Privacy Policy

Information Notice on Personal Data Processing – Website

Named S.r.l., pursuant to and in compliance with Regulation (EU) 2016/679 regarding the protection of natural persons with respect to the processing of personal data (hereinafter, “GDPR”), and in particular Article 13, in its capacity as Data Controller (hereinafter, “Controller”), hereby provides you, as a user/visitor of the website/landing page namedgroup.com (hereinafter, “Site”), with the necessary information regarding the processing operations that may be performed on your personal data communicated and collected through the Site.

1. Data Controller

Data Controller is the company Named S.r.l., with registered office at Via Lega Lombarda 33, 20855 Lesmo (MB) – Italy, Tax Code and registration in the Milan Monza Brianza and Lodi Chamber of Commerce 08440210154 – VAT Number 00908310964.
The Controller can be contacted at any time at the email address [email protected] or at the PEC (certified email) address [email protected].

2. Data Protection Officer

The Data Protection Officer (DPO) appointed by the Data Controller, is available to users and can be contacted directly at the email address [email protected].

3. Purpose of Processing, Types of Data, Legal Bases, and Retention Periods

The Controller will process users’ personal data in compliance with current regulations, in a fair, lawful, and transparent manner, for the purposes outlined below and according to the following legal grounds (legal bases for processing):

