INFORMATION FOR THE PROCESSING OF PERSONAL DATA
( EUROPEAN REGULATION 2016/679)
personal data collected pursuant to art. 13 GDPR
Cosmetica s.r.l., in the person of the legal representative pro tempore, with registred office in Milan (MI) in via Brera n. 6, VAT 09198410962, hereinafter OWNER, as Data Controller, informs you, pursuant to Article 13 of EU Regulation no. 2016/679, hereinafter GDPR, that your data will be processed in the manner and for the following purposes:
1) identity and contact details of the data controller and the data protection officer: Data Controller through the website www.diegodallapalma.com is Cosmetica s.r.l., in the person of the legal representative pro tempore, current in Milan (MI) in via Brera n. 6, P.Iva 09198410962, which can be contacted at pec email@example.com . You can also contact the Data Protection Officer, D.P.O., Lawyer Enrica Vasini, C.F. VSNNRC78M45C573E, who can be contacted at the email firstname.lastname@example.org. You can contact the data controller and the D.P.O. to exercise the rights recognized to the interested party by the GDPR and to know the updated list of all the data processors, both internal and external, sub-data processors and persons in charge of processing.
3) Purpose of the processing and legal basis. Your data are processed:
A) Only with your specific and distinct consent (Article 6 letter a) GDPR), informing you that you may at any time revoke the consent previously given, it being understood that for the processing carried out in the presence of explicit consent means the lawfulness of the processing until the withdrawal of consent, for the following marketing purposes:
-send you emails, mail and / or sms, and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller, and detection of the degree of satisfaction with the quality of services, by providing their personal data and related requests for information on products and services offered by the owner, data collection carried out through the site www.diegodallapalma.com by accessing the restricted areas in which you will be asked to enter your personal data and your email and express your consent to the aforementioned treatments.
B) Only with your specific and distinct consent (Article 6 letter a) GDPR), informing you that you may at any time revoke the consent previously given, it being understood that for the processing carried out in the presence of explicit consent we mean the lawfulness of the processing until the revocation of the consent, for the following statistical, analysis and marketing purposes: third-party cookies operate on the site, which are independent data controllers of the data they collect while browsing.
One such third party is Google Ireland Limited. You can decide in the initial cookie banner whether or not to give consent to the processing. With regard to the information on the processing carried out by these third parties and your rights, click on the following link: https://policies.google.com/technologies/partner-sites and decide whether or not to give consent, it being understood that you can always revoke it by changing your preferences on the site.
D) For the execution of a contract (sale and shipment of the products ordered by you) (art. 6 letter b) GDPR), if, while browsing the site www.diegodallapalma.com, you request the sending of the goods you order to your home or other domicile indicated by you.
E) Only with your specific and distinct consent (Article 6 letter a) GDPR), informing you that you may at any time revoke the consent previously given, it being understood that for the processing carried out in the presence of explicit consent means the lawfulness of the processing until the revocation of the consent, for the following purposes: data collection of the interested party in order to evaluate a professional collaboration, by sending resumes on the website www.diegodallapalma.com in the "work with us" section.
4) processing methods: the processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2 GDPR, and precisely: collection, registration, organization, structuring, storage, adaptation and modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison, interconnection, limitation, cancellation, destruction, portability at your request. Your personal data are subject to both paper and electronic and / or automated processing. Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. As per your right, automated processing, including profiling, which produces legal effects concerning you or similarly affecting your person, will not be based solely on the aforementioned automated processing, unless it is necessary for the conclusion or execution of a contract between the data subject and a data controller, or unless there is an explicit consent of the data subject. We inform you that specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
5) any recipients or categories of recipients of personal data
The data collected are used only to process the services requested by the user, such as accessing reserved areas to use the related services and advice. The data provided on these occasions by the user will not be further communicated except to persons or companies duly authorized by the Data Controller (internal and / or external data processors, sub-processors, persons in charge of processing) and may not be disclosed without your consent. Without the need for your express consent, the owner may communicate your data for the purposes referred to in art. 3 A) 3) B 3 C) 3 D) of this information to Supervisory Bodies, Judicial Authorities as well as to all those subjects to whom the communication is mandatory by law and for the fulfillment of the aforementioned purposes.
These subjects will process the data in their capacity as independent data controllers. The data may be transferred to a third country OUTSIDE the EU to third parties for the sole purposes indicated above and in full compliance with the processing expressed by the User. The person in charge of the treatment Extera srl is based in a non-EU country as indicated in the personal data of the site. In order to safeguard the right that the European Union considers fundamental, it is necessary that the data collected within the European territory are transferred to international organizations or non-EU countries according to the stringent rules established by Chapter V of the EU Regulation: the transfer must take place in compliance with the principles underlying proper processing and in the presence of sufficient and adequate guarantees to protect all interested parties. The data controller guarantees, pursuant to art. 46 and 48 EU Regulation 2016/679, that the transfer to third parties residing in non-EU countries will take place in compliance with these rules, in particular the provisions of Article 46 paragraph 3 letter A) of the GDPR.
6) storage times of the personal data of the interested party.
7) Rights of the interested party
The interested party has the right to ask the Data Controller for access to the personal data held by the latter, the correction or cancellation of the same, or the limitation of the processing that concerns him, or to oppose the processing of personal data and has the right to request the portability of the personal data held by the owner.
8) Consent given and its revocation
If the processing is based on explicit consent for one or more specific purposes of the interested party, pursuant to Article 6 paragraph 1 letter A) or on the explicit consent of the interested party pursuant to art. 9 paragraph 2 letter A) for one or more specific purposes of the interested party, we inform you that it is the right of the interested party to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.
9) Right to lodge a complaint with a supervisory authority
The Data Controller informs the interested party that, if he finds in the processing of his data unlawfulness, lack of transparency, lack of correctness of the owner, or any other irregularity pursuant to the GDPR, it is his right to lodge a complaint with the Supervisory Authority (Guarantor for the protection of personal data) or to take legal action
10) Nature of the provision of personal data and consequences of any refusal to provide them.
The provision of personal data is optional, except in specific cases where there is a legal obligation. Any refusal to provide them will make it impossible to provide information on the products and services of the Data Controller referred to in point 3 A) of this information.