Version: 2 - Policy date: 01/12/2022
We provide below the information that must be brought to your attention.
We respect your Privacy; therefore we have committed to protecting the Personal Data according with the normative, including the Regulation (EU) 2016/679 of the European Parliament and the Council (GDPR).
1. Data Controller and Data Processor
FUTURE COSMETICS SRL
Headquarters: Via Luigi Giovè, 16 24060 Sovere (BG) - ITALY
E-mail address: firstname.lastname@example.org
2. Types of Data Collected
- Name, surname, e-mail address, telephone number, address (ZIP code, city);
- Further information requested for the Professional: company name, VAT identification number and position in the company;
- Bank details and others data necessary to the management of the contractual obligations.
Unless specified otherwise, all Data requested by this Site are mandatory.
If the Customer/User refuse to communicate these Data, it may be impossible for this Site to provide its services. In cases when this Site indicates some Data as optional, the Customer/User may refrain from disclosing them, without consequences on the availability of the service or its operativity.
The Customer/User is responsible for any third-party Personal Data obtained, published or shared through this Site and confirms to have the right to communicate or divulge them, releasing the Data Controller of any responsibility towards third parties.
3. Processing of Data Collected
3.1 Data Processing Methods
The Data Controller takes all the appropriate security measures to prevent unauthorised disclosure, access, alteration or destruction of Personal Data.
The Data Processing is carried out using computers and/or IT enabled tools, following organizational processes, strictly related to the purposes indicated.
3.2 Disclosure of Personal Data
One of our core values is treating the Customer/User's Data with the utmost care and confidentiality.
In addition to the Data Controller, in some cases, the Data may be accessible to other individuals in charge, involved with the management of this Site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Data Controller.
These third parties can handle the Personal Data of the Customer/User solely to deliver their services. By contractual agreement, they are prohibited from using Personal Data in any other purpose than required. Therefore, we take all the measures necessary to guarantee that our Data Processors preserve and protect the confidentiality of Data.
3.3 Purposes of Data Processing
The Data of the Customer/User are stored and processed in order to give support through the Customer Care, send communications about products/services and promotions, including possible related activities, although necessary.
The Data Collected are used to purposes such as market researches, data analysis, website's improvements and development of new products/services. In this case, we anonymise and aggregate the Data, so that the Customer/User cannot be identified.
3.4 Legal basis
The Data Controller may process the Personal Data of the Customer/User, if one of the following conditions subsist:
- When the Customer/User purchases an item on our online shop, creates an account with us or enters into any other form of agreement with us, we will process the Personal Data of the Customer/User for that specific purpose.
The Personal Data may be processed also, in the case the Customer/User has pre-contractual requests or similar;
- The Data Processing is necessary for compliance with a legal obligation to which the Data Controller is subject (or third parties);
- The Data Processing of Personal Data (name and e-mail address) of the Customer/User is necessary for marketing purposes. It's our legitimate interest to understand better the preferences of the Customer/User, so that we can customise our offering, with products/services that meet your specific needs;
- The Data Processing of Personal Data of the Customer/User may be carried out for the purposes of data analysis.
3.5 Place and Transfer of Personal Data outside the European Union
The Data are processed at the premises of the Data Controller and in any other place where the Data Processors are located.
The Personal Data of the Customer/User may be transferred to a country other than that in which the Data Controller is located.
We transfer, process and store information outside our country of residence, wherever we or our third-party service providers are located, in order to provide products/services of high quality.
Each time we transfer Data, we take appropriate measures to protect them.
3.6 Retention Periods of Personal Data
The Data of the Customer/User are kept and stored for the time necessary for the purposes for which they were collected:
- For purposes related to the performance of a contract between the Data Controller and the Customer/User, the Data will be retain until the contract has been fully performed;
- The Data Controller could be obliged, or face the necessity, to store the Data for a longer period in order to fulfill legal and normative requirements, solve litigations, detect any malicious or fraudolent activity or to apply terms and conditions, even after the Customer/User has closed their account or the services are no longer required;
- The Data Controller retains the Data as long as the account of the Customer/User exist or for the period necessary to provide products/services or in case the Customer/User contacts the Customer Care for the time necessary to generate solely analysis on trends and reports on the assistance;
- For the purposes of direct marketing: sending of commercial and promotional communications about products/services offered by the Data Controller, notification of company events, in addition to understand the level of the customer satisfaction, carry out market surveys and statistical analysis, with the revocable consent of the Customer/User at any time.