Finalità del Trattamento	Tipologia di Dati	Base Giuridica	Conservazione dei Dati
Website Navigation Website Personalization for the user’s benefit Proper functioning and cybersecurity of the Website	Navigation data	Legitimate interest of the Controller to promote its business activities through web channels (website or landing page) and to ensure the security of users and the Site	Navigation data will be stored for the time strictly necessary to achieve the purposes for which they were collected, and will be automatically deleted thereafter. As for Cookies, the retention period is indicated in the dedicated Cookie Policy.
Compliance with legal obligations, including administrative, accounting, or tax obligations, including the obligation to document the user’s acknowledgment of the Privacy Policy and any consents given	Identification data (first name, last name, city, province, postal code) Contact and Address Information (email address, landline or mobile phone number) Other data potentially requested by the “contact form” or provided by the user (e.g., profession, specialization, etc.)	Legal obligation	Data will be stored for a maximum period of 10 (ten) years from the end of the calendar year in which the administrative, accounting, or tax document was drafted.
Provide users with information about the nearest point of sale where they can purchase the Controller’s products/services (Store Locator)	Navigation data Geographic location data (city, province, postal code)	Fulfillment of agreements or pre-contractual requirements to which the Data Subject is a party Legitimate interest of the Controller	Data will be stored for the time strictly necessary to properly manage user requests; geographic location data, in anonymized and/or aggregated form, may be used by the Controller for statistical/analytical purposes
Provide the user with indications or recommendations on products and services of the Controller through the completion of “Quiz” forms	Navigation data Contact and Address Information (email address, landline or mobile phone number) Data related to the user’s personal condition (e.g., age group, symptoms, etc.)	Fulfillment of agreements or pre-contractual requirements to which the Data Subject is a party Legitimate interest of the Controller	Data will be stored for the time strictly necessary to properly manage user requests; data related to the user’s personal condition, in anonymized and/or aggregated form, may be used by the Controller for statistical/analytical purposes
Proper and complete management of user registration to the Reserved Area accessible through the link on the Site and the use of content and services reserved for registered users	Identification data (first name, last name, city, province, postal code) Contact and Address Information (email address, landline or mobile phone number) Other data requested requested during the registration process or provided by the user (e.g., profession, specialization, etc.)	Performance of a contract or fulfillment of pre-contractual agreements or requirements to which the Data Subject is a party Legitimate interest of the Controller	Data will be stored until the deletion of the account, which the user can request at any time by contacting the Controller, or until the possible termination of the service (Reserved Area) by the Controller
Proper and complete management of information requests, contact requests, and user communications sent to the addresses displayed on the Website or submitted through the “contact form”	Identification data (first name, last name, city, province, postal code) Contact and Address Information (email address, landline or mobile phone number) Other data potentially requested by the “contact form” or provided by the user (e.g., profession, specialization, etc.)	Performance of a contract or fulfillment of pre-contractual agreements or requirements to which the Data Subject is a party Legitimate interest of the Controller Express consent of the user	Data will be stored for the time strictly necessary to properly manage users’ information and contact requests and communications, or until any withdrawal of consent by the user; subsequently, the data will be deleted or used for other legitimate purposes indicated in this Privacy Policy
Sending periodic newsletters or communications and promotional or informational materials, including those personalized based on the user’s interests, needs, preferences, activities and their interaction with the Controller, relating to the Controller’s products, services and activities, as well as, in the case of healthcare professionals, to events, conferences or congresses organized or sponsored by the Controller, when the user expressly requests it by completing forms or “contact forms” on the Site	Identification data (first name, last name, city, province, postal code) Contact and Address Information (email address, landline or mobile phone number) Other data potentially requested by the “contact form” or provided by the user (e.g., profession, specialization, etc.) Data concerning user interests, needs, preferences, activities, and interactions with the Controller	Legitimate interest of the Controller for promotional or informational communications carried out through so-called soft spam or direct marketing methods Express consent of the user for receiving newsletters or promotional or informational communications and materials, which may be personalized based on the user’s interests, needs, preferences, activities and their interaction with the Controller	Data will be stored until the withdrawal of consent or the exercise of a user right that prevents further processing; the user can at any time communicate to the Controller’s contact details, indicated in this Privacy Policy, on the Site and within individual communications, the choice to no longer receive the newsletter (“unsubscribe”) or promotional or informational communications and materials
Conducting statistical surveys, market research, and surveys on products, services, and activities of the Controller	Identification data (first name, last name, city, province, postal code) Contact and Address Information (email address, landline or mobile phone number) Other data potentially provided by the user Navigation data Data concerning user interests, needs, preferences, activities, and interactions with the Controller	Express consent of the user	Data will be stored until the withdrawal of consent or until the user exercises a right that prevents the continuation of processing; the user may at any time communicate the withdrawal of consent to the contact details of the Controller, indicated in this Privacy Policy and on the Site
Profiling/segmentation activities: personalization, based on the user’s interests, needs, preferences, activities, and their interaction with the Controller, of the activities carried out by the Controller in relation to the user (e.g., sending periodic newsletters or communications and promotional or informative materials relating to products, services, and activities of the Controller, as well as, in the case of healthcare professionals, to events, conferences, or congresses organized or sponsored by the Controller)	Navigation data Identification data (first name, last name, city, province, postal code) Contact and Address Information (email address, landline or mobile phone number) Other data potentially provided by the user Data concerning user interests, needs, preferences, activities, and interactions with the Controller Data derived from statistical analyses, market research, and surveys on the Controller’s products, services, and activities	Express consent of the user	Data will be stored until the withdrawal of consent or until the user exercises a right that prevents the continuation of processing; the user may at any time communicate the withdrawal of consent to the contact details of the Controller, indicated in this Privacy Policy and on the Site

a) Navigation Data

The computer systems and software procedures used to operate the Site acquire, during their operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. These are information that is not collected to be directly associated with identified data subjects, but that, by their nature, could, through processing and association with data held by third parties, allow for the identification of users. This category of data includes:

IP addresses or domain names of the computers used by users who connect to the Site;
URI (Uniform Resource Identifier) addresses of the requested resources;
The time of the request;
The method used to submit the request to the server;
The size of the file obtained in response;
The numerical code indicating the status of the response given by the server (success, error, etc.);
Other parameters related to the user’s operating system and computing environment.

These data are used solely to obtain anonymous statistical information on the use of the Site and to check its proper functioning, and are deleted immediately after processing. The data could be used to ascertain responsibilities in case of hypothetical cybercrimes against the Site. The Site may also process data automatically through the sending of cookies to the user. The use of this tool is described in the Site’s Cookie Policy.

b) Data Provided by the User

The optional, explicit, and voluntary communication of data (e.g., identification data, contact and address data, geographic location data, other data) by the user to the Site or to “contact forms” created by the Controller results in the subsequent acquisition of such data by the Controller and its processing for the purposes for which they were transmitted.

