Privacy Policy
For your convenience, we have provided a translation of this page. This translation is for informational purposes only, and the definitive version of this page is the Italian version.
Personal data protection policy pursuant to art. 13 of reg. (EU) no. 2016/679
[https://www.bonjourlavie.it/]
Dear Navigator (physical subject), Joy Cosmetics s.r.l., as data controller (hereinafter, the Controller), intends to process the personal data concerning you, as the Interested Party, collected from you within the aforementioned website - in addition to what is regulated by the separate "Cookies policy" - for the purposes of the processing indicated below, therefore it is required to provide you with the following information, pursuant to art. 13, pp. 1 and 2 of reg. (EU) no. 2016/679, entitled ‘General Data Protection Regulation’ (hereinafter, the GDPR):
Identity and contact details of the data controller of your personal data: Joy Cosmetics s.r.l., located in via Andrea Mattiazzo, 1 - Ponzano Veneto (TV), fraz. Ponzano, 31050 and reachable by telephone contact ‘+39 348 576 6313’ and/or by e-mail contact ‘compliance@bonjourlavie.it’.
----
----
Your use of the telephone contact “+ 39 348 576 6313”:
I.a) Purpose of the processing of your personal data:
the definition of the cosmetic product requested by you / the delivery of the cosmetic product defined with you -> [1];
compliance with the relevant legal obligations regarding the protection of personal data -> [2];
the protection of your interests in extra-judicial or judicial proceedings -> [3].
I.b) Related legal bases used in the processing of your personal data:
[1]: the need of the Data Controller to carry out pre-contractual measures adopted at your request / the need of the Data Controller to perform a contract to which you are a party;
[2]: the need of the Data Controller to comply with legal obligations to which it is subject;
[3]: the need of the Data Controller to pursue its own legitimate interest.
I.c) Related legitimate interests pursued in the processing of your personal data:
[3]: the possible protection of your economic interests in extra-judicial or judicial proceedings.
II) Recipients involved in the processing of your personal data:
[1]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, - where applicable - the hosting assistant (email), in her capacity as data controller;
[2] and [3]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, - where applicable - the hosting assistant (email), - where applicable - the hosting assistant (certified e-mail) and - where applicable - the lawyer(s) specifically selected, in their capacity as data controllers.
----
Please note:
1) The term ‘data controller’ refers to “(...) a natural or legal person (...) who processes personal data on behalf of the data controller;” (art. 4, n. 8) of the R.G.P.D.).
----
III) Periods of conservation observed in the processing of your personal data:
[1]: coinciding with the period of pre-contractual activity (therefore, until the conclusion of the definition of the cosmetic product requested by you) / coinciding with the period of contractual activity (therefore, until the conclusion of the delivery of the cosmetic product defined with you);
[2]: coinciding with the period of pre-contractual activity (therefore, until the conclusion of the definition of the cosmetic product requested by you) and - possibly - a further 10 years starting from the termination of the period of pre-contractual activity (therefore, from the conclusion of the definition of the cosmetic product requested by you) / coinciding with the period of contractual activity (therefore, until the conclusion of the delivery of the cosmetic product defined with you) and - possibly - a further 10 years starting from the termination of the period of contractual activity (therefore, from the conclusion of the delivery of the cosmetic product defined with you);
[3]: 10 years from the end of the pre-contractual activity period (therefore, from the conclusion of the definition of the cosmetic product requested by you) / 10 years from the end of the contractual activity period (therefore, from the conclusion of the delivery of the cosmetic product defined with you).
IV.a) Your rights that can be exercised as the Interested Party:
access to your personal data processed, pursuant to art. 15 of the GDPR;
rectification of your personal data processed, pursuant to art. 16 of the GDPR;
deletion of your personal data processed, pursuant to art. 17 of the GDPR, in the event of:
• your detection of the subsequent lack of need for the Data Controller to process your personal data for one or more of the processing purposes indicated in “Purposes of the processing of your personal data”;
• your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [3], in the absence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing;
• your detection of the original or subsequent lack of lawfulness of the processing of your personal data processed;
• your detection of the subsequent need of the Data Controller to fulfill legal obligations to which the same is subject;
limitation of the processing of your personal data processed, pursuant to art. 18 of the GDPR, in the event of:
• your detection of the original or subsequent lack of accuracy of your personal data processed, during the verification of the same by the Data Controller;
• your detection of the original or subsequent lack of lawfulness of the processing of your personal data processed, in the presence of your subsequent objection to the cancellation of the same;
• your detection of the subsequent absence of the need of the Data Controller to process your personal data for one or more of the processing purposes indicated in “Purposes of the processing of your personal data”, in the presence of your subsequent further detection of the presence of your need to process them to ascertain, exercise or defend a right in court;
• your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [3], during the ascertainment of the presence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing by the same;
portability of your personal data processed, pursuant to art. 20 of the GDPR, as regards:
• your personal data processed for [1], limited to the delivery of the cosmetic product defined with you;
opposition to the processing of your personal data processed, pursuant to art. 21, p. 1 of the GDPR, as regards:
• your personal data processed for [3].
IV.b) Your right (exercisable as Data Subject) to lodge a complaint with
a competent Supervisory Authority:
In addition to being able to lodge a judicial appeal with the competent judicial authority, pursuant to art. 79, p. 1 of the GDPR, you can lodge a complaint with the Italian Supervisory Authority (Guarantor for the protection of personal data) - at 'https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524' - or with the national Supervisory Authority operating within the territory of the European Union State in which you reside and/or work, qualified in any case as a competent Supervisory Authority, pursuant to art. 77, p. 1 of the GDPR, in the event of your detection of the original or subsequent presence of a violation of the GDPR. during the processing of your personal data for one or more purposes of the processing indicated in “Purpose of the processing of your personal data”.
