Privacy policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA
Introduction
The protection of personal data is fundamental to Health & Happiness (hereinafter “H&H” or using pronouns such as “We” or “Our”) and we want to ensure that the processing of your Personal Data, carried out by any means, both automated and manual, is done responsibly and in full compliance with Legislative Decree 196/2003 as updated by Legislative Decree August 10, 2018, No. 101 (“Privacy Code”) and the protections and rights recognized by Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “Regulation”) and other applicable personal data protection laws.
Based on the principle of transparency and all the elements required by Article 13 of the Regulation, this notice (hereinafter, “Privacy Notice”) describes how We collect, disclose, use, store, or otherwise process your Personal Data from the moment you visit the Swisse.it website and any other connected domain (e.g., careers.swisse.it) (hereinafter, the “Swisse Site” or “Our Site”).
This Privacy Notice describes, among other topics, (1) the Personal Data Swisse may collect about you, (2) how Swisse uses your Personal Data, (3) how Swisse discloses your Personal Data, and (4) how Swisse protects your Personal Data.
Furthermore, this Privacy Notice may from time to time be reviewed and revised, as indicated below, to take into account, among other things, changes in law and technology. However, all personal information held by Swisse will be governed by the version of this Privacy Notice in effect at the time such personal information is collected.
Before using the Swisse Site, you should carefully read this Privacy Notice and ensure that you understand it. Use of the Swisse Site is considered your irrevocable acceptance of this Privacy Notice. If you do not agree with this Privacy Notice, you should not use and should immediately stop using the Swisse Site. For the purposes of this paragraph, access to the Swisse Site solely for the purpose of reviewing this Privacy Notice or any related terms of use is not considered use of the site itself.
The following articles constitute our Privacy Notice, structured in individual sections each covering a specific topic to make it quicker, easier, and more understandable for you to read. To go directly to a particular section, click on the desired section.
This Privacy Notice applies exclusively to the Swisse Site and does not apply to other websites, even if such websites are operated on behalf or in the name of Swisse or are linked to the Swisse Site. When you access a website other than the Swisse Site, either by clicking on links on the Swisse Site or otherwise, you will be subject to the terms of any privacy notice related to those websites. You are strongly advised to review the privacy notice of each site you visit.
A. Data Controller and Data Protection Officer (DPO)
B. What Personal Data we collect and store
C. Information collected from third parties
D. Purposes for which Personal Data is used
E. The legal basis for the processing of Personal Data under the Regulation
F. Whether providing personal data is necessary and the consequences of refusal
G. Data relating to minors
H. Storage and transfer of Personal Data to other countries
I. Disclosure of Personal Data to third parties
J. Protection
K. What rights can be exercised and how
L. Children’s Privacy
M. Revisions to this Notice
N. Additional Information
O. Cookie Policy
A. Data Controller and Data Protection Officer (DPO)
The company that will process your personal data is H&H Italy S.r.l.
To facilitate relations between you, as the data subject, and the data controller, we have appointed a “Data Protection Officer” or “DPO” pursuant to Article 37 of the Regulation.
As provided for by Article 38 of the Regulation, you may freely contact the DPO for any matters related to the processing of your Personal Data and/or if you wish to exercise your rights as set out in this Privacy Notice, by sending a written communication to the email address Aaron.Xie@hh.global and/or writing to the DPO at the controller's registered office.
B. What Personal Data we collect and store
Personal information or data refers to any information that relates to a natural person and identifies or can, when used together with other readily accessible information, identify that individual (“Personal Data”).
By way of example, Personal Data includes: first and last name; address; tax code; bank account number; date of birth; telephone number; information contained in identity documents; email address; location. Also considered Personal Data are data generated through the use of services offered through the Swisse Site, such as: information about the browser and device used; IP address; data on use of the Swisse Site; information collected through the use of cookies and other technologies that do not specifically reveal your identity (collectively “Analytical Information”).
You may access the Swisse Site homepage and browse certain areas of Our Site without revealing any personal information. However, to access other parts of the Swisse Site, you may need to register and/or provide personal information.
When requesting certain services on the Swisse Site, you may be asked to provide Personal Data (including, but not limited to, name, gender, and contact information). On the registration screen, it will be clearly indicated which information is required and which is optional and may be provided at your discretion.
We also collect other information you voluntarily provide through the features of the Swisse Site (including, but not limited to, during registration or when requesting products or services, or by contacting us by mail, mobile phone, email, or otherwise in the context of your communications with Us such as responses to contests, surveys, questionnaires, feedback requests, and research).
