This notice describes the processing of personal data entered or collected on the website and is provided pursuant to Article 13 of EU Regulation 679/2016 (hereinafter "GDPR") and applicable national privacy and data protection legislation.


SKINLABO S.r.l.with registered office in 10122 - Turin, Via Pietro Micca, 20, C.F. and P. IVA 11541460017 in the person of its pro tempore legal representative Enrico Maria Tricarico (C.f. TRCNCM74H07A662R), registered with the Chamber of Commerce of Turin, at the REA no.: TO - 1221309, of the Register of Enterprises, e-mail: (hereinafter "Skinlabo" or the "Company" or "Owner").In the event that the Controller makes use of data processors or sub-processors pursuant to Article 28 GDPR, the updated list of data processors and persons in charge of the processing is kept at the Controller's registered office.


In compliance with Article 37 of the GDPR, the Data Controller has appointed a Data Protection Officer (DPO for short), who can be contacted at the following e-mail address



The types of personal data we collect depend on the purpose for which they are collected.

In general, we may collect the following types of personal data directly from you (hereinafter "Personal Data")

personal contact data, such as first name, last name, e-mail address, address, city, telephone number;

personal data directly provided by you through communications or attachments to communications (e.g. bank data, company data);

Usage, navigation, functional, session, statistical and profiling data, including the device identifier or the user's IP address, the time the user visits the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system. ) and other parameters relating to the user's operating system and computer environment;

The processing also involves operations, or a series of operations concerning data collected also through the use of cookies, the policy of which is reproduced in full, which can be viewed at the following link .





The processing of your Personal Data by the Controller takes place:

A) without your express consent (Art. 6 lett. b) - f) GDPR), for the following purposes:

- conclude contracts with the Controller;

- to fulfil pre-contractual, contractual and fiscal obligations arising from existing relationships;

- to fulfil the obligations provided for by law, by a regulation, by Community legislation or by an order of the Authority;

- to pursue a legitimate interest of the Data Controller or of a third party, provided that your interests or your fundamental rights and freedoms requiring the protection of personal data (e.g. the right of defence in court of the Data Controller) do not prevail;

B) Only after your specific and distinct consent (art. 6 lett. a) and art. 7 GDPR), for the following marketing purposes:

- to send via email, post and/or sms and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and detection of the degree of satisfaction on the quality of services;

C) Only with your specific and distinct consent (art. 6 lett. a) and art. 7 GDPR), for the following profiling purposes

- to send advertising communications, offers and promotions, via e-mail, post and/or sms and/or telephone contact, which are consistent with your interests and your consumer profile. Profiling will allow the Owner to customise the products and services offered to you in the best possible way. To this end, the Owner will evaluate the type and number of requests for information made, including through the website, purchases of goods or services made by you from the Owner, your personal and contact information (e.g. place of residence), as well as other information relating to you that is in our possession (e.g. your age and profession).

If you have denied your consent, it will not be possible to carry out the aforementioned activities under B) and/or C) and if you have given your consent to the processing activities under B) and/or C), you shall in any case have the right to withdraw your consent at any time.






Your Personal Data will be processed by the Data Controller only for the period of time necessary to achieve the purposes of the processing referred to in Article 3 above, after which it will be kept only in order to comply with the applicable legal obligations, for administrative purposes and/or to assert or defend a right and, in any case, not beyond the time limits set by law for the prescription of rights.

In particular, for marketing purposes, the User's Personal Data will be kept by the Controller for a maximum of two years, and for profiling purposes for a maximum of one year.



Personal Data are subject to both paper and electronic and/or automated processing for the time necessary to achieve the purposes for which they are collected by the Data Controller or by persons duly authorised and/or appointed to carry out such tasks, constantly identified and/or appointed, appropriately trained and made aware of the constraints imposed by law, as well as through the use of security measures to ensure the protection of confidentiality and to avoid the risks of loss or destruction, unauthorised access, unauthorised processing or processing that does not comply with the above purposes.


