This Privacy Policy is made pursuant to Art. 13 of European Regulation no. 679/2016 and applies exclusively to all Data collected through the Website https://neviabiotech.ch. This Privacy Policy is subject to updates that will be posted timely on the Website. This Privacy Policy, together with the Terms and Conditions, any other documents referred to in it, and the Cookie Policy, establish the basis on which the Data Subject’s Personal Data will be processed.

Data Controller

The Data Controller of the Data collected from this Website is Nevia Biotech SA with registered office in Viganello (Lugano) 6962, Switzerland, at Via Luganetto, 4, email: info@neviabiotech.ch

Personal Data

Personal Data means any information concerning an identified or identifiable natural person (Data Subject). An identifiable person is a natural person who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, one or more characteristic elements of his or her physical identity.

Category of Personal Data Processed

Among the Personal Data processed by this Web Site, either independently or through third parties, are Common Data such as: Cookies, Usage Data, Contact Data including name, e-mail, phone number and shipping, billing address; login and account information including username, password and unique user ID; purchase history, payment method or credit card information.

Methods of Processing Personal Data

The Personal Data provided or acquired will be subject to Processing based on the principles of fairness, lawfulness, transparency and protection of confidentiality in accordance with current regulations. The Controller processes Users’ Personal Data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Processing is carried out by means of computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes.

Purpose of the Processing of Personal Data and Legal Basis

Personal Data may be collected independently by the Owner or through third parties. In this case, the computer systems and software procedures in charge of the operation of this Website acquire certain Personal Data of the Users, of a technical-informatics nature (e.g. IP address, type of browser used, operating system, domain name and addresses of websites from which access or exit was made, etc.), the transmission of which is inherent to the normal operation of the Internet. Such Data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the site and/or to check its correct functioning and will be deleted immediately after processing.

The Data that the Data Subject chooses to voluntarily provide will be processed in compliance with the conditions of lawfulness under Article 6 GDPR and will be processed to enable the Website to provide its services, as well as for the Purposes indicated below and will be kept for the time necessary for the fulfillment of the aforementioned Purposes.

The Purposes of the processing are:

1) Responding to inquiries and providing Information

The Data will be processed for the purpose of being contacted or following up on specific requests made to the Data Controller by the Data Subject for communications of a nature relating to the Data Controller’s own Services and/or Content, via e-mail messages or other communication tools such as telephone.

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject.

2) Pre-contractual information and fulfillment.

The Data will be processed in order to be contacted or to follow up on specific requests made to the Data Controller by the Data Subject for communications of an informative nature and/or for information about the purchase of the Products of the same Data Controller, by means of e-mail messages or filling in the Contact Form and other communication tools such as telephone.

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject.

3) Site registration form

The Data will be processed for the purpose of being registered to the Controller’s site for the purchase of the Controller’s Products.

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject.

4) Site registration form by professionals

Data will be processed for the purpose of being registered on the Holder’s site by professionals such as physicians or pharmacists. In the case of registration by physicians, the physicians must indicate their job role and registration number in addition to the required personal data. In the case of registration by pharmacists, the pharmacists must also indicate their VAT number and company name in addition to the required personal data.

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject.

5) Treatment required under a contract

The Data will be processed in order to fulfill obligations arising from the contract between the Data Subject and the Data Controller for the sale of the Products on the Website, to contact the Data Subject in relation to the Contract and for the management of the Contract, for the management of requests for legal guarantees, assistance, withdrawal requests, management and termination of the Contract

Legal basis: this processing is necessary for the performance of the contract to which the Data Subject is a party, for the execution of pre-contractual measures or to fulfill a legal obligation to which the Data Controller is subject.

Period of data retention: 10 (ten) years or different legal obligation.

6) Fulfillment of any obligations under applicable laws

The Data will be processed to fulfill any kind of obligation contemplated and provided for by the current laws, regulations, related rules, business customs and tax/fiscal matters, including also for the purposes provided for in the anti-money laundering regulations d.lgs. 231/2007 as amended.

Legal basis: this processing is necessary to fulfill a legal obligation to which the Data Controller is subject.

Period of data retention: 10 (ten) years or different legal obligation.

7) Soft spam

The Data will be processed to enable the Data Controller to send by e-mail to the Interested Party commercial and promotional communications having as subject Products and/or Services similar to the Products/Services being sold without the need for the express and prior consent of the Interested Party, as provided by Art. 130, Paragraph 4, Privacy Code as amended by Leg. No. 101 of 2018, and provided that the Data Subject does not exercise the right to object.

Legal basis: this processing is based on the legitimate interest of the Data Controller under Art. 6(F) and Recital no. 47 of the GDPR.

Period of data retention: until the Data Subject objects.

