PROCESSING POLICY NOTICE
Personal data processing policy notice for the users of the www.alfaparfmilano.com website
Why this notice
Beauty & Business spa, (hereinafter referred to as “Controller”), is committed to respecting and protecting your privacy, and wants you to feel safe not only when simply browsing through the site but also if you decide to register and provide us with your personal data to take advantage of our services made available to Users and/or Customers. On this page, the Data Controller intends to provide some information on the processing of personal data relating to the users who visit or consult the website that can be accessed electronically at www.alfaparfmilano.com (hereinafter referred to as the “Site”). A policy notice is provided only for the website in question, and not for other websites that may be consulted by the user through links (for which reference is made to the respective privacy information/policy notices). Reproducing or using pages, materials and information contained in the Site, by any means and on any medium, is not allowed without the Controller’s prior written consent. Copying and/or printing is allowed for personal and non-commercial use only (for requests and clarifications, please contact the Data Controller at the addresses given below). Other uses of contents, services and information on this site, and in general of any type of data - even exclusively technical - that can be accessed in any way from this site, are not allowed.
With regard to the contents offered and the information provided, the Data Controller will ensure that the contents of the Site are reasonably updated and revised, without offering any guarantee as to the adequacy, accuracy or completeness of the information provided, as well as explicitly disclaiming any responsibility for any errors of omission in the information provided on the Site.
Origin - Navigation data
The Data Controller informs that the personal data you provide and acquire upon enquiry and/or contact, registration on the site and use of services via smartphone, or any other tool used to access the Internet, as well as the data necessary for the provision of these services, including navigation data and the data used for any purchase of the products and services offered, but also only any so-called “navigation” data used on the site by Users, will be processed in compliance with applicable legislation. During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of the Internet. This is information that is not collected to be associated with identified data subjects, but which by its very nature could allow navigating users to be identified through processing and association with third-party data. This category of data includes “IP addresses” or domain names from the computers used by users who connect to the site; URI (Uniform Resource Identifier) addresses for the requested resources; the time of a request; the method used in submitting a request to the web server; the size of the file obtained in response; the numerical code indicating the status of the response given by the web server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site, in order to check it for proper functioning. It should be noted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the Site, or other sites connected to it: except for this circumstance, data does not presently persist on web contacts for more than a few days.
Origin - Data provided by the user
The Data Controller collects, stores and processes your personal data for the purpose of supplying the products and services offered on the Site, or for legal obligations. With regard to some specific Services and Products, the Controller may also process your data for commercial purposes. In these cases, specific, separate, optional and always revocable consent will be required in the manner and at the addresses indicated below.
Optionally, explicitly and voluntarily sending e-mails to the addresses specified in the appropriate section of the Site, as well as filling out questionnaires, communicating via chat, using push notifications via the App, social networks, call centres if any, etc., entails the subsequent acquisition of some of your personal data - including that collected through the use of the App and related services - which is necessary to respond to requests. Also be aware that, when using the mobile connection to access any digital contents and services offered directly by the Data Controller or by our Partners, it may be necessary to transfer your personal data to these third parties. Please also note that you could access the Site or connect to areas where you may be enabled to publish information using blogs or bulletin boards; communicate with others, e.g. from the Controller’s page, on Facebook®, Instagram®, LinkedIn®, Youtube®, Twitter® and other social networking sites; review products and offers and post comments or content. Before interacting with these areas, please read the General Terms and Conditions of Use carefully, bearing in mind that, in certain circumstances, the information you post can be viewed by anyone accessing the Internet, and all the information you include in your posts may be read, collected and used by third parties.
Processing purpose and legal basis
Data is processed for:
- purposes strictly connected with and necessary to register on the Site, services and/or Apps developed or made available by the Controller; to use the related information services; to manage contact requests or enquiries; to purchase products and services that are offered through the Site;
- functional activities related to managing User/Customer requests and sending any feedback;
- purposes related to fulfilling obligations under EU and national regulations, protecting public order, detecting and fighting crimes;
- direct marketing, i.e. sending of advertising material, direct selling, market research or business communication on the products and/or services offered by the Controller; this activity may also concern products and services by companies belonging to AlfaParf Group, of which the Controller is part, and be performed by sending advertising/information/promotional material and/or invitations to take part in initiatives, events and offers aimed at rewarding users/ customers with “traditional” methods (e.g. mailing and/or operator calls), or through “automated” contact systems (e.g. SMS and/or MMS, telephone calls without operators, e-mails, faxes, interactive applications.
