Terms & Conditions
This Privacy Policy provides users of this site www.jola-lab.com with the fullest and clearest information on the processing of their personal information through the Site under the General Data Protection Regulation (GDPR) and the Italian Privacy Code.
Pursuant to statutory requirements, this Privacy Policy also indicates:
The nature of the personal information processed;
The purposes and means of the processing of personal information;
The identity and contact details of the data controller(s);
The contact details of the Data Protection Officer (DPO);
Any third parties involved in the processing activities;
The retention period of personal information;
The security measures adopted to protect personal information;
The privacy rights of users.
This Privacy Policy applies to the Site only and does not concern any website or platform to which the Site may link.
Users with fewer than 16 (sixteen) years old are not allowed to consent to the processing of Personal information without parental authorization.
CONTROLLER
Under the GDPR, the controller is the subject that, alone or jointly with others, determines the purposes and means of the processing of personal information.
The joint controllers for the data processing related to the activities of the Site are:
Jola-Lab Srl
Via del Poggio 3
40141 Bologna ITALY
P.iva 03370411203
There is a designated Data Protection Officer to ensure that the Site processes personal information in compliance with the GDPR. The DPO can be contacted for any enquiries at the following email address: info@jola-lab.com.
With respect to personal information of non-registered users who have opted to receive newsletters and marketing communications, Jola-Lab Srl acts as the sole Controller.
PERSONAL INFORMATION. PURPOSES OF PROCESSING.
“Personal information” means any information relating to users and that identifies them personally, either alone or in combination with other information.
Personal information is collected automatically by the Site or received via multiple sources: forms, chat, e-mail, apps, devices, social media and other means.
The Site processes personal information in various shapes for the following purposes:
Browsing data
The Site collects non-sensitive browsing data by automatic means in order to enable and improve user navigation (e.g., IP address, date/time of the visit and its length, any referring URL, the pages visited on the Site, the device used and other information).
The processing of such information allows users to access the Site and fully enjoy its features and services. Furthermore, browsing data may be used to verify that the Site is functioning properly.
From time to time, browsing data are processed anonymously for statistical purposes.
Browsing data are unlikely to allow identification of the relevant data subject. However, by their very nature, browsing data may allow identification of the users if associated with other information.
The browsing data described above are stored only temporarily in compliance with the applicable law.
COOKIES
Information relating to the cookies used on the Site can be found at the following link: Cookie Policy
Sharing and transfer of personal information
The Controllers may transfer personal information of customers to primary third-party suppliers, acting as “data processors” (the “Processors”), for the purpose of performing business operations in order to fulfil their contractual obligations.
The Controllers will make their best effort to ensure that all Processors will apply their industry best practice to protect personal information and that they will not use personal information for any other purposes than those agreed with the Controllers.
For instance, the Controllers may share personal information with the following categories of Processors:
Couriers and postal operators;
Fulfilment centers and warehouses;
Advertising, digital, marketing and social media agencies;
IT service providers;
Customer care service providers;
Payment service providers.
In such cases, sharing personal information with the Processors is necessary for the Controllers to fulfil their contractual obligations and, also, to improve the Site’s products and services.
Users can request an updated list of the Processors involved in the processing of personal information relevant to the Site’s activities by writing an email to: info@jola-lab.com
The Controllers must always reserve the right to disclose personal information about users as required by law (for instance, in response to law enforcement requests), and where needed to protect the rights of the Controllers or their affiliates or third parties.
Moreover, personal information may be disclosed to other companies within the same corporate group of each of the Controllers, or to third parties in the event of a corporate restructuring process, in full compliance with the applicable law.
In any other cases, the sharing of personal information will be conditional upon the preliminary and explicit consent of the user, unless processing is allowed under an alternative legal basis.
The Controllers will not transfer any personal information outside the European Economic Area (EEA), unless the user has explicitly authorized such transfer or the transfer of personal information outside the EEA is allowed by the GDPR on another legal basis.
PROCESSING METHODS AND SECURITY MEASURES
Personal information of users is processed by the Controllers with IT, automated and electronic tools and, in limited cases, by using documentary means. In accordance with the GDPR, specific security measures have been implemented to prevent data loss, unlawful or improper use, and unauthorized access.
Only authorized employees of the Controllers, and authorized employees of the third-party suppliers, acting as Processors on behalf of the Controllers, have access to personal information related to the Site activities. Data processing agreements are in place with the Processors to ensure that they always meet the level of security required by the GDPR while processing personal information related to the Site activities.
While the Site adopts primary security measures to prevent loss, destruction or dissemination of personal information, at the same time it cannot exclude the safety risks that are naturally involved by online transmission of data. The user accepts the inherent risks of providing personal information over the internet and will not hold the Site responsible for any breach of security, unless this breach is due to the Site’s negligence or willful default.
