Dear user, we inform you that the processing of your personal data will take place in compliance with current legislation and will be based on the principles of correctness, lawfulness and transparency. To this end, we indicate below the information regarding the processing carried out through the Site.
1. Data of the Data Controller
1.1 The "Data Controller" of personal data is Beauty & Business S.p.A., with registered office in Milan, via Cesare Cantù, 1.
2. Type of data processed
2.1 Identification data (name and surname) and contact details (e-mail address, telephone number, address, name of the salon (if it contains personal data), profession.
2.2 Browsing data.
3. Source of data
3.1 All identification and contact data are voluntarily provided by the Data Subject.
3.2 The Data Subject may provide the following data:
- while browsing the Site, accessible through your browser;
- when using social media platforms (e.g.: Meta). The platform is only a means for data collection by the Data Controller for the purposes referred to in Article 4 below. Therefore, when the Data Subject provides data to the platform, the same will be processed by the Data Controller according to this policy.
4. Purpose and legal basis
4.1 Identification and contact data are processed to respond to the requests of the Data Subject, who may also be contacted through agents of the Data Controller, for example: to obtain information regarding the supply of products or services.
- Legal basis for the processing for the purposes referred to in this article 3.1: the fulfilment of contractual obligations and/or the execution of pre-contractual measures adopted at the request of the Data Subject.
4.2 Identification and contact data are processed, subject to the consent of the Data Subject, for marketing activities (sending newsletters, promotions, discounts, commercial information) by paper mail, call with operator, direct sales, through e-mail, social platforms).
- Legal basis for the processing for the purposes referred to in this article 3.2: consent of the Data Subject, expressed by filling in the appropriate consent box.
4.3 Identification and contact data are processed, subject to the consent of the Data Subject, for profiling activities, for example to create aggregate profiles based on the data collected (such as lookalike audience activities).
- Legal basis for the processing for the purposes referred to in this article 3.3: consent of the Data Subject, expressed by filling in the appropriate consent box.
4.4 Identification and contact data are processed, subject to the consent of the Data Subject, for communication to third parties, so that the latter can carry out marketing activities towards the Data Subject. By way of example, third parties may send promotional communications to the Data Subject.
- Legal basis for the processing for the purposes referred to in this article 3.4: consent of the Data Subject, expressed by filling in the appropriate consent box.
4.5 Navigation data are processed for the navigation of the Site. The servers and computer systems used for the operation of the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These data, although not collected to be associated with identified data subjects, by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of personal data includes the IP addresses of the devices used by users who connect to the Site, as well as the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and computing environment.
- Legal basis for the processing for the purposes referred to in this article 3.5: legitimate interest of the Data Controller.
4.6 Personal and contact data are processed for purposes related to the search and selection of personnel in the event that the Data Subject sends a self-application.
- Legal basis for the processing for the purposes referred to in this article 3.6: the fulfilment of pre-contractual measures adopted at the request of the Data Subject.
5. Retention period
5.1 The personal data collected for the purposes referred to in Article 3.1 above will be kept for the time necessary to provide the requested feedback and for any subsequent activity necessary to fully manage the request.
5.2 The personal data collected for the purposes referred to in articles 3.2, 3.3 and 3.4 above will be kept for a period not exceeding 5 years, starting from the date of the consent, unless the Data Subject exercises the revocation of the consent previously given. It is understood that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
5.3 The data collected for the purposes referred to in Article 3.5 above will be stored for the entire session and until the browser is closed.
5.4 The data collected for the purposes referred to in Article 3.6 above will be kept for 24 months.
6. Disclosure of data and storage methods
6.1 The Data Controller may communicate personal data to the following subjects, in their capacity as data processors or data controllers:
- staff of the Data Controller expressly authorised to process data (persons in charge of the processing);
- professionals/external companies/social platforms/companies of the Alfa Parf Group, as data processors or as independent data controllers.
- competent public authorities.
6.2 the Data Subject's data may be transferred to subjects, data controllers or data processors, based in countries located inside and outside the European Union. The transfer of personal data to countries located outside the European Union will be carried out in accordance with the measures established by the applicable legislation, ensuring an adequate level of protection for the data subjects.
6.3 Your data are collected and recorded lawfully and correctly, for the pursuit of the purposes indicated above and in compliance with the fundamental principles established by the applicable legislation. The processing of personal data may take place both by means of manual and computerized and telematic tools, but always under the supervision of technical and organizational measures suitable to guarantee their security and confidentiality, especially in order to reduce the risks of destruction or loss, even accidental, of data, unauthorized access, or processing that is not permitted or does not comply with the purposes of collection.
7. Nature of the provision
7.1 Processing for contractual/pre-contractual purposes.
The provision of the data referred to in articles 2.1 and 2.2 above, for the purposes referred to in article 3.1 above, is necessary to offer the requested services to the Data Subject. Failure to provide the aforementioned data may make it impossible for the Data Controller to provide the service requested by the Data Subject.
7.2 Processing for marketing, profiling and communication to third parties.
Marketing, profiling and communication activities to third parties (so that they can carry out marketing activities towards the Data Subject) will be carried out exclusively with the consent of the Data Subject. Failure to consent precludes the Data Controller from using the data for marketing purposes, profiling and transfer to third parties for their marketing activities.
8. Rights of the data subject
8.1 The interested party may exercise at any time the rights granted to him by law:
- access personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes;
- obtain without delay the rectification of inaccurate personal data concerning the data subject;
- obtain, in the cases provided, the deletion of the data of the data subject;
- obtain the restriction of processing or to object to it, in the cases provided for by law;
- in the case of automated decision-making, including profiling, object if the conditions provided for by law are met;
- request the portability of the data that the data subject has provided to the Data Controller, i.e. to receive them in a structured, commonly used and machine-readable format, also to transmit such data to another Data Controller, without any hindrance from the Data Controller, in the cases provided for by law;
- lodge a complaint with the Italian Data Protection Authority.
To exercise these rights, please contact the Data Controller: by email, at firstname.lastname@example.org