Privacy Policy
Last update: 23 June 2026
1. Data controller and DPO
The data controller is Professional Dietetics S.p.A., with registered office at Via Ciro Menotti 1/A, 20129 Milan (MI), Italy, phone +39 02 744020, contact e‑mail address: info@profdiet.it.
Professional Dietetics S.p.A. has appointed a Data Protection Officer (DPO), who can be contacted at privacy@profdiet.it and dpo@profdiet.it.
For any request regarding the processing of personal data and the exercise of the rights described in this notice, you may contact the controller or the DPO using the contact details above.
2. Categories of data processed
Through the website https://www.professionaldietetics.com and related online services (e.g. newsletter), the following categories of personal data may be processed:
- Browsing data: information automatically collected by the system (such as IP address, date and time of access, requested URL, user agent, device information) for technical and security purposes.
- Data collected through cookies and other tracking tools: online identifiers, preferences expressed on the site, aggregate information on the use of the pages, as further described in the dedicated cookie policy.
- Data voluntarily provided via the contact form: first name, last name, e-mail address, country, role/profession, and any additional information included in the message by the user.
- Data provided for newsletter subscription: e-mail address, language/communication preferences and, optionally, information on role/profession or country.
3. Purposes and legal bases of processing
The personal data collected through the website and related services are processed for the following purposes, on the corresponding legal bases:
3.1 Website operation and security
- Purpose: to ensure the proper functioning of the website, the security of the service, the monitoring of performance and the prevention or detection of fraudulent activities or abuses.
- Data processed: browsing data, technical logs.
- Legal basis: the controller’s legitimate interest in the secure operation and protection of the site, balanced against users’ rights and freedoms (Article 6.1, f GDPR).
3.2 Handling contact requests
- Purpose: to respond to requests submitted via the contact form, provide information on Professional Dietetics’ products and activities, and handle any support requests or institutional communications.
- Data processed: identification and contact data, content of the message.
- Legal basis: performance of pre-contractual measures taken at the request of the data subject (Article 6.1, f GDPR) and, where applicable, the controller’s legitimate interest in managing communications received (Article 6.1, f GDPR).
3.3 Newsletter and informative communications
- Purpose: to send newsletters and informative communications relating to Professional Dietetics’ products, services, initiatives and updates, including communications differentiated by type of recipient (e.g. healthcare professionals, distributors).
- Data processed: e-mail address, language/communication preferences, any information on role/profession or country.
- Legal basis: the data subject’s consent to the sending of electronic communications (Article 6.1, a GDPR) or, within the limits allowed, the controller’s legitimate interest in carrying out communication activities towards subjects with whom a relationship already exists (Article 6.1, f GDPR), without prejudice to the right to object.
Users may withdraw consent or object to receiving communications at any time by using the unsubscribe link included in each communication or by contacting the controller or the DPO.
3.4 Anonymous statistics and website improvement
- Purpose: to compile aggregate and anonymous statistics on website usage and to improve the content and user experience.
- Data processed: information collected through cookies or analytics tools, within the limits and conditions described in the cookie policy.
- Legal basis: the controller’s legitimate interest in understanding the use of the site in an aggregated form, with appropriate minimization measures; where non-technical cookies or tools are used, the legal basis is consent (Article 6.1, a and Article 6.1, f GDPR).
3.5 Marketing and third-party content (subject to consent)
- Purpose: to display embedded multimedia content (e.g. YouTube videos), interactive maps (e.g. Google Maps) and, where applicable, to measure interaction with such content for marketing or communication purposes.
- Data processed: online identifiers, information on the use of embedded content, data collected by third-party providers through their cookies or tools.
- Legal basis: the user’s consent to the use of marketing or profiling cookies and tools, expressed through the banner or consent management system (Article 6.1, a GDPR).
4. Nature of data provision
The provision of browsing data is necessary for the operation of the site and is linked to the use of communication protocols; failure to provide such data may make navigation impossible or limit certain functionalities.
