This information on the processing of Personal Data (hereinafter "Information") is provided to the User of the e-commerce platforms https://www.istitutoimage.it and https://www.istitutoimage.com with reference to the processing of the User's Personal Data related to cookies and tracking technologies, in compliance with the provisions contained in articles 13 and 14 of EU Regulation 2016/679 of 27 April 2016, in relation to the protection of natural persons with regard to the processing of Personal Data, as well as the free movement of such data (General Data Protection Regulation, hereinafter also "GDPR").
Pursuant to articles 13 and 14 of the GDPR, hence, you are invited to take note of the following Information.
The Personal Data that may be collected through cookies and tracking technologies include the following:
(Hereinafter "Personal Data" or "Data").
The User is responsible for the completeness and truthfulness of any Personal Data provided directly. This Cookie Policy specifically addresses the use of cookies and tracking technologies. For broader data processing details, please refer to our separate Privacy Policy, accessible on the website of the Data Controller.
The Data Controller in charge of the processing of the Personal Data collected through cookies is Istituto Image Srl, Via Pietro Mascagni 14, 20122 Milan (MI), Tax code: 06564590963 and VAT Number: 06564590963 (hereinafter "Data Controller"). For any communication to be sent to the Data Controller, it is possible to send an e-mail to the following address: shop@istitutoimage.com; or a PEC (Certified e-mail) to: istitutoimagesrl@legalmail.it; or a registered letter to the address of the Data Controller's offices.
The Data Controller collects the Personal Data through cookies and tracking technologies for the following purposes:
a) ensuring the proper functioning of the e-commerce platforms https://www.istitutoimage.it and https://www.istitutoimage.com (e.g., technical cookies for session management and website navigation);
b) fulfilling legal obligations related to the use of cookies, such as obtaining user consent where required;
c) sending advertising material, newsletters, and carrying out direct marketing actions (e.g., using targeting cookies);
d) the exercising of rights in court and out of court, connected to the relationship (e.g., management of any disputes related to cookie usage);
e) analyzing website usage and user behavior to improve our services and website functionality (e.g., using analytics cookies);
f) tracking health-related browsing behavior when users interact with health-related content (such as treatments, medical conditions, or health services), but only with explicit consent (e.g., using specific tracking cookies for health data).
The Personal Data collected through cookies are strictly functional to the purposes referred to in the preceding paragraph.
For purpose a) of paragraph III above, the provision of Personal Data does not require the User's consent, as their processing is necessary for the technical functioning of the website.
For purpose b) of paragraph III above, the legal basis for the collection of the Personal Data is the necessary fulfilment of a legal obligation to which the Data Controller is subject (e.g., compliance with GDPR consent requirements).
For purpose c) of paragraph III above, the legal basis for the collection of the Personal Data is the free and specific consent of the User, which is obtained through the cookie banner or preferences center during the User's first visit to the e-commerce platforms https://www.istitutoimage.it and https://www.istitutoimage.com.
For purpose d) of paragraph III above, the legal basis for the collection of the Personal Data is the legitimate interest of the Data Controller in the exercise and protection of the Data Controller's rights in court and out of court.
For purpose e) of paragraph III above, the legal basis for the collection of the Personal Data is the free and specific consent of the User, which is obtained through the cookie banner or preferences center, as this processing is not strictly necessary for the website's functionality but serves to improve services.
For purpose f) of paragraph III above, the legal basis for the collection of the Personal Data, including special categories of data (health data), is the explicit consent of the User, which is requested separately from other consents due to the sensitive nature of health data.
In the event of the User's failure to provide consent for the purposes referred to in letters c), e), and f) of paragraph III above, the related cookies will not be activated, but the User will still be able to navigate the e-commerce platforms https://www.istitutoimage.it and https://www.istitutoimage.com using technical cookies necessary for functionality.
The processing will be carried out with IT and telematic tools, with organization and processing logics strictly related to the purposes for which the Personal Data are processed, and in any case in such a way as to guarantee the security, integrity, and confidentiality of the Data in compliance with the organizational, physical, and logical measures envisaged by the provisions in force. The processing will be carried out in accordance with the principles of correctness, lawfulness, and transparency, in order to protect the privacy and the rights of the interested party (User) at all times in compliance with the current legislation.
The Data Controller declares and guarantees that the Personal Data collected through cookies will be processed with the greatest confidentiality and protection, also guaranteeing that the appropriate technical and organizational security measures will be adopted so as to prevent unauthorized access, disclosure, accidental or improper alteration, loss, or destruction of the Personal Data.
As a health and wellness provider, we understand the sensitive nature of health-related information. When you browse health-related content on our website (such as treatments, conditions, or medical services), this browsing behavior may be considered health-related data under certain privacy regulations.
Special Consent for Health Data: We require explicit consent before tracking any health-related browsing behavior. This consent is separate from general marketing or analytics consent and can be managed in your cookie preferences.
How We Use Health Data: When consent is provided, we may use this data to:
Safeguards for Health Data:
Connection to Form Consent: The "privacy for medical booking" consent you provide in our forms is separate from website tracking consent. Form consent applies to the processing of health data you explicitly provide in forms, while cookie consent applies to tracking your browsing behavior.
Our website uses the following analytics and tracking technologies:
Meta Pixel and Conversions API: We use Meta Pixel and Conversions API to track conversions and measure the effectiveness of our advertising. This technology helps us understand how users interact with our website after seeing our ads on Facebook, Instagram, and other Meta platforms.
Google Analytics (GA4): We use Google Analytics 4 (GA4) to analyze website traffic and user behavior. GA4 is configured with server-side tagging to enhance GDPR compliance by minimizing the transfer of personal data to third parties.
PostHog: We use PostHog to analyze user behavior and improve our website functionality. PostHog is configured to prioritize user privacy and comply with GDPR requirements.
For more detailed information about these technologies and how to control them, please refer to our Cookie Policy.
To ensure compliance with GDPR, we have implemented explicit consent mechanisms for the following activities:
Links to Policies: On all pages where users enter personal data (e.g., during newsletter subscription, contact submission, or consultation booking), we provide clear links to this Cookie Policy and our Privacy Policy for transparency.
The Personal Data collected through cookies will be stored for a period of time not longer than that necessary for achieving the purposes for which they have been collected, as outlined in paragraph III. Specifically:
The Personal Data collected through cookies may be accessed by the following third-party recipients involved in the processing of cookie-related data:
These third parties act as data processors under article 28 of the GDPR and are contractually obligated to process the Personal Data in compliance with this Cookie Policy and applicable GDPR regulations. No other categories of recipients, such as those involved in order fulfillment or other non-cookie-related activities, are included here, as they are addressed in the separate Privacy Policy.
In the event of any future transfer of Personal Data to a third country outside the European Union (e.g., via Google or Meta), all the provisions of chapter V of the GDPR will be respected, including the use of Standard Contractual Clauses or other mechanisms to ensure an appropriate level of protection.
The User has the right:
To exercise his/her rights, the User may formulate an express written request to the Data Controller to be sent to the following e-mail address: shop@istitutoimage.com; or by PEC (Certified e-mail address) to the address istitutoimagesrl@legalmail.it; or by registered letter to the address of the Data Controller's offices.