Policy on personal data processing based on REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (GDPR)
The following Terms and Conditions of Sale regulate the sale on this website “https://www.phimostop.com/” (Website). The seller is Phimomed S.r.l.s., with registered office in Via Acusilao, 46 – 00124 Roma (RM) IT, Chamber of Commerce of Roma, VAT number 12625111005, share capital of 4.000,00 € fully paid (Company)
Purchasing through the Website
The Company shall acquire and process your personal data to process your request to purchase through the Website.
The Company is entitled to sale its products using the email that you communicated during your first purchase on the Website, if this product is similar of the first sale (soft spamming). You may at any time notify the Company of your refusal to receive this type of communication.
Article 1. Purpose of the processing. Legal basis. Mandatory or optional nature of data provision and consequences of any refusal.
The Company shall process the personal data provided by you for the following purposes:
a. for administrative/accounting purposes. The legal basis for the processing is Company’s commitment to be compliance with a legal obligation or to take steps at the request of the data subject prior to entering into a contract, as the case may be;
b. in the case of the execution of an online purchase order, to allow the conclusion of the purchase contract and the proper execution of transactions related to the same (and, where necessary, to fulfill tax obligations). The legal basis for the processing is Company’s commitment to be compliance with a legal obligation or to perform a contract to which the data subject is party;
c. limited to the email address provided by you when purchasing products offered on the Website, to enable the direct sale of similar products (soft spamming), without requiring your express and prior consent and provided that you do not exercise your right to object. The legal basis for the processing is the Company’s legitimate interest to perform these activities. This legitimate interest is equal to the user’s interest to riceve “soft-spam” comunication;
d. in order to answer to your requests by email. The provision of data is purely optional. However, as the said processing is necessary in order to respond to your request, your refusal to provide the relevant data will prevent you from obtaining answer from the customer care of the Company. The legal basis for the processing is the Company’s legitimate interest to perform these activities. This legitimate interest is equal to the user’s interest to receive answer by the Company.
The provision of data for the purposes set out in at Point b) is purely optional. However, as the said processing is necessary in order to enable you to register with the Website and to provide the online purchasing your refusal to provide the relevant data will prevent you from registering with the Website andfrom completing an online purchase.
It is understood that the Company may use your personal data to comply with legal obligations and to perform the purchase contract.
Payment Card Data
In order to make a payment through one of the payment cards offered on the Website, you shall enter the data of the payment card directly on a page that will communicate through secure encryption protocol with the payment service provider (which will act as an independent data controller). These data will not pass through the server of the Company which, therefore, will not process such data in any way.
In execution of the legal obligations provided for by Directive 2015/2366/ (EU) on payment services in the internal market (PSD2), You are informed that, with reference to purchases made on the Web Site by credit card, data necessary for the conclusion of the purchase process may include the phone number communicated by You, or a different personal data necessary to complete the purchase process. In order to allow you to complete the purchase, the payment institution in charge of managing the transaction will send you an authentication code, which must be reported by You during the purchase process to meet the authentication criteria provided by PSD2 (Strong Customer Authentication). The processing of your personal data for these purposes has as its legal basis the fulfillment of legal obligations and does not require your consent.
To provide the above-indicated data is necessary to make purchases on the Website.
You may make purchases using PayPal. In this event, you will be directed to a page outside the Website, where you must indicate the personal data requested by PayPal to complete the purchase process (PayPal will act as a data controller). These data will not pass through the server of the Company which, therefore, will not process such data in any way. To provide the above-indicated data is necessary to make purchases on the Website.
Special Categories of Personal Data. Judicial Data.
The Company does not process judicial data. The Company processes the following special categories of personal data: data relating to the person’s health or sex life or sexual orientation
Article 2. Methods of Processing Personal Data
The processing of your personal data will be carried out by electronic or automated means, in the manner and with the appropriate tools to ensure the security and confidentiality in accordance with the GDPR.
The information and methods of processing will be relevant and not excessive in relation to the type of services provided. Data will be managed and protected in environments where access is under constant control.
Article 3. Data Disclosure
- to all those parties (including Public Authorities) that have access to the data by virtue of regulatory or administrative measures
- to third parties in charge of printing, enveloping, shipping (e.g., suppliers, even with reference to drop shipping activity) and/or delivery and/or collection of products purchased through the Website
- to forwarding agents and to parties responsible for the delivery and/or collection of the products purchased
- to parties who process online payment transactions
- to companies, consultants or professionals in charge of the installation, maintenance, updating and the management of the Company’s hardware and software or which the Company uses for the provision of its services
- to the employees and/or collaborators of the Company
- companies managing online payment transactions
- to all those public and/or private parties, natural and/or legal persons (legal, administrative and tax consultancy firms), where the communication is necessary or of practical use for the correct fulfilment of contractual obligations undertaken in relation to the services provided through the Website, and of legal obligations.
Your data may be disclosed only in anonymous and aggregated form for statistical or research purposes.
Article 4. Data Controller
You can contact the Company, as Data Controller, at the following addresses:
Phimomed S.r.l.s. Via Acusilao, 46 – 00124 Roma (RM) IT
By email, writing to: email@example.com
By selecting the contact form on the Website.
You may address requests relating to the processing of your personal data to both the Data Controller and the Data Protection Officer.
Article 5. Data Storage
Personal data will be stored according to the following logics: (i) for the purpose of executing the sales contract, for 10 years from the date of receipt of the purchase order; (ii) for the purpose of defense in court, until the judgment becomes final; (iii) for the purpose of complying with legislation, for the time necessary for this purpose; (iv) for the purpose of performing any service requested through the Site, for the time necessary to execute the request.
Article 6. Rights of the Data Subject
Purstuant to GDPR (Article 13), you have the right to:
- request access to and rectification or erasure of personal data or restriction of processing or object to their processing, in addition to the right to data portability
- withdraw consent at any time without prejudice to the lawfulness of processing based on consent given prior to the withdrawal
- lodge a complaint before a supervisory authority (for instance, the Italian Data Protection Authority).
The above-mentioned rights may be exercised by making a request to at the contacts indicated above.
Article 7. Amedments
powered by legalblink