We may also ask you to provide additional Personal Data (including, but not limited to, your email address) if you wish to obtain additional services or information, resolve complaints or concerns, or for other legitimate purposes. You consent to Swisse sending you messages for such purposes if you provide your email address.
In general, we do not collect sensitive information concerning racial or ethnic origin, political opinions, religious beliefs, membership in trade unions, physical or mental health, sexual orientation, or criminal records (“Special Categories of Data”). However, if we need to request the release of Special Categories of Data for legal purposes, such as for the provision of our services, we will ask for prior consent to process such data.
C. Information collected from third parties
We may, from time to time, expand our existing user databases with information (“Acquired Information”) lawfully obtained from third parties.
D. Purposes for which Personal Data is used
Personal Data may be used to:
- where applicable, manage and administer users' personal accounts;
- respond to any requests made by users themselves, for example, through unsolicited applications, emails, or postal messages sent to the contact details provided on the Site, which involve the subsequent acquisition of the sender’s address, including email, or the relevant telephone number necessary to respond to the requests, as well as any other Personal Data included in such communications;
- offer, administer, and manage services and fulfill obligations arising from any contract entered into, such as (but not limited to) online purchases. In such cases, we will use your Personal Data to execute the contract because, without that specific information, we would not be able to provide the required services.
- comply with a legal obligation under the law, a regulation, or EU legislation;
- establish, exercise, or defend our rights in legal proceedings;
- gather anonymous statistical information on the use of the Site and ensure it is functioning correctly;
- management, administrative, accounting and tax obligations.
In addition, it may be necessary to process Personal Data for:
- developing and improving products and services;
- direct marketing and/or profiling activities if the user has selected one or both of these options, and to personalize the Swisse Site according to your interests. For example, you may see articles on the Swisse Site that match your interests;
- market analysis; and
- other legitimate business purposes.
Analytical Information may be used (1) to record your use of Our Site, (2) to diagnose problems with the Swisse Site, (3) to improve Our Site and make it more useful to all users, and (4) for other legitimate business purposes. Further information on the use of cookies is contained in the relevant section of this Privacy Notice.
Acquired Information may be used (1) to identify the products and services to be offered through the Swisse Site, if you have given your prior consent, (2) for marketing campaigns and other promotional campaigns, (3) to provide targeted promotional information that we believe may interest you, and (4) for other legitimate business purposes.
We will not use your Personal Data for advertising purposes unless you have given your consent.
If you later decide you no longer wish to receive information about the services we may offer you, you will have the right to withdraw your consent by clicking the appropriate link in the promotional email message, modifying your communication preferences, or contacting our data protection officer at Aaron.Xie@hh.global. Withdrawal of consent will not affect the processing of Personal Data carried out before the withdrawal but will mean that in the future we will not be able to contact you about the services offered.
E. The legal basis for the processing of Personal Data under the Regulation
If you are within the European Economic Area (EEA), the legal basis for collecting and using the Personal Data described in this Privacy Notice depends on the Personal Data we collect and the specific context in which they are collected. We may process your Personal Data in the following cases: (1) we need it to perform a contract with you or to respond to your requests (e.g. to fulfill a support request or perform obligations under a contract); (2) you have given your consent for specific processing (e.g. for marketing and profiling purposes); (3) the processing is in our legitimate interest and is not overridden by your rights (e.g. for security reasons); and (4) to comply with the law.
We will inform you when it is necessary to provide us with your Personal Data to fulfill a contract or comply with legal obligations. In these cases, if you do not provide the Personal Data, we may not be able to respond to your requests and/or continue further communications.
We may process Personal Data for purposes other than those explicitly mentioned in this Privacy Notice, if such further processing is compatible with the purpose for which the data was initially collected or with your consent and, in any case, after providing appropriate notice.
F. Is it necessary to provide Personal Data and what are the consequences of refusal
The provision of your Personal Data, requested during the various data collection points, may be necessary for the purposes identified in the relevant notice or optional.
The mandatory or optional nature of the provision is specified by the symbol (*) next to the mandatory information.
Any refusal to provide certain Personal Data marked as mandatory makes it impossible to achieve the main purpose of the specific collection: such refusal may, for example, make it impossible for H&H to provide the services available on the Site.
Providing H&H with additional Personal Data, other than those marked as essential, is optional and does not affect the achievement of the main purpose of the collection.
G. Data relating to minors
The Personal Data of minors under the age of 18 will not be processed by the Data Controller without prior authorization from the holder of parental responsibility.