8) Newsletter

The Data will be processed for sending promotional, commercial and advertising communications and material or inherent to initiatives and events of the Data Controller, through newsletters.

Legal basis: this processing is based on the consent freely given by the Data Subject pursuant to Art. 6(1)(A) of the GDPR.

Data Retention Period: until consent is revoked by the Data Subject through the appropriate tool at the bottom of the newsletter or through a request to the Data Controller.

9) Direct Marketing

The Data will be processed for direct sales of Products/Services, market research, sending of communications and promotional, commercial and advertising material or inherent initiatives and events, by e-mail, SMS, Whatsapp, Chat, Direct Messaging from social media, social networks or by phone calls, paper mail and other informative material.

Legal basis: this processing is based on the consent freely given by the Data Subject pursuant to Art. 6(1)(A) of the GDPR.

Data retention period: until consent is revoked by the Data Subject.

10) Statistics

The Data will be processed to perform statistical analysis on aggregated and anonymous data to analyze the behavior of the Data Subject in order to improve the products and services provided by the Data Controller as well as to meet the Data Subject’s expectations.

Legal basis: this processing is based on the consent freely given by the Data Subject.

Data retention period: until consent is revoked by the Data Subject.

11) Profiling

Data will be processed for the analysis and evaluation of interests, habits, consumption choices, including the creation of profiles in order to be able to send personalized informative and promotional material about the Services/Products offered by the Data Controller.

Legal basis: this processing is based on the consent freely given by the Data Subject pursuant to Art. 6(1)(A) of the GDPR.

Data retention period: until consent is revoked by the Data Subject.

12) Personnel selection

Data will be processed for the purpose of being contacted or following up on specific requests for spontaneous application and/or for a specific job position made to the Data Controller by the Data Subject.

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject.

13) Direct Profiling

Data will be processed for the analysis and evaluation of the data subject’s health status by filling out specific test as stated in the specific privacy policy.

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject.

Disclosure of Data

In addition to the Owner, in some cases, they may have access to the Data:

(a) categories of specially trained appointees involved in the organization of the Website (administrative, sales, marketing, legal, system administrators);

b) external parties (such as third party technical service providers, hosting providers, IT companies, communication agencies) also appointed as Data Processors by the Data Controller ex art. 28 GDPR. An up-to-date list of Processors, if appointed, can always be obtained from the Data Controller;

(c) public or private entities that can access the Data in compliance with legal obligations;

(d) subjects who perform tasks that are ancillary and instrumental to the Holder’s activity;

Timing of Treatment

As expressly stipulated in Art. 5, co. 1, letter e) of the GDPR, the Data is kept for the time necessary for the Processing of the same in connection with the performance of the service requested by the Data Subject, or required by the Purposes described above in this document.

At the end of the retention period, the Personal Data will be deleted and therefore, the rights of access, deletion, rectification and portability of the Data can no longer be exercised

Cookie

This Website uses cookies. Cookies are small text files that can be used by websites to make the experience more efficient for the Data Subject and to personalize content and ads, provide social network features, and analyze traffic. Cookie Policy

Place of Processing and Transfer of Data Abroad

The Data are processed at the Holder’s operational headquarters. For more information you can contact the Data Controller. Data may be processed by individuals and/or legal entities operating on behalf of the Data Controller and under specific contractual obligations and based in EU or non-EU member countries. In the event that Data is transferred outside the EEA, the Data Controller will take all appropriate contractual measures to ensure adequate protection of the Data.

Exercise of data subject’s rights

The Interested Party has the right to exercise the faculties provided for in Articles 7, 15-22 of Reg. European 679/2016. In particular, he/she has the right to revoke his/her consent at any time and, upon simple request to the Data Controller, may request access to the Personal Data, receive the Personal Data provided to the Data Controller and where possible transmit it to another Data Controller without hindrance (so-called portability), obtain the updating, restriction of processing, rectification of Data and the deletion of Data processed in contravention of applicable regulations. He/she has the right, for legitimate reasons, to object to the Processing of Personal Data concerning him/her and to the Processing for the purpose of sending advertising material, direct sales and for carrying out market research. He/she also has the right to file a complaint with the Privacy Guarantor as the data protection supervisory authority or to take appropriate legal action. Interested parties may exercise their rights by contacting the Owner by e-mail at: info@neviabiotech.it

Tools used for the Processing of Personal Data

CONTACT FORM

By filling out the Contact Form with their Data, the Data Subject consents to their use to respond to requests for information, or any other purpose indicated by the header of the form. Personal Data Collected through Contact Form: Email, First Name and Last Name, Phone

