Privacy Policy

This Privacy Policy is made pursuant to Article 13 of European Regulation No. 679/2016 and applies exclusively to all Data collected through the Website https://www.aerosal.it/. This Privacy Policy is subject to updates that will be posted on the Website on a timely basis. This Privacy Policy, together with any other documents referred to in it and the Cookie Policy, establish the basis on which the Data Subject's Personal Data will be processed.

Data Controller

The Data Controller of the Data collected from this Website is Aerosal Divisione Medica SA - Via Solriposo 8, Taverne 6807, Switzerland, mail: info@aerosal.it

Web platform

The website is built with platforms that are intended to host and operate key components of the website. These platforms may provide tools for analytics, user registration management, comment and database management, e-commerce, payment processing etc. The use of such tools involves the collection and processing of Personal Data.

Some of these services operate through servers located geographically in different locations, making it difficult to determine the exact location where Personal Data is stored.

The Platform chosen by the Owner is:

Kartra (Genesis Digital)

Place of processing: USA - Privacy Policy

Personal Data Processed

Personal Data means any information concerning an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, one or more characteristic elements of his/her physical identity.

Category of Personal Data Processed

Among the Personal Data processed by this Web Site, either independently or through third parties, are Common Data such as:

  • Biographical data (such as first name, last name, date of birth, age, gender, etc.).
  • Contact information (e-mail, address, phone number)
  • Geo-location data (including "IP" addresses)
  • Internet Browsing Data, Cookies, and Usage Data
  • In case a request is sent through the "Contact" section of the Site, the provision of certain Personal Data is necessary for the Owner to fulfill the requests, so the relevant fields of the registration form are marked as mandatory.
  • Login and account information, including user name, password.

Methods of Processing Personal Data

The Personal Data provided or acquired will be subject to Processing based on the principles of fairness, lawfulness, transparency and protection of confidentiality in accordance with current regulations. The Data Controller processes Users' Personal Data by adopting appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data. The Processing is carried out by means of computer and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes.

Purpose of the Processing of Personal Data and Legal Basis

Personal Data may be collected autonomously by the Data Controller or through third parties. In this case, the computer systems and software procedures in charge of the operation of this Website acquire certain Personal Data of the Users, of a technical-informatics nature (e.g. IP address, type of browser used, operating system, domain name and addresses of websites from which access or exit was made, etc.), the transmission of which is inherent to the normal operation of the Internet. Such Data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the site and/or to check its correct functioning and will be deleted immediately after processing.

The Data that the Data Subject chooses to voluntarily provide will be subject to processing in compliance with the conditions of lawfulness ex art. 6 GDPR and will be processed to enable the Website to provide its services, as well as for the Purposes indicated below and will be kept for the time necessary for the fulfillment of the aforementioned Purposes. Specifically, the Purposes of the processing are:

1) Responding to inquiries and providing Information

Data will be processed for the purpose of being contacted or following up on specific requests made to the Data Controller by the Data Subject for communications of a nature relating to the Data Controller's Services and/or Products, via telephone or WhatsApp Business instant messaging

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject.

2) Website registration 

The registration procedure, through the creation of an account or the use of an existing social network account, is intended to allow the use of the website as a "Registered User" and to access a range of services offered through the same applications.

The Data will be processed for the purpose of being registered to the Controller's site for the purchase of the Controller's Products.

Legal basis: The legal basis of the processing is the execution of pre-contractual measures to which the data subject is a party this processing and the consent of the data subject who can always change his or her mind however the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject.

3) Search for the nearest Aerosal Center. 

Data will be processed for the purpose of being contacted to find out about the center closest to the data subject's home. Contact will be made by phone or email.

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject

4) Pre-contractual information and fulfillment.

The Data will be processed in order to be contacted or to follow up on specific requests made to the Data Controller by the Data Subject for communications of an informative nature and/or for information about obtaining a quote and/or to purchase the Services/Products of the same Data Controller in order to be contacted again if the informational video that is sent in order to be able to finalize the purchase on the website has not been viewed. Contact is made through e-mail or telephone messages or WhatsApp Business instant messaging.