H. Storage and transfer of your Personal Data to other countries
Your Personal Data will be stored only for the time necessary for the purposes indicated in this Privacy Notice. We will retain and use your Personal Data to the extent necessary to fulfill our legal obligations (e.g., if we are required to retain your data to comply with applicable laws), resolve disputes, enforce our agreements, and policies.
We will retain Analytical Information for internal analysis purposes. Analytical Information is generally retained for a shorter period, except when the data is used to strengthen the security or improve the functionality of the Swisse Site service, or we are legally obligated to retain the data for longer periods.
If you are within the European Economic Area (EEA), your Personal Data will be processed within the European Union.
If, for technical and/or operational reasons, it becomes necessary to use parties located outside the European Union, we inform you that such parties will be appointed as Data Processors pursuant to Article 28 of the Regulation, and the transfer of your Personal Data to such parties, limited to the performance of specific Processing activities, will be governed in accordance with Chapter V of the Regulation. All necessary safeguards will be adopted to ensure full protection of your Personal Data, based on: (a) adequacy decisions for the recipient third countries issued by the European Commission; (b) appropriate safeguards provided by the third-party recipient under Article 46 of the Regulation; (c) the adoption of binding corporate rules (BCRs).
Personal Data may be transferred to the USA to be stored on servers, following the signing of standard contractual clauses with server and/or service providers entrusted to third parties.
In any case, you may request further details if your Personal Data has been processed outside the European Union by requesting evidence of the specific safeguards adopted by sending us an email at Aaron.Xie@hh.global.
I. Disclosure of Personal Data to third parties
We will not disclose any Personal Data you provide to third parties except to our affiliated companies, if required by law or as stated in this Privacy Notice. We will not sell, trade, or rent your Personal Data to others.
Your Personal Data may be shared with specific parties considered recipients of such Personal Data.
In this regard, to correctly carry out all the Processing activities necessary to pursue the purposes of this Privacy Notice, by visiting the Swisse Site, you consent to the disclosure of your Personal Data to the following recipients:
- Affiliated companies, business partners (including parties with which we have various types of business arrangements), and subsidiaries;
- Service providers;
- Other companies and individuals working to provide you with promotional offers and information on behalf of Swisse, such as marketing services (including, customer analytics lists, service deliverability statistics, open and click reports), marketing assistance, or consultancy services. These third parties may access only the information necessary to perform their functions and may not use it for other purposes;
- Advertisers, who may collect aggregate statistics from the Swisse website;
- Payment processors who collect your payment information if you decide to purchase one of our products;
- Credit reporting agencies and other financial institutions including our banking intermediaries, service providers, accountants, auditors and legal advisors, insurance and industry groups that legitimately receive such information.
- Other parties we necessarily deal with in staff-related matters (such as training institutions, healthcare providers, insurers, close relatives, referees); and
- Other persons and entities authorized under the Regulation or the Privacy Code.
Except as described in this Privacy Policy, we will not knowingly disclose your personal information to third parties without your consent.
J. Protection
We have implemented appropriate technical, security, and organizational measures to preserve your Personal Data, prevent unauthorized interference and access, maintain data security, and limit the use of Personal Data to what is permitted by this Privacy Policy.
We have developed technological and security measures, rules, and other appropriate procedures to protect Personal Data from loss, alteration, unauthorized access, unauthorized interference, misuse, unauthorized alterations, accidental or unlawful destruction, or accidental loss.
You should keep in mind that internet transmissions (including email) are never completely secure or error-free. That’s why you should take steps to protect yourself, especially online, and pay particular attention to the type of information you choose to send us via email or other online transmission methods. It is also your responsibility to safeguard passwords, identification numbers, or other access features you use on the site. We advise you to choose a strong password, not reuse passwords from other websites, and not share your password with anyone else. Also remember to log out of Our Site and close your browser window to ensure that others who may have access to your computer cannot access your Personal Data.
K. What rights can be exercised and how
If you are a resident of the European Economic Area (EEA), you have specific data protection rights.
Specifically, you may access your Personal Data, request its correction and updating if incomplete or incorrect, request its deletion if collected unlawfully, and object to processing for legitimate and specific reasons.
Below are all the rights you may exercise at any time:
- Right of access: pursuant to Article 15 of the Regulation, you have the right to obtain confirmation as to whether or not Personal Data is being processed and, if so, access to such Personal Data and the following information: a) the purposes of the processing; b) the categories of Personal Data; c) the recipients or categories of recipients to whom the Personal Data has been or will be disclosed, in particular recipients in third countries or international organizations; d) when possible, the retention period of the Personal Data or, if not possible, the criteria used to determine that period; e) the existence of the right to request rectification or deletion of Personal Data or restriction of processing or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) if the data is not collected from the data subject, all available information about its origin; h) the existence of automated decision-making, including profiling referred to in Article 22(1) and (4) of the Regulation and, at least in such cases, meaningful information about the logic involved and the significance and expected consequences of such processing for the data subject.
