of Dr. SCHÄR AG, which will be involved in various initiatives depending on the target area.

Dr. SCHÄR AG uses certain services that may involve the transmission of personal data to the USA. These are the following services:

Google Analytics. The transfer is based on the existence of an adequacy decision (so-called Data Privacy FrameworK).

The data controller will not carry out any processing that entails the dissemination of the data without your prior express consent.

7. YOUR RIGHTS

You are entitled at any time to request access to your data, its rectification, completion, deletion or the restriction of its processing and to object to its processing on legitimate grounds, as well as to request the transfer of the same to another controller. We will respond to you in writing within 30 days. You may withdraw the consents granted on this website at any time by contacting one of the addresses in the section "Information about the data controller and about the possible data protection officer". You are also free to lodge a complaint with the supervisory authorities if you consider that your data has been processed unlawfully.

Inquiries should be sent by email to: privacy@schaer.com.

8. CHANGES

The Controller may amend or update this Website Privacy Policy in part or in whole, including due to changes in the relevant legislation and regulations protecting your rights. These changes and updates to the Privacy Policy will be displayed to users on the homepage and will be considered binding upon publication on the Website. Therefore, we ask you to visit this section regularly to always be informed of the current and updated version of this Privacy Policy, so that you are always aware of what data we collect and how we use it.

9. CONTACT DATA

For information on data processing by the data controller, contact the Company as data controller by letter, fax or e-mail at. privacy@schaer.com.

RISK NOTICE

As the operator of the Website, Dr. SCHÄR AG is obliged to inform the user that:
- he/she must carefully check whether it is advisable to enter personal data (including e-mail address) which may - even indirectly - reveal his/her identity;
- he/she must check whether it is necessary to publish photos and videos from which persons and locations can be identified or made identifiable;
- he/she must pay particular attention to the entry of data that may reveal, even indirectly, the identity of third parties, such as: other persons who may be linked to the author of the posting by the same illness, experience or medical history;
- the postings in this forum/community may be indexed and accessible to general search engines (Google, Yahoo, etc.).
We point out that the data entered in this forum/community can be viewed only by other registered users on this website.