Privacy Policy

Information on the processing of personal data pursuant to Articles no. 13 and no. 14 of the Regulation (EU) 2016/679

Dear Customer,

we kindly ask you to carefully read the present information on the processing of your personal data.

Premise

Heallo s.r.l. (hereinafter, the “Company”), with its registered office at Corso Europa no. 13, (20122) Milan (MI), fiscal code/VAT code nr. 10579290965, certified e-mail: heallo@legalmail.it, has drawn up this privacy notice (hereinafter, the “Privacy Policy”) pursuant to the applicable pro tempore national legislation on the protection of personal data (the “National Legislation”) and the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27^th, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (so-called the “General Data Protection Regulation” – hereinafter, the “GDPR”).

The Privacy Policy is provided for the websites (owned by the Company) www.heallosolutions.com and www.jaxplus.it (hereinafter, the “Websites”) and is intended as the set of information provided pursuant to Articles 13 and 14 of the GDPR to all visitors interacting with the Websites.

Data Controller

The data controller of personal data is the Company (hereinafter, the “Data Controller”).

Personal data processed

“Personal data” (hereinafter, the “Data”) means, pursuant to Article no. 4, paragraph no. 1, of the GDPR, any information concerning an identified or identifiable natural person (hereinafter, the “Data Subject”), for example a name, an identification number, a location data, an online identifier or one or more characteristic elements of his or her physical, physiological, psychological, economic, cultural or social identity.

The Data processed by the Data Controller, provided directly or indirectly by the Data Subject, include the following:

first and last name, e-mail address, telephone number, delivery address (home and/or residence) for purchased products and billing address;
user or account information, including password and user ID number;
personal information, including the purchase history of the Data Subject;
information on the type of payment method used by the Data Subject in order to purchase the products marketed by the Data Controller;
personal preferences and tastes.

In addition, the Data Controller may process special categories of Data pursuant to Article no. 9 of the GDPR, namely the Data concerning the health status of the Data Subject (for instance, the existence of diabetic pathologies, and so on). The processing of such special categories of Data, acquired directly from the Data Subject, is necessarily subordinated to the acquisition of the preliminary consent (optional and revokable at any time) of the Data Subject.

The Data automatically processed by the Data Controller are internet surfing data. The computer systems and software procedures designed for the functioning of the Websites, during their normal operation, acquire certain Data whose transmission is implicit in the use of Internet communication protocols. This category of Data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of the websites from which access was made, information on the pages visited by users within the Websites, the time of access, the length of time spent on the individual page, the analysis of internal routing and other parameters relating to the operating system and the IT environment of the Data Subject.

Finally, please note that the Data Controller may also collect Data through the publication by the Data Subject of contributions (containing his/her Data) on social networks managed autonomously by third parties, such as, by way of example but not limited to, Facebook, Instagram, LinkedIn, YouTube, etc. (hereinafter, the “Social Networks”). By “contributions “ we mean images, comments, catchphrases associated with the subject of the sites/apps, contents and any other information designed and published by the Data Subjects on the pages of the Social Networks dedicated to the products marketed by the Owner. The publication of contributions may also take place by means of a pseudonym (“nickname”) chosen by the Data Subject during the registration to the site/app, and possibly the image associated with that nickname. In choosing the nickname and the image associated with it, the Data Subject remains the only responsible party for any harm caused to third parties.

Purposes and legal basis

The purposes at the basis of the processing of Data may be summarised in the following terms:

purposes related and instrumental to the conclusion and the execution of the contractual relationship. The legal basis of this processing is the execution of a contract in which the Data Subject is a party;
purposes related to the fulfilment of obligations provided for by national and/or EU regulations issued by the Authorities empowered for this purpose. The legal basis for this processing is a legal obligation;
profiling purposes. The legal basis for this processing is the consent of the Data Subject, which is optional and revocable at any time;
marketing purposes. The legal basis for this processing is the consent of the Data Subject, which is optional and revocable at any time;
sending periodic newsletters. The legal basis for this processing is the consent of the Data Subject, which is optional and revocable at any time.

The submission of Data for the purposes (1) and (2) is necessary; any refusal to give consent to such processing will entail the impossibility of establishing and continuing the contractual relationship. The submission of Data for the purposes (3), (4) and (5) is, on the other hand, optional; any refusal to give consent to such processing will not invalidate the contractual relationship but will preclude only the possibility of being informed of promotional initiatives and products offered by the Data Controller and/or third parties.

