Privacy Statement (UK)

This privacy statement was last updated on 12/03/2026 and applies to citizens and legal permanent residents of the United Kingdom.

In this privacy statement, we explain what we do with the data we obtain about you via https://www.bandini-pharma.co.uk. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
we first request your explicit consent to process your personal data in cases requiring your consent;
we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

2. Sharing with other parties

We only share or disclose this data to processors for the following purposes:

Processors

Name: GLS
Country: Italy
Purpose: Shipping
Name: Stripe
Country: Ireland
Purpose: Payments
Name: PayPal
Country: Luxembourg
Purpose: Payments
Name: Brevo (Sendinblue)
Country: European Union (France)
Purpose: Newsletter e comunicazioni email marketing

3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.

4. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

We have concluded a data processing agreement with Google.

Google may not use the data for any other Google services.

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
Right of access: You have the right to access your personal data that is known to us.
Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner's Office:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

10. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

11. Contact details

Bandini Pharma S.r.l.
Via Flaminia n. 171 - 47923 - Rimini
Italy
Website: https://www.bandini-pharma.co.uk
Email: amministrazione@ex.combandini-pharma.com

Annex

Data collected during browsing on the website

In the case of simple consultation of the website, without registration or voluntary submission of data, we may automatically collect certain technical data whose transmission is implicit in the use of Internet protocols.

Such data may include, by way of example:

IP address
date and time of the request
requested page
browser used
operating system used
referring URL (referrer), if available

This data is processed for security purposes, technical monitoring, prevention of abuse or unauthorized access, as well as to ensure the stability and proper functioning of the website.

The legal basis for processing is the legitimate interest of the controller pursuant to Art. 6(1)(f) GDPR.

Security of data transmission

The website adopts appropriate technical and organizational security measures to protect users’ personal data. In particular, communications between the user's browser and the website are protected through SSL/TLS encryption protocols.

WooCommerce

Data collected during browsing

While browsing our website, we collect certain technical information necessary for the functioning of the service and for order management.

Products viewed: we use this information to show you, for example, recently viewed products.
IP address, approximate location and browser type: used for the calculation of taxes and shipping costs.
Shipping address: required to estimate shipping costs and to deliver purchased products.

We also use technical cookies to keep track of the contents of the shopping cart while browsing the website. For more information please consult our cookie policy.

Data provided during purchase

When you place an order on our website, we ask you to provide certain personal information necessary to complete the transaction, including:

First name and last name
Billing address
Shipping address
Email address
Phone number
Payment data
Optional account information such as username and password

This data is used to:

manage and fulfill orders placed
send information regarding the order and shipping status
respond to support requests, complaints or refund requests
process payments and prevent fraud
create and manage the customer account
comply with legal, fiscal, administrative and accounting obligations required by law
improve the services and products offered by the website
send marketing communications only where permitted by law or with the user's prior consent

The legal basis for processing is:

performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR)
compliance with legal obligations (Art. 6(1)(c) GDPR)
consent of the data subject, where required, for marketing activities or specific services (Art. 6(1)(a) GDPR)
legitimate interest of the controller, where permitted by law, for the protection of the website, prevention of abuse and efficient management of the service (Art. 6(1)(f) GDPR)

Customer account

If the user creates an account on the website, the data entered will be processed to allow access to the reserved area, facilitate future purchases and manage the order history.

The data associated with the customer account will be retained until a request for deletion of the account is made, without prejudice to any legal retention obligations or the need to retain certain data for the management of previously established contractual relationships.

Contacts and support requests

When the user contacts Bandini Pharma via email, contact form or other support channels, the data provided is processed exclusively for the purpose of handling the request and providing a response.

The legal basis for processing is the legitimate interest of the controller in responding to requests received (Art. 6(1)(f) GDPR) or, where the request is related to an order or a pre-contractual phase, the performance of pre-contractual or contractual measures (Art. 6(1)(b) GDPR).

Data retention

Personal data is retained for the period strictly necessary to achieve the purposes for which it was collected, in compliance with the principles of data minimization and storage limitation.