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject.

5) Treatment required under a contract

Data will be processed in order to fulfill the obligations arising from the contract between the Data Subject and the Data Controller for the sale of the Products/Services on the Website, to contact the Data Subject in relation to the Contract and for the management of the Contract, for the management of requests for legal guarantees, assistance, withdrawal requests, management and termination of the Contract

Legal basis: this processing is necessary for the performance of the contract to which the Data Subject is a party, for the execution of pre-contractual measures or to fulfill a legal obligation to which the Data Controller is subject.

Data retention period: period specified by law and in any case for a maximum period of 10 years for the purpose of fulfilling related administrative and tax obligations.

6) Fulfillment of any obligations under applicable laws

The Data will be processed to fulfill any type of obligation contemplated and provided for by current laws, regulations, related rules, business customs, and tax/fiscal matters, including also for the purposes provided for in the anti-money laundering legislation Legislative Decree 231/2007 and subsequent amendments.

Legal basis: this processing is necessary to fulfill a legal obligation to which the Data Controller is subject.

Data retention period: period specified by law and in any case for a maximum period of 10 years for the purpose of fulfilling related administrative and tax obligations.

7) Soft spam

The Data will be processed to allow the Data Controller to send by e-mail to the Interested Party commercial and promotional communications regarding Products and/or Services similar to the Products/Services being sold without the need for the express and prior consent of the Interested Party, as provided for in Article 130, paragraph 4, Privacy Code as amended by Legislative Decree No. 101 of 2018, and provided that the Interested Party does not exercise the right to object.

Legal basis: this processing is based on the legitimate interest of the Data Controller in accordance with Article 6(F) and Recital 47 of the GDPR.

Period of data retention: until the Data Subject objects.

8) Newsletter

The Data will be processed for sending promotional, commercial and advertising communications and material or inherent to initiatives and events of the Data Controller, through newsletters.

Legal basis: this processing is based on the consent freely given by the Data Subject in accordance with Article 6(1)(A) of the GDPR.

Data Retention Period: until consent is revoked by the Data Subject through the appropriate tool at the bottom of the newsletter or through a request to the Data Controller.

9) Marketing

The Data will be processed for direct sales of Products/Services, market research, sending of communications and promotional, commercial and advertising material or inherent initiatives and events, by e-mail, SMS, Whatsapp, Chat, Direct Messaging from social media, social networks or by phone calls, paper mail and other informative material.

Legal basis: this processing is based on the consent freely given by the Data Subject in accordance with Article 6(1)(A) of the GDPR.

Data retention period: until consent is revoked by the Data Subject.

10) Statistics

The Data will be processed to perform statistical analysis on aggregated and anonymous data to analyze the behavior of the Data Subject in order to improve the products and services provided by the Data Controller as well as to meet the Data Subject's expectations.

Legal basis: this processing is based on the consent freely given by the Data Subject.

Data retention period: until consent is revoked by the Data Subject.

11) Profiling

The Data will be processed for the analysis and evaluation of interests, habits, consumption choices, including the creation of profiles in order to be able to send personalized informative and promotional material about the Services/Products offered by the Data Controller.

Legal basis: this processing is based on the consent freely given by the Data Subject in accordance with Article 6(1)(A) of the GDPR.

Data retention period: until consent is revoked by the Data Subject.

12) Fidelity card

Personal data are collected for registration and use of the Fidelity Card breath card and may include and are not limited to, first name, last name, date of birth, e-mail address, and purchase history. This data is collected at the time of Fidelity Card registration and during use of the Fidelity Card. The data collected is used for the management and administration of the Loyalty Program, to provide points, discounts, and promotions customized based on purchase history, for the analysis and improvement of the Services, to download the number of sessions made in the stores and to be recognized as a customer in the same, to receive birthday giveaways, to receive bonuses with the achievement of spending levels, to analyze customers' preferences and purchasing behaviors in order to improve the products and services offered by the Holder.