Data Retention

Data will be retained for the time strictly necessary to fulfil the processing purposes set out in this Privacy Policy, except if a longer retention period is required by applicable law.

Rights of the Data Subject

The Data Subject has the right to exercise his/her rights in the ways and within the limits provided for by the GDPR.

More specifically, the Data Subject has the right to request from the Data Controller:

the access to the Data: he/she may request confirmation as to whether or not Data relating to him/her is being processed, as well as further clarification of the information set out in the Privacy Policy, and to receive such Data, within the limits of reasonableness;
the rectification: he/she may request the rectification or integration of the Data provided or otherwise held by the Data Controller, in case of inaccuracy;
the deletion: he/she may request that his/her Data acquired or processed by the Data Controller be deleted, if they are no longer necessary for the original purposes or if there are no disputes or litigations outstanding, in case of revocation of consent or opposition to processing, in case of unlawful processing, or if there is a legal obligation to delete them;
the restriction: the Data Subject may request the restriction of the processing of Data, if one of the conditions set out in Article no. 18 of the GDPR will applicable; in this case, the Data will only be processed, with the exception of storage, only with the consent of the Data Subject or for the reasons referred to in the same Article in paragraph no. 2;
the objection: the Data Subject may object at any time to the processing of the Data on the basis of a legitimate interest, unless there are legitimate reasons for the Data Controller to proceed with the processing which override his/her own, for example, for the exercise or the defence of the Data Controller in judicial proceedings; if the Data are processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of Data relating to him/her carried out for such purposes;
the portability: the Data Subject may request to receive the Data, or to transmit them to another data controller indicated by him/her, in a structured, commonly used and machine-readable format.

Furthermore, pursuant to Article no. 7, paragraph no. 3, of the GDPR, the Data Subject may at any time exercise his or her right to withdraw the consent given for marketing and/or profiling purposes, without prejudice to the lawfulness of the processing based on the consent previously given. To exercise such rights, notify problems or request clarifications on the processing of his/her Data, the Data Subject must submit a written request to the Data Controller at the following addresses:

by e-mail, to the address: info@heallosolutions.com;
by certified e-mail, to the address: heallo@legalmail.it;
by post to the address: Corso Europa no. 13, (20122) Milan (MI).

Finally, the Data Subject has the right to complain to the Supervisory Authority, namely the Italian Personal Data Protection Authority (for further information, please refer to the following link: www.garanteprivacy.it).

Cookies

In relation to the cookies used on the Websites, please read the relevant notice (so-called “Cookie Policy”), available at the following link: https://jaxplus.it/cookie-policy/.

Updates and Changes

The Privacy Policy is in force as of November 12^th, 2020. The eventual entry into force of new legislation in this area, as well as the updating and/or variation of the services offered by the Company, could imply the necessity or utility of amending the terms and conditions described in the Privacy Policy. Consequently, it is possible that the Privacy Policy may change over time.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-marketing	1 year	This cookie is set by the GDPR Cookie Consent plugin to store the user consent for the cookies in the category "Marketing".
cookielawinfo-checkbox-necessari	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	This cookie records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_ga_EH5PR4J0YM	2 years	Google Analytics sets this cookie to store and count page views.
_ga_X543PMBZ7N		This cookie is installed by Google Analytics to store and count pageviews.
_gat_gtag_UA_174296493_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress		Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjRecordingEnabled	sessione	Hotjar sets this cookie when a Recording starts and is read when the recording module is initialized, to see if the user is already in a recording in a particular session.
_hjRecordingLastActivity	sessione	Hotjar sets this cookie when a user recording starts and when data is sent through the WebSocket.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
mailchimp_landing_site	1 month	The cookie is set by MailChimp to record which page the user first visited.
tk_lr	1 year	The tk_lr is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack.
tk_or	5 years	The tk_or is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack.
tk_r3d	3 days	JetPack installs this cookie to collect internal metrics for user activity and in turn improve user experience.
tk_tc	session	JetPack sets this cookie to record details on how user's use the website.

Cookie	Duration	Description
_hjIncludedInSessionSample_3174882	2 minutes	Hotjar set this cookie to determine if a user is included in the data sampling defined by your site's daily session limit
_hjSession_3174882	30 minutes	This cookie is used by Hotjar to provide functions across pages.
_hjSessionUser_3174882	1 year	This cookie is used by Hotjar to store a unique user ID.
cookies.js	session	No description available.

Privacy Policy

Information on the processing of personal data pursuant to Articles no. 13 and no. 14 of the Regulation (EU) 2016/679

To this end, the user is invited to periodically consult the Websites.