Privacy policy

  • Home
  • Privacy policy

Privacy Policy in implementation of EU Regulation 2016/679 and current regulations (hereinafter referred to as the GDPR)

Data Controller

Pharmanutra spa, via delle Lenze No. 216/B – (56122) Pisa – VAT No. 01679440501 which can also be contacted on 050 7846500 

Data Protection Officer 

The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted for any information and requests via email at

Personal and identification data

Personal data is intended as any information relating to an individual, whether identified or identifiable, even indirectly, by reference to any other information, including a personal identification number; Identification data, personal data that allow for a direct identification of the interested party (such as name, surname, e-mail address, address, telephone number, etc.).

Browsing data

During their normal operation, the IT systems and software procedures used for running this website acquire some personal data the transmission of which is implicit in the use of Internet communication protocols. This information is not collected with the intent of associating it with identified users but, by its nature, it could lead to the identification of users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users who connect to the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code specifying the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computing environment. This data is used solely to compile anonymous statistical information on the use of the website and to verify its correct operation. Defence in court: The User’s Personal Data may be used by the Data Controller in court or during the preliminary stages of its possible establishment for the defence against abuse in the use of this website or related Services by the User. The data could be used to ascertain liability in case of hypothetical computer crimes against the website. Maintenance – The User’s Personal Data may be processed with additional methods and purposes related to system maintenance.
This data is collected for technical reasons in order to ensure easy configuration of the connection and practical use of the website and to assess the security and stability of the system. The legal basis for the processing of data is Article 6, paragraph 1, sub-paragraph 1, section f of the GDPR. The legitimate interest of the Data Controller derives from the purposes listed above for data collection. The Data Controller does not in any case use the data collected to draw conclusions about the user.

The assessment is for statistical purposes only and without reference to individuals. The Data Controller collects, uses and transmits other personal data only if permitted by law or if the user authorises the collection of data.

Data provided voluntarily by the user

By contacting the Data Controller, for example, through the contact form or subscription to the Newsletter, the information provided by the user shall be retained for the processing of the user’s request and in case of further questions. 

The legal basis for the processing of data is also Article 6, paragraph 1, section f of the GDPR. The legitimate interest of the Data Controller is to achieve maximum user satisfaction by making its services more attractive. 

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included. Specific information shall be presented on the pages of the Website in relation to specific services or processing of Data provided by the User or Data Subject.

If the user subscribes to the Data Controller’s newsletter, the latter shall use the email address to send the newsletter. You may unsubscribe at any time. The email address shall not be used for any other purpose. The user’s data is processed exclusively on the basis of the consent given by the user. The legal basis is the legitimate interest of the Data Controller.

Integration of third-party services and content

In some cases, this website may include third-party content, such as Google Maps, RSS feeds or graphics from other websites. This situation assumes that the providers of such content (hereinafter “providers”) use the user’s IP address. Without the user’s IP address, it would not be possible to transmit content to the browser. The IP address is therefore necessary for viewing such content. The DATA CONTROLLER shall use the IP address only for the purpose of providing the content. However, the Data Controller does not influence this in any way if providers store the IP address, for example for statistical purposes.

Further information on specific services and social plug-ins can be found in the detailed reasonings contained in the data protection declaration.

Purpose of processing for which consent is given where required

Personal data voluntarily provided shall be processed for the following purposes, until you object to it:

  • performance of operations strictly connected and instrumental to the management of relations with users or visitors to the website;
  • collection, retention and processing of your data for:
  • statistical analysis, also in anonymous and/or aggregated form;
  • statistical analysis aimed at verifying the quality of services offered by the website;

Processing method – Retention

Processing shall be carried out in an automated and manual manner, with methods and instruments aimed at guaranteeing maximum security and confidentiality, by persons specifically authorised. 

Storage period 

Data shall be stored for a period not exceeding the purposes for which the data was collected and subsequently processed. 

