Privacy Policy

Pharmanutra spa, via Campodavela 1 - (56122) Pisa – VAT No. 01679440501, also reachable by calling +39 050 7846500. The Controller has appointed a Data Protection Officer (DPO) who can be contacted for any information and requests via email at [email protected]

Personal data is collected directly from the data subject upon completion of this form for the purpose of account registration and purchase of the products offered.

The personal identification data collected is processed and used for the following purposes:

1. to register your personal account in order to manage orders. Any incorrect or insufficient communication of the requested data may result in the total or partial impossibility of fulfilling the data subject's requests.
   • for account registration, consent is not required (Art. 6.1.b GDPR)
   • retention period: 10 years from the last purchase
2. Management of purchases and contractual relationships. To fulfill user purchase requests, as well as to conclude and execute the sales contract, including order management and shipment of products listed on the website.
   • The provision of data is necessary to allow the conclusion and execution of the purchase contract; failure to provide such data makes it impossible to proceed with the purchase. Consent is not required as the processing is based on contractual purposes (Art. 6.1.b GDPR)
   • retention period: 10 years from the purchase
3. defensive purposes in case of litigation
   • the data processing is based on legitimate interest (Art. 6.1.f GDPR)
   • retention period: 10 years from the purchase
4. for the improvement of our services, possible customer satisfaction regarding products or services provided directly and/or indirectly by the Controller
   • being an integral part of the contract itself, consent is not required
   • retention period: 3 years from the request
5. for sending communications about future commercial and promotional initiatives; announcements of new products or initiatives promoted by the Controller, as well as for related and instrumental purposes, including statistical purposes.
   • Sending is subject to your express consent and data will be retained until consent is revoked. (Art. 6.1.a GDPR)
6. Participation and management of the prize competition

To enable customers who make a purchase on the website to participate in the prize competition called "Vivi il Giro con Cetilar® Nutrition", which will take place from March 1, 2026 to April 30, 2026, as well as to ensure the proper management of the competition itself and the allocation and distribution of prizes.
The processing of personal data is carried out for the fulfillment of pre-contractual and contractual measures related to participation in the competition, subject to acceptance of the related regulations.
For this purpose, the consent of the data subject is not required. The choice not to participate in the competition does not in any way prejudice the ability to make purchases through the e-commerce website.

The personal data collected will not be disseminated.
The data may be communicated to third parties exclusively to the extent necessary for the fulfillment of legal obligations, as well as for the execution of contracts concluded through the website and for carrying out activities strictly related to order management.
In particular, the data may be communicated to:

• the company that manages invoicing, tax compliance and product shipment, which processes personal data as an independent data controller and provides invoice issuance and logistics management of orders, including product delivery. Information regarding order status, shipment and invoicing remains accessible to the user within their account;
• payment service providers and related networks (for example: Nexi, PayPal, Visa, American Express);
• consultants and professionals who provide legal, tax or accounting assistance to the Controller;
• any customer satisfaction agencies.
• website managers, IT companies that may be authorized to access the systems

With reference to the purpose referred to in letter g) (participation in the prize competition), personal data may also be communicated to:

• marketing agencies and event organization companies that support the Controller in managing the competition;
• chamber entities or designated parties, for the proper management of winner draw and recording operations.

Finally, the data may be communicated to parties, entities or public authorities when such communication is mandatory by virtue of legal provisions, regulations or orders from the Authority.

The processing of your personal data will be consistent with the principles of fairness, lawfulness and transparency, protecting your privacy and your rights. They will be processed with the aid of current computer systems or paper-based supports by personnel specifically authorized and instructed in confidentiality and the obligation to use data only for the purposes identified by the Controller. The Controller will implement technical and organizational measures appropriate to the level of risk. After the retention periods indicated above, all data will be destroyed or anonymized, consistent with technical deletion and backup procedures.

The Data Subject's Data will not be transferred to non-European countries. Should it become necessary in the future to transfer Data to non-European countries or international organizations, all provisions of Chapter V (EU Regulation 2016/679) will be complied with in order to ensure an adequate level of protection.

As a data subject, you have the right to exercise at any time the rights provided for in Articles 15 and following of Regulation (EU) 2016/679 (GDPR).
In particular, where applicable, you have the right to:

• obtain confirmation as to whether or not personal data concerning you is being processed and, if so, access to the personal data and information relating to the processing;
• request the rectification of inaccurate personal data or the integration of incomplete data;
• request the erasure of personal data (right to be forgotten), in cases provided for by applicable legislation;
• obtain restriction of processing, where the conditions are met;
• object to the processing of personal data, in the cases and in the manner provided for by the GDPR;
• receive personal data in a structured, commonly used and machine-readable format, as well as request its transmission to another controller (right to data portability), where applicable;
• withdraw any consent given at any time, without prejudice to the lawfulness of processing based on consent before its withdrawal.

The exercise of rights can be carried out by written request to the contacts made available by the Data Controller, indicated at the beginning of this notice. The Controller undertakes to provide feedback within the time limits provided for by applicable legislation.
Furthermore, the right to lodge a complaint with the Italian Data Protection Authority remains, should you believe that the processing of your personal data is carried out in violation of applicable legislation, through the contacts available on the website https://www.garanteprivacy.it/