Information on the processing of Personal Data in accordance with Article 13 of the European Regulation (EU) 2016/679
This information is provided pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation" or "GDPR") and describes how the personal data of users who consult and use this website, accessible at https://procosmet.com/(hereinafter also referred to as the "Site"), is processed.
The Data Controller is the Procosmet S.r.l., via della Solidarietà n. 29/A, 40056 Crespellano (BO), P.I. 02883540243 hereinafter referred to as "Data Controller".
Following consultation of the Site, data relating to the user who accesses the site (defined "interested party" as an identified or identifiable natural person) may be processed.
The Data Controller can be contacted at the email address: firstname.lastname@example.org
Types of Data Collected, Purposes and Legal Basis.
Personal Data may be collected autonomously by the Data Controller or through third parties. In this case, the computer systems and software procedures in charge of the operation of this Site acquire certain Personal Data of the Users, of a technical-informatics nature (e.g. IP address, type of browser used, operating system, domain name and addresses of websites from which access or exit was made, etc.), the transmission of which is inherent to the normal operation of the Internet. Such Data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the site and/or to check its correct functioning and will be deleted immediately after processing.
The Data that the User chooses to voluntarily provide is collected to enable the Website to provide its services, as well as to the following Purposes:
A. Contact from the User by filling out the Form.
The optional, explicit and voluntary sending of communications through the completion of the form on the site involves the subsequent acquisition of the data communicated by the user, including their e-mail address or telephone number and consent to receive any messages in response to their requests.
In this case, the provision of the e-mail address and any other data that may be indicated is optional, but essential in order to take advantage of the service and receive a response to your request and, in their absence, we will not be able to proceed with processing.
The personal data thus provided are used for the sole purpose of fulfilling or responding to the transmitted requests and are disclosed to third parties only if this is necessary for that purpose. The data are kept for the period necessary for the purpose of fulfilling the request and in accordance with current legislation.
Legal Basis: The processing is carried out for the fulfillment of a contractual and pre-contractual obligation assumed by the Controller with the service (Art. 6, par. 1 lett.b).
Retention: The Data voluntarily provided by the user are kept for the period necessary for the purpose of fulfilling the request and as permitted by current legislation and any contractual obligations that may have arisen.
B. Newsletters and commercial/promotional communications.
Where explicitly requested by the user, it is possible to give their contact data in order to receive communications of a commercial and/or informational nature with regard to the activity of the Owner in reference to the site consulted and the products offered.
Legal Basis: processing is carried out on the basis of the explicit consent of the data subject (Art. 6(1)(a)).
Retention: the data provided will be retained for the period necessary to carry out the activity for which they were conferred and in any case, specifically for the purposes described above, no longer than two years for as expressly provided by law (unless renewed consent by the interested party use for other purposes as provided by the regulations in force).
- Soft spam activities
The Data Controller may send by e-mail to the User promotional communications having as their object Products and/or Services similar to those already purchased or re-propose the same without the need for the express and prior consent of the User ex art. 130, 4 paragraph, Privacy Code, provided that the user does not exercise the right of opposition.
Legal Basis: This processing is based on Article 130, 4 paragraph, of the Privacy Code as amended by Legislative Decree No. 101 of 2018.
How and where the collected Data is processed
Modes of processing
The Data Controller processes Users' Personal Data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out by means of computer and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes. In addition to the Data Controller, in some cases, categories of employees involved in the organization of the site (administrative, commercial, legal, system administrators) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller may have access to the Data.
External parties appointed as External Data Processors include business Partners (the suppliers).
The updated list of Data Processors can always be requested from the Data Controller.
Place and Times
The Data are processed at the operating offices of the Data Controller and in any other place where the parties involved in the processing are located. The Data are processed for the time necessary to perform the service requested by the User, or required by the purposes described in this document, and the User can always request the interruption of the Processing or the deletion of the Data.
Transfer of Data
Personal Data is not transferred abroad.
