INFORMATION ON THE PROCESSING AND PROTECTION OF PERSONAL DATA
This notice describes the processing of personal data entered or collected on the https://skinlabo.com/ website and is provided pursuant to Article 13 of EU Regulation 679/2016 (hereinafter "GDPR") and applicable national privacy and data protection legislation.
SKINLABO S.r.l.with registered office in 10153 - Turin, Via Varallo 22/A, C.F. and P. IVA 11541460017 in the person of its pro tempore legal representative Angelo Muratore (C.f. MRTNGL71P19G273A), registered with the Chamber of Commerce of Turin, at the REA no.: TO - 1221309, of the Register of Enterprises, e-mail: email@example.com (hereinafter "Skinlabo" or the "Company" or "Owner").In the event that the Controller makes use of data processors or sub-processors pursuant to Article 28 GDPR, the updated list of data processors and persons in charge of the processing is kept at the Controller's registered office.
The Data Protection Officer ("DPO") appointed by the Data Controller pursuant to Articles 37 et seq. of the GDPR is Dr. Alessandra Ursano.
You can contact the DPO by sending an e-mail to: firstname.lastname@example.org
The types of personal data we collect depend on the purpose for which they are collected.
In general, we may collect the following types of personal data directly from you (hereinafter "Personal Data")
personal contact data, such as first name, last name, e-mail address, address, city, telephone number;
personal data directly provided by you through communications or attachments to communications (e.g. bank data, company data);
Usage, navigation, functional, session, statistical and profiling data, including the device identifier or the user's IP address, the time the user visits the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system. ) and other parameters relating to the user's operating system and computer environment;
The processing of your Personal Data by the Controller takes place:
Your Personal Data will be processed by the Data Controller only for the period of time necessary to achieve the purposes of the processing referred to in Article 3 above, after which it will be kept only in order to comply with the applicable legal obligations, for administrative purposes and/or to assert or defend a right and, in any case, not beyond the time limits set by law for the prescription of rights.
In particular, for marketing purposes, the User's Personal Data will be kept by the Controller for a maximum of two years, and for profiling purposes for a maximum of one year.
Personal Data are subject to both paper and electronic and/or automated processing for the time necessary to achieve the purposes for which they are collected by the Data Controller or by persons duly authorised and/or appointed to carry out such tasks, constantly identified and/or appointed, appropriately trained and made aware of the constraints imposed by law, as well as through the use of security measures to ensure the protection of confidentiality and to avoid the risks of loss or destruction, unauthorised access, unauthorised processing or processing that does not comply with the above purposes.
For the purposes indicated above, your collected data may be made accessible or communicated to:
- employees and collaborators of the Data Controller, in their capacity as authorised processors, within the scope of their respective duties and in accordance with the instructions received. These individuals are in any case subject to obligations of confidentiality and privacy;
- to third parties who perform outsourcing activities on behalf of the Data Controller to whom certain activities, or part of them, are entrusted that are functional to the provision and distribution of the services offered through the site (e.g. hosting companies, programmers, systems engineers and database administrators, technical assistance centres, Internet and telecommunications operators) or whose activities are connected, instrumental or supportive of those of the Data Controller (e.g. management and/or marketing software in the cloud, etc.);
- to all those public and/or private subjects, natural and/or legal persons (legal, administrative and fiscal consultancy firms, credit recovery companies, Judicial Offices, Chambers of Commerce, Chambers and Offices of Labour, etc.), if the communication is necessary or functional to the correct fulfilment of the contractual obligations undertaken, as well as the obligations deriving from the law;
- to all those subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative measures;
In any case, your personal data collected will not be resold or transferred to third parties for marketing purposes and will not be disseminated.
Your Personal Data will be processed and stored in Europe. However, it is understood that the Data Controller may, if necessary, process your Personal Data outside the EU (EEA). In this case, the Data Controller assures you that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
If you believe that your rights have been violated by the Controller, you may lodge a complaint with the Italian Data Protection Authority (Piazza Venezia 11, 00187 Rome (RM) - www.garanteprivacy.it) and/or any other competent supervisory authority under the GDPR.
Following the exercise of the rights referred to in points 2), 3) and 4), the Data Controller shall inform each of the recipients to whom the personal data have been transmitted of any rectification or cancellation or limitation of processing within the limits and in the forms provided for by current legislation.
This policy may be amended and/or updated at any time. If the Data Controller intends to process your Personal Data for purposes other than those envisaged in art. 3 above, it undertakes to provide you, prior to such further processing, with adequate information regarding such different purposes and to carry out such further processing in compliance with the regulations in force, collecting your specific consent where necessary.