V) Nature of the communication preparatory to the processing of your personal data:
[1]: pre-contractual obligation, therefore in the event of its absence it will not be possible to effectively carry out the pre-contractual activity preparatory to the definition of the cosmetics product requested by you.
/ contractual obligation, therefore in the event of its absence it will not be possible to effectively carry out the contractual activity preparatory to the delivery of the cosmetics product defined with you.
Your use of the e-mail contact “info@bonjourlavie.it”:
I.a) Purpose of the processing of your personal data:
the definition of the cosmetics product requested by you / the delivery of the cosmetics product defined with you -> [1];
the fulfillment of the relevant legal obligations regarding the protection of personal data -> [2];
the protection of your interests in extrajudicial or judicial proceedings -> [3].
I.b) Related legal bases used in the processing of your personal data:
[1]: the need of the Data Controller to carry out pre-contractual measures adopted at your request / the need of the Data Controller to perform a contract to which you are a party;
[2]: the need of the Data Controller to fulfill legal obligations to which it is subject;
[3]: the need of the Data Controller to pursue its own legitimate interest.
I.c) Related legitimate interests pursued in the processing of your personal data:
[3]: the possible protection of your economic interests in extrajudicial or judicial proceedings.
II) Recipients involved in the processing of your personal data:
[1]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process
the data and, on the other hand, the hosting assistant (email), in her capacity as data controller;
[2]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process the data and, on the other hand, the hosting assistant (email), - where applicable - the hosting assistant (certified e-mail) and - where applicable - the lawyer(s) specifically selected, in their capacity as data controllers;
[3]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, - possibly - the hosting assistant (e-mail), - possibly - the hosting assistant (certified e-mail) and - possibly - the lawyer(s) specifically selected, in their capacity as data controllers.
----
Please note:
1) The term 'data controller' refers to the "(...) natural or legal person (...) who processes personal data on behalf of the data controller;" (art. 4, no. 8) of the GDPR).
-----
III) Periods of conservation observed in the processing of your personal data:
[1]: coinciding with the period of pre-contractual activity (therefore, until the conclusion of the definition of the cosmetic product requested by you) / coinciding with the period of contractual activity (therefore, until the conclusion of the delivery of the cosmetic product defined with you);
[2]: coinciding with the period of pre-contractual activity (therefore, until the conclusion of the definition of the cosmetic product requested by you) and - possibly - a further 10 years starting from the termination of the period of pre-contractual activity (therefore, from the conclusion of the definition of the cosmetic product requested by you) / coinciding with the period of contractual activity (therefore, until the conclusion of the delivery of the cosmetic product defined with you) and - possibly - a further 10 years starting from the termination of the period of contractual activity (therefore, from the conclusion of the delivery of the cosmetic product defined with you);
[3]: 10 years from the end of the pre-contractual activity period (therefore, from the conclusion of the definition of the cosmetic product requested by you) / 10 years from the end of the contractual activity period (therefore, from the conclusion of the delivery of the cosmetic product defined with you).
IV.a) Your rights that can be exercised as the Interested Party:
access to your personal data processed, pursuant to art. 15 of the GDPR;
rectification of your personal data processed, pursuant to art. 16 of the GDPR;
deletion of your personal data processed, pursuant to art. 17 of the GDPR, in the event of:
• your detection of the subsequent absence of the need for the Data Controller to process your personal data for
one or more of the processing purposes indicated in “Purposes of the processing of your personal data”;
your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [3], in the absence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing;
• your recognition of the original or subsequent lack of lawfulness of the processing of your personal data processed;
• your recognition of the subsequent need of the Data Controller to fulfill legal obligations to which the same is subject;
limitation of the processing of your personal data processed, pursuant to art. 18 of the GDPR, in the event of:
• your recognition of the original or subsequent lack of accuracy of your personal data processed, during the verification of the same by the Data Controller;
• your recognition of the original or subsequent lack of lawfulness of the processing of your personal data processed, in the presence of your subsequent objection to the erasure of the same;
• your detection of the subsequent absence of the need of the Data Controller to process your personal data for one or more of the processing purposes indicated in “Purposes of the processing of your personal data”, in the presence of your subsequent further detection of the presence of your need to process them to ascertain, exercise or defend a right in court;
• your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [3], during the ascertainment of the presence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing by the same;
portability of your personal data processed, pursuant to art. 20 of the GDPR, as regards:
• your personal data processed for [1], limited to the delivery of the cosmetic product defined with you;
opposition to the processing of your personal data processed, pursuant to art. 21, p. 1 of the GDPR, as regards:
• your personal data processed for [3].
IV.b) Your right (exercisable as Data Subject) to lodge a complaint with
a competent Supervisory Authority:
In addition to being able to lodge a judicial appeal with the competent judicial authority, pursuant to art. 79, p. 1 of the GDPR, you can lodge a complaint with the Italian Supervisory Authority (Guarantor for the protection of personal data) - at 'https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524' - or with the national Supervisory Authority operating within the territory of the European Union State in which you reside and/or work, qualified in any case as a competent Supervisory Authority, pursuant to art. 77, p. 1 of the GDPR, in the event of your detection of the original or subsequent presence of a violation of the GDPR. during the processing of your personal data for one or more purposes of the processing indicated in “Purpose of the processing of your personal data”.
V) Nature of the communication preparatory to the processing of your personal data:
[1]: pre-contractual obligation, therefore in the event of its absence it will not be possible to effectively carry out the pre-contractual activity preparatory to the definition of the cosmetics product requested by you
/ contractual obligation, therefore in the event of its absence it will not be possible to effectively carry out the contractual activity preparatory to the delivery of the cosmetics product defined with you.
III. Your use of the WhatsApp contact “+ 39 348 576 6313”:
I.a) Purpose of the processing of your personal data:
the definition of the cosmetics product requested by you / the delivery of the cosmetics product defined with you -> [1];
the fulfillment of the relevant legal obligations regarding the protection of personal data -> [2];
the protection of your interests in extrajudicial or judicial proceedings -> [3].