Rights of Data Subjects
Data subjects - the identified or identifiable natural persons to whom the data relate - may exercise specific data protection rights, set out in the following list:
(a) right of access: right to obtain confirmation from the Data Controller that personal data is or is not being processed, and if so, to obtain access to personal data and detailed information regarding the origin, purposes, categories of data processed, recipients of communication and/or transfer of data, and more;
b) Right to rectification: the right to obtain from the Controller the rectification of inaccurate personal data without undue delay, as well as the supplementation of incomplete personal data, including by providing a supplementary statement;
c) right to erasure ("oblivion"): right to obtain from the Data Controller the erasure of personal data without undue delay in the event that: i. the necessary data are no longer required in relation to the purposes of the processing; ii. the consent on which the processing is based is withdrawn and there is no other legal basis for the processing; iii. the personal data have been processed unlawfully; iv. the personal data must be erased in order to comply with a legal obligation;
d) right to object to processing: the right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Data Controller;
e) right to restriction: right to obtain from the Data Controller the restriction of processing, where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has objected to the processing;
f) right to data portability: right to receive in a structured, commonly used and machine-readable format personal data and to transmit such data to another Data Controller, if technically feasible, only for cases where the processing is based on consent or contract and only for data processed by electronic means;
(g) right to lodge a complaint with the supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing concerning him or her is in breach of the Regulation shall have the right to lodge a complaint with the supervisory authority of the Member State where he or she resides or habitually works, or of the State where the alleged breach occurred.
Rights may be exercised by contacting the Controller at the following addresses: email@example.com
FACEBOOK AUTHENTICATION (FACEBOOK, INC.)
Facebook Authentication is a registration and authentication service provided by Facebook, Inc. and linked to the social network Facebook.
GOOGLE OAUTH (GOOGLE INC.)
Google OAuth is a registration and authentication service provided by Google Inc. and connected to the Google network.
REMARKETING AND BEHAVIORAL TARGETING
These services allow this website and its partners to communicate, optimize and serve advertisements based on your past use of this website.
FACEBOOK REMARKETING (FACEBOOK, INC.)
Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, Inc. that links this website's activity with the Facebook advertising network.
Personal data collected: Cookies and Usage Data.
REMARKETING GOOGLE ADS (GOOGLE INC.)
Remarketing Google Ads is a remarketing and behavioral targeting service provided by Google LLC or Google Ireland Limited, depending on where Procosmet Italy is used, which links Procosmet Italy's activity with the Google Ads advertising network and the DoubleClick Cookie. Users can opt out of Google's cookies for ad personalization by visiting Google's Ads Settings.
Personal Data Processed: Cookies; Usage Data.
Payment processing services allow the Site to process payments by credit card, wire transfer or other means. The data used for payment is acquired directly from the operator of the requested payment service without being processed in any way by this Site.
Some of these services may also allow scheduled messages to be sent to the User, such as emails containing invoices or notifications regarding payment.
PayPal is a payment service provided by PayPal Inc. that allows Users to make online payments using their PayPal credentials.
STRIPE (STRIPE INC)
Stripe is a payment service provided by Stripe Inc.
GPAY (GOOGLE INC)
GPay is a payment service provided by Google Inc.
SHOP PAY (SHOPIFY)
Shop Pay is a payment service provided by Shopify.
DISPLAYING CONTENT FROM EXTERNAL PLATFORMS
These services allow you to view content hosted on external platforms directly from the pages of this website and interact with them.
Where such a service is installed, it is possible that, even if Users do not use the service, it may collect traffic data related to the pages where it is installed.
YOUTUBE VIDEO WIDGET (GOOGLE)
Youtube is a video content display service operated by Google Inc. that allows this website to integrate such content within its pages.
Personal data collected: Cookies and Usage data.
GOOGLE FONTS (GOOGLE INC.)
Google Fonts is a font style display service operated by Google Inc. that allows this website to integrate such content within its pages.
Personal data collected: Cookies and Usage data.
GOOGLE MAPS WIDGET (GOOGLE INC.)
Google Maps is a map display service operated by Google Inc. that allows this website to integrate such content within its pages.
Personal data collected: Cookies and Usage data.
INSTAGRAM WIDGET (INSTAGRAM, INC.)
Instagram is an image display service operated by Instagram, Inc. that allows Procosmet Italy to integrate such content within its pages.
Personal data processed: Cookies; Usage Data.
PLATFORM AND HOSTING SERVICES
These services are intended to host and operate key components of Procosmet Italy, making it possible to deliver Procosmet Italy from a single platform. These platforms provide the Owner with a wide range of tools such as, for example, analytical tools, user registration management, comment and database management, e-commerce, payment processing etc. The use of such tools involves the collection and processing of Personal Data. Some of these services operate through servers located geographically in different locations, making it difficult to determine the exact location where Personal Data is stored.
