as per Article 13 of EU Regulation 2016/679, General Data Protection Regulation (“GDPR”) and the Italian Legislative Decree no. 196/2003, Italian Data Protection Code (“Privacy Code”)
This information notice is provided for the website www.najolearibeauty.com, of the property of and managed by EUROITALIA S.R.L. (the “Website”) and not for other third-party websites that may be accessed by the user through link.
The information notice applies to all users interacting with the pages of the Website, that either use the Website without registering to it or, at the end of an appropriate procedure, register themselves to the Website and use the online services offered through it.
The information notice is provided according to Article 13 of EU Regulation 2016/679, General Data Protection Regulation(“GDPR”) and to Italian Legislative Decree no. 196/2003, Italian Data Protection Code(“Privacy Code”), to the extent that it applies.
1. DATA CONTROLLER
Via Galileo Galilei, 5
20873 CAVENAGO di BRIANZA (MB)
VAT No. 00788550960 and Fiscal Code 04719670152
(“Euroitalia”, “Company” or “Data Controller”)
2. PERSONAL DATA PROCESSED
In addition to the provisions set forth in other pages (with particular reference to the “Cookie”), through the Website and the use of the respective features and/or subscription to services offered therein, the following data can be collected and processed:
- browsing information: they are data that the server collects automatically at every access to the website, such as IP addresses or domain names of computers used by the users to connect to the Website, URI addresses (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the dimension of the files obtained as an answer, the code number which indicates the answer status supplied by the server (i.e. good result, mistake, etc.) and other parameters related to the operating system and to the users’ IT environment. Within the scope of such category are the “Social Button”, which exclusively allows the link and view of social profiles of the brand “NajOleari” (created on social networks such as, by way of example, Facebook, Instagram, YouTube). Such “buttons” only allow users browsing the website to directly reach with a “click” “NajOleari” in the social networks. Interactions taking place in the social networks are in any case subject to the rules and privacy settings of the respective social networks;
- personal data voluntarily provided by the users/visitors: they are data that are provided by users by filling in electronic forms for the purpose of creating an account on the Website and/or to proceed to the delivery of a purchasing order, such as name, surname, date of birth, email address, address, phone number (also mobile phone number) and additional data or information contained in messages sent to the contacts indicated on the Website or by filling in forms published on the Website and for the purpose of subscription to specific services, such as the email address for the subscription to the newsletter service. The data related to the order and the purchasing process fall within the scope of this category;
- data related to the online payments: with regard to the data related to the payments provided by the users, Euroitalia will only process data consisting in payment status information (good result/ mistake) provided by the online-payment companies and by credit institutions managing the payments with credit cards. All additional information related to the account (e.g. PayPal), to the prepaid card or to the credit card are stored by the entities managing the related service, which are not authorised to use the data provided through the Website for different purposes.
For the purposes indicated in this information notice, the Company does not collect or process and data referable to the user that the GDPR qualifies as “special categories” (such as, by way of example, personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions or trade union membership and data concerning the health of the data subject).
Users are expressly required not to provide such data within the filling in of contact forms and not to communicate to the Customer Service, also by phone, any information that can be regarded as special categories of data as described above.
3. LAWFUL BASIS AND PURPOSE OF PROCESSING
The processing of personal data is based on the existence of a contractual or legal obligation or, as the case may be and as specified in more detail below, on a legitimate interest of the Company, and is exclusively carried out for the following purposes:
(i) fulfilment of contractual or pre-contractual obligations – for the registration on the Website (and the creation of an Account) and the correct execution of other services requested through the Website and/or through electronic forms herein published and, therefore, for managing and processing orders of products placed through the Website and for fulfilling all obligations arising out of pre-contractual or contractual relationships with the user. Administrative and accounting purposes related to and arising out of the contract entered into with the user, also with regard to electronic transmission of order confirmations, invoices and communications concerning the delivery of the order by Euroitalia or by other companies appointed by this latter, as well as for the purposes related to the management of discounts, promotional sales and promotions fall within the scope of this purpose. The service provided by the Customer Service and, therefore, the processing of users’ personal data for managing and answering to assistance requests in relation to one or more of the products or services available on the Website are included in the contractual scope of data processing. Moreover, the data will be processed for the purpose of sending the Newsletter, as set out in paragraph 8 of this document;
(ii) fulfilment of legal obligations – for the fulfilment of obligations stemming from national and/or European laws or regulations in force, included the Tax area, as well as the fulfilment of provisions of the competent entities or authorities;
(iii) on the basis of a legitimate interest of the Company – for the legal defence of a right or interest under any competent authority or entity (even with respect to cybercrime and for the purpose of credit recovery); to improve services and browsing experience; to carry out statistical analysis and market research on aggregated data; to send to the customers - via email - communications containing information related to products or services offered by Euroitalia similar to products or services already purchased by the customer, unless the client objects to such data processing (so-called soft-spamming).