I.b) Related legal bases used in the processing of your personal data:
[1]: the need of the Data Controller to carry out pre-contractual measures adopted at your request / the need of the Data Controller to perform a contract to which you are a party;
[2]: the need of the Data Controller to fulfill legal obligations to which it is subject;
[3]: the need of the Data Controller to pursue its own legitimate interest.
I.c) Related legitimate interests pursued in the processing of your personal data:
[3]: the possible protection of your economic interests in extrajudicial or judicial proceedings.
II.a) Recipients involved in the processing of your personal data:
[1]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (instant messaging) and - where applicable - the hosting assistant (e-mail), in their capacity as data controllers;
[2]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (instant messaging), - where applicable - the hosting assistant (e-mail), - where applicable - the hosting assistant (certified e-mail) and - where applicable - the lawyer(s) specifically selected, in their capacity as data controllers;
[3]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, - possibly - the hosting assistant (e-mail), - possibly - the hosting assistant (certified e-mail) and - possibly - the lawyer(s) specifically selected, in their capacity as data controllers.
----
Please note:
1) The term 'data controller' refers to the "(...) natural or legal person (...) who processes personal data on behalf of the data controller;" (art. 4, no. 8) of the GDPR).
----
II.b) Transfers to third countries carried out in the processing of your personal data:
[1] and [2]: the hosting assistant (instant messaging), as the importing data controller, intends to transfer your personal data to the United States of America (US) and to other non-member states of the European Union, which can in any case be classified as third countries, adopting as adequate guarantees the adequacy decisions regarding the individual relevant national legal systems regarding the protection of personal data, pursuant to art. 45, p. 1 of the GDPR and/or the standard contractual clauses for the transfer of personal data pursuant to the dec. of ex. (European Commission) n. 2021/914, pursuant to art. 46,
p. 2, l. c) of the GDPR, as declared at ‘https://www.whatsapp.com/legal/business-data-transfer- addendum’.
III) Periods of conservation observed in the processing of your personal data:
[1]: coinciding with the period of pre-contractual activity (therefore, until the conclusion of the definition of the cosmetic product requested by you) / coinciding with the period of contractual activity (therefore, until the conclusion of the delivery of the cosmetic product defined with you);
[2]: coinciding with the period of pre-contractual activity (therefore, until the conclusion of the definition of the cosmetic product requested by you) and - possibly - a further 10 years starting from the termination of the period of pre-contractual activity (therefore, from the conclusion of the definition of the cosmetic product requested by you) / coinciding with the period of contractual activity (therefore, until the conclusion of the delivery of the cosmetic product defined with you) and - possibly - a further 10 years starting from the termination of the period of contractual activity (therefore, from the conclusion of the delivery of the cosmetic product defined with you);
[3]: 10 years from the end of the pre-contractual activity period (therefore, from the conclusion of the definition of the cosmetic product requested by you) / 10 years from the end of the contractual activity period (therefore, from the conclusion of the delivery of the cosmetic product defined with you).
IV.a) Your rights that can be exercised as the Interested Party:
access to your personal data processed, pursuant to art. 15 of the GDPR;
rectification of your personal data processed, pursuant to art. 16 of the GDPR;
deletion of your personal data processed, pursuant to art. 17 of the GDPR, in the event of:
• your detection of the subsequent absence of the need for the Data Controller to process your personal data for
one or more of the processing purposes indicated in “Purposes of the processing of your personal data”;
• your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the R.G.P.D. - for [3], in the absence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing;
• your detection of the original or subsequent lack of lawfulness of the processing of your personal data processed;
- sua rilevazione della sopravvenuta presenza della necessità del Titolare di adempiere ad obblighi legali ai quali lo stesso è soggetto;
limitazione del trattamento dei suoi dati personali trattati, ai sensi dell’art. 18 del R.G.P.D., in caso di:
• sua rilevazione della originaria o sopravvenuta assenza dell’esattezza dei suoi dati personali trattati, durante l’accertamento della stessa da parte del Titolare;
• sua rilevazione della originaria o sopravvenuta assenza della liceità del trattamento dei suoi dati personali trattati, in presenza della sua successiva obiezione alla cancellazione degli stessi;
• sua rilevazione della sopravvenuta assenza della necessità del Titolare di trattare i suoi dati personali per una o più finalità del trattamento indicate presso “Finalità del trattamento dei suoi dati personali”, in presenza della sua successiva ulteriore rilevazione della presenza della sua necessità di trattare gli stessi per accertare, esercitare o difendere un suo diritto in sede giudiziale;
• sua opposizione al trattamento dei suoi dati personali trattati - ai sensi dell’art. 21, p. 1 del R.G.P.D. - per [3], durante l’accertamento della presenza della contestuale necessità lecita e prevalente del Titolare di proseguire tale trattamento da parte dello stesso;
portabilità dei suoi dati personali trattati, ai sensi dell’art. 20 del R.G.P.D., per quanto concerne:
• i suoi dati personali trattati per [1], limitatamente alla consegna del prodotto di cosmesi definito con lei;
opposizione al trattamento dei suoi dati personali trattati, ai sensi dell’art. 21, p. 1 del R.G.P.D., per quanto
concerne:
• i suoi dati personali trattati per [3].
IV.b) Suo diritto (esercitabile in qualità di Interessato/a) di proporre un reclamo ad
un’Autorità di controllo competente:
Oltre a poter proporre un ricorso giurisdizionale all’Autorità giudiziale competente, ai sensi dell’art. 79, p. 1 del R.G.P.D., lei può proporre un reclamo all’Autorità di controllo italiana (Garante per la protezione dei dati personali) - presso ‘https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524’ - o all’Autorità di controllo nazionale operante entro il territorio dello Stato dell’Unione europea presso cui lei risiede e/o lavora, qualificata comunque come Autorità di controllo competente, ai sensi dell’art. 77, p. 1 del R.G.P.D., in caso di sua rilevazione della originaria o sopravvenuta presenza di una violazione del R.G.P.D. durante il trattamento dei suoi dati personali per una o più finalità del trattamento indicate presso “Finalità del trattamento dei suoi dati personali”.
