Privacy Policy

INFORMATION FOR THE PROCESSING OF PERSONAL DATA
( EUROPEAN REGULATION 2016/679)
personal data collected pursuant to art. 13 GDPR

Cosmetica s.r.l., in the person of the legal representative pro tempore, with registred office in Milan (MI) in via Brera n. 6, VAT 09198410962, hereinafter OWNER, as Data Controller, informs you, pursuant to Article 13 of EU Regulation no. 2016/679, hereinafter GDPR, that your data will be processed in the manner and for the following purposes:

1) identity and contact details of the data controller and the data protection officer: Data Controller through the website www.diegodallapalma.com is Cosmetica s.r.l., in the person of the legal representative pro tempore, current in Milan (MI) in via Brera n. 6, P.Iva 09198410962, which can be contacted at pec cosmetica@legalmail.it . You can also contact the Data Protection Officer, D.P.O., Lawyer Enrica Vasini, C.F. VSNNRC78M45C573E, who can be contacted at the email enrica.vasini@ordineavvocatirimini.it. You can contact the data controller and the D.P.O. to exercise the rights recognized to the interested party by the GDPR and to know the updated list of all the data processors, both internal and external, sub-data processors and persons in charge of processing.

2) object of the processing: while browsing the site www.diegodallapalma.com the owner processes navigation and connection data, such as the IP address of the navigator. The simple navigation on the site does not involve any registration, while the use of cookies is provided, both own and third-party, for which reference is made to the cookie policy on the site www.diegodallapalma.com. Access to a reserved area, on the other hand, involves a registration by entering and using an email and a password chosen by the user, which can be remembered through a technical cookie, against the collection of consent by the navigator. The provision of personal data to receive information on the products and services of the owner in the appropriate reserved areas involves the provision of personal data, and the related provision of data is optional but failure to provide it will make it impossible for the owner to provide further information requested by the interested party. The provision of personal data where to deliver the ordered goods is optional but not providing the aforementioned data makes it impossible to process the order.

3) Purpose of the processing and legal basis. Your data are processed:
A) Only with your specific and distinct consent (Article 6 letter a) GDPR), informing you that you may at any time revoke the consent previously given, it being understood that for the processing carried out in the presence of explicit consent means the lawfulness of the processing until the withdrawal of consent, for the following marketing purposes:
-send you emails, mail and / or sms, and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller, and detection of the degree of satisfaction with the quality of services, by providing their personal data and related requests for information on products and services offered by the owner, data collection carried out through the site www.diegodallapalma.com by accessing the restricted areas in which you will be asked to enter your personal data and your email and express your consent to the aforementioned treatments.

B) Only with your specific and distinct consent (Article 6 letter a) GDPR), informing you that you may at any time revoke the consent previously given, it being understood that for the processing carried out in the presence of explicit consent we mean the lawfulness of the processing until the revocation of the consent, for the following statistical, analysis and marketing purposes: third-party cookies operate on the site, which are independent data controllers of the data they collect while browsing.
One such third party is Google Ireland Limited. You can decide in the initial cookie banner whether or not to give consent to the processing. With regard to the information on the processing carried out by these third parties and your rights, click on the following link: https://policies.google.com/technologies/partner-sites and decide whether or not to give consent, it being understood that you can always revoke it by changing your preferences on the site.

C) Only with your specific and distinct consent (Article 6 letter a) GDPR), informing you that you may at any time revoke the consent previously given, it being understood that for the processing carried out in the presence of explicit consent we mean the lawfulness of the processing until the revocation of the consent, as regards, while browsing the site www.diegodallapalma.com, the use of cookies, as better highlighted inthe cookie policy on the site. There are different types of cookies, which require acceptance by the user / navigator. The user has the possibility not to accept the use of cookies by selecting the appropriate banner settings that appears at the beginning of navigation on the aforementioned site.

D) For the execution of a contract (sale and shipment of the products ordered by you) (art. 6 letter b) GDPR), if, while browsing the site www.diegodallapalma.com, you request the sending of the goods you order to your home or other domicile indicated by you.

E) Only with your specific and distinct consent (Article 6 letter a) GDPR), informing you that you may at any time revoke the consent previously given, it being understood that for the processing carried out in the presence of explicit consent means the lawfulness of the processing until the revocation of the consent, for the following purposes: data collection of the interested party in order to evaluate a professional collaboration, by sending resumes on the website www.diegodallapalma.com in the "work with us" section.