RETENTION OF PERSONAL INFORMATION
The Controllers will store personal information for as long as it is needed to provide users and customers with the required services or to meet legal or tax obligations or for the minimum period prescribed by the law.
In order to determine the appropriate retention period for personal information stored by the Site under user consent, the Controllers will take into account multiple factors to ensure that personal information is not stored for longer than the necessary or appropriate period. Such criteria will also include:
The purpose for which the Site holds personal information;
Legal, tax and regulatory obligations in relation to that personal information;
The type of ongoing relationship with the concerned user or customer (how often the user logs into their Site account, whether users continue to receive marketing communications, how regularly they browse or buy on the Site, etc.);
Any specific user request in relation to the deletion of personal information;
Legitimate business interests.
The Site will promptly delete or anonymize personal information that is no longer needed or retained according to the law.
CONNECTION TO THIRD-PARTY WEBSITES OR PLATFORMS
The Site may contain banners, advertising messages and other links to third-party websites or platforms. The Controllers cannot control or be held responsible for the conduct of such third-party websites or platforms with respect to privacy law. Users are encouraged to read their privacy policies to verify how they collect and process personal information.
THE RIGHTS OF USERS
Users are entitled to receive confirmation as to whether the Controllers hold any personal information about them.
If this is the case, under the GDPR, users also hold the rights to:
Be informed about the collection and use of their personal information;
Access their personal information at no cost;
Have inaccurate personal information rectified, or completed (when it is incomplete);
Have personal information erased (“the right to be forgotten”);
Under specific conditions, obtain the restriction or suppression of their personal information;
Obtain and reuse their personal information for their own purpose across different services when processing is based on a contract or on consent, and the processing is carried out by automatic means (“the right to data portability”);
Under specific conditions, to object to the processing of their personal information;
Object at any time to the use of personal information for “profiling” or “automated decision-making” purposes.
The right to submit complaints related to the collection and processing of personal information to the competent supervisory authority;
The right to withdraw consent to the processing of personal information at any time.
Users can contact the Site for any enquiry and to exercise their privacy rights at the following email address: info@jola-lab.con
Changes to this Privacy Policy
Any future changes to this Privacy Policy will be posted on the Site and, where appropriate, notified to users by email. Users are encouraged to read this Privacy Policy frequently to check for any updates or changes.
Pursuant to statutory requirements, this Privacy Policy also indicates:
The nature of the personal information processed;
The purposes and means of the processing of personal information;
The identity and contact details of the data controller(s);
The contact details of the Data Protection Officer (DPO);
Any third parties involved in the processing activities;
The retention period of personal information;
The security measures adopted to protect personal information;
The privacy rights of users.
This Privacy Policy applies to the Site only and does not concern any website or platform to which the Site may link.
Users with fewer than 16 (sixteen) years old are not allowed to consent to the processing of Personal information without parental authorization.
CONTROLLER
Under the GDPR, the controller is the subject that, alone or jointly with others, determines the purposes and means of the processing of personal information.
The joint controllers for the data processing related to the activities of the Site are:
Jola-Lab Srl
Via del Poggio 3
40141 Bologna ITALY
P.iva 03370411203
There is a designated Data Protection Officer to ensure that the Site processes personal information in compliance with the GDPR. The DPO can be contacted for any enquiries at the following email address: info@jola-lab.com.
With respect to personal information of non-registered users who have opted to receive newsletters and marketing communications, Jola-Lab Srl acts as the sole Controller.
PERSONAL INFORMATION. PURPOSES OF PROCESSING.
“Personal information” means any information relating to users and that identifies them personally, either alone or in combination with other information.
Personal information is collected automatically by the Site or received via multiple sources: forms, chat, e-mail, apps, devices, social media and other means.
The Site processes personal information in various shapes for the following purposes:
Browsing data
The Site collects non-sensitive browsing data by automatic means in order to enable and improve user navigation (e.g., IP address, date/time of the visit and its length, any referring URL, the pages visited on the Site, the device used and other information).
The processing of such information allows users to access the Site and fully enjoy its features and services. Furthermore, browsing data may be used to verify that the Site is functioning properly.
From time to time, browsing data are processed anonymously for statistical purposes.
Browsing data are unlikely to allow identification of the relevant data subject. However, by their very nature, browsing data may allow identification of the users if associated with other information.
The browsing data described above are stored only temporarily in compliance with the applicable law.
