PRIVACY POLICY OF THE WEBSITE ESHOP.ESAOTE.COM
1. Introduction
Please read this Privacy Policy carefully, which is provided to users of the website eshop.esaote.com (hereinafter, the "Website"), prepared in accordance with Article 13 of the General Data Protection Regulation No. 2016/679 (hereinafter, the "GDPR"), in which we provide details regarding the processing of your personal data.
The Privacy Policy applies only to the processing of personal data carried out on the Website and not to processing carried out on other pages of the website or on other websites, even if accessible via links on the Website.
The Reserved Area is intended exclusively for adults. By browsing the Reserved Area, the user declares that they are at least 18 years of age.
2. Who is the data controller?
The data controller is Esaote S.p.A. (hereinafter, "Controller", "Company" or "Esaote"), with registered office in Genoa (GE), Via E. Melen n. 77, VAT number 05131180969. The Controller can be contacted at the following e-mail address: privacy.esaote@esaote.com.
3. Who is the data protection officer?
The Data Controller has appointed a Data Protection Officer ("DPO"), who can be contacted for any information regarding the processing of personal data at the following e-mail address: dpo.esaote@esaote.com
4. What personal data do we process?
4.1. Data relating to registration on the Website
hrough the Website registration form, the data subject is required to provide personal data such as: name, surname, country, city, telephone number, postcode, professional field of interest, e-mail address, Website access password (please note that only the data marked with an asterisk in the online registration form are mandatory).
4.2. Location data
Esaote may locate the user's position in relation to the country in which the data subject is located when connecting to the Website in order to direct the user to the correct sales catalogue and apply the relevant tax legislation.
4.3. Data provided voluntarily by the data subject
Through the contact forms on the Website, the data subject may provide personal data such as: name, surname, company name, telephone number, country, type of request made (please note that only the data marked with an asterisk in the respective online contact forms are mandatory).
4.4. Data relating to online payments
With regard to payments made by users, Esaote only processes data transmitted by digital payment companies, i.e. feedback on the status of the payment (successful/declined). All additional account information (e.g. PayPal) is stored by the entities that manage the relevant service, which are not authorised to use the personal data received through the Website for other purposes.
4.5. Cookies
For details on the processing of personal data related to the operation of cookies installed on the Site, please refer to the Cookie Policy available at here.
5. Why is personal data processed and what is the legal basis for processing?
5.1. Registration and access to the Website
Purpose: to allow the user to register and manage their own account to access the Website in order to place orders and purchase products. The provision of personal data for this purpose is optional, but without it, the user will not be able to register on the Website.
Legal basis: performance of a contract to which the data subject is party (Art. 6(1)(b) GDPR).
Retention period: personal data is stored until the account is deleted, which can be done by writing to privacy.esaote@esaote.com. After the account is deleted, personal data is stored for the time permitted by Italian law for the protection of its interests in the event of complaints relating to services (Art. 2946 et seq. of the Civil Code).
5.2. Management and execution of purchase orders
Purpose: to manage and execute purchase orders for products and services placed by the user on the Website, including related payment, shipping and delivery activities. The provision of personal data for this purpose is optional, but without it, it will not be possible to manage and execute purchase orders placed by the data subject on the Website.
Legal basis: performance of a contract to which the data subject is party (Article 6(1)(b) of the GDPR).
Retention period: personal data is retained for the time strictly necessary to achieve the purpose of managing and executing purchase orders. In any case, as this processing is carried out for the supply of products/services, personal data is retained for the time permitted by Italian law for the protection of its interests in the event of complaints relating to services (Art. 2946 et seq. of the Civil Code).
5.3. Management of requests for information and support
Purpose: to respond to requests for information and/or support submitted by the user through the 'contact us' section and/or the chat feature on the website. The provision of personal data for this purpose is optional, but without it, it will not be possible to manage and respond to requests for information and support submitted by the data subject.
Legal basis: performance of a contract to which the data subject is party or pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR).
Retention period: personal data is retained for the time strictly necessary to achieve the purpose of managing requests for information and support. In any case, as this processing is carried out for the provision of services, personal data is retained for the time permitted by Italian law for the protection of its interests in the event of complaints relating to the services (Art. 2946 et seq. of the Civil Code) .