4. CONSEQUENCES OF THE REFUSAL TO PROVIDE DATA
The provision of data for the purposes set out in paragraphs (i) (fulfilment of contractual obligations), (ii) (fulfilment of legal obligations) and (iii) (fulfillment of legal obligations) indicated above is purely optional.
However, since the processing of data for such purposes is necessary in order to allow the browsing experience on the Website and the use of the online services offered through the Website, included those deriving from and/or linked to the placement of a purchasing order, the missing, partial or incorrect provision of data will prevent, according to the circumstances, the availability of the registration process on the Website and the management and processing of the order and/or the use of the services offered online and, in general, the processing of users’ specific requests and the possibility for the Company to send general information on products and services similar to the ones already purchased, the carrying out of market research on aggregated data thus improving its services and anyway pursuing its legitimate interests (such as legal defence of a right).
The provision of data for the purposes referred to in points and (iii) (legitimate interest of Euroitalia) (iv) (improvement of the purchase experience) and (v) (direct marketing) is optional. However, by not giving consent to the processing of data for the additional purposes listed above, the customer will not be able to take advantage of personalized discounts and offers dedicated to registered customers, or receive promotional information by sending direct communications
5. DATA COMMUNICATION
Data can be communicated to the following categories of subjects:
- to all those parties (included the Public Authorities) having access to the personal data according to law or administrative provisions;
- to all those public and/or private parties, individuals and/or legal entities should the communication be necessary or otherwise required for the correct fulfilment of contractual or legal obligations.
In addition to the above, in order to pursue the mentioned purposes, personal data may be disclosed to third parties operating on behalf of the Company, such as, by way of example and not limited to,
- companies, consultants or professionals that may be in charge of the set-up, maintenance, updating and, in general, the management of the hardware and software of the Website;
- couriers and shippers responsible for the delivery of the products purchased through the Website;
- companies providing for the drafting and sending of informative and promotional communications;
- legal and tax professionals and consultants providing their services to the Company;
that will process the personal data in their quality as data processors on behalf of the Company.
In any case personal data will not be transferred to extra-EU Countries or outside the EEA.
6. PERSONAL DATA RETENTION
Personal data will be retained for the entire duration of the contractual relationship with the Company (included the subscription to the Newsletter) and, subsequently, for the period of time allowed by applicable law on statutory or time limitation periods (also with respect to administrative and tax purposes) and, in general, for the time necessary for the exercise/defence of the rights of Euroitalia in relation to claims raised by public authorities, public entities and private subjects.
7. MINORS UNDER 16 YEARS
The Website does not contain any information or functionality or service directly offered to users under the age of 16 years.
Minors shall not provide information or personal data without the consent of the holder of parental responsibility.
Euroitalia therefore invites any user under the age of 16 to avoid any communication of personal data without prior authorisation by a parent or by the holder of parental responsibility.
In case the Company will be notified the fact that personal data have been provided by a minor under the age of 16, the Company will immediately delete such data and request appropriate consent by the parents (or by the holder of parental responsibility), reserving the right to prevent any access to the service offered on the Website to any user who hided his/her minor age or who communicated personal data without consent by the parents (or by the holder of parental responsibility).
8. NEWSLETTER SERVICE
The newsletter service is offered by Euroitalia Srl, owner of the data, as previously identified, in collaboration with Mailchimp.
The data processor is Mailchimp, through the company The Rocket Science Group, LLC, based in 675, Ponce de Leon Ave NE, Suite 5000, Atalanta, GA 30308 USA, where the data will be kept in registered form.
a) Content of the service
The Newsletter service, provided by e-mail, is intended to inform registered users of the service, following explicit consent, about promotions, discounts and special occasions dedicated to the "Naj Oleari" brand products, as well as the activities of the holder however connected to the beauty sector (by way of example but not limited to: events, opening points of sale, commercial information, etc.).
b) Service activation
The Newsletter Service can be activated by any user of the website www.najolearibeauty.com ("Website"), regardless of the registration on the Site itself, and is free.