At the end of the retention time, the Personal Data will be canceled, destroyed or anonymised; consequently the right to access, amend, delete and the right to data portability cannot be exercised by the Customer/User.
4. Details about Data Processing
The Personal Data are collected for the following purposes and using the following services:
4.1 Contact Form (this Site)
Filling in the contact form with their Personal Data, the Customer/User agrees to the use of the information provided, in response to requests for information, estimate, or any other kind of request indicated by the heading of the form.
Data Collected: name, surname, e-mail address, position in the company, telephone number.
4.2 Phone Contact (this Site)
The Customer/User that provides their telephone number may be contacted for commercial or promotional purposes related to this Site, as well as to fulfill support requests (Customer Care).
Data Collected: telephone number.
4.3 Purchase of products/services and payment methods (this Site)
The Personal Data are being used to provide services to the Customer/User or for the selling of products, including the payment and the possible delivery; information such as name, surname, e-mail address, address, telephone number and tax code.
The Data Processing of such Data is necessary for:
- Ensuring the payment method like credit card, bank account (used for the bank transfer) or other payment methods expected. The payment details collected by this Site depend from the payment method used;
- Managing possible returns or refunds;
- The delivery of products purchased at the address provided by the Customer/User;
- Providing assistance on issues linked to the performance of the contract;
- Preventing and detecting frauds against the Customer/User or the Data Controller.
Paypal is the online payment service provided by PayPal Inc which allows the Costumer/User to make online payments.
4.4 Social Networks Plug-ins
This Site provides social media plug-ins for Facebook and Instagram.
By clicking on the Facebook or Instagram plug-in from this Site, the browser establishes a direct connection to the Facebook or Instagram server. The information related to the visit of this Site will be transmitted and stored on Facebook or Instagram server.
If the Customer/User does not want to transmit these Data, the Customer/User must log out of their social media accounts before accessing this Site.
4.5 Services of noncontinuous Geolocation (this Site)
This Site employs gelocation services to assist the Customer/User in locating the nearest MYVEG salon.
The Customer/User can enable and disable their location services in their device or browser settings. Solely after the authorization of the Customer/User, this Site can receive information on their location, in a noncontinuous way, such as GPS signals sent by a mobile device or information that can be used to approximate a location.
Personal Data collected: location information.
4.6 Server Log Files
During the browsing, this Site and related possible third-party services may collect certain Data that are sent from the browser of the Customer/User to our server.
These Data are useful to improve the Customer/User experience on this Site.
These Data may include:
- Date and time of the visit;
- URL link;
- Pages visited and Customer/User's navigation on this Site;
- Information on the browser used.
5. Rights of the Customer/User
The Customer/User may exercise certain rights regarding their Data processed by the Data Controller in order to:
- Access their Data that are being processed by the Data Controller and obtain a copy of the Data undergoing processing. This right is limited to the time Data are kept by the Data Controller, once these Data will be anonymised or canceled, it cannot be possible to consult them and allow their access.
- Request correction and seek rectification of their Data collected by the Data Controller (although, most likely, Data can be modify in their personal account of this Site);
- Reguest the erasure of their Data or the interruption of their Usage or Collection, under certain circumstances;
- Request the interruption of commercial and promotional communications;
- Withdraw their consent at any time to the Processing of their Personal Data, for actitivities not necessary;
- Receive their Data in a structured, commonly used and machine-readable format ("data portability") and to have it transmitted to another Data Controller without any hindrance;
- Lodge a complaint with the Italian Data Protection Authority (GDPR), contactable through the contacts indicated at the following site http://www.garanteprivacy.it;
- Object to the Processing of their Data, the Customer/User has the right to object to the Processing of their Data if the processing is carried out on a legal basis other than consent e.g. marketing purposes at any time, without providing any explanantion;
The Customer/User may exercise their rights, sending a request to the e-mail address of the Data Controller indicated in this document.
The requests sent are free of charge and will be processed by the Data Controller in the shortest time, however within one month.
6. "Do Not Track" requests
This Site does not support “Do Not Track” requests. To determine whether any of the third-party services employed support the “Do Not Track” requests, please consult their Privacy Policies.
Possible changes will be published on this page; please consult it regularly.
If modifications are made that affect processing operations whose legal basis is consent, the Data Controller undertakes to gather the Customer/User's consent again.
LAST UPDATED: JUNE 2020