Scope of communication and data dissemination:

Your data, subject to processing, shall not be sold or exchanged with third parties without the express consent of the data subject. Data may be disclosed to third parties belonging to the following categories:

  • parties that provide services for the management of the IT system 
  • consultancies or companies in the context of assistance and consultancy relationships;
  • competent authorities for fulfilling legal obligations and/or requirements of public bodies, upon request.
  • external providers;  
  • companies that carry out ordinary and extraordinary maintenance of the website

I in any case, your data shall not be disseminated 

Transfer of data abroad

Should personal data be transferred to third countries or international organisations in the future, all the provisions of Chapter V (EU Regulation 2016/679) shall be complied with in order to ensure an adequate level of protection. 

Rights of the User/Data Subject

Users are entitled at any time to:

  • Request information about their data retained by the Data Controller without giving reasons therefor. Except for connection fees charged by the provider, users are not required to incur any costs as a result of the request.
  • Have the data collected blocked, rectified, limited or erased if the legal requirements are met.
  • Object to the processing of data for sending newsletters and other direct advertising communications.
  • Object to other possible processing of your personal data, if there are legal requirements.
  • Withdraw the consent given to the Data Controller to the collection and use of data without stating the reasons therefor.
  • Receive personal data made available in a readable format and pass it on to another data processor.
  • Appeal to a supervisory authority notwithstanding any other administrative or judicial remedy.

Obligation to provide personal data

There is no legal obligation to provide data. In some cases, the disclosure of data may be necessary for the provision of the Data Controller’s services, such as the indication of a contact address when using the contact form. If no communication occurs in such cases, the provision of the Data Controller’s services is only possible to a limited extent. 

Right to complain to a supervisory authority

If you consider that the processing concerning you breaches your dignity, you have the right to lodge a complaint with the relevant Supervisory Authority.

The software applications used may contain “cookie” technology. Cookies are mainly used to facilitate the user’s browsing. Cookies may provide information on browsing within the website and allow the operation of certain services that require the identification of the user’s path through various pages of the website. For any access to the portal regardless of the presence of a cookie, the type of browser, the operating system (e.g. Microsoft, Apple, Android, Linux, etc…), the host and the URL of origin of the visitor, as well as the data on the page requested, are recorded. However, users can set their browser to notify them when they receive a cookie and thus decide to delete it. More information about cookies can be found on the websites of the browser providers.

What are Cookies?

Cookies are small-sized text strings that are stored on your computer when you visit certain pages on the Internet. Most browsers have cookies enabled, at the bottom of which is the information you need to change your browser’s cookie settings. Cookies are not harmful to the device. In the cookies we generate, we do not store personally identifiable information, but we use information to improve your time on the website. For example, they are useful for identifying and resolving errors. 

Cookies can perform various functions, such as browsing between pages efficiently and in general they can improve the user’s stay. The Data Controller reserves the right to use cookies, with the consent of the user where the law or applicable regulations so require, to facilitate browsing on this website and customise the information that shall appear. The Data Controller also reserves the right to use similar systems to collect information about users of the website, such as type of Internet browser and operating system used, for statistical or security purposes.

Types of cookies used 

Technical browsing cookies

Cookies are necessary to view the Data Controller’s website and guarantee normal browsing and use by enabling the connection between the server and the browser used by the user. 

These cookies are essential to browsing (for example, session identifiers) and allow use of the main website features and to protect the connection. Without these cookies, browsing and use of the website would not be possible:

Technical cookies are classified as both first-party and third-party cookies. Third-party technical cookies include the following:

Google Analytics

This website uses Google Analytics, an internet analysis service of GoogleLLC (hereinafter referred to as “Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the website. The information generated by the cookie about your use of this website shall usually be transmitted to and stored by Google on servers in the United States.

In the event that IP anonymisation is activated on this website, Google shall truncate the IP address in the Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA where it is then truncated. On behalf of the operator of this website, Google shall use this information for the purpose of assessing your use of the website, compiling reports on website activity and providing website operators with other services relating to website activity and internet usage. The IP address transmitted by the Internet browser within the scope of Google Analytics is not combined with other Google data. Users can prevent the storage of cookies by setting their browser accordingly. However, the Data Controller informs users that, in this case, it may not be possible to use all the functions offered by the website in their entirety.