- Right to rectification: pursuant to Article 16 of the Regulation, you may obtain correction of inaccurate Personal Data. Considering the purposes of the processing, you may also request the completion of incomplete Personal Data, including by providing a supplementary statement.
- Right to erasure: pursuant to Article 17 of the Regulation, you may obtain the erasure of your Personal Data without undue delay, and we will be obligated to delete such data where one of the following grounds applies: a) the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; b) the data subject withdraws consent and there is no other legal ground for the processing; c) the data subject objects to the processing pursuant to Article 21(1) or (2) of the Regulation and there are no overriding legitimate grounds for the processing; d) the Personal Data has been processed unlawfully; e) the Personal Data must be deleted to comply with a legal obligation under EU or member state law.
In some cases, as provided in Article 17(3) of the Regulation, we are allowed not to erase the Personal Data if its processing is necessary, for example, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research, or statistical purposes, or for the establishment, exercise, or defense of legal claims.
- Right to restriction of processing: pursuant to Article 18 of the Regulation, you may request restriction of processing when: a) the accuracy of the Personal Data is contested (processing will be restricted for the period needed to verify the accuracy of such data); b) the processing is unlawful, and the data subject opposes the erasure of the data and instead requests restriction of its use; c) the controller no longer needs the Personal Data for processing, but it is required for legal claims; d) the data subject has objected to processing pursuant to Article 21(1), pending verification of whether the controller’s legitimate grounds override those of the data subject.
If processing is restricted, Personal Data will be processed, with the exception of storage, only with the data subject’s consent or for legal claims or to protect the rights of another natural or legal person, or for reasons of important public interest. The data subject will be informed before any such restriction is lifted.
- Right to data portability: you may, at any time, request and receive, pursuant to Article 20 of the Regulation, all your Personal Data processed by the Data Controller in a structured, commonly used, and machine-readable format or request the transmission to another controller without hindrance. In this case, it is your responsibility to provide us with all necessary details of the new data controller along with your written authorization.
- Right to object: pursuant to Article 20 of the Regulation, you may object at any time, on grounds relating to your particular situation, to the processing of Personal Data, including profiling. You may also object at any time to the processing of Personal Data for direct marketing purposes, including profiling to the extent it is related to such marketing. In such cases, we will no longer process your Personal Data unless there are compelling legitimate grounds that override your interests, rights, and freedoms or for legal claims.
- Withdrawal of consent: if you have given consent to the processing of your Personal Data for one or more purposes, you may withdraw it at any time, in whole or in part, without affecting the lawfulness of the processing based on consent before its withdrawal.
How to exercise your rights
You may exercise your rights at any time by sending an email to: Aaron.Xie@hh.global.
We inform you that, in case of exercising rights, we may ask you to verify your identity before processing the request.
L. Children’s Privacy
The services on the Swisse Site are not directed to individuals under the age of 18 ("Minors"). We do not knowingly collect personally identifiable information from individuals under 18. If you are a parent or guardian and you know that your child has provided us with Personal Data, please contact us. If we become aware that a minor has provided us with Personal Data without parental consent, we will take steps to remove such information from our servers.
M. Revisions to this Policy
We may modify any provision of this Privacy Policy from time to time by posting the modified provision on the Swisse Site. Any changes will take effect immediately upon such posting and will apply to all personal information obtained thereafter. It is your responsibility to periodically check this Privacy Policy on Our Site for revisions.
N. Additional Information
If you have any questions or complaints, or if you would like additional information about the processing of your Personal Data by Swisse Wellness or otherwise related to this Policy, please contact us at Aaron.Xie@hh.global.
O. Cookie Policy
In collecting Analytical Information, Swisse uses cookies, log files, servers, and pixel-tags (web beacons) to identify a user as the visitor navigating the Swisse Site.
What are cookies
A cookie is a small file stored on your computer or electronic device. It has a unique ID assigned to your device and allows the website to remember your actions and preferences over a period of time (such as location, language, font size, and other display preferences). This way, you don’t have to re-enter them whenever you return to the site or navigate from page to page. Cookies can also help us personalize your browsing experience.
Although cookies usually do not collect Personal Data, if you have previously provided Personal Data to Swisse, Swisse may link your Personal Data to the cookies or other tracking devices that the website places on your hard drive. In such cases, we will treat the information contained in the cookie as Personal Data.