V) Natura della comunicazione propedeutica al trattamento dei suoi dati personali:
[1]: obbligo pre-contrattuale, quindi in caso di assenza della stessa non sarà possibile svolgere
efficacemente l’attività pre-contrattuale propedeutica alla definizione del prodotto di cosmesi richiesto da lei
/ obbligo contrattuale, quindi in caso di assenza della stessa non sarà possibile svolgere efficacemente l’attività
contrattuale propedeutica alla consegna del prodotto di cosmesi definito con lei.
- Sua interazione con il form “Crea account”:
I.a) Finalità del trattamento dei suoi dati personali:
lo sviluppo del servizio di gestione della sua area riservata web definito con lei -> [1];
l’adempimento ai pertinenti obblighi legali in materia di protezione dei dati personali -> [2];
la tutela dei propri interessi in sede extra-giudiziale o giudiziale -> [3];
la pubblicizzazione della propria attività aziendale da parte propria -> [4].
I.b) Relative basi giuridiche utilizzate nel trattamento dei suoi dati personali:
[1]: la necessità del Titolare di eseguire un contratto di cui è parte lei;
[2]: la necessità del Titolare di adempiere ad obblighi legali ai quali lo stesso è soggetto;
[3]: la necessità del Titolare di perseguire un proprio legittimo interesse;
[4]: il consenso prestato eventualmente da lei al Titolare per la presente finalità del trattamento.
I.c) Relativi legittimi interessi perseguiti nel trattamento dei suoi dati personali:
[3]: la tutela eventuale di propri interessi economici in sede extra-giudiziale o giudiziale.
II.a) Recipients involved in the processing of your personal data:
[1]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (website) and the hosting assistant (email), in their capacity as data controllers;
[2]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (website), the hosting assistant (email),
- possibly - the hosting assistant (certified e-mail), - possibly - the lawyer(s) specifically selected, - possibly - the hosting assistant (commercial - communication) and - possibly - the commercial - communication assistant, in their capacity as data controllers;
[3]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, - where applicable - the hosting assistant (e-mail), - where applicable - the hosting assistant (certified e-mail) and - where applicable - the lawyer(s) specifically selected, in their capacity as data controllers;
[4]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (website), the hosting assistant (commercial - communication), the commercial - communication assistant and the hosting assistant (e-mail), in their capacity as data controllers.
----
Please note:
1) The term ‘data controller’ refers to “(...) a natural or legal person (...) who processes personal data on behalf of the data controller;” (art. 4, no. 8) of the GDPR).
----
II.b) Transfers to third countries carried out in the processing of your personal data:
[2] and [4]: the hosting assistant (commercial - communication), in his capacity as (possible) data controller of the importing data, intends to transfer your personal data to non-member states of the European Union, classifiable as third countries, adopting as adequate guarantees the adequacy decisions regarding the individual relevant national legal systems on the protection of personal data, pursuant to art. 45, p. 1 of the GDPR and/or the standard contractual clauses for the transfer of personal data pursuant to the dec. of ex. (European Commission) no. 2021/914, pursuant to art. 46, p. 2, l. c) of the GDPR, as stated at ‘https://www.brevo.com/it/legal/termsofuse/#:~:text=Allegato%201’ (section “ANNEX 1 - Agreement on the processing of personal data”).
III) Retention periods observed in the processing of your personal data:
[1]: coinciding with the period of contractual activity (therefore, until the conclusion of the development of the management service of your reserved web area defined with you);
[2]: coinciding with the period of contractual activity (therefore, until the conclusion of the development of the management service of your reserved web area defined with you) and - possibly - a further 10 years starting from the termination of the period of contractual activity (therefore, from the conclusion of the development of the management service of your reserved web area defined with you), as well as - possibly - 1 year starting from the receipt by the Data Controller of the consent possibly given by you to the same for [4] and - possibly - a further 10 years starting from the receipt by the Data Controller of the consent possibly given by you to the same for [4];
[3]: 10 years starting from the termination of the period of contractual activity (therefore, from the conclusion of the development of the management service of your reserved web area defined with you), as well as - possibly - 11 years starting from the receipt by the Data Controller of the consent possibly given by you to the same for [4];
[4]: 1 year from the receipt by the Data Controller of the consent possibly given by you to the same for this processing purpose.
IV.a) Your rights that can be exercised as Data Subject:
access to your personal data processed, pursuant to art. 15 of the GDPR;
rectification of your personal data processed, pursuant to art. 16 of the GDPR;
erasure of your personal data processed, pursuant to art. 17 of the GDPR, in the event of:
• your detection of the subsequent absence of the need for the Data Controller to process your personal data for
one or more processing purposes indicated in “Purposes of the processing of your personal data”;
your revocation of the consent given by you for [4], in the absence of the simultaneous legitimate need of the Data Controller to process your personal data possibly processed for one or more additional purposes of the processing indicated in "Purposes of the processing of your personal data";
• your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [3], in the absence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing;
• your detection of the original or subsequent lack of lawfulness of the processing of your personal data processed;
• your detection of the subsequent presence of the need of the Data Controller to fulfill legal obligations to which the same is subject;
limitation of the processing of your personal data processed, pursuant to art. 18 of the GDPR, in the event of:
• your detection of the original or subsequent lack of accuracy of your personal data processed, during the verification of the same by the Data Controller;
• your detection of the original or subsequent lack of lawfulness of the processing of your personal data processed, in the presence of your subsequent objection to the cancellation of the same;
• your detection of the subsequent lack of need of the Data Controller to process your personal data for one or more of the processing purposes indicated in "Purposes of the processing of your personal data", in the presence of your subsequent further detection of the presence of your need to process the same to ascertain, exercise or defend a right in court;
• your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [3], during the verification of the presence of the simultaneous lawful and prevailing need of the Data Controller to continue such processing by the same;
portability of your personal data processed, pursuant to art. 20 of the GDPR, with regard to:
• your personal data processed for [1];
• your personal data processed for [4];
objection to the processing of your personal data processed, pursuant to art. 21, p. 1 of the GDPR, with regard
to:
• your personal data processed for [3].