Legal basis: this processing has as its legal basis the consent of the data subject obtained when registering for the Fidelity Card.

Period of data retention: until consent is withdrawn by the Data Subject and for the period necessary for the purposes for which it was collected and in accordance with applicable law.

13) Satisfaction of the Interested Party

The Data will be processed for the purpose of sending Customer Satisfaction Surveys in order to improve the offer on the Owner's Products/Services and without marketing purposes.

Legal basis: this processing is based on the legitimate interest of the Data Controller in accordance with Article 6(F) and Recital 47 of the GDPR.

Period of data retention: until the Data Subject objects.

14) Questionnaires about the treatment just finished

The Data will be processed for the evaluation of the quality of the treatment just performed in order to get to evaluate the effects on those who undergo the treatments for a specific purpose.

Legal basis: this processing is optional and based on the consent of the Data Subject, however, the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until consent is revoked by the Data Subject

15) Halotherapy Academy Participation.

Data will be collected and processed for the purpose of enabling participation in the Halotherapy Academy.

Legal basis: this processing has as its legal basis is the performance of the Contract to which the data subject is a party.

Data retention period: period specified by law and in any case for a maximum period of 10 years for the purpose of fulfilling related administrative and tax obligations.

Disclosure of Data

In addition to the Owner, in some cases, they may have access to the Data:

  1. (a) categories of specially trained appointees involved in the organization of the Website (administrative, sales, marketing, legal, system administrators);
  2. b) external parties (such as third party technical service providers, hosting providers, IT companies, communication agencies) also appointed as Data Processors by the Data Controller ex art. 28 GDPR. The updated list of Data Processors, if appointed, can always be requested from the Data Controller;
  3. (c) public or private entities that can access the Data in compliance with legal obligations;
  4. (d) individuals who perform tasks that are ancillary and instrumental to the Holder's activity;
  5. (e) partners who offer d Aerosal service in their outlets

Timing of Treatment

As expressly provided by art. 5, co. 1, letter e) of the GDPR, the Data are kept for the time necessary for the Processing of the same in relation to the performance of the service requested by the Data Subject, or required by the Purposes described above in this document. At the end of the retention period, the Personal Data will be deleted and therefore, the rights of access, deletion, rectification and portability of the Data can no longer be exercised.

CRM

The presence and management of a database allows the Data Controller to build user profiles from an email address, name or any other information that the Data Subject provides or to track his or her activities through statistical features. This Personal Data may also be cross-referenced with publicly available information about the Data Subject (such as profiles on social networks) and used to build private profiles that the Data Controller can view and use. Some of these services may also allow for the scheduled sending of messages to the Data Subject.

Personal Data Processed: city; last name; Usage Data; email; phone number; Tracking Tool; username; various types of Data.

The Holder uses the following CRM:

Kartra (Genesis Digital)

Place of processing: USA - Privacy Policy

Cookie

This Website uses cookies. Cookies are small text files that can be used by Websites to make the experience more efficient for the Data Subject and to personalize content and ads, provide social media features, and analyze traffic. Cookie Policy.

Place of Processing and Transfer of Data Abroad

The Data are processed at the operational headquarters of the Data Controller. For further information you may contact the Data Controller. The Data may be processed by individuals and/or legal entities operating on behalf of the Data Controller and under specific contractual obligations and located in EU or non-EU member countries. In the event that Data is transferred outside the EEA, the Data Controller will take all appropriate contractual measures to ensure adequate protection of the Data.