Types of cookies
There are two categories of cookies: persistent cookies and session cookies.
Persistent cookies remain on your device until manually or automatically deleted.
Session cookies remain on your device until you close the browser and are therefore automatically deleted.
Cookies can serve different purposes, and we may use them for the following reasons:
(i) To remember your preferences and settings (e.g., language, currency, font size);
(ii) To improve your browsing experience and make the site more user-friendly and efficient;
(iii) To perform analytics and collect statistical data on website traffic and usage, so that we can improve the Site and its content;
(iv) To show you relevant advertising based on your interests;
(v) To enable social media sharing and integration;
(vi) To provide enhanced security and prevent fraud or unauthorized access.
Managing cookies
You can manage and disable cookies via your browser settings. Most browsers allow you to refuse or delete cookies. However, if you choose to disable cookies, some features of the Site may not function properly or may be unavailable.
For more information on how to control cookies, you can visit www.aboutcookies.org.
Use of third-party cookies
Swisse may also use third-party services (such as Google Analytics, Facebook, and others) that place cookies on your device to collect information about your browsing activities on the Site and other websites. These third parties use this data to provide analytics, advertising, or other services. Their use of cookies is governed by their own privacy policies, and we encourage you to review them.
Consent to cookies
By continuing to use the Site, you consent to our use of cookies as described in this Policy. If you do not agree, please adjust your cookie preferences or do not use the Site.
Contact
If you have any questions regarding this Cookie Policy or how we use cookies, please contact us at Aaron.Xie@hh.global.
| Cookie Name | Cookie Description | |
| CART | The association with your shopping cart. | The association with your shopping cart. |
| CATEGORY_INFO | Allows pages to be displayed more quickly. | Allows pages to be displayed more quickly. |
| COMPARE | The items that you have in the Compare Products list. | The items that you have in the Compare Products list. |
| CUSTOMER | An encrypted version of your customer id. | An encrypted version of your customer ID. |
| CUSTOMER_AUTH | An indicator if you are signed into the store. | An indicator if you are signed into the store. |
| CUSTOMER_INFO | An encrypted version of the customer group you belong to. | An encrypted version of the customer group you belong to. |
| CUSTOMER_SEGMENT_IDS | Stores your Customer Segment ID | Stores your Customer Segment ID. |
| EXTERNAL_NO_CACHE | A flag that, indicates whether caching is on or off. | A flag that indicates whether caching is on or off. |
| FRONTEND | Your session ID on the server. | Your session ID on the server. |
| GUEST-VIEW | Allows guests to edit their orders. | Allows guests to edit their orders. |
| LAST_CATEGORY | The last category you visited. | The last category you visited. |
| LAST_PRODUCT | The last product you looked at. | The last product you looked at. |
| NEWMESSAGE | Indicates whether a new message has been received. | Indicates whether a new message has been received. |
| NO_CACHE | Indicates whether it is allowed to use cache. | Indicates whether it is allowed to use cache. |
| PERSISTENT_SHOPPING_CART | A link to information about your cart and viewing history if you have asked the site. | A link to information about your cart and viewing history if you have requested it on the site. |
| RECENTLYCOMPARED | The items you recently compared. | The items you recently compared. |
| STF | Information on products you emailed to friends. | Information on products you emailed to friends. |
| STORE | The store view or language you have selected. | The store view or language you have selected. |
| USER_ALLOWED_SAVE_COOKIE | Indicates whether a customer authorized cookies. | Indicates whether a customer authorized cookies. |
| VIEWED_PRODUCT_IDS | The products that you recently looked at. | The products that you recently looked at. |
| WISHLIST | An encrypted list of products added to your wish list. | An encrypted list of products added to your wish list. |
| WISHLIST_CNT | The number of items in your wish list. | The number of items in your wish list. |
Managing Your Cookie Preferences
At any time, you have several options to manage cookies.
You can also restrict or block cookies by changing your browser settings. Check your browser's “help” section for specific information on how to manage your cookie settings.
Below are links to instructions for the following browsers
– Internet Explorer – http://windows.microsoft.com/en-gb/windows-vista/block-or-allow-cookies
– Chrome – https://support.google.com/chrome/answer/95647
– Firefox – https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
– Opera – http://www.opera.com/help/tutorials/security/privacy/
– Safari – http://support.apple.com/kb/PH17191
Further information about these settings is available at www.allaboutdnt.org.
Cookie settings can affect your internet browsing experience and the functionality of some services that require the use of cookies. As a result, we are not responsible for any consequences of degraded service performance due to the inability to store or access cookies on your device.