Privacy Policy applicable to koratherapy.com

provided pursuant to Article 13, paragraph 1, EU REGULATION 679/2016 for the protection of personal data (GDPR)

I.A.C.E.R. S.r.l., in compliance with the provisions of Article 13, paragraph 1, of EU Regulation 679/2016 (hereinafter GDPR), informs users of the website at https://koratherapy.com/, i.e. Data Subjects, of the purpose of the collection and how personal data are processed.

Data Controller

IACER SRL
Via Enzo Ferrari 2
30037 Scorzè (VE) – Italy
Controller email address: iacer@iacer.it

Data Protection Officer – Details and Contacts

The Data Controller has appointed, pursuant to art. 37 of the GDPR, a Data Protection Officer whose details are shown below:

Maria Antonietta Sacheli can be contacted as follows:
email: mariaantonietta@fiscleg.it
tel.: (+39) 049 8771611

Types of Data Collected

The computer systems and application procedures used to operate the above-mentioned website automatically acquire the following types of data in the course of their normal operation:

name; surname; telephone number; address; province; email; city.
browsing data collected during a visit to the website, the transmission of which is implicit in the use of Internet communication protocols. By way of example: IP address of the device connected to the site, type of browser used, name of the Internet Service Provider (ISP), date and time of visit, visitor’s web page of origin and exit, etc.;
data collected through cookies while users are browsing the site. For further details on the cookies used by the website, please refer to the cookie policy available on this Website.

The User takes responsibility for third-party Personal Data obtained, published or shared through this Website and warrants that he/she has the right to communicate or disseminate them, releasing the Data Controller from any liability towards third parties.

Data Processing Purposes

User data are collected by the Data Controller for the following specific purposes:

a) to allow users to navigate the Website https://koratherapy.com/

b) to allow the advertising and promotion of the products and services offered, and possibly send information of further service or product offers;

c) to provide the User with the information and services requested including following up on the contact established over the phone;

d) to show and share with social networks and external platforms, interact with platforms that collect data and other third parties;

e) traffic optimisation and distribution;

f) tag management;

g) to obtain anonymous statistical information on the use of the Website or related services, check its correct functioning, carry out monitoring activities in support of its security and identify actions aimed at its improvement;

h) to manage mailing lists or newsletters: the specific data processing is governed by the relevant policy. Please see the specific privacy policy on the website;

i) general profiling: the data collected by filling in our forms, while browsing the site, or obtained from the type of purchases made, could also be used to identify and define tastes, preferences, habits, needs and consumption choices;

j) to fulfil legal obligations, comply with orders from public authorities, ascertain possible liability in the event of hypothetical cybercrimes to the detriment of the site or its users.

Legal Basis of the Processing

The legal bases for processing are those referred to in Article 6 paragraph 1 of the GDPR:

letter a) “consent” regarding the transmission of offers of services and products, profiling activities;
letter b) “performance of a contract to which the data subject is part” or “performance of pre-contractual measures”;
letter c) “necessary to fulfil a legal obligation to which the Data Controller is subject”;
letter f) necessary for the pursuit of the legitimate interest of the Data Controller or of third parties.

The User may deny consent or revoke consent given previously at any time.
However, denying consent may result in the inability to provide certain services and browsing experience may be compromised.

Data Processing Methods

The personal data collected are processed in compliance with the principles of lawfulness, correctness and transparency, as provided by Article 5 of the GDPR, also with the aid of computerised and telematic tools designed to store and manage data, and, in any case, in such a way as to guarantee their security and ensure the privacy of the Data Subject.

Categories of Subjects Authorised to Process and to Whom Data May be Communicated

In addition to the Data Controller, in some cases, the personal data of users will be disclosed to and processed, in compliance with current legislation, by other subjects involved in the organisation of this Website:

administrative, sales, marketing, or legal personnel, system administrators or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) appointed as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller;
Public Security Authorities or other public entities for the purposes of defence, State security and the detection of offences; Judicial Authorities in compliance with legal obligations, where criminal offences are suspected.

Data are processed at the Data Controller’s operational facilities and in any other place where the parties involved in the processing are based.