IV.b) Your right (exercisable as Data Subject) to revoke any consent you may have given:
[4]: you may revoke any consent you may have given to the Data Controller for this processing purpose at any time, including by using the relevant function in the so-called footer of each relevant email received.
IV.b) Your right (exercisable as Data Subject) to lodge a complaint with
a competent Supervisory Authority:
In addition to being able to lodge a judicial appeal with the competent judicial Authority, pursuant to art. 79, p. 1 of the GDPR, you can lodge a complaint with the Italian Supervisory Authority (Guarantor for the protection of personal data) - at ‘https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524’ - or with the national Supervisory Authority operating within the territory of the European Union State in which you reside and/or work, qualified in any case as a competent Supervisory Authority, pursuant to art. 77, p. 1 of the GDPR, in the event of your detection of the original or subsequent presence of a violation of the GDPR. during the processing of your personal data for one or more purposes of the processing indicated in "Purposes of the processing of your personal data".
V) Nature of the communication preparatory to the processing of your personal data:
[1]: contractual obligation, therefore in the event of its absence it will not be possible to effectively carry out the contractual activity preparatory to the development of the management service of your reserved web area defined with you.
Your interaction with the “Quick Check-out” form:
I.a) Purpose of the processing of your personal data:
the definition of the cosmetics product requested by you -> [1];
the delivery of the cosmetics product defined with you -> [2];
the fulfillment of the relevant legal obligations regarding the protection of personal data -> [3.A];
the fulfillment of the relevant legal obligations regarding accounting matters -> [3.B];
the advertising of your business activity by you -> [4.A];
the protection of your interests in extrajudicial or judicial proceedings -> [4.B].
I.b) Relevant legal bases used in the processing of your personal data:
[1]: the need of the Data Controller to carry out pre-contractual measures adopted at your request;
[2]: the need of the Data Controller to perform a contract to which you are a party;
[3.A]: the need of the Data Controller to fulfill legal obligations to which it is subject;
[3.B]: the need of the Data Controller to fulfill a further legal obligation to which it is subject;
[4.A]: the need of the Data Controller to pursue its own legitimate interest;
[4.B]: the need of the Data Controller to pursue its own further legitimate interest.
I.c) Related legitimate interests pursued in the processing of your personal data:
[4.A]: the protection of your economic interests in a commercial or technical context, by virtue of the interest
expressly expressed by you with the purchase of one or more cosmetic products;
[4.B]: the possible protection of your economic interests in extra-judicial or judicial context.
II.a) Recipients involved in the processing of your personal data:
[1]: on the one hand, the sole administrator (general management area) of the Data Controller, in the capacity of the person authorised to process data and, on the other hand, the hosting assistant (website), the hosting assistant (deferred electronic payment) or the hosting assistant (electronic payment) specifically selected and the hosting assistant (e-mail), in the capacity of data controllers;
[2]: on the one hand, the sole administrator (general management area) of the Data Controller, in the capacity of the person authorised to process data and, on the other hand, the hosting assistant (website), the hosting assistant (e-mail) and the technical-logistical assistant specifically selected, in the capacity of data controllers;
[3.A]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (website), the hosting assistant (deferred electronic payment) or the specifically selected hosting assistant (electronic payment), the hosting assistant (e-mail), the specifically selected technical - logistics assistant, the specifically selected bank, - where applicable - the hosting assistant (electronic invoicing), - where applicable - the accounting assistant, the hosting assistant (commercial - communication), the commercial - communication assistant, - where applicable - the hosting assistant (certified e-mail) and - where applicable - the specifically selected lawyer(s), in their capacity as data controllers;
[3.B]: on the one hand, the sole administrator (general management area) of the Data Controller, in the capacity of authorised data processor and, on the other hand, the hosting assistant (deferred electronic payment) or the specifically selected hosting assistant (electronic payment), the specifically selected bank, - where applicable - the hosting assistant (electronic invoicing), - where applicable - the accounting assistant and - where applicable - the hosting assistant (e-mail), in the capacity of data controllers;
[4.A]: on the one hand, the sole administrator (general management area) of the Data Controller, in the capacity of authorised data processor and, on the other hand, the hosting assistant (commercial - communication), the commercial - communication assistant and the hosting assistant (e-mail), in the capacity of data controllers;
[4.B]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, - possibly - the hosting assistant (e-mail), - possibly - the hosting assistant (certified e-mail) and - possibly - the lawyer(s) specifically selected, in their capacity as data controllers.
---
Please note:
1) The term 'data controller' refers to the "(...) natural or legal person (...) who processes personal data on behalf of the data controller;" (art. 4, no. 8) of the GDPR).