In particular, the Site collects personal data from the user through the following methods, which may be implemented or modified by the Controller:

1. Contact Forms: Through the contact forms on the Site, personal identification data, contact and address data, other data, as well as information related to the user’s specific requests, are collected. The data, voluntarily provided by the user, will be processed and used by the Controller to contact the user, respond to their requests, provide services, or for other legitimate purposes.

2. Newsletter, Communications, and Promotional or Informational Material Submission Forms: By filling out specific “contact forms” or forms on the Site, the user can express consent for the Controller to send periodic newsletters or communications and promotional or informational material, also customized based on the user’s interests, needs, preferences, activities, and interaction with the Controller, related to products, services, and activities of the Controller. In the case of healthcare professionals, information on events, conferences, or congresses organized or sponsored by the Controller may also be sent. Data processing (e.g., identification data, contact and address data, other data) for promotional and marketing purposes, whether direct (so-called “soft spam”) or indirect, is generally subject to the user’s express and optional consent, indicated by checking the box (“checkbox”) in the consent collection form, which includes a link to this Privacy Policy.Newsletters or communications and promotional or informational material may be sent to the user by the Controller in the form of direct marketing or “soft spam,” without the user expressing explicit consent, provided that these communications meet the following characteristics:

They are sent to recipients who have already had commercial or professional relationships with the Controller and/or have provided their email address or contact details in that context.
Their content is related to products, services, and activities of the Controller that are identical or similar to those previously purchased or consumed by the recipient or for which the recipient has shown previous interest.

In any case, the user has the right to withdraw their consent and “unsubscribe,” which will stop the sending of further newsletters or promotional or informational communications.

3. “Quiz” Forms: Through any “Quiz” forms implemented on the Site, the user, by providing information related to their personal condition (e.g., age range, symptoms, other data requested by the Quiz), can receive guidance or advice on products and services of the Controller. The data communicated by the user will be used by the Controller in an anonymized and/or aggregated form for statistical and analytical purposes.

4. Store Locator: Through the “Store Locator” section, the user, by indicating their city/province of interest or postal code (CAP), can view the nearest retailer for the products/services of the Controller. The data communicated by the user will be used by the Controller in an anonymized and/or aggregated form for statistical and analytical purposes.

4. Processing Methods

The processing of personal data will be carried out primarily through electronic means, with logic strictly related to the purposes of processing and with methods and procedures suitable to ensure data security and confidentiality. Data may also be processed using automated tools.

5. Categories of Data Recipients

The Data Controller may communicate the data of the Data Subject to third parties such as judicial police authorities, public authorities, supervisory bodies, or other public or private entities when such communication is: (i) required by law, regulation, or EU law; (ii) necessary for managing disputes or recovering debts, or to assert, exercise, or defend the rights of the Controller (also to prevent fraud); (iii) necessary to properly fulfill contractual or pre-contractual obligations; (iv) for the legitimate interest of the Controller, respecting the rights, freedoms, and fundamental interests of the Data Subject.

The Controller may also communicate and transfer users’ personal data to other companies in the group to which it belongs (Named Group), namely Specchiasol S.r.l., Farma-Derma S.r.l., Wellmicro S.r.l., Namedsport S.r.l., New Penta S.r.l., Oliservice S.r.l., (and any other companies that may join the Group), ensuring that the data will be processed by all Group companies in compliance with the GDPR principles and within the limits and purposes for which they were communicated to Named S.r.l. or collected.

The data may also be communicated and transferred to third parties, whether individuals or legal entities, as autonomous data controllers, or to subjects specifically designated and appointed by the Controller as data processors (according to Article 28 of the GDPR), or duly appointed and authorized personnel within the following categories:

Employees of the Data Controller, Scientific Information Officers (ISF), sales agents;
Companies or consultants providing services for the management of the company’s information system and the Site;
Firms, companies, or consultants providing legal, strategic, IT, accounting, administrative, personnel management, commercial services, etc.;
Companies and agencies providing technical services or consulting related to statistical surveys, market research, marketing, and promotion of the Controller’s products, services, and activities;
Banks, insurance companies, other companies, or consultants providing financial or insurance services;
Entities, administrations, and public authorities for compliance with legal, regulatory, or EU law obligations related to the contractual or commercial relationship, or in the context of managing disputes with the Data Subject;
Professional associations;
Printing companies or companies dealing with the printing of newspapers or magazines;
Other third parties to whom data must be communicated for one or more purposes outlined in this Privacy Policy.