In addition, this website uses Google Analytics reports for performance based on demographic characteristics, such as age and gender, as well as based on interests. Data on demographic characteristics and interests are collected for Internet access via the third-party cookie of the Google DoubleClick associated company. The demographic characteristics are assessed by the Data Controller anonymously and are not combined with personal data. The user may deactivate the assessment based on demographic characteristics at any time in Google’s ad settings.

Users may also prevent the collection of data generated by the cookie regarding their use of the website (including their IP address) and the processing of said data by Google by downloading and installing the browser plug-in available via the following link

As an alternative to the browser plug-in or within browsers on mobile devices, click on the link below to set an Opt-Out Cookie that shall later prevent the collection by Google Analytics within this website (the Opt-Out Cookie works only in the aforementioned browser and only for the aforementioned domain; if cookies are deleted in the browser, the same must be done again on the link): deactivate Google Analytics on the website.

Further information on the conditions of use and data protection can be found at the following addresses or

The Data Controller points out that this Google Analytics website has been integrated with the code “gat._anonymizeIp();” to ensure the anonymous collection of IP addresses (so-called IP masking).

For more information, please see the relevant policy in the table below (*).

Functional cookies

These are cookies stored on the user’s computer or other device that, based on the user’s request, record said user’s choices, enabling the user to remember them in order to optimise and provide a better browsing and customised service or access to this website.  (e.g., registering in reserved areas, storage of products in the shopping cart so that users can find them there in their next session, saving the selected language, displaying a video or the possibility of commenting on the blog, etc.). Functional cookies are not essential to the operation of the website, but they improve browsing quality and experience

Analytical and Statistical Cookies 

a- Yandex and Yandex Metrika

This website uses Yandex and Yandex Metrika Analytical Cookies that enable the optimisation of the Data Controller’s website pages by analysing the movements of users anonymously within the website. For more information, please see the relevant policy in the table below (*).

b- Google Remarketing

The Data Controller’s websites use Google Remarketing, a Google Internet ad service that enables the setting of advertisements that arouse interest by enabling users who have visited or used the websites and offers to be redirected to Google Partner Network pages with appropriate advertising offers. Google uses cookies for this purpose. In this case, these are small text files consisting of a special numerical sequence (cookie ID) that Google stores on the user’s computer. Google uses these cookies to recognise the user’s browser when the user visits other websites and to engage the user with advertisements based on the user’s interests. The information generated by the cookie is transmitted to a Google server in the United States, where it is stored. If necessary, Google uses the IP address of the user’s browser to display specific advertisements.

The Data Controller invites users to note that Google Remarketing is the service of an independent third party (Google) the data processing processes of which cannot be influenced by the latter. Further information on the handling of data obtained by Google and on Google’s data protection provisions can be found at the following address:

If the user wishes to receive interest-based advertising, the user is entitled to prevent Google from saving cookies through the specific browser settings provided.

The user is also entitled to object to the use of cookies by Google at any time with effect from the time of objection by accepting the use of cookies in accordance with the provisions stated on the website on the link below.


Facebook’s c- Social plug-in with the “2-click solution”

The Data Controller’s website uses the plug-ins (hereinafter referred to as “plug-ins”) of Facebook’s social networks. This service is provided by Facebook Inc.

Facebook is managed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter “Facebook”). An overview of the Facebook plug-ins and their appearance can be found at:

In order to increase the protection of the user’s data when visiting the Data Controller’s website, plug-ins are integrated into the website via the so-called “2-click solution”. This solution makes it possible not to establish an immediate connection to the Facebook servers when accessing the Data Controller’s website via the plug-ins on said website. The user’s browser only establishes a direct connection to the Facebook servers when the user does not activate the plug-ins and, as a result, does not provide permission for data disclosure. The content of the plug-ins is transmitted directly from the specific provider to the user’s browser and integrated into the page. In this way, suppliers receive information that the user’s browser has consulted a specific page on the Data Controller’s website, even if the user does not have a profile with the specific supplier or is not currently logged in. 