5.4. Direct marketing
Purpose: to send commercial and promotional communications by e-mail relating to the products and services offered by the Data Controller. The provision of personal data for this purpose is entirely optional and does not affect the use of the services on the Website.
Legal basis: consent of the data subject (Art. 6(1)(a) GDPR).
Retention period: personal data is retained until the data subject withdraws their consent, which can be done by contacting the Data Controller at the email address privacy.esaote@esaote.com.
5.5. Profiled marketing
Purpose: to send commercial and promotional communications by e-mail relating to the products and services offered by the Data Controller according to the interests expressed by the data subject. The provision of personal data for this purpose is entirely optional and does not affect the use of the services available on the Website.
Legal basis: consent of the data subject (Art. 6(1)(a) GDPR).
Retention period: personal data is retained until the data subject withdraws their consent, which can be done by contacting the Data Controller at the email address privacy.esaote@esaote.com.
5.6. Geolocation
Purpose: to locate the data subject's position with reference to the country in which they are located when they connect to the Website in order to allow Esaote to direct the user to the correct sales catalogue and apply the relevant tax legislation.
Legal basis: legitimate interest of the Data Controller in facilitating the use of the service offered (Art. 6(1)(f) GDPR).
Retention period: the Data Controller processes the data relating to the location of the country in which the data subject is located when connecting to the Website for the time strictly necessary to direct the user to the correct sales catalogue, without storing such data.
5.7. Compliance
Purpose: to comply with any obligations under applicable laws, regulations or EU legislation (including allowing the data subject to exercise their privacy rights) or to satisfy requests from authorities.
Legal basis: fulfilment of legal obligations to which the Data Controller is subject (Art. 6(1)(c) GDPR).
Retention period: personal data is retained for the time required by the specific legal obligation to which the Data Controller is subject.
5.8. Exercise and defence of rights in court
Purpose: to prevent fraud committed through the use of the Website and to allow the Data Controller to defend itself in court.
Legal basis: legitimate interest of the Data Controller (Art. 6(1)(f) GDPR).
Retention period: personal data is retained for the entire duration of the legal dispute, until the time limits for bringing legal action have expired.
6. With whom is my personal data shared?
Personal data may be shared with the following recipients:
- third parties acting as data processors, such as: (i) companies responsible for developing and providing the Website, which are instrumental in the provision of services; (ii) parties delegated to perform technical maintenance on the Website; (iii) individuals, companies or professional firms that provide assistance and advice to Esaote;
- third parties acting as independent data controllers in providing payment services;
- entities, bodies or authorities to whom it is mandatory to disclose personal data pursuant to legal provisions or orders from authorities, or to prevent and/or identify any fraudulent activities or abuse in the use of the Website.
7. Who are the persons authorised to process the data?
Personal data may be processed by the Company's staff and operators appointed to pursue the above purposes, who have been expressly authorised to do so by the Data Controller, have received the necessary operating instructions and are bound by professional secrecy.
8. Where is my personal data processed?
Some personal data is shared with recipients who may be located outside the European Economic Area. Esaote ensures that the processing of personal data by these recipients complies with the GDPR. Indeed, transfers may be based on an adequacy decision, on Standard Contractual Clauses approved by the European Commission or on another suitable legal basis. Further information is available from the Data Controller by writing to privacy.esaote@esaote.com.
9. How can I exercise my rights?
By contacting the Company by e-mail at privacy.esaote@esaote.com, the user may ask the Data Controller for access to personal data concerning him/her, their deletion, the correction of inaccurate personal data, the integration of incomplete personal data, the limitation of processing in the cases provided for by Article 18 of the GDPR, as well as to object to processing, for reasons related to his/her particular situation, in cases of legitimate interest of the Data Controller.
Furthermore, if the processing is based on the user's consent or on a contract to which the user is a party and is carried out using automated tools, the user has the right to receive their personal data in a structured, commonly used and machine-readable format and, if technically feasible, to transmit it to another data controller without hindrance.
By sending a communication to privacy.esaote@esaote.com, the user has the right to withdraw their consent at any time. However, please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The user also has the right to lodge a complaint with the competent supervisory authority, pursuant to Article 77 of the GDPR, if they believe that the processing of their personal data is in breach of the legislation in force.