---
II.b) Transfers to third countries carried out in the processing of your personal data:
[1], [3.A] and [3.B]: the hosting assistant (deferred electronic payment), in his capacity as possible importing data controller, intends to transfer your personal data to non-member states of the European Union, classifiable as third countries, adopting as adequate guarantees the adequacy decisions regarding the individual relevant national legal systems on the protection of personal data, pursuant to art. 45, p. 1 of the GDPR and/or the standard contractual clauses for the transfer of personal data pursuant to the dec. of ex. (European Commission) n. 2021/914, pursuant to art. 46, p. 2, l. c) of the GDPR, as stated at ‘https://cdn.klarna.com/1.0/shared/content/legal/terms/0/it_it/privacy’ (section “8. When can we transfer your personal data outside the EU/EEA, and how do we protect it?”);
[1], [3.A] and [3.B]: the specifically selected hosting (electronic payment) assistant, as a possible importing data controller, may - depending on its identity - intend to transfer your personal data to non-member States of the European Union, classifiable as third States, adopting as adequate guarantees the adequacy decisions regarding the individual relevant national legal systems on the protection of personal data, pursuant to art. 45, p. 1 of the GDPR and/or the standard contractual clauses for the transfer of personal data pursuant to the dec. of ex. (European Commission) n. 2021/914, pursuant to art. 46, p. 2, l. c) of the GDPR, as stated in its relevant published policy;
[3.A] and [4.A]: the hosting assistant (commercial - communication), as the importing data controller, intends to transfer your personal data to non-member states of the European Union, classifiable as third countries, adopting as adequate guarantees the adequacy decisions regarding the individual relevant national legal systems on the protection of personal data, pursuant to art. 45, p. 1 of the GDPR and/or the standard contractual clauses for the transfer of personal data pursuant to dec. of ex. (European Commission) n. 2021/914, pursuant to art. 46, p. 2, l. c) of the GDPR, as stated at ‘https://www.brevo.com/it/legal/termsofuse/#:~:text=Allegato%201’ (section “ANNEX 1 - Agreement on the processing of personal data”).
III) Retention periods observed in the processing of your personal data:
[1]: coinciding with the period of pre-contractual activity (therefore, until the conclusion of the definition of the cosmetic product requested by you);
[2]: coinciding with the period of contractual activity (therefore, until the conclusion of the delivery of the cosmetic product defined with you);
[3.A]: coinciding with the pre-contractual activity period (therefore, until the conclusion of the definition of the cosmetic product requested by you) and - possibly - a further 10 years starting from the termination of the pre-contractual activity period (therefore, from the conclusion of the definition of the cosmetic product requested by you) / coinciding with the contractual activity period (therefore, until the conclusion of the delivery of the cosmetic product defined with you) and - possibly - a further 10 years starting from the termination of the contractual activity period (therefore, from the conclusion of the delivery of the cosmetic product defined with you);
[3.B]: 10 years starting from the termination of the pre-contractual activity period (therefore, from the conclusion of the definition of the cosmetic product requested by you);
[4.A]: 1 year starting from the termination of the pre-contractual activity period (therefore, from the conclusion of the definition of the cosmetic product requested by you);
[4.B]: 11 years from the end of the pre-contractual activity period (therefore, from the conclusion of the definition of the cosmetic product requested by you) / 10 years from the end of the contractual activity period (therefore, from the conclusion of the delivery of the cosmetic product defined with you).
IV.a) Your rights that can be exercised as the Interested Party:
access to your personal data processed, pursuant to art. 15 of the GDPR;
rectification of your personal data processed, pursuant to art. 16 of the GDPR;
deletion of your personal data processed, pursuant to art. 17 of the GDPR, in the event of:
• your detection of the subsequent absence of the need for the Data Controller to process your personal data for
one or more of the processing purposes indicated in “Purposes of the processing of your personal data”;
your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [4.A] (also using the relevant function within the so-called footer of each relevant email received) and/or [4.B], in the absence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing;
• your detection of the original or subsequent absence of the lawfulness of the processing of your personal data processed;
• your detection of the subsequent presence of the need of the Data Controller to fulfill legal obligations to which it is subject;
limitation of the processing of your personal data processed, pursuant to art. 18 of the GDPR, in the event of:
• your detection of the original or subsequent absence of the accuracy of your personal data processed, during the verification of the same by the Data Controller;
• your detection of the original or subsequent lack of lawfulness of the processing of your personal data, in the presence of your subsequent objection to the erasure of the same;
• your detection of the subsequent lack of need for the Data Controller to process your personal data for one or more of the processing purposes indicated in “Purposes of the processing of your personal data”, in the presence of your subsequent further detection of the presence of your need to process the same to ascertain, exercise or defend a right in court;
• your opposition to the processing of your personal data - pursuant to art. 21, p. 1 of the GDPR - for [4.A] (also using the relevant function within the so-called footer of each relevant email received) and/or [4.B], during the verification of the presence of the simultaneous lawful and prevailing need of the Data Controller to continue such processing by the same;
portability of your personal data processed, pursuant to art. 20 of the GDPR, as regards:
• your personal data processed for [2];
objection to the processing of your personal data processed, pursuant to art. 21, p. 1 of the GDPR, as regards
:
• your personal data processed for [4.A];
• your personal data processed for [4.B].
IV.b) Your right (exercisable as Data Subject) to lodge a complaint with
a competent Supervisory Authority:
In addition to being able to lodge a judicial appeal with the competent Judicial Authority, pursuant to art. 79, p. 1 of the GDPR, you can lodge a complaint with the Italian Supervisory Authority (Guarantor for the protection of personal data) - at ‘https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524’ - or with the national Supervisory Authority operating within the territory of the European Union State where you reside and/or work, qualified in any case as the competent Supervisory Authority, pursuant to art. 77, p. 1 of the GDPR, in the event of your detection of the original or subsequent presence of a violation of the GDPR during the processing of your personal data for one or more of the processing purposes indicated in “Purposes of the processing of your personal data”.
V) Nature of the communication preparatory to the processing of your personal data:
[1]: pre-contractual obligation, therefore in the event of its absence it will not be possible to effectively carry out the pre-contractual activity preparatory to the definition of the cosmetics product requested by you;
[2]: - regarding the personal data relating to the destination - contractual obligation, therefore in the event of its absence it will not be possible to effectively carry out the contractual activity preparatory to the delivery of the cosmetics product defined with you;
[3.B]: - regarding - possibly - the personal data relating to invoicing and personal data relating to payment - legal obligation, therefore in the event of its absence it will not be possible to carry out the pre-contractual activity preparatory to the definition of the cosmetics product requested by you.