For the purposes indicated above, your collected data may be made accessible or communicated to:

- employees and collaborators of the Data Controller, in their capacity as authorised processors, within the scope of their respective duties and in accordance with the instructions received. These individuals are in any case subject to obligations of confidentiality and privacy;

- to third parties who perform outsourcing activities on behalf of the Data Controller to whom certain activities, or part of them, are entrusted that are functional to the provision and distribution of the services offered through the site (e.g. hosting companies, programmers, systems engineers and database administrators, technical assistance centres, Internet and telecommunications operators) or whose activities are connected, instrumental or supportive of those of the Data Controller (e.g. management and/or marketing software in the cloud, etc.);

- to all those public and/or private subjects, natural and/or legal persons (legal, administrative and fiscal consultancy firms, credit recovery companies, Judicial Offices, Chambers of Commerce, Chambers and Offices of Labour, etc.), if the communication is necessary or functional to the correct fulfilment of the contractual obligations undertaken, as well as the obligations deriving from the law;

- to all those subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative measures;

In any case, your personal data collected will not be resold or transferred to third parties for marketing purposes and will not be disseminated.




Your Personal Data will be processed and stored in Europe. However, it is understood that the Data Controller may, if necessary, process your Personal Data outside the EU (EEA). In this case, the Data Controller assures you that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.




This Site and the Controller do not knowingly collect Personal Data from children under 18 years of age. In accordance with applicable laws, the parental responsibility holder must provide consent to the collection of Personal Data from the child. In the event that Personal Data about minors are unintentionally recorded, the Controller will delete them in a timely manner upon request of the parental responsibility holder.


  • Pursuant to Articles 15 et seq. of the GDPR and the applicable national legislation on privacy and personal data protection, you have the right to:
  • obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed and if so, to obtain access to the personal data and the following information:
  • the purposes of the processing
  • the categories of personal data concerned
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
  • where possible, the period for which the personal data are to be stored or, if this is not possible, the criteria used to determine that period
  • the existence of the right of the data subject to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to the processing of personal data concerning him or her
  • the right to lodge a complaint with a supervisory authority;
  • where the data are not collected from the data subject, all available information on their source;
  • the existence of an automated decision-making process, including profiling.
  • Obtain from the Controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
  • Obtain from the Data Controller the deletion of personal data concerning him/her without undue delay and the Data Controller is obliged to delete personal data without undue delay within the limits and in the cases provided for by current legislation.
  • Obtain from the Controller the limitation of the processing.
  • Receive in a structured, commonly used and machine-readable format the personal data concerning him/her that he/she has provided to the Data Controller and has the right to data portability and thus to transmit such data to another data controller without hindrance by the data controller to whom he/she has provided them if the processing is based on consent or on a contract and the processing is carried out by automated means.
  • To object at any time, on grounds relating to his or her particular situation, to the processing of personal data relating to him or her if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or if the processing is necessary for the purposes of pursuing the legitimate interests of the Controller or of a third party.

If you believe that your rights have been violated by the Controller, you may lodge a complaint with the Italian Data Protection Authority (Piazza Venezia 11, 00187 Rome (RM) - and/or any other competent supervisory authority under the GDPR.

Following the exercise of the rights referred to in points 2), 3) and 4), the Data Controller shall inform each of the recipients to whom the personal data have been transmitted of any rectification or cancellation or limitation of processing within the limits and in the forms provided for by current legislation.

In order to exercise the rights listed above vis-à-vis the data controller, you may visit the following page  or submit a written request by sending a registered letter with return receipt to the address SKINLABO S.r.l., 10121 - Turin, Corso Galileo Ferraris 22 Bis, or by sending a pec to the address 11. WHAT HAPPENS IN THE EVENT OF CHANGES TO THE PRIVACY POLICY

This policy may be amended and/or updated at any time. If the Data Controller intends to process your Personal Data for purposes other than those envisaged in art. 3 above, it undertakes to provide you, prior to such further processing, with adequate information regarding such different purposes and to carry out such further processing in compliance with the regulations in force, collecting your specific consent where necessary.


This Privacy Policy was published on 12 July 2021. Any updates will be published on this page.