Apart from the aforementioned cases, personal data are in no way and for no reason communicated or disclosed to third parties. Finally, personal data will not be transferred to third countries or international organisations unless this is strictly related to specific requests made by the user, for which specific consent will be obtained.

The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or consisting of two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect the Data.

Data Retention Period

Depending on the different purposes for which they were collected, data will be kept for the time required by the applicable legislation or for the time strictly necessary to pursue the purposes for which they were collected. More specifically:

browsing data will be retained for a maximum of 365 days;
data collected through cookies will be retained for a period of time not exceeding that indicated in the policy;
personal data collected for purposes related to the performance of a contract between the Controller and the User will be retained until the performance of such contract is completed;
personal data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied;
with regard to the pursuit of commercial and profiling purposes, data will be kept for a period of 5 (five) years.

When the processing is based on the User’s consent, the Controller may keep personal data for longer until such consent is revoked. Furthermore, the Data Controller may be obliged to retain personal data for a longer period in compliance with a legal obligation or by the order of an authority.

At the end of the retention period, personal data will be deleted. Therefore, at the end of this period the right of access, deletion, rectification and the right to data portability can no longer be exercised.

User Rights

In relation to all personal data processed, Data Subjects may exercise the rights under the GDPR and specifically:

Right to access data collected and processed (Article 15);
Right to obtain the rectification of data (Article 16);
Right to obtain the erasure of data and right to be forgotten (Article 17);
Right to obtain restriction of processing (Article 18);
Right to data portability to another data controller (Article 20);
Right to object to processing (Article 21)
Right to withdraw consent (where processing is based on consent), without prejudice to the lawfulness of processing based on the consent given prior to the withdrawal (Article 7);
Right to lodge a complaint with the Supervisory Authority (Article 77);
Right to lodge a judicial appeal against the Supervisory Authority (Article 78) and against the Data Controller or the Data Processor (Article 79).

In order to exercise the aforementioned rights, Users may address a request to the Controller or the DPO using the contact details provided in this document. Requests are submitted free of charge and will be processed by the Data Controller as quickly as possible.

Right to complain

Data subjects who believe that the processing of personal data referring to them carried out through this site violates the provisions of the applicable Regulation have the right to lodge a complaint, as provided by Art. 77 of the Regulation itself, or initiate any appropriate legal actions (Art. 79 of the Regulation).

Automated processing and profiling

By consenting to the processing of personal data for the purposes indicated in points g) and i) above, the data collected may be subject to an automated decision-making process, by means of a specific algorithm that will decide which communications are best suited to the User’s profile or may be of most interest.

Nothing proposed shall be binding on the user.

In any case, Data Subjects have the right to obtain human intervention in the decision-making process by the Data Controller, to express their opinion, to obtain an explanation regarding the decision reached and to appeal against the decision.

Cookie Policy

This Website makes use of Tracking Tools. To find out more, the User may refer to the Cookie Policy on the website.

Amendments to this Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, if possible, on this Website as well as, if technically and legally feasible, by sending a notification to Users through the contact details in its possession. Please consult this page regularly, checking the date of the last amendment indicated at the end.

If the changes affect processing whose legal basis is consent, the Data Controller shall collect the User’s consent again.

Last updated: 23rd June 2023

Cookie	Duration	Description
cli_user_preference	1 year	This cookie is used to store user preferences in relation to the various categories of cookies.
cookielawinfo-checkbox-advertisement	1 year	This cookie is used to store the user's consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookie is used to store the user's consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	1 year	This cookie is used to store the user's consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	This cookie is used to store the user's consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	1 year	This cookie is used to store the user's consent for the cookies in the category "Others"
cookielawinfo-checkbox-performance	1 year	This cookie is used to store the user's consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	This cookie is used to store the summary of the consent given for cookie usage. It does not store any personal data.
gridcookie	session	This cookie is used to remember the user's choice regarding the type of display selected on the "Shop" page. It does not store any personal data. The cookie is deleted at the end of the session.
viewed_cookie_policy	1 year	This cookie is used to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_W02WQDPSC6	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor data, sessions, campaigns and track site usage for the site analysis report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
CONSENT		These cookies are set via embedded Youtube videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback. No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click "like" on a video.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	6 months	This cookies is set by Youtube and is used to track the views of embedded videos.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.