To activate the Service the user must:
• fill in the electronic registration form published in the dedicated areas of the Site, providing an e-mail address
• confirm the registration and activation of the Service by flagging the appropriate checkbox at the bottom of the electronic form, viewing and accepting this information and then clicking on the "Send" button.
Upon completion and submission of the registration form, the user will receive from Euroitalia S.r.l.an e-mail on the e-mail address provided confirming the activation of the Service.
Following the activation of the Service, the first Newsletter will be sent to the user according to the frequency established by Euroitalia.
c) Duration of the service
The Service starts from the date of activation, as confirmed by the registration confirmation e-mail, until its deactivation, manifested by the interested party by clicking on the disclaimer "unsubscribe" (or similar) placed at the bottom of any communication.
d) Data processing
The data collected through the newsletter service will be processed by Euroitalia’s staff and collaborators, and by the companies previously and expressly appointed as data processors.
• Mailchimp, which manages the Newsletter service, will store the collected data on its servers located in the United States.
• 2.3. In order to comply with GDPR, Euroitalia has signed a special negotiation supplement with Mailchimp which specifies their commitments to users and in which Mailchimp is appointed as external manager of user data. The agreement can be view ed at this link.
Based on this agreement, the specific Mailchimp obligations will be:
- notification to the Data Controller of all entries and related data;
- the transmission of information on who opens the newsletter and clicks on the links, in order to optimize the information sent and their marketing campaigns.
9. RIGHTS OF DATA SUBJECTS
As a data subject, the user may ask to the Data Controller to exercise the following rights:
Right to access
The user may ask whether or not his/her personal data are processed and, if so, have access to that data and to specific information on the processing, such as information on the purposes, on the categories of personal data concerned, on the existence of other rights as set out below. The user may also request copy of his/her personal data.
Rights to rectification
The user has the right to request and to have his/her data rectified in case of inaccuracy or incompleteness.
Right to erasure
The user has the right to have his/her data erased without undue delay if, inter alia, (i) such data are no longer necessary in relation to the initial purposes for which they were collected, (ii) he/she objects to the processing of his/her personal data (as indicated below) and there is no other legitimate and prevailing reason for processing, (iii) user’s data are unlawfully processed, (iv) data shall be deleted for the fulfilment of a legal obligation (v) personal data of a minor under the age of 16 have been collected in relation to an offer of services addressed to the information society.
The right to erasure does not apply if the processing is necessary for, among other purposes, the performance of a legal obligation or for the establishment, exercise or defence of legal claims.
Right to restriction of processing
The user has the right to obtain the restriction of processing, meaning that the processing activity will be suspended for a period of time. The circumstances under which this right can be exercised include cases in which the accuracy of personal data was contested but a period of time is necessary to verify the accuracy of such data. The exercise of such right does not prevent from carrying out the processing of personal data.
Right to data portability
In case of processing carried out by automated means, based on consent or based on the fulfilment of contractual obligations, the user has the right to request and receive personal data in a structured, commonly used and machine-readable format and to transmit the data to another Data Controller. He/she has also the right to request the direct transmission from a Data Controller to another Data Controller, where technically feasible, without prejudice to the possibility to obtain the erasure of the data, as indicated above.
Right to object
The user has the right to object at any time, for reasons related to his/her particular situation, to the processing based on a legitimate interest of the Data Controller, unless the Data Controller can demonstrate legitimate and mandatory grounds for processing that prevail on the interests, rights and fundamental freedoms of the data subject or that the data are necessary for the establishment, exercise or defence of legal claims. Moreover, he/she has the right to object to the processing of data for marketing purposes.
The user has the right to present a claim before the Supervisory Authority (http://www.garanteprivacy.it/).
The above rights can be exercised by sending without any formality a request to the Data Controller. The request can be sent to the Data Controller via paper mail or e-mail to the following addresses: Via Galileo Galilei, 5, 20873 Cavenago di Brianza (MB) - email: email@example.com.
Amendments and updates will be communicated to the user through their publication on the home page of the Website and will be applicable and binding from the moment of their publication.
The Company therefore invites users to periodically visit the present page for the purpose of being informed of any change or update.
Date of last update: 23 September 2019