Your interaction with the “Contacts” form:
I.a) Purpose of the processing of your personal data:
the definition of the cosmetics product requested by you / the delivery of the cosmetics product defined with you -> [1];
the fulfillment of the relevant legal obligations regarding the protection of personal data -> [2];
the protection of your interests in extrajudicial or judicial proceedings -> [3].
I.b) Relevant legal bases used in the processing of your personal data:
[1]: the need of the Data Controller to carry out pre-contractual measures adopted at your request / the need of the Data Controller to perform a contract to which you are a party;
[2]: the need of the Data Controller to fulfill legal obligations to which it is subject;
[3]: the need of the Data Controller to pursue its own legitimate interest.
I.c) Related legitimate interests pursued in the processing of your personal data:
[3]: the possible protection of your economic interests in extrajudicial or judicial proceedings.
II) Recipients involved in the processing of your personal data:
[1]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (website) and the hosting assistant (email), in their capacity as data controllers;
[2]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (website), the hosting assistant (email),
- where applicable - the hosting assistant (certified e-mail) and - where applicable - the lawyer/s
specifically selected, in their capacity as data controllers;
[3]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, - possibly - the hosting assistant (e-mail), - possibly - the hosting assistant (certified e-mail) and - possibly - the lawyer(s) specifically selected, in their capacity as data controllers.
---
Please note:
1) The term 'data controller' refers to the "(...) natural or legal person (...) who processes personal data on behalf of the data controller;" (art. 4, no. 8) of the GDPR).
---
III) Periods of conservation observed in the processing of your personal data:
[1]: coinciding with the period of pre-contractual activity (therefore, until the conclusion of the definition of the cosmetic product requested by you) / coinciding with the period of contractual activity (therefore, until the conclusion of the delivery of the cosmetic product defined with you);
[2]: coinciding with the period of pre-contractual activity (therefore, until the conclusion of the definition of the cosmetic product requested by you) and - possibly - a further 10 years starting from the termination of the period of pre-contractual activity (therefore, from the conclusion of the definition of the cosmetic product requested by you) / coinciding with the period of contractual activity (therefore, until the conclusion of the delivery of the cosmetic product defined with you) and - possibly - a further 10 years starting from the termination of the period of contractual activity (therefore, from the conclusion of the delivery of the cosmetic product defined with you);
[3]: 10 years from the end of the pre-contractual activity period (therefore, from the conclusion of the definition of the cosmetic product requested by you) / 10 years from the end of the contractual activity period (therefore, from the conclusion of the delivery of the cosmetic product defined with you).
IV.a) Your rights that can be exercised as the Interested Party:
access to your personal data processed, pursuant to art. 15 of the GDPR;
rectification of your personal data processed, pursuant to art. 16 of the GDPR;
deletion of your personal data processed, pursuant to art. 17 of the GDPR, in the event of:
• your detection of the subsequent absence of the need for the Data Controller to process your personal data for
one or more of the processing purposes indicated in “Purposes of the processing of your personal data”;
• your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [3], in the absence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing;
• your detection of the original or subsequent absence of the lawfulness of the processing of your personal data processed;
• your detection of the subsequent presence of the need of the Data Controller to fulfill legal obligations to which the same is subject;
limitation of the processing of your personal data processed, pursuant to art. 18 of the GDPR, in the event of:
• your detection of the original or subsequent absence of the accuracy of your personal data processed, during the verification of the same by the Data Controller;
your detection of the original or subsequent lack of lawfulness of the processing of your personal data, in the presence of your subsequent objection to the erasure of the same;
• your detection of the subsequent lack of need for the Data Controller to process your personal data for one or more of the processing purposes indicated in “Purposes of the processing of your personal data”, in the presence of your subsequent further detection of the presence of your need to process the same to ascertain, exercise or defend a right in court;
• your opposition to the processing of your personal data - pursuant to art. 21, p. 1 of the GDPR - for [3], during the ascertainment of the presence of the simultaneous lawful and prevailing need of the Data Controller to continue such processing by the same;
portability of your personal data processed, pursuant to art. 20 of the GDPR, as regards:
• your personal data processed for [1], limited to the delivery of the cosmetic product defined with you;
objection to the processing of your personal data processed, pursuant to art. 21, p. 1 of the GDPR, as regards
:
• your personal data processed for [3].
IV.b) Your right (exercisable as Data Subject) to lodge a complaint with
a competent Supervisory Authority:
In addition to being able to lodge a judicial appeal with the competent judicial Authority, pursuant to art. 79, p. 1 of the GDPR, you can lodge a complaint with the Italian Supervisory Authority (Guarantor for the protection of personal data) - at ‘https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524’ - or with the national Supervisory Authority operating within the territory of the European Union State in which you reside and/or work, qualified in any case as a competent Supervisory Authority, pursuant to art. 77, p. 1 of the GDPR, in the event of your detection of the original or subsequent presence of a violation of the GDPR during the processing of your personal data for one or more purposes of the processing indicated in "Purposes of the processing of your personal data".
V) Nature of the communication preparatory to the processing of your personal data:
[1]: pre-contractual obligation, therefore in the event of its absence it will not be possible to effectively carry out the pre-contractual activity preparatory to the definition of the cosmetic product requested by you
/ contractual obligation, therefore in the event of its absence it will not be possible to effectively carry out the contractual activity preparatory to the delivery of the cosmetic product defined with you.
VII. Your interaction with the “Subscribe to our Newsletter” form:
I.a) Purpose of the processing of your personal data:
the advertising of your business activity by you -> [1];
the fulfillment of the relevant legal obligations regarding the protection of personal data -> [2];
the protection of your interests in extrajudicial or judicial proceedings -> [3].