This information (including the user’s IP address) is transmitted directly from the user’s browser to a provider’s server in the USA, where it is stored.

If the user has logged into one of the social networks, the providers are entitled to immediately assign the user’s visit to the Data Controller’s website to the user profile on Facebook. If the user interacts with plug-ins, such as the “Like” button, the specific information is communicated directly to a supplier server, where it is stored. 

The purpose and scope of data acquisition and the further processing and use of data by providers, as well as the user’s rights and options for setting up privacy protection are set out in the providers’ privacy policy.

Facebook Privacy Policy

If the user does not want Facebook to associate the data collected, via the Data Controller’s website, directly with the user’s profile in the respective service, the user must log out of the respective service before activating the plug-ins.

The legal basis for data processing is the legitimate interest of the Data Controller, pursuant to and for the purposes of Article 6, paragraph 1, section f of the GDPR, which involves increasing the level of awareness of the Data Controller’s products. 

Statement of consent for measuring the conversion with the Facebook visitors promotion pixel

Measuring the conversion with the Facebook visitors promotion pixel in summary

The visitor promotion pixel is a service of Facebook Inc, 1601 S. California Ave., Palo Alto, CA 94304, USA. It enables the tracking of user behaviour after clicking on a Facebook ad and redirection to the advertiser’s or advertised company’s website. The conversion measurement with the visitor promotion pixel enables the measurement, assessment and optimisation of the effectiveness of Facebook ads for statistical and market research purposes. The data collected on the Data Controller’s websites thanks to the visitor promotion pixel does not allow the Data Controller to draw any conclusions about the user’s person. The data collected, such as the user’s IP address, is communicated to Facebook by the visitor promotion pixel. This data is stored and processed by Facebook to measure the conversion. The Data Controller receives reports from Facebook on the measurement of the conversion in anonymous form. These reports do not even allow conclusions to be drawn about the identity of users. However, it cannot be ruled out that there may be a link between the data provided by Facebook and other personal data of the user, e.g., user data relating to an existing Facebook account, or that Facebook shall use the specific data for its own purposes, if necessary.

The visitor promotion pixel is the service of a company independent of the Data Controller (Facebook). The Data Controller cannot influence the specific data processing processes. Further information on the use of the data collected by Facebook can be found in Facebook information, at the following address:

Facebook and its partners enable the publication of advertisements on the websites of Facebook and third parties. A cookie may be stored on the user’s computer in order to use the visitor promotion pixel and track specific activities.

By selecting the OK button in the specific banner on the website, users declare their consent to the use of the conversion measurement with the Facebook visitors promotion pixel and make the following statement of consent in this regard.

“I, the undersigned, consent to the use of the Facebook Visitor Promotion Pixel, a service of Facebook Inc., 1601 S., for the promotion of Facebook visitors. California Ave., Palo Alto, CA 94304, USA, previously described in this paragraph, for the purpose of measuring the conversion described on the Data Controller’s websites”

Consent to the use of the visitor promotion pixel can only be given by users over 16 years of age.

Users hereby declare that they are authorised to submit the statement of consent independently or that they have requested authorisation from their legal guardian before submitting the statement of and that said guardian has granted their consent accordingly.

Users have the right to withdraw their consent to use the conversion measurement with the visitor promotion pixel at any time. For this operation, click on the following link:

This data protection statement, including the above statement of consent, is available and permanently accessible via this website. The collection, processing and use of personal data on the basis of separate statements of consent or legal permissions remain unaffected by the aforementioned consent.

The legal basis for the processing of data is the consent granted in accordance with Article 6, paragraph 1, sub-paragraph 1, section a of the GDPR.

