PROCESSING POLICY NOTICE
Personal data processing policy notice for the users of the www.alfaparfmilanopro.com website
Why this notice
Beauty & Business spa, (hereinafter referred to as “Controller”), is committed to respecting and protecting your privacy, and wants you to feel safe not only when simply browsing through the site but also if you decide to register and provide us with your personal data to take advantage of our services made available to Users and/or Customers. On this page, the Data Controller intends to provide some information on the processing of personal data relating to the users who visit or consult the website that can be accessed electronically at www.alfaparfmilanopro.com (hereinafter referred to as the “Site”). A policy notice is provided only for the website in question, and not for other websites that may be consulted by the user through links (for which reference is made to the respective privacy information/policy notices). Reproducing or using pages, materials and information contained in the Site, by any means and on any medium, is not allowed without the Controller’s prior written consent. Copying and/or printing is allowed for personal and non-commercial use only (for requests and clarifications, please contact the Data Controller at the addresses given below). Other uses of contents, services and information on this site, and in general of any type of data - even exclusively technical - that can be accessed in any way from this site, are not allowed.
With regard to the contents offered and the information provided, the Data Controller will ensure that the contents of the Site are reasonably updated and revised, without offering any guarantee as to the adequacy, accuracy or completeness of the information provided, as well as explicitly disclaiming any responsibility for any errors of omission in the information provided on the Site.
Origin - Navigation data
The Data Controller informs that the personal data you provide and acquire upon enquiry and/or contact, registration on the site and use of services via smartphone, or any other tool used to access the Internet, as well as the data necessary for the provision of these services, including navigation data and the data used for any purchase of the products and services offered, but also only any so-called “navigation” data used on the site by Users, will be processed in compliance with applicable legislation. During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of the Internet. This is information that is not collected to be associated with identified data subjects, but which by its very nature could allow navigating users to be identified through processing and association with third-party data. This category of data includes “IP addresses” or domain names from the computers used by users who connect to the site; URI (Uniform Resource Identifier) addresses for the requested resources; the time of a request; the method used in submitting a request to the web server; the size of the file obtained in response; the numerical code indicating the status of the response given by the web server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site, in order to check it for proper functioning. It should be noted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the Site, or other sites connected to it: except for this circumstance, data does not presently persist on web contacts for more than a few days.
Origin - Data provided by the user
The Data Controller collects, stores and processes your personal data for the purpose of supplying the products and services offered on the Site, or for legal obligations. With regard to some specific Services and Products, the Controller may also process your data for commercial purposes. In these cases, specific, separate, optional and always revocable consent will be required in the manner and at the addresses indicated below.
Optionally, explicitly and voluntarily sending e-mails to the addresses specified in the appropriate section of the Site, as well as filling out questionnaires, communicating via chat, using push notifications via the App, social networks, call centres if any, etc., entails the subsequent acquisition of some of your personal data - including that collected through the use of the App and related services - which is necessary to respond to requests. Also be aware that, when using the mobile connection to access any digital contents and services offered directly by the Data Controller or by our Partners, it may be necessary to transfer your personal data to these third parties. Please also note that you could access the Site or connect to areas where you may be enabled to publish information using blogs or bulletin boards; communicate with others, e.g. from the Controller’s page, on Facebook®, Instagram®, LinkedIn®, Youtube®, Twitter® and other social networking sites; review products and offers and post comments or content. Before interacting with these areas, please read the General Terms and Conditions of Use carefully, bearing in mind that, in certain circumstances, the information you post can be viewed by anyone accessing the Internet, and all the information you include in your posts may be read, collected and used by third parties.
Processing purpose and legal basis
Data is processed for:
- purposes strictly connected with and necessary to register on the Site, services and/or Apps developed or made available by the Controller; to use the related information services; to manage contact requests or enquiries; to purchase products and services that are offered through the Site;
- functional activities related to managing User/Customer requests and sending any feedback;
- purposes related to fulfilling obligations under EU and national regulations, protecting public order, detecting and fighting crimes;
- direct marketing, i.e. sending of advertising material, direct selling, market research or business communication on the products and/or services offered by the Controller; this activity may also concern products and services by companies belonging to AlfaParf Group, of which the Controller is part, and be performed by sending advertising/information/promotional material and/or invitations to take part in initiatives, events and offers aimed at rewarding users/ customers with “traditional” methods (e.g. mailing and/or operator calls), or through “automated” contact systems (e.g. SMS and/or MMS, telephone calls without operators, e-mails, faxes, interactive applications.
The provision of data for the purposes referred to under 1), 2) and 3), connected to a pre-contractual and/or contractual stage, or in order to meet a user request, or envisaged by a specific regulatory requirement, is mandatory and, failing that, it will not be possible to receive information and access any services requested; with regard to point 4) of this Information statement, consent to data processing by the user/customer is instead free and optional, and can always be revoked without any consequences on the usability of products and services, except for the impossibility of the Controller to keep users/customers updated on new initiatives, or on particular promotions or benefits that may be available.