The provision of data requested in the contact form is optional but necessary in order to respond to your request; failure to provide such data will prevent the request from being handled. The provision of data requested for newsletter subscription is optional, but failure to provide such data will prevent communications from being sent. The provision of data processed for purposes based on consent (e.g. marketing cookies, embedded content) is optional, and failure to consent will not affect the use of the essential features of the website.
5. Methods of processing and logic of tools
Personal data are processed using electronic tools and, where necessary, manual tools, with appropriate technical and organizational measures in place to ensure their security, confidentiality and integrity, in accordance with Article 32 GDPR.
For third-party content involving the use of cookies or other trackers (e.g. YouTube, Google Maps), loading is conditional upon the expression of valid consent through the consent management platform (CMP); in the absence of consent, an informational placeholder is displayed, and the related scripts are not executed.
6. Data recipients
Personal data may be disclosed, to the extent strictly necessary for the purposes described above, to the following categories of recipients:
- Providers of technical and IT services supporting the operation of the site (e.g. hosting providers, CDNs, IT maintenance, video platforms, maps, analytics tools), appointed as data processors pursuant to Article 28 GDPR, where applicable.
- Consultants and professionals assisting Professional Dietetics (e.g. legal, IT, compliance consultants) within the scope of their assignments.
- Public authorities and supervisory bodies, within the limits provided by law and upon their legitimate request.
An up-to-date list of data processors can be obtained from the controller or the DPO upon request.
7. Data transfers outside the EEA
Some providers of technical services or third-party platforms used on the site (for example analytics services, video platforms or maps) may be located in countries outside the European Economic Area.
In such cases, transfers of personal data will be carried out in compliance with Articles 44 et seq. GDPR, on the basis of adequacy decisions by the European Commission, or by adopting appropriate safeguards (such as standard contractual clauses), or where one of the conditions set out in Article 49 GDPR applies; further information can be requested from the controller or the DPO.
8. Data retention periods
Browsing data are retained for a limited period, normally not exceeding 12 months, unless longer retention is necessary in the event of security incidents or legal obligations.
Data provided via the contact form are retained for the time strictly necessary to handle the request and are subsequently deleted or anonymised, unless further retention is required by law or in connection with the controller’s protection needs. Data collected through cookies are retained according to the periods indicated in the cookie policy, depending on the specific type of cookie. Data relating to the newsletter are retained for the time during which the user maintains the subscription and, in any case, until consent is withdrawn or an objection to receiving communications is raised.
9. Data subjects’ rights
As a data subject, you may at any time exercise the rights set out in Articles 15 to 22 GDPR, including:
- The right to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to obtain access to the data and information on the processing (right of access).
- The right to obtain the rectification of inaccurate data or the completion of incomplete data (right to rectification).
- The right to obtain the erasure of data in the cases provided for by law (right to erasure).
- The right to obtain restriction of processing where the conditions laid down in the GDPR apply (right to restriction).
- The right to receive, in a structured, commonly used and machine-readable format, the personal data you have provided and to transmit them to another controller (right to data portability), in the cases provided.
- The right to object, on grounds relating to your particular situation, to processing based on the controller’s legitimate interest (right to object).
- The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise these rights, you may contact the controller or the DPO at the addresses indicated in section 1.
10. Complaints to the supervisory authority
You have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement; in Italy, the competent authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it).
In any case, you are invited to contact the controller or the DPO first, in order to seek an amicable resolution of any issues.
11. Links to other sites and third-party content
The site may contain links to third-party websites or embedded content (e.g. videos, maps, widgets) managed by independent entities. Accessing such content may result in the collection of personal data by the third parties involved, in accordance with their own privacy notices, which you are encouraged to read.
The controller is not responsible for how these third parties process your personal data; the display of such content on the site is subject to your consent expressed through the consent management system.
12. Changes to this privacy policy
This privacy policy may be updated in order to reflect legal developments, technological changes or changes in the way personal data are processed. The updated version will be published on this page and, where appropriate, duly highlighted on the website.