Unless otherwise stated, this Policy also contains the information which, pursuant to art. 13 of Regulation (EU) n. 2016/679 (the “GDPR”), must be provided to those who interact with the Site (“User”).
The information on the processing of personal data carried out following the access to restricted areas of the Site are shown, where necessary, in the relevant pages.
The Data Controller is Essentia-Beauty, with registered office at Via Vittorio Emanuele 27, e-mail firstname.lastname@example.org. The updated list of the data processors is available at request.
Types of data processed
The Data Controller mat collect, through the Website, and process:
– navigation data;
– personal data voluntarily provided by the User in the forms available on the Site (for which specific information is provided).
Cookies are small text files that visited sites send to the user’s terminal, where they are stored, and then transmitted back to the same sites on the next visit.
The Website uses technical cookies, both of the Data Controller and of third-party. These cookies, being of a technical nature, do not require the prior consent of the User to be installed and used.
In particular, the cookies used on the Site qualify as:
– navigation or session cookies, which ensure the normal navigation and use of the Website.
Not being stored on the user’s computer, they disappear when the browser is closed;
– analytical cookies, by which statistical information on the number of users and of the visits to the Site are collected and analyzed;
– social widgets and plugins: some widgets and plugins made available by social networks can use their own cookies to facilitate interaction with the reference site.
In general, the cookies used by the Site do not trigger the processing of personal data. In the event that, due to technological progress or to the modification of the functionality of these cookies or for other reasons, the cookies triggered the processing of personal data of Users, such personal data would be processed in compliance with the GDPR, as well as with the information contained herein.
Below are listed third-party cookies installed on the Site. For each of them links to the related information and to how to disable cookies used are provided . With regards to third-party cookies, the Data Controller has the sole obligation to include in this Policy the link to the third-party website. It is the responsibility of the third party, however, to provide the required information and the instructions on the possible consent to and / or deactivation of cookies.
Cookies can be disabled by the user by changing the browser settings based on the instructions made available by their suppliers at the links listed below.
Purpose and legal basis of the processing.
Personal Data collected through the Website will be processed, as better described in the relevant section:
- a) to process the User’s request for information;
- b) for sending commercial communications on products and services, by e-mail, sms, mms, fax or similar means and/or by mail or by telephone calls with operator, with the data subject’s consent if required under GDPR 2016/679.
Provision of data and consequences in case of failure to provide.
The provision of Personal Data for the above purposes is optional. Failure to provide the Data will make it impossible for the Data Controller to process the requests of the data subject.
Recipients or categories of recipients.
Personal Data may be made accessible, brought to the attention of or communicated to the following persons, who may be appointed by the Data Controller, depending on the case, as data processors or authorized persons:
- companies belonging to the Data Controller group of companies (controlling companies, subsidiaries or affiliates), employees or consultants of any kind of the Data Controller or of the Data Controller group companies; and
- public or private subjects, natural or legal persons, which the Data Controller uses for the performance of the activities instrumental to the pursuit of the above purposes or to which the Data Controller is required to communicate the Data, pursuant to its legal or contractual obligations.
In any event, Personal Data will not be made public.
Except as otherwise stated in the specific information, Personal Data will be stored for 1 year from registration.
Access rights, cancellation, limitation and portability.
The data subject is granted the rights referred to in articles from 15 to 20 of the GDPR. By way of example, each data subject can therefore:
- a) obtain confirmation as to whether or not personal data concerning him or her are being processed;
- b) if a processing is in progress, access personal data, to obtain information relating to the processing and to request a copy of personal data;
- c) obtain the rectification of inaccurate personal data and the integration of incomplete personal data;
- d) obtain, under the conditions foreseen by article 17 of the GDPR, the erasure of personal data concerning him;
- e) obtain, in the cases provided for by article 18 of the GDPR, the limitation of the processing;
- f) receive personal data concerning him or her in a structured, commonly used and machine-readable format and to request their transmission to another holder, if technically feasible.
Right to object.
The data subject shall have the right to object, at any time, to the processing of personal data concerning him or her which is based on the Data Controller legitimate interests. The Data Controller shall no longer process the personal data unless compelling legitimate grounds exist for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Right of opposition and withdrawal of consent in relation to the processing carried out for marketing purposes.
Each data subject may revoke the consent given at any time or oppose to the processing of his or her personal data by addressing an email to email@example.com. The opposition to the processing exercised through these procedures also extends to the sending of commercial communications by means of the postal service or telephone calls with an operator, without prejudice to the possibility of exercising this right in part, for example opposing only to the processing carried out by means of automated communication.
Right to lodge a complaint with the Authority.
Each data subject may lodge a complaint with the Data Protection Authority if he / she believes that the rights held under the GDPR have been violated, according to the procedures indicated on the Data Protection Authority website ay at: www.garanteprivacy .it.
This Policy will be periodically revised. The Data Controller invites Users who wish to be aware of the means of processing of his or her personal data to visit this page from time to time.