Directive 2002/58/EC – concerning “the processing of personal data and the protection of privacy in the electronic communications sector”
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data and regarding the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR.
The Data Controller is Beautynova S.p.A. Via Savona, 97 – 20144 Milano (MI).
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data, for which transmission is implicit when using Internet communication protocols. This information is not collected in order to be associated with the identified data subjects involved, however, due to its very nature, it may allow users to be identified through processing and association with data held by third parties. This category includes data such as the IP addresses or domain names of computers used by users who access the website, URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the procedure used to submit the request to the server, the size of the file received in response, the code number indicating the status of the response provided by the server (successful, error, etc.), as well as other parameters relating to the user’s operating system and computer environment. Such data are used for the sole purpose of compiling anonymous statistical data regarding the use of the website and for checking its proper operation. Data are immediately deleted after processing.
Navigation data are not retained for more than seven days (except in the case of criminal investigations by judicial authorities). Any limited processing of personal data collected for these purposes is necessary in order to pursue the legitimate interest of the Data Controller (Art. 6 section1, letter f) of the GDPR).
Data provided voluntarily by the user
Sending e-mail messages to the addresses of the Data Controller is a freely chosen, explicit and voluntary option. The compilation of contact forms, registering with the website, and subscribing to the newsletter, on the website, entail the acquisition of all personal data included in communications.
Depending on the purposes pursued, the processing of such data may therefore take place on the basis of the consent freely given by the data subject (Art. 6 section 1, letter a) of the GDPR) in order to fulfil any contract to which the data subject is party or for implementing pre-contractual measures adopted at the data subject’s request (Art. 6 section1, letter b) of the GDPR); to pursue the legitimate interest of the Data Controller (Art. 6 section 1, letter f) of the GDPR).
Specific information will be published on the website pages intended to provide certain services.
Anonymous or aggregated data
Anonymisation is a processing operation that aims to prevent the identification of the data subject. Anonymised data does not fall within the scope of data protection legislation. Aggregated data may derive from personal data provided by the user but are not considered personal data, since, as specified, they do not allow the direct or indirect identification of the data subject.
LINKS TO OTHER WEBSITES
This website may contain links or references to other websites. The Data Controller does not control the cookies or other tracking technologies of such websites, which are not covered by this Policy. Users are therefore invited to consult the individual privacy policies concerning such websites.
OPTIONAL PROVISION OF DATA AND CONTROL OVER YOUR PERSONAL DATA
Apart from what has been specified for navigation data, the user is free to provide his/her personal data. However, failure to provide such data may make it impossible to obtain what has been requested.
At any time, you may choose to restrict the collection or use of your personal data. For example, if you have previously given consent for us to process your personal data for marketing purposes, you may withdraw that consent by writing or e-mailing the Data Controller.
The Data Controller will not sell or disclose collected personal data to third parties unless the Data Controller has obtained your free and explicit consent or unless explicitly required by law. However, with your consent, your personal data may be used to send you promotional information also about third parties.
PROCESSING METHODS and RETENTION PERIOD
Personal data are also processed using automated tools. Specific security measures are observed to prevent the loss of data, any illicit or improper use and any non-authorised access. The Data Controller has adopted all the minimum security measures provided for by law. In accordance with the main international standards, the Data Controller has also adopted additional security measures to minimise any risks concerning the confidentiality, availability and integrity of any personal data collected and processed.
DATA SHARING, COMMUNICATION AND DISCLOSURE
Collected data may be transferred or communicated to other companies for activities closely related and instrumental to the operation of the service, such as computer system management. The personal data provided by users who forward requests, are only used to respond to them and are communicated to third parties only where this is necessary for that purpose. Apart from these cases, personal data will not be communicated unless provided for by contract or law, or unless specific consent is requested from the data subject.
In this respect, personal data may be transmitted to third parties, but only and exclusively in the case in which:
- there is explicit consent to share the data with third parties;
- it is necessary to share information with third parties in order to provide the requested service;
- it is necessary in order to comply with requests from Judicial Authorities or Public Security Services.
No data arising from the web service is disclosed.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Personal data will not be transferred to Third Countries, i.e. countries that are not members of the European Union or the European Economic Area. Should this occur, the Data Controller declares and guarantees to comply with the measures provided for in Chapter V of the GDPR.
ADDITIONAL INFORMATION ON DATA PROCESSING AND EXERCISING RIGHTS
The law regarding the protection of personal data explicitly provides for certain rights of the persons to whom the data refer (so-called data subjects). In particular, pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, each data subject has the right to obtain confirmation of the existence or non-existence of his/her data, to be informed of the source and the purposes and methods of processing, to object to such processing, to have the data updated, amended, integrated, as well as to have the data deleted if processed in breach of the law or if any of the grounds specified in Article 17 of the GDPR exist. For further information on the processing of personal data and to exercise the above-mentioned rights, users may contact the Data Controller by writing to Beautynova S.p.A. using the contact details given above, or by sending an e-mail to firstname.lastname@example.org.
The Data Controller regularly checks his/her privacy and security policy and, if necessary, revises it according to regulatory, organisational or technological changes. In the event of amendments to the policy, the new version will be published on this page of the website.
THE RIGHT TO LODGE A COMPLAINT
Users who believe that the processing of their personal data carried out via this website violates the provisions of the GDPR, have the right to lodge a complaint with the Supervisory Authority, as provided for in Art. 77 of the GDPR, or to take appropriate legal action (Art. 79 of the GDPR).