OTHER CONTACT TOOLS

WhatsApp Business

WhatsApp Business is an instant messaging service provided by WhatsApp Ireland Limited. For the purposes of the processing methods, we also refer to the WhatsApp Business Data Processing Terms found at the following link: https://www.whatsapp.com/legal/business-data-processing-terms/. The Data Subject’s data will transit in WhatsApp Business services according to the terms that WhatsApp reports in the document “WhatsApp Business Terms of Service” at the following link: https://www.whatsapp.com/legal/business-terms/. Personal data collected: phone number, email, Usage data, Cookie. Place of Processing: Ireland- Privacy Policy

CHAT

To handle inquiries with users this website uses a Chat service provided by:

1. Facebook Messenger live chat

This service offered by Meta Platforms, Inc. allows that through a plugin, visitors to this Website, after opting in with their Facebook account, can communicate in real time with the Owner. Place of processing: Ireland – Privacy Policy

2. Customerly Live chat (Customerly Limited)

Customerly Live chat is a service offered by Customerly Limited that allows you to manage the communication of your business offers. Live chat may use various technologies to collect and store information when you use the services with which it is integrated, this may include the use of cookies and similar tracking technologies. Place of Processing: Ireland – Privacy policy

3. ChatLive (Omega Media Corporation Ltd)

This chat is a service offered by Omega Media Corporation Ltd to manage communication with stakeholders. ChatLive may use various technologies to collect and store information when you use the services with which it is integrated, this may include the use of cookies and similar tracking technologies. Place of Processing: USA – Privacy policy

EMAIL ADDRESS MANAGEMENT

These services enable the management of a database of email contacts, telephone contacts, or contacts of any other kind used to communicate with the Data Subject. These services may also allow for the collection of Data related to the date and time of viewing of messages by the Data Subject, as well as the Data Subject’s interaction with them, such as information about clicks on links embedded in the messages.

Newsletter

By registering for the newsletter, the Data Subject’s email address is automatically added to a list of contacts to whom email messages containing information, including information of a commercial and promotional nature, relating to this Web Site may be sent. The Respondent’s email address may also be added to this list as a result of registering with this Site or after making a purchase. The Interested Party can choose at any time to unsubscribe from the newsletter by clicking on a specific button they will find within the emails. After clicking the delete button, the Data Subject’s Data will be deleted immediately from the “email marketing” software. Personal data collected: email and Name. This Web Site uses the newsletter service provided by:

ActiveCampaign (Active Campaign LLC)

ActiveCampaign, LLC (” ActiveCampaign “) provides a newsletter platform that enables Data Controllers to reach out to their customers, understand how they interact with such communications and other content, and personalize marketing based on their interests. The Interested Party can choose at any time to unsubscribe from the newsletter by clicking on a specific button they will find inside the emails. After clicking the delete button your Data will be deleted immediately from the software. Personal Data Collected: Email and Name. Place of Processing: USA – Privacy Policy

STATISTICS

Statistical services allow the Data Controller exclusively to monitor and analyze traffic data and serve to track the behavior of the Data Subject. This Web Site uses the following services:

1) Google Analytics (Google Ireland Limited)

Google Analytics is an analytics service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Website, compiling reports, and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads in its ad network. Google may also transfer this information to third parties where required by law or where such third parties process this information on Google’s behalf. IP address anonymization is enabled on this site. The IP address transmitted by the browser for purposes related to Google Analytics will not be merged with other data already held by Google.

At the following link https://tools.google.com/dlpage/gaoptout?hl=it the browser add-on for disabling Google Analytics is made available by Google. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland – USA Privacy Policy

2. Facebook pixel conversion tracking (Meta Platforms, Inc.).

Facebook conversion tracking (Facebook pixel) is a statistics service provided by Facebook. The Facebook pixel monitors conversions that can be attributed to Facebook ads. Personal Data Collected: Cookies; Usage Data. Place of processing: Ireland – USA Privacy Policy.

3. Active Campaign (Active Campaign LLC)

ActiveCampaign also provides a statistics service that allows the Data Controller to monitor its customers’ conversions, understand how they interact with communications and other content, the interest shown by Users towards the Site itself and consequently on the quality of the content. Personal Data Collected: Cookies; Usage Data. Place of Processing: USA – Privacy Policy

4. Hotjar (Hotjar Ltd)

Hotjar is a statistics service that allows the Data Controller to monitor its customers’ conversions and record sessions. At the following link https://www.hotjar.com/privacy/do-not-track/ the Do Not Track browser add-on is made available by Hotjar. Personal Data Collected: Cookies; Usage Data. Place of Processing: Malta – Privacy Policy

5. Clarity (Microsoft Ireland Operations Limited)

Clarity is a service that allows the Data Controller to monitor the conversions of its customers. Personal Data Collected: Cookies; Usage Data. Place of Processing: Ireland – Privacy Policy

TAG MANAGEMENT

Google Tag manager (Google Ireland Limited)

Google Tag manager is a service that allows you to manage and monitor all third-party Tags on the Website to get information about the interest shown by Users towards the Website itself and consequently the quality of the content. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

INTERACTION WITH SOCIAL NETWORKS

These services allow interactions with social networks directly from the pages of this Website. Interactions and information captured by this Website are in each case subject to the privacy settings of the Data Subject related to each social network. In the event that a social network interaction service is installed, it is possible that, even if Users do not use the service, it will collect traffic data related to the pages where it is installed.

