What is the purpose of this notice?
This page describes how the website manages the processing of the personal data of the users that access it. Data processing is always based on principles of lawfulness and fairness in compliance with all applicable regulations in force (and therefore in accordance with the principles of necessity, fairness, lawfulness, transparency and protection of confidentiality) and with aims strictly related to the purposes pursued. The personal data subject to processing will be processed by Pettenon Cosmetics S.p.A. S.B. (hereinafter also referred to as the “Company”), also considering technological innovations so as to minimise, by means of appropriate preventive security measures, the risk of their destruction or loss, including accidental loss, of unauthorised access to the data or of processing operations that are either unlawful or incompatible with the purposes for which the data were collected. The data will be processed only for the operations necessary to achieve the purposes indicated in this document and in any other information provided to users at the time of collection of their data and to which reference should be made.
The data shall be processed in accordance with all applicable regulations and in compliance with REGULATION (EU) 2016/679. The data may also be arranged in databases, including computerised databases.
This document also constitutes a privacy policy provided, among others, pursuant to Article 13 of REGULATION (EU) 2016/679, to those who interact with the web services of this website, for the purpose of protecting personal data.
The website in question is www.ilovesensus.it corresponding to the home page of the site.
The privacy policy is provided only for the website in question and not for other websites that may be consulted by the user via links. Such websites will be autonomous data controllers.
The privacy policy is also based on Recommendation No. 2/2001 that the European personal data protection authorities, brought together in the Group established by Article 29 of Directive No. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for personal data collection online, and, more specifically, the procedures, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.
The server that hosts the personal data relating to the site is located at Via Piero Gobetti, 96 52100 Arezzo (AR) - Italy.
In addition to the location of the server, the data may be processed at the Company’s registered office and at the offices of any appointed data processors (and also at the offices of any third-party independent data controllers to whom the data may be communicated and who are specified in this policy or in the relevant policies within the website).
Please note that, in any event, all data may be processed on the ground of a legitimate interest, such as to enforce or defend a right of the Company in the appropriate fora and for all obligations under the law, regulation or EU legislation, bearing in mind that in this sense the provision of data is necessary and failure to do so will make it impossible to access the website and/or to establish any relationship with the Company (including simply by writing an e-mail for information) and that for these purposes the data may be disclosed to judicial or police bodies, lawyers and anyone it may be necessary precisely to meet the obligations laid down by law, regulation or legislation or to enforce or defend a right in the appropriate fora.
In any event, please take note of all the specific information that may be present in the appropriate sections of the website.
Types of data processed and processing procedures
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or the domain names of the computers used by users who connect to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
These data are used by the Company for the sole purpose of obtaining anonymous statistical information on the use of the website and to check that it is functioning correctly and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the website or more generally of the Company.
The data may be processed on paper, manually, by computer and telematic means (therefore the Company stores and processes the data both on soft and hard copy).
The provision of such data is optional (except in the case of a request by judicial or police bodies in which case it must be provided) but if it is not provided, navigation on the website will not be possible.
Data provided voluntarily by the user
Regarding the specific provision of data for which a specific template exists, please refer to these templates and the relevant policies.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website (in the case where only the e-mail address is provided and there is no specific form to fill in, for which reference should be made to the specific policies that regulate the provision in the various forms), will result in the subsequent acquisition by the Company of the sender’s address, necessary to reply to the requests, as well as any other personal data included in the message (and in the attachments to the same) or in the specific forms.
In this case (i.e., where only the address is indicated and there is no specific form to fill in, in the presence of which please refer to the specific policy governing the provision in the various forms/templates) the provision of data is optional, but failure to provide the address or other data necessary to fulfil the request will make it impossible to fulfil the request itself. By sending the e-mail, the data subject explicitly consents to the processing of data to fulfil a request.
In case of material dispatching requests, the data necessary for dispatching may be disclosed to the courier or postal service.
The data, in paper or electronic format, may be processed both manually and by means of computer/telematic tools, including organising the data in computer databases. The data will be stored for the period necessary to pursue the purposes indicated.
