In the sections of the website and social media where you can make posts or comments, we ask that you do not enter information or post photos or videos containing personal information that would make it possible to trace, even indirectly, your identity or that of a third party.
For example, in the case where you recount your experience or describe your health condition, please do not include references to places, people, circumstances and contexts that would allow even indirectly to trace your identity or that of third parties.
Please also remember that by following our page, your nickname will appear in the list of followers publicly accessible to all visitors to our page.
The Data Controller within the meaning of Article 4(7) of the GDPR is Hale, based at
Residenzstrasse 37, 13409 Berlin (Germany) - hereinafter referred to as "Data Controller". The Data Controller can also be contacted at the e-mail address: firstname.lastname@example.org.
● Biographical data (first name, last name, age);
● Contact data (e-mail, cell phone);
● Special data (data related to health, including data related to the condition of the cycle
menstrual cycle, existing diseases, symptoms and other conditions and comorbidities, data
related to sexual health or gender identity);
● Data related to lifestyle habits (e.g. Lifestyle).
Should you disclose personal data of third parties to the Data Controller, you stand as
autonomous data controller and assume the resulting legal obligations and responsibilities,
indemnifying the Data Controller against any disputes, claims and/or requests for compensation
of damages from processing that may be received by the Data Controller from third parties.
The Controller may process your personal data in order to offer you Hale's services and products, against
a request from you. The relevant legal basis is Art. 6(1)(b).
Your data may, also, be processed to fulfill legal and tax obligations to which the Controller is subject. The relevant legal basis is Art. 6(1)(c).
In addition, subject to obtaining your consent through Typeform, Webflow and Podia, the Data Controller
may process your data, for purposes of promoting its services and products, for
sharing newsletters and for profiling purposes.
Subject to obtaining your consent, collected through the form at the bottom, the Controller may also process data on health conditions contained in your answers to questionnaires.
The relevant legal basis for processing your data for marketing purposes and
profiling is Art. 6(1)(a) GDPR, while the legal basis for processing your special data resides in Art. 9(2)(a) GDPR.
Finally, the Data Controller may need to use your data to detect, respond to, and prevent
fraudulent and illegal behavior or activities that could compromise the security of its services and to protect its interests in court. The relevant legal basis is Art. 6(1)(f).
We remind you that in no case indicated above is it mandatory to give your Data, but in
absence we will not be able to follow up on the above-mentioned purposes.
In relation to the purposes indicated above, the processing of your personal data is carried out at
by means of computer, telematic and/or manual tools, with logics strictly related to the purposes indicated above and in such a way as to guarantee the security and confidentiality of the data, in addition to compliance with the specific obligations enshrined in the Regulations. Your data will, in any case, be processed in compliance with the principle of lawfulness, correctness, relevance and non excess, in accordance with the provisions of the legislation on the protection of personal data.
Your personal data may be accessed by the following entities:
a ) entities in charge of the processing pursuant to Article 29 of the GDPR and Article 2-quaterdecies of the Privacy Code;
b ) entities that typically act as Data Processors pursuant to Article 28 of the GDPR (e.g., professionals external collaborators of the Data Controller, suppliers, consultants, etc.);
c ) entities, entities or authorities, autonomous data controllers, to which it is mandatory to communicate your personal data under provisions of the law or orders of the authorities.
Regarding the possible future transfer of your personal data to countries
Third parties outside the European Economic Area (EEA) or international organizations, the Data Controller informs you that any processing will take place in compliance with the law or in accordance with one of the ways permitted by law under Articles 44-49 of the GDPR, such as the consent of the data subject, the adoption of the Standard Contractual Clauses approved by the European Commission (SCC), the selection of subjects adhering to international programs for the free movement of data.
More information is available from the Controller by writing to the above addresses.
Net of what has been specified regarding the dissemination of your personal data, the same
will be kept for the period deemed strictly necessary for the fulfillment of the purposes indicated above. Data collected for marketing and/or profiling purposes will be retained until your eventual revocation of the consent given. This is without prejudice, in any case, to the further retention provided for by applicable legislation.
As a data subject, you may, at any time, exercise the following rights (in the presence of the relevant legal prerequisites):
- Right to revoke any consent given (art. 7 of the GDPR) - you have the right to revoke at any time any consent given, without any prejudice to the lawfulness of the processing carried out prior to revocation;
- Right of access (art. 15 of the GDPR) - you have the right to obtain confirmation as to whether or not processing concerning your personal data exists, as well as the right to receive any information relating to such processing;
- Right of rectification (art. 16 of the GDPR) - you have the right to obtain the rectification of your personal data, if they are incomplete or inaccurate;
- Right to erasure (art. 17 of the GDPR) - under certain circumstances, you have the right to obtain the erasure of your personal data present within our archives;
- Right to restriction of processing (art. 18 of the GDPR) - under certain circumstances, you have the right to obtain the restriction of the processing of your personal data;
- Right to portability (art. 20 of the GDPR) - you have the right to obtain the transfer of your personal data to a different data controller as well as the right to obtain in a structured, commonly used and machine-readable format the data concerning you;- Right to object (art. 21 of the GDPR) - you have the right to make a request to object to the processing of your personal data in which you give evidence of the reasons justifying the objection; the Data Controller reserves the right to evaluate this request, which may not be accepted if there are compelling legitimate grounds to proceed with the processing that override your interests, rights and freedoms.
- Right to lodge a complaint with the Supervisory Authority (Art. 77 of the GDPR) - in the event that you believe that the processing that concerns you violates the legislation on the protection of personal data, you may lodge a complaint with the Supervisory Authority of the Member State in which you habitually reside, work or of the place where the alleged violation occurred
(Garante per la Protezione dei Dati Personali, Piazza Venezia, 11, 00187 - Rome, e-mail: email@example.com - PEC: firstname.lastname@example.org);
- Right to bring a claim before the appropriate courts (art. 79 of the GDPR).
Requests should be addressed in writing to the Data Controller at the addresses above.