Exercise of data subject's rights

The Data Subject has the right to exercise the faculties provided for in Articles 7, 15-22 of European Reg. 679/2016. In particular, he/she has the right to revoke his/her consent at any time and, upon simple request to the Data Controller, he/she may request access to the Personal Data, receive the Personal Data provided to the Data Controller and where possible transmit them to another Data Controller without hindrance (so-called portability), obtain the updating, limitation of the processing, rectification of the Data and the deletion of those processed in breach of the regulations in force. He/she has the right, for legitimate reasons, to object to the Processing of Personal Data concerning him/her and to the Processing for the purpose of sending advertising material, direct sales and for carrying out market research. He/she also has the right to lodge a complaint with the Privacy Guarantor as the supervisory authority for the protection of personal data or to take appropriate legal action. The data subject may exercise his or her rights by contacting the Data Controller by e-mail at: info@aerosal.it.

Tools used for the Processing of Personal Data

CONTACT FORM

The Data Subject consents to the use of their data to obtain responses to requests for information, or any other purpose indicated by the header of the form. Personal Data collected through Contact Form: Email, First Name and Last Name, telephone

This website uses:

Kartra (Genesis Digital)

Place of processing: USA - Privacy Policy

OTHER CONTACT TOOLS 

WhatsApp Business

WhatsApp Business is an instant messaging service provided by WhatsApp Ireland Limited. For the purposes of the processing methods, reference is also made to the WhatsApp Business Data Processing Terms which can be found at the following link: https://www.whatsapp.com/legal/business-data-processing-terms/. The Data Subject's data will transit in WhatsApp Business services according to the terms that WhatsApp states in the document "WhatsApp Business Terms of Service" at the following link: https://www.whatsapp.com/legal/business-terms/ . Personal Data collected: phone number, email, Usage Data, Cookie. Place of Processing: Ireland-. Privacy Policy.

EMAIL ADDRESS MANAGEMENT

These services enable the management of a database of email contacts, telephone contacts, or contacts of any other type used to communicate with the Data Subject. These services may also allow for the collection of Data related to the date and time of viewing of messages by the Data Subject, as well as the Data Subject's interaction with them, such as information about clicks on links embedded in messages.

Newsletter

By registering for the newsletter, the Data Subject's email address is automatically added to a list of contacts to whom email messages containing information, including information of a commercial and promotional nature, relating to this Web Site may be sent. The Data Subject's email address may also be added to this list as a result of registering with this Website or after making a purchase. The Interested Party may choose at any time to unsubscribe from the newsletter by clicking on a specific button they will find within the emails. After clicking the unsubscribe button the Data Subject's Data will be deleted immediately from the "email marketing" software. Personal Data collected: email and Name. This Website uses the newsletter service provided by:

Kartra (Genesis Digital)

Kartra is an address management and email messaging service provided by Genesis Digital. Personal data collected: email. Place of processing: USA - Privacy Policy

WEBSITE REGISTRATION

By registering or authenticating, the Data Subject allows the website to identify him/her and give him/her access to dedicated services.

Registration and authentication services may also take place with the help of third parties. In this case, the application may access some Data stored by the third-party service used for registration and identification. Some of the services below may also collect Personal Data for targeting and profiling purposes

This website uses:

Kartra (Genesis Digital)

This website uses the service offered by Kartra that allows the Data Subject to create a restricted area. For more information on the permissions that follow, the Data Subject may refer to the Privacy Policy

STATISTICS

Statistical services allow the Data Controller exclusively to monitor and analyze traffic data and are used to track the behavior of the Data Subject. This Website uses the following services:

Kartra (Genesis Digital)

is an analytics service provided by Kartra for the purpose of tracking and examining the use of this Website and compiling reports. Personal Data Collected: Cookie and Usage Data. Place of processing: USA - Privacy Policy

Google Analytics 4

Google Analytics is an analytics service provided by Google LLC. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Website, compiling reports, and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads in its advertising network. Google may also transfer this information to third parties where required to do so by law or where such third parties process this information on Google's behalf. In Google Analytics 4, IP addresses are used at the time of collection and then deleted before the data is recorded in any data center or server. To learn more, you can consult Google's official documentation. At the following link https://tools.google.com/dlpage/gaoptout?hl=it the browser add-on for deactivating Google Analytics is made available by Google. Personal Data Collected: Cookies and Usage Data. Place of processing: USA - Ireland Privacy Policy

Facebook pixel conversion tracking (Meta Platforms, Inc.).

