INFORMATION NOTICE - CUSTOMER AREA
This policy is drafted pursuant to and for the purposes of art. 13 of EU General Data Protection Regulation 2016/679 (GDPR) and Art. 130 of the Italian Privacy Code
WHY ARE WE PROVIDING YOU WITH THIS INFORMATION?
1.WHO IS THE DATA CONTROLLER? HOW TO CONTACT THE DATA CONTROLLER?
The Data Controller is Skinlabo Srl, with registered office in Turin (Italy) Postal Code 10122 - Via Pietro Micca No. 20, represented by its Pro Tempore Legal Representative, who can be contacted for any information at the following e-mail address privacy@skinlabo.com
HAS A DATA PROTECTION OFFICER BEEN APPOINTED? WHAT ARE THE DPO’S CONTACT DETAILS?
Skinlabo Srl has appointed its Data Protection Officer (DPO) pursuant to Articles 37, 38 and 39 of the GDPR. The DPO can be contacted at the Data Controller's premises indicated above and by e-mail at the following e-mail address dpo.skinlabo@dpoprofessionalservice.it
2.TYPE OF DATA THAT CAN BE PROCESSED
Personal data: means any information relating to an identified or identifiable natural person ('Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. PURPOSE OF PROCESSING, LAWFULNESS OF PROCESSING, DATA RETENTION PERIOD, NATURE OF DATA PROVISION
PURPOSE OF DATA PROCESSING A
A) CUSTOMER AREA, to access one's own user account/to register/to manage one's own user profile.
LAWFULNESS OF PROCESSING: data processing is necessary for the management of a contract to which the data subject is party or for the management of pre-contractual measures taken at the data subject's request (Recital 44) Art. 6 (1) (b) GDPR.
DATA RETENTION PERIOD: until the end of the contract or until cancellation of the contract, in any case for the time required to disable/clear credentials.
NATURE OF DATA PROVISION: the provision of personal data is necessary. Failure to provide the necessary personal data will result in the impossibility of accessing one's own user account.
PURPOSE OF DATA PROCESSING B
B) HANDLING OF YOUR REQUESTS and of requests from other data subjects, pursuant to Art. 15 et seq. of the GDPR (data subject’s rights).
LAWFULNESS OF PROCESSING: data processing is necessary for compliance with a legal obligation to which the Data Controller is subject (Recital 45) Art. 6 (1)(c) GDPR.
DATA RETENTION PERIOD: 5 years after closing of the request, except in the event of litigation.
NATURE OF DATA PROVISION: the provision of personal data is mandatory as it is required for the fulfilment of all legal obligations.
PURPOSE OF DATA PROCESSING C
C) Dispute prevention and management and other legal aspects and for representation in legal proceedings.
LAWFULNESS OF PROCESSING: data processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Recitals 47-50)
Art. 6 (1) (f) GDPR.
DATA RETENTION PERIOD: 10 years, except in the event of objection to the processing and for the necessary time for representation in legal proceedings.
NATURE OF DATA PROVISION: the provision of personal data is necessary. Failure to disclose personal information shall be balanced with the legitimate interest of the Data Controller specified in the purposes of this section.
4. TO WHICH RECIPIENTS OR CATEGORIES OF RECIPIENTS WILL PERSONAL DATA BE DISCLOSED?
DATA RECIPIENTS
Personal data will not be disseminated. The personal data provided may be disclosed to recipients, who shall process them in their capacity as Autonomous Data Controllers or Data Processors (Art. 28 GDPR) and/or as individuals (natural persons) operating under the authority of the Data Controller and Data Processors (Art. 29 GDPR) on the basis of specific instructions given on the purposes and methods of processing. More specifically, data may be transferred to recipients in the following categories:
- entities/parties that, even only occasionally, manage the Data Controller’s Website or give advice/assist the Data Controller in managing the Website; - companies providing e-mailing marketing services; - market research firms; - companies providing after-sales and consumer services; - shipping and trucking companies; - firms or companies with headquarters in Italy within the context of assistance and consultancy relationships; - competent authorities who enforce the law and/or regulations issued by public bodies, upon request.
5. IS THERE A TRANSFER OF PERSONAL DATA TO A COUNTRY OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)?
Personal data are managed and stored in data centers in Europe. Transfers of personal data to countries outside the European Economic Area (EEA) may only take place when the conditions laid down in the applicable legislation are complied with and when an adequate level of data protection is offered by those countries. For information on guarantees regarding the transfer of personal data outside the EEA please write to privacy@skinlabo.com
6. IS THERE ANY AUTOMATED DATA PROCESSING?
Personal data will be subject to traditional manual, electronic and automated processing. Please note that no fully automated decision-making processes are carried out.
7. RIGHTS OF THE DATA SUBJECTS
You shall be able to exercise your rights under Articles 15 et seq. GDPR by contacting the DPO by e-mail at the e-mail address dpo.skinlabo@dpoprofessionalservice.it or by contacting the Data Controller at the e-mail address privacy@skinlabo.com. You shall have the right to obtain at any time from the Data Controller access to your personal data (Art. 15), their rectification (Art. 16) or erasure (Art. 17), as well as the restriction of their processing (Art. 18). The Data Controller shall inform (Art. 19) each of the recipients to whom the personal data have been transferred of any rectification or erasure or restriction of processing carried out. The Data Controller shall inform the data subject of these recipients if the data subject so requests. Where envisaged, you shall have the right to the portability of your personal data (Art. 20), and if you so wish, the Data Controller shall provide you with the personal data concerning you in a structured, commonly used and machine-readable format.
Moreover, you shall have the right to object at any time (Art. 21) to the processing of your personal data based on the legitimate interest by writing to the contacts listed above with the 'objection to processing’ subject line and, when processing is based on consent, you shall have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
In the event that you consider that the processing of your personal data carried out by the Data Controller is in breach of the provisions of Regulation (EU) 2016/679, you shall have the right to lodge a complaint with the Data Protection Authority (*) of the Member State in which you are habitually resident or work or of the place where the alleged violation took place (* the Italian Data Protection Authority is called Garante Privacy and it can be contacted at https://www.garanteprivacy.it/). Moreover, you shall have the right to take appropriate legal action.
8. AMENDMENTS TO THE PRIVACY POLICY
The Data Controller reserves the right to amend, update, add or remove parts of this Privacy Policy. In order to facilitate this review, the policy will contain an indication of the date on which it was updated.
Updated on: November 11, 2024