4) processing methods: the processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2 GDPR, and precisely: collection, registration, organization, structuring, storage, adaptation and modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison, interconnection, limitation, cancellation, destruction, portability at your request. Your personal data are subject to both paper and electronic and / or automated processing. Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. As per your right, automated processing, including profiling, which produces legal effects concerning you or similarly affecting your person, will not be based solely on the aforementioned automated processing, unless it is necessary for the conclusion or execution of a contract between the data subject and a data controller, or unless there is an explicit consent of the data subject. We inform you that specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.

5) any recipients or categories of recipients of personal data
The data collected are used only to process the services requested by the user, such as accessing reserved areas to use the related services and advice. The data provided on these occasions by the user will not be further communicated except to persons or companies duly authorized by the Data Controller (internal and / or external data processors, sub-processors, persons in charge of processing) and may not be disclosed without your consent. Without the need for your express consent, the owner may communicate your data for the purposes referred to in art. 3 A) 3) B 3 C) 3 D) of this information to Supervisory Bodies, Judicial Authorities as well as to all those subjects to whom the communication is mandatory by law and for the fulfillment of the aforementioned purposes.
These subjects will process the data in their capacity as independent data controllers. The data may be transferred to a third country OUTSIDE the EU to third parties for the sole purposes indicated above and in full compliance with the processing expressed by the User. The person in charge of the treatment Extera srl is based in a non-EU country as indicated in the personal data of the site. In order to safeguard the right that the European Union considers fundamental, it is necessary that the data collected within the European territory are transferred to international organizations or non-EU countries according to the stringent rules established by Chapter V of the EU Regulation: the transfer must take place in compliance with the principles underlying proper processing and in the presence of sufficient and adequate guarantees to protect all interested parties. The data controller guarantees, pursuant to art. 46 and 48 EU Regulation 2016/679, that the transfer to third parties residing in non-EU countries will take place in compliance with these rules, in particular the provisions of Article 46 paragraph 3 letter A) of the GDPR.

6) storage times of the personal data of the interested party.
The Data Controller will process personal data for the times defined by the reference legislation, which are specified below, pursuant to art. 13 GDPR: ten years for the data referred to in point 3) A. Until the end of the session for the data referred to in point 3 B) without prejudice to the processing by the co-owner of the treatment to be identified in Google Ireland Limited and for which reference is made to their cookie policy referred to in the link highlighted above. For the data referred to in point 3 C) up to the duration of the cookie, better specified in the cookie policy on the site. For the data referred to in point 3) D the storage time is 10 years. Data referred to in point 3) And until the evaluation of the collaboration proposal. After the evaluation, whether positive or negative, the retention period by the owner will end

7) Rights of the interested party
The interested party has the right to ask the Data Controller for access to the personal data held by the latter, the correction or cancellation of the same, or the limitation of the processing that concerns him, or to oppose the processing of personal data and has the right to request the portability of the personal data held by the owner.

8) Consent given and its revocation
If the processing is based on explicit consent for one or more specific purposes of the interested party, pursuant to Article 6 paragraph 1 letter A) or on the explicit consent of the interested party pursuant to art. 9 paragraph 2 letter A) for one or more specific purposes of the interested party, we inform you that it is the right of the interested party to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.

9) Right to lodge a complaint with a supervisory authority
The Data Controller informs the interested party that, if he finds in the processing of his data unlawfulness, lack of transparency, lack of correctness of the owner, or any other irregularity pursuant to the GDPR, it is his right to lodge a complaint with the Supervisory Authority (Guarantor for the protection of personal data) or to take legal action

10) Nature of the provision of personal data and consequences of any refusal to provide them.
The provision of personal data is optional, except in specific cases where there is a legal obligation. Any refusal to provide them will make it impossible to provide information on the products and services of the Data Controller referred to in point 3 A) of this information.

11) profiling
The Data Controller informs you that your personal data will not be processed by means of an automated decision-making process (including profiling) without express consent from the user. For the processing of data by third-party cookies, independent data controllers, please refer to their privacy policy and cookie policy regarding the profiling or not-profiling of the user.