Facebook conversion tracking (Facebook pixel) is a statistics service provided by Facebook. The Facebook pixel monitors conversions that can be attributed to Facebook ads. Personal data collected: Cookies; Usage data. Place of processing: Ireland - Privacy Policy.

Google Search Console (Google Ireland Limited)

is an analytics service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Website, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads in its advertising network. Google may also transfer this information to third parties where required to do so by law or where such third parties process this information on Google's behalf. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland - Privacy Policy

TAG MANAGEMENT

The use of Tags allows code snippets (called Tags) to be installed within the HTML pages of a website. It can also be used in Android and iOS Apps. Tag Management allows with a single code snippet to manage multiple Tools simultaneously on the website. The use of such services involves the passage of the Data Subject's Data through them and in case it is necessary their retention.

Google Tag manager (Google LLC or Google Ireland Limited)

Google Tag manager is a service that allows you to manage and monitor all third-party Tags on the Website to get information about the interest shown by Users towards the Website itself and consequently the quality of the content. Personal Data Collected: Cookies and Usage Data. Place of processing: USA- Ireland - Privacy Policy

AUTOMATION TOOLS 

Zapier (Zapier Inc.)

Zapier is an online automation tool offered by Zapier Inc. that enables the creation of automated workflows between two separate applications (so-called ZAPs). The ZAP consists of two parts: the "trigger," the event that occurs within the first application and starts the automation, and the "action," which is the event that completes the ZAP. Personal data collected: Cookies, Usage Data and Aggregated Personal Data as specified in the Service's Privacy Policy. Place of processing: USA - Privacy Policy

INTERACTION WITH SOCIAL NETWORKS

These services allow for interactions with social networks directly from the pages of this Website. The interactions and information acquired by this Website are in each case subject to the privacy settings of the Data Subject related to each social network. In the event that a social network interaction service is installed, it is possible that, even if Users do not use the service, it will collect traffic data related to the pages where it is installed.

Facebook (Meta Platforms, Inc.)

Facebook buttons are interaction services with the social network Facebook, provided by Meta Platforms, Inc. Personal data collected: cookies and usage data. Place of processing: Ireland - Privacy Policy

Instagram (Meta Platforms, Inc.)

Instagram buttons are interaction services with the social network Instagram, provided by Meta Platforms, Inc. Personal data collected: cookies and usage data. Place of processing: Ireland - Privacy Policy

LinkedIn (LinkedIn Ireland Unlimited Company)

LinkedIn buttons are services for interaction with the social network LinkedIn, provided by LinkedIn Corporation. Personal data collected: cookies and usage data. Place of processing: Ireland - Privacy Policy

Tik Tok (TikTok Technology Limited)

Tik Tok buttons are social network interaction services provided by TikTok Technology Limited. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland - Privacy Policy

Youtube (Google Ireland Limited)

Youtube buttons are interaction services with the video content display service operated by Google. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland - Privacy Policy

REMARKETING AND RETARGETING

These services allow this Website to communicate, optimize, and serve advertisements based on a Data Subject's past use of this Website. This activity is done by tracking Usage Data and the use of Cookies. This Web Site uses the following services:

Facebook Remarketing (Meta Platforms, Inc.)

Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, which links this Website's activity with the Facebook advertising network. This Website makes use of the Facebook Pixel tool in order to measure conversions. Thanks to the Facebook Pixel you can understand the actions that people perform on the Website. The Data that is collected can be used to:

  • Make sure listings are shown to the right people;
  • Create audience groups for which to target advertisements;
  • Take advantage of the additional advertising tools of the platform you are advertising on

The information collected is anonymous to the operators of this Site and cannot be used to identify an individual Data Subject. However, the information is saved and analyzed by Facebook, which could link the action back to an individual profile and use this information for internal Facebook advertising purposes, as outlined by Facebook's privacy policy. This will allow Facebook to show advertisements on both Facebook and third-party sites. The Site Owner has no control over how this data is used. For more information on how users can protect their privacy, please refer to Facebook'sPrivacy Policy

Google ADS

Google ADS is a service provided by Google Ireland Limited that links this Website with Google's advertising network. This Web Site makes use of the Remarketing functionality of Google Analytics combined with the cross-device adaptability of Google ADS. This functionality makes it possible to connect target groups for promotional campaigns created by the Marketing function of Google Analytics with the adaptability to different Google ADS devices. This makes it possible to show advertisements based on the Respondent's personal interests, identified through an analysis of the Respondent's web behavior, whether on a mobile device or other devices. You can permanently disable targeting and remarketing features by disabling the "personalized advertising" feature in your Google account. To do so, simply follow this link: https://www.google.com/settings/ads/onweb/

Personal Data Collected: Cookies and Usage Data.
Place of processing: Ireland - Privacy Policy

Instagram Remarketing (Meta Platforms, Inc.)

Instagram Remarketing is a Remarketing and Behavioral Targeting service provided by Meta Platforms, Inc. that connects the activity of this Website with the Instagram advertising network. This Website makes use of the Pixel tool in order to measure conversions and understand the actions people perform on the Website. The information collected is anonymous to the operators of this Website and cannot be used to identify an individual Data Subject. However, the information is saved and analyzed by Facebook, which could link the action back to an individual profile and use this information for internal Facebook advertising purposes, as outlined by Facebook's privacy policy. For more information on how users can protect their privacy, please refer to Instagram's Privacy Policy.

Youtube Advertising (Google Ireland Limited)

Youtube Advertising is a service that allows you to use data from Google to increase purchases, subscriptions, and website visits. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland - Privacy Policy

CONTENT ON EXTERNAL PLATFORMS

These services allow to display content hosted on external platforms directly from the pages of this Website and interact with them.
Where such a service is installed, it is possible that, even if Users do not use the service, it will collect Traffic Data related to the pages where it is installed.

This Website uses

Google Maps

Google Maps is a map display service operated by Google that allows this Website to integrate such content within its pages. Personal Data Collected: Cookies and Usage Data. Place of Processing: Ireland -. Privacy Policy.

YouTube Video Widget (Google Ireland Limited)

YouTube is a video content display service operated by Google Ireland Limited that enables this Website to embed such content within its pages. Personal Data Processed: Usage Data; Tracking Tools.

Place of processing: Ireland - Privacy Policy

Google Fonts

Google Fonts is a font style display service provided by Google Ireland Limited that enables this Web Site to integrate such content within its pages. Personal Data collected: Usage Data; various types of Data as specified by the privacy policy of the service. Place of processing: Ireland - Privacy Policy

Calendly (Calendly LCC)

Calendly is an online automated appointment, call and meeting scheduling software operated by Calendly LCC. Personal Data Collected: Cookies and Usage Data. Place of processing: USA - Privacy Policy

PAYMENT MANAGEMENT

Payment processing services allow this Website to process payments by credit card, bank transfer or other means. The Data used for payment is acquired directly from the operator of the requested payment service without being processed in any way by this Website. Some of these services may also allow for the scheduled sending of messages to the Data Subject, such as emails containing invoices or notifications regarding payment.

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Therefore, please consult this page often, taking as reference the date of last modification indicated at the bottom. If you do not accept the changes made to this Privacy Policy, you must cease using this Website and may request the Data Controller to remove your Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to the Personal Data collected up to that point. The Data Controller is not responsible for updating all links viewable in this Privacy Policy, so whenever a link is not working and/or updated, Users acknowledge and agree that they should always refer to the document and/or section of the websites referred to by that link.

Privacy Policy updated as of February 2024

× Hi, do you have any questions?