1. Facebook (Meta Platforms, Inc.)

Facebook buttons are interaction services with the social network Facebook, provided by Meta Platforms, Inc. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

2. Instagram (Meta Platforms, Inc.)

Instagram buttons are interaction services with the social network Instagram, provided by Meta Platforms, Inc. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

3. Twitter (Twitter International Company)

Twitter buttons are interaction services with the social network Twitter, provided by Twitter, Inc. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy

REMARKETING AND RETARGETING

These services allow this Web Site to communicate, optimize, and serve advertisements based on a Data Subject’s past use of this Web Site. This activity is carried out through the tracking of Usage Data and the use of Cookies. This Web Site uses the following services:

1. Facebook Remarketing (Meta Platforms, Inc.).

Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, which links this Website’s activity with the Facebook advertising network. This Website makes use of the Facebook Pixel tool in order to measure conversions. Thanks to the Facebook Pixel, we can understand the actions people perform on the Website. The Data you collect may be used for:

– Make sure listings are shown to the right people;

– Create audience groups for which to target advertisements;

– Take advantage of the additional advertising tools of the platform you are advertising on

The information collected is anonymous to the operators of this Site and cannot be used to identify an individual Data Subject. However, the information is saved and analyzed by Facebook, which could link the action back to an individual profile and use this information for internal Facebook advertising purposes, as outlined by Facebook’s privacy policy. This will allow Facebook to show advertisements on both Facebook and third-party sites. The Site Owner has no control over how this data is used. For more information on how users can protect their privacy, please refer to Facebook’s Privacy Policy.

2. Google ADS

Google ADS is a service provided by Google Ireland Limited that links this Website with Google’s advertising network. This Website makes use of Google Analytics’ Remarketing features combined with Google ADS’s multi-device adaptation capability. This feature makes it possible to link target groups for promotional campaigns created by the Marketing function of Google Analytics with the cross-device adaptability of Google ADS. This allows displaying advertisements based on the Data Subject’s personal interests, identified through an analysis of the Data Subject’s web behavior, whether on a mobile device or other devices. You can permanently disable targeting and remarketing features by disabling the “personalized advertising” feature in your Google account. To do so, simply follow this link: https://www.google.com/settings/ads/onweb/ Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy

CONTENT ON EXTERNAL PLATFORMS

These services allow you to view content hosted on external platforms directly from the pages of this Website and interact with them.
In case such a service is installed, it is possible that, even in case Users do not use the service, it will collect Traffic Data related to the pages where it is installed.

This Web Site uses

1. Google Maps (Google Ireland Limited)

Google Maps is a map display service operated by Google that allows this Website to integrate such content within its pages. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland – USA Privacy Policy

2. Youtube (Google Ireland Limited)

Youtube is a video content display service operated by Google that allows this Website to integrate such content within its pages. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland – USA Privacy Policy

PAYMENT MANAGEMENT

Payment processing services allow this Web Site to process payments by credit card, wire transfer, or other means. The Data used for payment is acquired directly from the operator of the requested payment service without being processed in any way by this Site. Some of these services may also allow scheduled messages to be sent to the Data Subject, such as emails containing invoices or notifications regarding payment. This Web Site uses the following services:

1. PayPal (PayPal Europe S.à.r.l. et Cie, S.C.A Inc.).

PayPal is a payment service provided by PayPal Europe S.à.r.l. et Cie, S.C.A Inc. that enables the Data Subject to make online payments using their PayPal credentials. Personal Data collected: Cookies and various types of Data as specified by the privacy policy of the service. Place of processing: Luxembourg – Privacy Policy

2. Stripe (Stripe Payments Europe Ltd.)

Stripe is a payment service provided by Stripe Payments Europe, Ltd. that allows the Data Subject to make online donations or payments using their Stripe credentials. Personal Data Collected: Various types of Data as specified by the service’s privacy policy. Place of processing: USA – Privacy Policy

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Therefore, please consult this page often, taking the date of last modification shown at the bottom as a reference. In case of non-acceptance of the changes made to this Privacy Policy, the Data Subject must cease using this Website and may request the Data Controller to remove his/her Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that point. The Owner is not responsible for updating all links viewable in this Privacy Policy, so whenever a link is not working and/or updated, Users acknowledge and agree that they should always refer to the document and/or section of the websites referred to by that link.

Privacy Policy updated as of April 2023