The Data Controller may send business communications about products and/or services similar to those already provided, using the e-mail or mail addresses specified by you on those occasions, which you can always object to following the methods set out in the communication itself.
Methods, processing logics, storage times and safety measures
Data is also processed by means of electronic or automated tools by the Controller and/or third parties which the Data Controller can use to store, manage and transmit data. Data will be processed according to personal data organisation and processing logics, also taking data into account that relates to logs originating from the access and use of the services made available via the web, of the products and services used in relation to the purposes referred to above and, in any case, with the adoption of adequate data security and confidentiality measures. Personal data will be retained for the time strictly necessary to pursue the purpose for which it is collected, subject to different timescales required by law, or as a result of a need to defend a right in court. Precisely with reference to personal data protection issues, the user/customer is requested to report to the Controller any circumstances or events from which a potential data breach may arise, in order to immediately assess and adopt any actions aimed at countering said event by e-mailing email@example.com. The measures taken by the Controller shall not exempt the user/customer from paying the necessary attention to the use, where required, of an adequately complex password/PIN which shall be updated periodically - especially if it is assumed to have been violated/known by third parties - as well as carefully protected and made inaccessible to third parties, in order to avoid improper and unauthorised use.
Communication areas and data transfer.
For the pursuit of the aforementioned purposes, the Controller may disclose user/customer data to or have it processed by third parties who we have relationships with, in Italy and abroad, where these third parties provide services at our request. We will provide these third parties only with the information necessary to carry out the requested services, by taking all measures to protect your personal data. Data may be transferred outside the European Economic Area if this is necessary to manage your contractual relationship. In this case, protection and safety obligations equivalent to those guaranteed by the Data Controller will be imposed to the recipients of data. If services offered directly by Partners are used, we will provide only the data strictly necessary to render them. In any case, only the data necessary for the pursuit of the intended purposes will be disclosed and, where required, the guarantees applicable to data transfers to third countries will be applied. We may also disclose personal data for marketing reasons to our business service providers, who are appointed, for this purpose, as external processors. Furthermore, personal data may be disclosed to competent public entities and authorities for compliance with regulatory obligations or to ascertain any liability in the event of computer crimes against the site, as well as disseminated or allocated to third parties (such as processors or, in the case of suppliers of electronic communication services, independent controllers) who provide IT and telematic services (e.g. hosting, management and website development services) and whom the Controller uses to perform technical and organisational tasks and activities which are useful for the proper functioning of the website. The subjects belonging to the above categories operate as separate Data Controllers or as Processors appointed for this purpose by the Data Controller.
Personal data may also be known by the Controller’s employees/consultants, who are specifically trained and authorised to process it.
The categories of recipients who data may be disclosed to are available by contacting the Data Controller at the addresses provided below.
Data subjects’ rights
You can exercise the rights that are recognised by law at any time:
- access your personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients who it may be disclosed to, the applicable retention period, the existence of automated decision-making processes;
- obtain the correction of inaccurate personal data concerning you without delay;
- obtain the deletion of your data in the cases provided for by law;
- obtain limitation of processing or oppose thereto, in the cases provided for by law;
- oppose to automated decision-making processes, including profiling, if the conditions provided for by law are met;
- request the portability of the data you have provided to the Data Controller, i.e. receive it in a structured format that is commonly used and readable by an automatic device, also in order to transmit this data to another Controller, without any impediment by the Data Controller itself, in the cases provided for by law;
- file a personal data protection complaint with the guarantor.
For the processing referred to in point 4) of the purposes, the Customer can always withdraw its consent and exercise the right to object to direct marketing (in “traditional” and “automated” forms). Notwithstanding anything to the contrary herein, opposition will refer to both traditional and automated communications.
Data Controller and Data Protection Officers
The data controller is Beauty & Business s.p.a. with registered office in via Cesare Cantu 1, 20123 Milano (Italy) e operational headquarters in Via Ciserano snc, 24046 Osio Sotto (Italy)
The aforementioned rights can be exercised upon request of the data subject by email to firstname.lastname@example.org.
The use of the Website, including those intended for tablets and/or smartphones, by the Customer and/or User implies full knowledge and acceptance of the contents and any indications included in this version of the policy notice published by the Controller, whenever the site is accessed. The Data Controller informs that this policy notice can be subject to change without notice and therefore recommends periodically checking it.
This privacy statement was updated on November 26, 2019.
The previous version is available here.
Data Controller contact details
The “Data Controller” is Beauty & Business S.p.A., with registered office in via Cesare Cantù 1, Milan.