6. Rights of the Data Subject

The law on personal data protection specifically provides the Data Subject with certain rights. In particular, according to Articles 15 and following of the GDPR, the Data Subject is entitled to the following rights:

Right of Access: The right to obtain from the Controller confirmation as to whether personal data concerning him or her are being processed and, where that is the case, to obtain access to the personal data and information regarding the processing, pursuant to Article 15 of the GDPR.
Right to Rectification: The right to obtain from the Controller the updating, rectification, or, when the data subject has an interest in doing so, completion of incomplete personal data, pursuant to Article 16 of the GDPR.
Right to Erasure (“Right to be Forgotten”): The right to obtain from the Controller the erasure, anonymisation, or blocking of personal data processed unlawfully, or for which consent has been withdrawn, including data no longer necessary for the purposes for which they were collected or processed, as well as confirmation that these erasure operations have been communicated, including their content, to those to whom the data have been disclosed or disseminated, unless this proves impossible or involves a disproportionate effort compared to the right being protected, pursuant to Article 17 of the GDPR.
Right to Restriction of Processing: The right to obtain from the Controller restriction of processing of personal data and to be informed by the Controller, pursuant to Article 18 of the GDPR.
Right to Data Portability: The right to receive the personal data concerning him or her, which the data subject has provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance, pursuant to Article 20 of the GDPR.
Right to Object: The right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, pursuant to Article 21 of the GDPR.
Right to Withdraw Consent: In cases where processing is based on consent, the data subject also has the right to withdraw such consent, pursuant to Article 7(3) of the GDPR.

The Data Subject may exercise their rights and know the third parties to whom the data may be communicated by submitting a request without formalities to the Data Controller or to the Data Protection Officer (DPO) at the email addresses indicated in points 1. and 2. of this Privacy Policy. The Data Subject also has the right, if they consider the use of their personal data improper or unlawful, or if their rights are violated, to lodge a complaint with the supervisory authority, the Italian Data Protection Authority (“Garante della Privacy”). The Authority is located at Piazza Venezia 11, 00187 Rome, and can be contacted in the manner indicated on the official website www.garanteprivacy.it.

7. Cookies

The Site uses Cookies, which are small text files, and similar technologies to record user actions and preferences on the user’s computer or mobile device while navigating the Site. Through Cookies, the Site stores user actions and preferences, so that they do not need to be re-entered during subsequent visits to the Site or when navigating from one page to another within the Site.

Regarding the use of Cookies and similar technologies, users are invited to review the dedicated Cookie Policy.

8. Links to Other Websites

Si fa presente che per fornire un servizio completo il Sito può contenere link ad altri siti o pagine internet, non gestiti dal Titolare. Named S.r.l. non garantisce e non si assume alcuna responsabilità in merito a informazioni, contenuti, pubblicità, banner o file, non conformi alle disposizioni normative vigenti, e in particolare alla normativa sul trattamento dei dati personali, pubblicati e condivisi da parte di siti terzi.

Per migliorare la qualità del servizio offerto, è gradita una immediata segnalazione di malfunzionamenti, abusi o suggerimenti all’indirizzo di posta elettronica: [email protected].

9. Changes to This Privacy Policy

The Controller reserves the right to modify, supplement, and update this Privacy Policy, including by adding or removing portions of the text, at any time.

The user is required to periodically review the Privacy Policy to check for any changes. To facilitate such verification, this Privacy Policy includes the date of the most recent update.

Use of and navigation on the Site following the publication of modifications constitutes acceptance of such modifications.

Last Updated: 10/10/2023.