Data Controller and Data Protection Officer
The Data Controller is: G&P COSMETICS SRL, with registered office in Via L. Mascheroni no. 27 - 20145 Milan (Italy), Tax Code, VAT number and Padua Companies Register no. 04778640963, Economic & Administrative Index no. MI 1771789, fully paid-up share capital of €62,500.00, company subject to management and coordination by AGF88 Holding S.r.l., Tel. 0575 720 682, Fax 0575 749 923, PrivacyGep@gepcosmetics.com.
Currently, the Company is not legally required to have an internal Data Protection Officer. If such a function becomes necessary, the identity of the relevant person will be made known via the Company’s website www.g&pcosmetics.it, which you are encouraged to visit periodically, also for any updates to this privacy policy.
Rights
We inform you that the GDPR allows the data subject to request to the Data Controller (using the contact details provided above) full access to its personal data and the rectification of such data, the data erasure, a restriction to the data processing, and the right to data portability; the data subject may also object to the processing of its data, and exercise the other rights set forth in Chapter 3, Section 1 of the GDPR, including that of revoking consent, where envisaged: revocation of consent shall not however affect the lawfulness of the processing based on the consent given before revocation.
Complaints
We hereby inform you that the GDPR allows Users to request from the Company (using the contact details provided above) full access to their personal data and the rectification of such data, the erasure of the data, the restriction of data processing, and the right to data portability; Users may also object to the processing of their data, again by contacting the Company, and exercise the other rights set forth in Chapter 3, Section 1 of the GDPR, including that of withdrawing consent, where envisaged: withdrawal of consent shall not however affect the lawfulness of processing based on the consent given prior to the withdrawal.
Legal basis
The legal basis for the data processing is: legal obligations (Italian and European laws), consent where required, and the data controller’s legitimate interests in the relationship with the user. In the case of processing based on legitimate interest, in considering these legitimate interests, it has been analysed that they do not compromise or interfere with the interests or fundamental rights and freedoms of the data subject (the legitimate interest was assessed on the basis of a Triple Test available by contacting the Company).
Scope of communication and dissemination
No data will be disclosed by the Company
With regard to specific processing operations for which there is a specific form on the site or a specific section in this policy, please refer to those forms and their specific sections.
For other processing operations, the data provided by users may be known (and processed on behalf of the Company) by persons specifically delegated by the Company (computer technicians, including those external to the Company, consultants, including those external to the Company - legal consultants, computer technicians, consultants, marketing staff, including those external to the Company, site management staff, including those external to the Company, staff working in the sectors to which a request is made) and data processors (e.g. companies managing the site or where the site resides) appointed in accordance with the law by the Company. The list of data processors may be obtained by contacting the data controller. All of the aforementioned parties shall only process data that are necessary for the performance of their tasks.
If necessary, and as also specified at the beginning of this policy, the Company may also disclose the data to judicial or police bodies, lawyers and anyone to whom disclosure may be necessary for the purpose of fulfilling the obligations provided for by law, by a regulation or by EU legislation or to assert or defend a right in the appropriate fora.
Optional or compulsory data provision and how data are processed
For complete information on the Company’s data processing, please read all the policies contained in the various data request areas and all the sections of this privacy policy.
Retention period
For navigation data and cookies, please refer to the appropriate sections of this policy.
For the data provided in the forms and templates, please refer to the appropriate sections.
The data that are necessary to address specific requests may be retained until the request has been fulfilled, unless retention for a longer period is required under current Italian and European legislation;
- in order to comply with statutory obligations, regulations and EU legislation, the data may be retained for the periods imposed by these regulatory sources;
- in any case, all data may be retained for a period necessary to enforce or defend a right of the Company under Italian and European law.
Specific information
As already mentioned, there are specific summary policies on the website pages that are designed for particular services on request. Please also refer to these privacy policies, supplementing this policy.
Information notice updated on 21/06/2024.