- Type of data processed
All data is provided by users voluntarily.
- Social Media User shall mean a user who spontaneously publishes their own content on social media with a Data Controller Tag or a # (“Social Media Content”).
In this case, the following public Social Media Content data is collected via the Platform: name, username used on social media, publicly posted photographs (if the photographs contain personal data), Social Media Content captions (if the captions contain personal data), physical address (if available), email address (if available), IP address and geolocation (if available).
Personal data is collected for the purposes of publishing/posting Social Media Content on the Data Controller’s social media channels, only insofar as the graphic part and if necessary the name/username used on social media are concerned.
Personal data is collected for the purposes of publishing/posting Content via paper-based marketing material (such as leaflets)), only insofar as the graphic part and if necessary – at the Data Controller’s discretion – the name/username used on social media are concerned.
- Legal basis for processing data
Data processing consent.
- Retention period
Personal data shall be held for the time strictly required to pursue the purposes for which it was collected, without prejudice to other timeframes required by law or needed to uphold rights during judicial proceedings.
- Transmission and disclosure of personal data
The data processed may be transmitted to the following categories of individuals:
- Data Controller employees authorised to process data
- Consultants / social media platform managers / Alfaparf Group companies / companies or self-employed professionals working with the Data Controller in various capacities, by way of example: individuals part of Alfaparf Group’s distribution network (such as distributors, salons, agents, retailers, sales representatives using online channels like marketplaces, online shops)
- Competent public authorities
The individuals belonging to the specified third-party categories act as the Data Processors or operate entirely autonomously as separate Data Controllers.
- How data is processed, security measures and retention time
All data shall be processed mainly in an electronic format. Personal data, as well as any other information that can be associated, directly or indirectly, with a specific individual is collected and processed by applying technical and organisational security measures that ensure an adequate level of security to the risk, while taking into account the state of the art and implementation costs, or, where envisaged, security measures required by specific legislation, for example but not limited to: measures envisaged by applicable provisions issued by the Personal Data Protection Authority and shall only be accessible to specifically authorised personnel.
The personal data processed will be held in a form allowing for your identification, as a Data Subject, for the time strictly necessary to fulfil the purposes for which it was collected and subsequently processed, without prejudice to the need to retain it for longer at the request of the competent authorities for the prevention and prosecution of offences or in any case to enforce or uphold rights during judicial proceedings.
- Rights of data subjects
You may assert your legal rights at any time:
- the right to access your personal data, obtain evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom it may be transmitted, the applicable retention period, the existence of automated decision-making processes;
- the right to have inaccurate personal data rectified without delay;
- the right to have your personal data erased, where applicable;
- the right to obtain the limitation of the processing or to object to it, where envisaged by the law;
- the right to withdraw your consent at any time, if given for marketing and profiling purposes;
- in the case of automated decision-making processes, including profiling, to object if the conditions provided for by law apply;
- the right to request portability of the data you have provided to the Data Controller, i.e. to receive the data in a structured, commonly used format that can be read by an automatic device, and to transmit said data to another data controller, without any impediment from the Data Controller, in the cases provided for by law;
- the right to raise a complaint with the Personal Data Protection Authority.
To assert these rights, please contact the Data Controller via email at email@example.com.
TERMS AND CONDITIONS
Beauty & Business SpA (“Company”) may collect photographic user content (“Content”) through a third-party service (“Platform”).
By accepting these terms and conditions (“Terms”), and those of the Platform available at https://www.olapic.com/tos/it/, you grant Beauty & Business SpA, and the Alfaparf Group in general, the right to use your photographic Content, which consists in an image you have posted on social media. The right is granted free of charge, without limitation in terms of time and space.
- The use consists, at the sole discretion of the Company: a) in the publication by the Company of the Content on its social media channels (@alfaparfmilanoitalia; @alfaparfmilanopro), as well as social media channels managed by the branches of the Alfaparf Group; b) in the creation of paper-based/digital material for marketing purposes (e.g. leaflets/brochures; the material created may also be used by the distribution network of the Alfaparf Group (for instance by agents, distributors, retailers, e-tailers). You understand that publication is always at the Company’s discretion. Your request for publication does not therefore impose any obligation on the Company or establish any legal relationship with it;
- you declare that you are the owner of the Content and that you are, in any case, entitled to grant the Company the right to use the Content. Otherwise you shall be solely responsible before the third-party owner of the right incorporated in the Content, and declare that you shall indemnify the Company against any third-party claims;
- you understand that the Company, at its sole discretion, may not mention your social media name/username (or your name or the name of the photographer if on the photograph) when reproducing your content.
- you understand that the Company may remove the Content from social media channels at its discretion, without anything being owed to you;
These terms and conditions are governed by Italian law.
Beauty & Business SpA