Privacy Policy

Pursuant to art. 13 of EU Regulation 2016/679, General Data Protection Regulation (“GPDR”) and Legislative Decree no. 196/2003, Code regarding the protection of personal data (“Privacy Code”).

This information is provided for the website www.najolearibeauty.com owned and managed by EuroItalia S.r.l. (“Site”) and not for other third-party websites possibly accessed by the user via links.

The information is intended for all individuals interacting with the web pages of the Site, both those who use the Site without any registration and those who, after completing a specific procedure, register on the Site and use the online services provided through it.

This information is provided in accordance with Article 13 of the EU Regulation 2016/679, General Data Protection Regulation (known as "GDPR") and, if and insofar applicable, Legislative Decree no. 196/2003, Code concerning the protection of personal data (“Privacy Code”).

It is also reminded that third-party websites possibly referenced through specific links on this Site are governed by a separate privacy policy from this one and are outside its scope.

1. DATA CONTROLLER

Euroitalia S.r.l.

Via Galileo Galilei, 5

20873 Cavenago di Brianza (MB)

VAT no. 00788550960 

Tax Code 04719670152

(“EuroItalia”, “Company” or “Controller”)

2. PERSONAL DATA SUBJECT TO PROCESSING

In addition to what is already provided on other pages (especially concerning “Cookies”), through the Site and the use of its functionalities and/or the subscription to the services therein, the following data may be collected and processed:

- Browsing data: these are the data that the server automatically records with each visit to the site, such as the IP addresses or domain names of the computers used by users connecting to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the user's operating system and IT environment. This category also includes “Social Buttons” which exclusively allow connection and viewing of the social profiles of the brand “NajOleari” (created on social networks such as, for example, Facebook, Instagram, YouTube). These “buttons” allow users browsing the Site exclusively to reach the social networks directly with a “click” network “NajOleari”. The interactions that occur within the social network are in any case subject to the rules and privacy settings of the respective social networks;

- Personal data voluntarily provided by users/visitors: this refers to data provided by users through the completion of electronic forms for the purpose of creating an account on the Site and/or proceeding with a purchase order, such as name, surname, date of birth, email, address, phone number (including mobile) and additional data or information contained in messages sent to the contacts indicated on the Site or through the completion of forms published there and for subscribing to specific services, such as creating a wish list or signing up for the newsletter service. This category also includes data on the order and the purchase process;

- Data relating to online payments: regarding the payment data entered by users, Euroitalia will only process data received from digital payment companies and credit institutions managing credit card payments, which consist of feedback information on the payment status (successful/denied). All further information related to the account (e.g., PayPal), prepaid card, or credit card is stored by the entities that manage the respective service, who are not authorized to use the personal data received through the Website for other purposes.

For the purposes indicated in this notice, the Company does not collect or process personal data attributable to the user that the GDPR qualifies as "special categories" (such as, merely by way of example, data suitable to reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership in associations or organizations of a religious, philosophical or trade union nature, as well as personal data suitable to reveal health status).
Moreover, users are encouraged not to enter into contact forms and not to communicate, even by telephone, to the Customer Service information that may fall within the scope of the special categories of personal data as described above.

3. LEGAL BASIS AND PURPOSE OF THE PROCESSING

The processing of personal data is based on the consent voluntarily given by the user through the completion of specific forms and sections dedicated to the collection of personal data, on the existence of a contractual or legal obligation or, depending on the case and as further specified in the following paragraph, on the existence of a legitimate interest of the Company, and is solely aimed at achieving the following purposes:

(i) In compliance with contractual or pre-contractual obligations - to ensure registration on the Site (and the creation of an Account) and the correct provision of services requested through the Site and/or through forms made available therein and, therefore, to manage and execute product orders placed through the Site and to fulfill all obligations arising from contractual and pre-contractual relationships with the user. This area also includes administrative-accounting purposes related to and in any case arising from the contract concluded with the user, including the electronic transmission of order confirmations, commercial invoices, and communications regarding the processing of the order by Euroitalia or companies appointed by Euroitalia, as well as purposes related to the management of any discounts, promotional sales, promotions. Also included in this context is the Customer Service and, therefore, the processing of the user's personal data for the management and dispatch of responses to assistance requests related to one or more of the products or services available on the Site.