The provision of data for the purposes referred to under 1), 2) and 3), connected to a pre-contractual and/or contractual stage, or in order to meet a user request, or envisaged by a specific regulatory requirement, is mandatory and, failing that, it will not be possible to receive information and access any services requested; with regard to point 4) of this Information statement, consent to data processing by the user/customer is instead free and optional, and can always be revoked without any consequences on the usability of products and services, except for the impossibility of the Controller to keep users/customers updated on new initiatives, or on particular promotions or benefits that may be available.
The Data Controller may send business communications about products and/or services similar to those already provided, using the e-mail or mail addresses specified by you on those occasions, which you can always object to following the methods set out in the communication itself.
Methods, processing logics, storage times and safety measures
Data is also processed by means of electronic or automated tools by the Controller and/or third parties which the Data Controller can use to store, manage and transmit data. Data will be processed according to personal data organisation and processing logics, also taking data into account that relates to logs originating from the access and use of the services made available via the web, of the products and services used in relation to the purposes referred to above and, in any case, with the adoption of adequate data security and confidentiality measures. Personal data will be retained for the time strictly necessary to pursue the purpose for which it is collected, subject to different timescales required by law, or as a result of a need to defend a right in court. Precisely with reference to personal data protection issues, the user/customer is requested to report to the Controller any circumstances or events from which a potential data breach may arise, in order to immediately assess and adopt any actions aimed at countering said event by e-mailing email@example.com. The measures taken by the Controller shall not exempt the user/customer from paying the necessary attention to the use, where required, of an adequately complex password/PIN which shall be updated periodically - especially if it is assumed to have been violated/known by third parties - as well as carefully protected and made inaccessible to third parties, in order to avoid improper and unauthorised use.
Communication areas and data transfer.
For the pursuit of the aforementioned purposes, the Controller may disclose user/customer data to or have it processed by third parties who we have relationships with, in Italy and abroad, where these third parties provide services at our request. We will provide these third parties only with the information necessary to carry out the requested services, by taking all measures to protect your personal data. Data may be transferred outside the European Economic Area if this is necessary to manage your contractual relationship. In this case, protection and safety obligations equivalent to those guaranteed by the Data Controller will be imposed to the recipients of data. If services offered directly by Partners are used, we will provide only the data strictly necessary to render them. In any case, only the data necessary for the pursuit of the intended purposes will be disclosed and, where required, the guarantees applicable to data transfers to third countries will be applied. We may also disclose personal data for marketing reasons to our business service providers, who are appointed, for this purpose, as external processors. Furthermore, personal data may be disclosed to competent public entities and authorities for compliance with regulatory obligations or to ascertain any liability in the event of computer crimes against the site, as well as disseminated or allocated to third parties (such as processors or, in the case of suppliers of electronic communication services, independent controllers) who provide IT and telematic services (e.g. hosting, management and website development services) and whom the Controller uses to perform technical and organisational tasks and activities which are useful for the proper functioning of the website. The subjects belonging to the above categories operate as separate Data Controllers or as Processors appointed for this purpose by the Data Controller.
Personal data may also be known by the Controller’s employees/consultants, who are specifically trained and authorised to process it.
The categories of recipients who data may be disclosed to are available by contacting the Data Controller at the addresses provided below.
Data subjects’ rights
You can exercise the rights that are recognised by law at any time:
- access your personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients who it may be disclosed to, the applicable retention period, the existence of automated decision-making processes;
- obtain the correction of inaccurate personal data concerning you without delay;
- obtain the deletion of your data in the cases provided for by law;
- obtain limitation of processing or oppose thereto, in the cases provided for by law;
- oppose to automated decision-making processes, including profiling, if the conditions provided for by law are met;
- request the portability of the data you have provided to the Data Controller, i.e. receive it in a structured format that is commonly used and readable by an automatic device, also in order to transmit this data to another Controller, without any impediment by the Data Controller itself, in the cases provided for by law;
- file a personal data protection complaint with the guarantor.
For the processing referred to in point 4) of the purposes, the Customer can always withdraw its consent and exercise the right to object to direct marketing (in “traditional” and “automated” forms). Notwithstanding anything to the contrary herein, opposition will refer to both traditional and automated communications.
Data Controller and Data Protection Officers
The data controller is Beauty & Business s.p.a. with registered office in via Cesare Cantu 1, 20123 Milano (Italy) e operational headquarters in Via Ciserano snc, 24046 Osio Sotto (Italy)
The aforementioned rights can be exercised upon request of the data subject by email to firstname.lastname@example.org.
The use of the Website, including those intended for tablets and/or smartphones, by the Customer and/or User implies full knowledge and acceptance of the contents and any indications included in this version of the policy notice published by the Controller, whenever the site is accessed. The Data Controller informs that this policy notice can be subject to change without notice and therefore recommends periodically checking it.
This privacy statement was updated on November 26, 2019.
The previous version is available here.