Data relating to orders, invoicing and accounting are retained for the period required by applicable fiscal and accounting regulations, generally 10 years.
Data relating to the customer account are retained until the account is deleted, unless legal obligations or the need to protect the controller’s rights apply.
Data processed for marketing purposes are retained until consent is withdrawn or the right to object is exercised, where applicable.
Data relating to contact requests are retained for the time necessary to manage the request, unless legal obligations or the need for legal protection arise.

Access to data by personnel

Authorized members of our team, such as administrators and shop managers, may access the information strictly necessary in order to:

manage orders
process refunds
provide customer support
comply with administrative and accounting obligations

Access to data takes place within the limits of the duties performed and in compliance with appropriate confidentiality and security measures.

Categories of data recipients

Personal data may be communicated, within the limits strictly necessary for the purposes indicated in this notice, to entities that support the controller in the management of the website and related activities, including:

IT service providers, hosting providers and technical maintenance providers
payment service providers
couriers and logistics operators
administrative, tax and legal consultants
marketing and communication service providers, within the limits of any consent provided
public authorities or competent bodies, in cases provided for by law

Sharing of data with third parties

We share certain data with service providers that assist us in managing the online store and fulfilling orders, in accordance with the purposes indicated above and within the limits strictly necessary.

In particular, the data necessary for shipping are shared with the courier responsible for delivery, for example GLS.

In relation to shipping, the carrier may receive data such as first name, last name, delivery address and, where necessary for delivery management, contact details such as phone number or email address.

Data processors

Some service providers process personal data on behalf of the controller as data processors pursuant to Art. 28 GDPR. Where necessary, specific agreements have been entered into with these parties to ensure compliance with security measures and with the provisions of data protection legislation.

Payments

We accept payments through Stripe and PayPal. During payment processing, certain data will be transferred to these providers, including information necessary to complete the transaction, such as the order total and billing information.

For more information you may consult:

Transfer of data to countries outside the EEA

Some service providers used by the website may process personal data outside the European Economic Area. In such cases, the transfer takes place in compliance with the safeguards provided by the GDPR, such as adequacy decisions of the European Commission or standard contractual clauses approved by the European Commission.

Consent register

This website uses Complianz – Privacy Suite for WordPress to collect and manage cookie consent preferences. For this functionality the user's IP address may be anonymized and stored in the website database solely for the purpose of documenting the consent given and ensuring compliance with applicable legislation.

Abandoned cart data

If a user enters their email address during the purchase process without completing the order, we may send a single reminder or assistance email intended to facilitate completion of the purchase.

Legal basis: legitimate interest of the controller (Art. 6(1)(f) GDPR), within the limits permitted by applicable legislation. The user may object at any time via the unsubscribe link included in the email or by contacting the controller.

Newsletter and promotional communications

The user may voluntarily subscribe to the newsletter to receive updates, informational content and promotional communications relating to Bandini Pharma products.

The processing of data for sending the newsletter is based on the consent of the data subject pursuant to Art. 6(1)(a) GDPR. The user may withdraw consent at any time via the unsubscribe link contained in the communications received or by contacting the controller.

Where permitted by applicable law, Bandini Pharma may also use the email address provided during a purchase to send communications relating to products similar to those already purchased, without prejudice to the user’s right to object at any time and free of charge to such processing.

Minors

The website and the services offered are not intended for individuals under the age of 18. The controller does not intentionally collect personal data relating to minors.

Rights of the data subject

The user has the right to obtain, in the cases provided for by applicable legislation:

access to their personal data
rectification of inaccurate data
erasure of data
restriction of processing
data portability
objection to processing, where provided by law
withdrawal of consent, without affecting the lawfulness of processing based on consent before its withdrawal

The user also has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

Updates to this notice

This notice may be updated over time, including in consideration of regulatory, interpretative or technical changes relating to the services offered through the website. Users are therefore invited to periodically review its contents.

Data controller

The controller responsible for the processing of personal data is:

Bandini Pharma S.r.l.
Via Flaminia 171
47923 Rimini (RN) – Italy
Email: amministrazione@bandini-pharma.com

Personal data are processed in compliance with the Regulation (EU) 2016/679 (GDPR) and the applicable national legislation on personal data protection.