COOKIES
Information relating to the cookies used on the Site can be found at the following link: Cookie Policy
Sharing and transfer of personal information
The Controllers may transfer personal information of customers to primary third-party suppliers, acting as “data processors” (the “Processors”), for the purpose of performing business operations in order to fulfil their contractual obligations.
The Controllers will make their best effort to ensure that all Processors will apply their industry best practice to protect personal information and that they will not use personal information for any other purposes than those agreed with the Controllers.
For instance, the Controllers may share personal information with the following categories of Processors:
Couriers and postal operators;
Fulfilment centers and warehouses;
Advertising, digital, marketing and social media agencies;
IT service providers;
Customer care service providers;
Payment service providers.
In such cases, sharing personal information with the Processors is necessary for the Controllers to fulfil their contractual obligations and, also, to improve the Site’s products and services.
Users can request an updated list of the Processors involved in the processing of personal information relevant to the Site’s activities by writing an email to: info@jola-lab.com
The Controllers must always reserve the right to disclose personal information about users as required by law (for instance, in response to law enforcement requests), and where needed to protect the rights of the Controllers or their affiliates or third parties.
Moreover, personal information may be disclosed to other companies within the same corporate group of each of the Controllers, or to third parties in the event of a corporate restructuring process, in full compliance with the applicable law.
In any other cases, the sharing of personal information will be conditional upon the preliminary and explicit consent of the user, unless processing is allowed under an alternative legal basis.
The Controllers will not transfer any personal information outside the European Economic Area (EEA), unless the user has explicitly authorized such transfer or the transfer of personal information outside the EEA is allowed by the GDPR on another legal basis.
PROCESSING METHODS AND SECURITY MEASURES
Personal information of users is processed by the Controllers with IT, automated and electronic tools and, in limited cases, by using documentary means. In accordance with the GDPR, specific security measures have been implemented to prevent data loss, unlawful or improper use, and unauthorized access.
Only authorized employees of the Controllers, and authorized employees of the third-party suppliers, acting as Processors on behalf of the Controllers, have access to personal information related to the Site activities. Data processing agreements are in place with the Processors to ensure that they always meet the level of security required by the GDPR while processing personal information related to the Site activities.
While the Site adopts primary security measures to prevent loss, destruction or dissemination of personal information, at the same time it cannot exclude the safety risks that are naturally involved by online transmission of data. The user accepts the inherent risks of providing personal information over the internet and will not hold the Site responsible for any breach of security, unless this breach is due to the Site’s negligence or willful default.
RETENTION OF PERSONAL INFORMATION
The Controllers will store personal information for as long as it is needed to provide users and customers with the required services or to meet legal or tax obligations or for the minimum period prescribed by the law.
In order to determine the appropriate retention period for personal information stored by the Site under user consent, the Controllers will take into account multiple factors to ensure that personal information is not stored for longer than the necessary or appropriate period. Such criteria will also include:
The purpose for which the Site holds personal information;
Legal, tax and regulatory obligations in relation to that personal information;
The type of ongoing relationship with the concerned user or customer (how often the user logs into their Site account, whether users continue to receive marketing communications, how regularly they browse or buy on the Site, etc.);
Any specific user request in relation to the deletion of personal information;
Legitimate business interests.
The Site will promptly delete or anonymize personal information that is no longer needed or retained according to the law.
CONNECTION TO THIRD-PARTY WEBSITES OR PLATFORMS
The Site may contain banners, advertising messages and other links to third-party websites or platforms. The Controllers cannot control or be held responsible for the conduct of such third-party websites or platforms with respect to privacy law. Users are encouraged to read their privacy policies to verify how they collect and process personal information.
THE RIGHTS OF USERS
Users are entitled to receive confirmation as to whether the Controllers hold any personal information about them.
If this is the case, under the GDPR, users also hold the rights to:
Be informed about the collection and use of their personal information;
Access their personal information at no cost;
Have inaccurate personal information rectified, or completed (when it is incomplete);
Have personal information erased (“the right to be forgotten”);
Under specific conditions, obtain the restriction or suppression of their personal information;
Obtain and reuse their personal information for their own purpose across different services when processing is based on a contract or on consent, and the processing is carried out by automatic means (“the right to data portability”);
Under specific conditions, to object to the processing of their personal information;
Object at any time to the use of personal information for “profiling” or “automated decision-making” purposes.
The right to submit complaints related to the collection and processing of personal information to the competent supervisory authority;
The right to withdraw consent to the processing of personal information at any time.
Users can contact the Site for any enquiry and to exercise their privacy rights at the following email address: info@jola-lab.con
Changes to this Privacy Policy
Any future changes to this Privacy Policy will be posted on the Site and, where appropriate, notified to users by email. Users are encouraged to read this Privacy Policy frequently to check for any updates or changes.