Which cookies we specifically use:

Name  Purpose  Type  Expiry date   URL cookie details 
_gid Cookie is used to distinguish users. Third party (Google Analytics) 24 hours

_gat Used to limit the rate of requests Third party (Google Analytics) 1 minute
_gclxxxx Used to distinguish users Third party (Google Analytics) 3 months
_gat_UA-XXXXXXX Used to distinguish users Third party (Google Analytics) 1 minute
_ga Used to distinguish users Third party (Google Analytics) 2 years
Name  Purpose  Type  Expiry date   URL cookie details 

See links opposite

Third party (Yandex) 20 hours

_ym_metrika_enabled Third party (Yandex) 1 minute
_ym_metrika_enabled_* Third party (Yandex) 1 minute
_ym_mp2_substs_* Third party (Yandex) 1 minute
_ym_visorc_* Third party (Yandex) 30 minutes
yandexuid Third party (Yandex) 10 years
yp Third party (Yandex) 10 years
yabs-sid Third party (Yandex) 10 years
_ym_uid Third party (Yandex) 2 years

Google ads
This is a service provided by Google Inc. It is Google’s advertising platform that enables the publication of text ads, images and videos on Google’s search results pages and content network websites. Ourwebsite uses “Google Adwords” solely to promote its services on the web. In addition, it uses remarketing services that enable advertisements to be displayed to users who have already visited this websitewhilst they are browsing the web. For more information, please visit cookies used can be viewed in the following table:

Name  Purpose  Type  Expiry date   URL cookie details 
__gads Used to quantify interactions with advertisements on that specific domain and prevent the same advertisement from being shown to the same person too many times Third party (Google Ads) 30 days 
__gac Used to quantify interactions with advertisements on that specific domain and prevent the same advertisement from being shown to the same person too many times. Third party (Google Ads) 30 days  
__gac Used to quantify interactions with advertisements on that specific domain and prevent the same advertisement from being shown to the same person too many times Third party (Google Ads) 30 days
__gcl Used as many times as people who click on their ads then perform operations on their website (e.g., make purchases). Third party (Google Ads) 30 days

Facebook Cookie Analytics: 
Here, the website uses the Facebook pixel to retarget, i.e., to show, on Facebook, advertisement consistent with pages you have already visited.

Name  Purpose  Type  Expiry date   URL cookie details 


The Facebook Analytics pixel is a useful tool for obtaining statistical and demographic data on users browsing the website. The Facebook analytics system shall always collect data in anonymous and aggregated form and shall cross-check them with those held by it in order to make more interesting communication activities available to website browsers, both on and off the website).It also enables the Data Controller to monitor the conversions that occur on its website as a result of the ads it is running on Facebook. Facebook compares the conversion event with the group of people who were shown the advertisement or who clicked on it, in order to provide the Data Controller with information that helps it understand the return on investment for its advertising spending.

Third party (Facebook)

180 days

How can I disable cookies?

Warning: in relation to the deactivation by the user of all types of cookies (including technical cookie) please note that some features of the website may be reduced or unavailable.
Most browsers automatically accept cookies, but you can also choose not to accept them. If you do not want your computer to receive and store cookies, you can change your browser’s security settings (Internet Explorer, Google Chrome, Mozilla Firefox, Safari, etc.). There are several ways to manage cookies and other tracking technologies. By changing your browser settings, you may accept or decline cookies or decide to receive a warning message before accepting a cookie from the websites you visit. You can delete all cookies installed in the cookie folder of your browser. Please note that every browser has different procedures for managing the settings.

Cookies can be deactivated directly from your web browser. For more detailed information regarding cookie deactivation options, here is a list of links for configuring the most popular browsers.

If you do not use any of the browsers listed above, select “cookies” in the relevant section of the guide to find out where your cookie folder is located.


The consent is freely expressed by the user continuing with the browsing, after having read the short notice. Please note, however, that you can withdraw your permission at any time and you can proceed with disabling cookies as described above.

Other links

To provide users with a better service, this website may contain links to other websites (“Links”). The Data Controller declines all responsibility for the contents and materials that can be accessed from such websites or that can otherwise be obtained through them. Any information concerning the websites referred to by the links must be addressed solely to the administrators of the websites in question.

Changes to the policy on the use of cookies

In order to keep it up to date, the policy on the use of cookies is periodically reviewed. The latest update to this cookie policy was made on 16 October 2020.


The technology that guarantees the best absorption of Iron.

Find out more
Do you have the SiderAL® app yet?

Download it onto your smartphone now!

App Store
Google Play