SHOPIFY (SHOPIFY INC.)
Shopify is a platform provided by Shopify Inc. that enables the Data Controller to develop, operate and host a website dedicated to e-commerce.
MORE INFORMATION ABOUT PERSONAL DATA
GOOGLE SEARCH CONSOLE
Google Search Console is a website diagnostics and data analysis service offered by Google Inc.
If the User gives his consent to such processing, the Data Controller may save and use the Personal Data acquired under this document, and in particular the data related to purchasing behavior, to create profiles related to Users, in order to send commercial and/or promotional messages in line with the preferences expressed by the latter, including during their browsing activities on Procosmet Italy. The User will always have the possibility to revoke their consent to the profiling activity simply by sending an email to the contact details contained in this document.
Provides access to Insight data for pages, applications and domains that the User owns.
In case a social network interaction service is installed, it is possible that, even in case Users do not use the service, it collects traffic data related to the pages where it is installed.
MCHECKOUT (WEBLOUDSPEAKER PVT LTD)
mCheckout is a checkout service that allows payment in idioms other than Italian (e.g. English) and in Stripe-supported currencies other than Euro.
The data used for payment is acquired directly from the operator of the requested payment service without being processed in any way by mCheckout.
ADDITIONAL INFORMATION ON PROCESSING
DEFENSE IN COURT
The User's Personal Data may be used for the defense by the Owner in court or in the preparatory stages of its possible establishment, from abuse in the use of the same or related services by the User.
The User declares that he/she is aware that the Data Controller may be required to disclose the Data at the request of public authorities.
SYSTEM LOGS AND MAINTENANCE
For needs related to operation and maintenance, this website and any third party services used by it may collect System Logs, i.e. files that record interactions and may also contain Personal Data, such as the User IP address.
Information not contained in this policy
More information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact information.
EXERCISE OF RIGHTS BY USERS
The subjects to whom the Personal Data refer have the right at any time to obtain confirmation of the existence or non-existence of the same at the Data Controller, to know its content and origin, to verify its accuracy or request its integration, deletion, updating, rectification, transformation into anonymous form or blocking of Personal Data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, its processing. Requests should be addressed to the Data Controller.
This website does not support "Do Not Track" requests. To find out whether any third-party services used support them, please consult their privacy policies.
DETAILS ABOUT THE RIGHT TO OBJECT
When Personal Data is processed in the public interest, in the exercise of public authority vested in the Data Controller, or in pursuit of a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.
Users should note that if their Data were processed for direct marketing purposes, they may object to the processing without providing any reasons. To find out whether the Data Controller processes Data with direct marketing purposes, Users may refer to the respective sections of this document.
HOW TO EXERCISE YOUR RIGHTS
To exercise the User's rights, Users may address a request to the contact details of the Controller indicated in this document. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
DEFINITIONS AND LEGAL REFERENCES
PERSONAL DATA (OR DATA)
Personal data is any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number.
These are the personal data collected automatically by the website (or by the third party applications that it uses), including: IP addresses or domain names of the computers used by the User who connects to the website, addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the length of time spent on each page) and the details of the itinerary followed within the website, with particular reference to the sequence of pages consulted, the parameters relating to the User's operating system and computer environment.
The individual who uses this website, who must coincide with or be authorized by the Data Subject and whose Personal Data is being processed.
The natural or legal person to whom the Personal Data refers.
Data Controller (or Processor)
DATA CONTROLLER (OR OWNER)
The natural person, legal entity, public administration and any other body, association or body responsible, even jointly with another owner, for decisions regarding the purposes, methods of processing of Personal Data and the tools used, including the security profile, in relation to the operation and use of this website. The Data Controller, unless otherwise specified, is the owner of this website.
PROCOSMET ITALY (OR THIS APPLICATION)
The hardware or software tool by which Users' Personal Data are collected and processed.
The Service provided by Procosmet Italy as defined in the relevant terms (if any) on this site/application.
EUROPEAN UNION (OR EU)
Unless otherwise specified, any reference to the European Union in this document shall be deemed to extend to all current member states of the European Union and the European Economic Area.
Cookies are Tracking Tools that consist of small portions of data stored within the User's browser.
Tracking Tool means any technology - e.g., Cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting - that enables tracking of Users, for example, by collecting or storing information on the User's device.