I.b) Relevant legal bases used in the processing of your personal data:
[1]: the consent given by you to the Data Controller for this processing purpose;
[2]: the need of the Data Controller to fulfill legal obligations to which it is subject;
[3]: the need of the Data Controller to pursue its own legitimate interest.
I.c) Related legitimate interests pursued in the processing of your personal data:
[3]: the possible protection of one's economic interests in extrajudicial or judicial proceedings.
II.a) Recipients involved in the processing of your personal data:
[1]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (website), the hosting assistant (commercial - communication), the commercial - communication assistant and the hosting assistant (e-mail), in their capacity as data controllers;
[2]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, the hosting assistant (website), the hosting assistant (commercial - communication), the commercial - communication assistant, the hosting assistant (e-mail), - where applicable - the hosting assistant (certified e-mail) and - where applicable - the lawyer(s) specifically selected, in their capacity as data controllers;
[3]: on the one hand, the sole administrator (general management area) of the Data Controller, in her capacity as authorised to process data and, on the other hand, - where applicable - the hosting assistant (e-mail), - where applicable - the hosting assistant (certified e-mail) and - where applicable - the lawyer(s) specifically selected, in their capacity as data controllers.
----
Please note:
1) The term ‘data controller’ refers to “(...) a natural or legal person (...) who processes personal data on behalf of the data controller;” (art. 4, no. 8) of the GDPR).
---
II.b) Transfers to third countries carried out in the processing of your personal data:
[1] and [2]: the hosting assistant (commercial - communication), as the importing data controller, intends to transfer your personal data to non-member states of the European Union, classifiable as third countries, adopting as adequate guarantees the adequacy decisions regarding the individual relevant national legal systems on the protection of personal data, pursuant to art. 45, p. 1 of the GDPR and/or the standard contractual clauses for the transfer of personal data pursuant to the dec. of ex. (European Commission) n. 2021/914, pursuant to art. 46, p. 2, l. c) of the GDPR, as stated at ‘https://www.brevo.com/it/legal/termsofuse/#:~:text=Allegato%201’ (section “ANNEX 1 - Agreement on the processing of personal data”).
III) Retention periods observed in the processing of your personal data:
[1]: 1 year starting from the receipt by the Data Controller of the consent possibly given by you to the same for this processing purpose;
[2]: 1 year starting from the receipt by the Data Controller of the consent possibly given by you to the same for [1] and - possibly - a further 10 years starting from the receipt by the Data Controller of the consent possibly given by you to the same for [1];
[3]: 11 years starting from the receipt by the Data Controller of the consent possibly given by you to the same for [1].
IV.a) Your rights that can be exercised as the Data Subject:
access to your personal data processed, pursuant to art. 15 of the GDPR;
rectification of your personal data processed, pursuant to art. 16 of the GDPR;
erasure of your personal data processed, pursuant to art. 17 of the GDPR, in the event of:
• your detection of the subsequent lack of need for the Data Controller to process your personal data for
one or more of the processing purposes indicated in “Purposes of the processing of your personal data”;
• your revocation of the consent given by you for [1], in the absence of the simultaneous legitimate need of the Data Controller to process your personal data possibly processed for one or more additional processing purposes indicated in “Purposes of the processing of your personal data”;
• your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [3], in the absence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing;
• your detection of the original or subsequent absence of the lawfulness of the processing of your personal data processed;
• your detection of the subsequent presence of the need of the Data Controller to fulfill legal obligations to which the same is subject;
limitation of the processing of your personal data processed, pursuant to art. 18 of the GDPR, in the event of:
• your detection of the original or subsequent absence of the accuracy of your personal data processed, during the verification of the same by the Data Controller;
• your detection of the original or subsequent absence of the lawfulness of the processing of your personal data processed, in the presence of your subsequent objection to the cancellation of the same;
• your detection of the subsequent absence of the need of the Data Controller to process your personal data for one or more of the processing purposes indicated in "Purposes of the processing of your personal data", in the presence of your subsequent further detection of the presence of your need to process the same to ascertain, exercise or defend a right of yours in court;
• your opposition to the processing of your personal data processed - pursuant to art. 21, p. 1 of the GDPR - for [3], during the ascertainment of the presence of the simultaneous legitimate and prevailing need of the Data Controller to continue such processing by the same;
portability of your personal data processed, pursuant to art. 20 of the GDPR, with regard to:
• your personal data processed for [1];
objection to the processing of your personal data processed, pursuant to art. 21, p. 1 of the GDPR, with regard
to:
• your personal data processed for [3].
IV.b) Your right (exercisable as Data Subject) to revoke any consent you may have given:
[1]: you may revoke any consent you may have given to the Data Controller for this processing purpose at any time, including by using the relevant function in the so-called footer of each relevant email received.
IV.c) Your right (exercisable as Data Subject) to lodge a complaint with
a competent Supervisory Authority:
In addition to being able to lodge a judicial appeal with the competent judicial Authority, pursuant to art. 79, p. 1 of the GDPR, you can lodge a complaint with the Italian Supervisory Authority (Guarantor for the protection of personal data) - at ‘https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524’ - or with the national Supervisory Authority operating within the territory of the European Union State in which you reside and/or work, qualified in any case as a competent Supervisory Authority, pursuant to art. 77, p. 1 of the GDPR, in the event of your detection of the original or subsequent presence of a violation of the GDPR. during the processing of your personal data for one or more purposes of the processing indicated in “Purposes of the processing of your personal data”.
V) Nature of the communication preparatory to the processing of your personal data:
[1]: neither pre-contractual obligation or contractual obligation nor legal obligation, but possibility for the Data Controller to pursue the advertising of its business activity on its own part.
Date: 23 / 06 / 2024
The legal representative of the Data Controller: Sonia Mosetti