(ii) In compliance with legal obligations - for the fulfillment of obligations arising from national and/or EU laws and regulations in force, including in the fiscal area, as well as from provisions issued by competent authorities and bodies;

(iii) Based on a legitimate interest of the Company - for the defense in court of a right or interest before any competent authority or entity (also in the context of cybercrime and for credit recovery purposes); to allow better use of services and a better browsing environment; for conducting statistical analysis and market research on aggregated data; for sending – via email – communications containing information related to EuroItalia products or services similar to those previously purchased (so-called soft spamming), unless the client opposes such processing; for the same purpose, it is possible to send communications aimed at commercial solicitation related to completing the purchase on the site, in the case of open and yet to be closed e-commerce orders (so-called “abandoned cart”).

(iv) For purposes aimed at improving the customer shopping experience, and in particular for sending personalized offers based on profiling mechanisms;

(v) For the purpose of sending newsletters of a promotional and marketing nature by Euroitalia S.r.l..

4. MANDATORY OR OPTIONAL NATURE OF DATA PROVISION

The provision of data for the purposes referred to in points (i) (fulfillment of contractual obligations), (ii) (fulfillment of legal obligations) is optional. However, since such processing is necessary to allow registration and navigation on the Site and the use of services offered through it, including those deriving from and/or connected to the forwarding of a purchase order, the failure, partial, or inaccurate provision of the data in question will result in the impossibility, depending on the case, to register on the Site, to manage and fulfill the order and/or to enjoy the services provided online and, in general, to proceed and fulfill specific user requests, as well as the impossibility for the Company to send you generic information on products or services similar to those subject to a previous purchase, to conduct market surveys on aggregated data and thus improve its services, or otherwise pursue its legitimate interests (such as defense in court of a own right).
Providing data for the purposes mentioned in points (iv) (improvement of the shopping experience) and (v) (direct marketing) is optional. However, by not giving consent for the processing of data for the additional purposes listed above, the customer will not be able to benefit from personalized discounts and offers dedicated to registered customers, nor receive promotional information through direct communications.
Regarding point (iii) (Legitimate interest of Euroitalia), explicit consent from the user is not required, but it is always possible to object to such processing by exercising the rights of the interested party as outlined in the following art. 10.

5. DATA COMMUNICATION

Data may be communicated to the following categories of subjects:

1. To all those entities (including Public Authorities) that have access to personal data by virtue of regulatory or administrative measures;

2. To all those entities, public and/or private, natural persons and/or legal entities to whom communication is necessary or functional for the proper fulfillment of a contractual or legal obligation.
In addition to the above, personal data may be made known to entities who also operate on behalf of the Company, such as, by way of example and not exhaustive:

- To companies, consultants, or professionals possibly tasked with the installation, maintenance, updating, and, in general, management of the hardware and software structure of the Site;

- To couriers or shippers responsible for delivering products purchased through the Site;

- To companies involved in the processing and sending of informational or commercial communications;

- To the company's legal and tax professionals and consultants;
who will process them as external data processors on behalf of the company. In any case, personal data will not be transferred to non-EU countries or outside the European Economic Area.

6. STORAGE PERIODS

Personal data will be processed and stored for the entire duration of the contractual relationship and, subsequently, for the maximum time allowed by applicable legal provisions concerning the statute of limitations of rights and/or expiry of actions (including in the administrative-tax area) and, in general, for the exercise/defense of EuroItalia's rights in disputes initiated by public authorities, public bodies/entities, and private subjects. Personal data processed for marketing purposes and profiling purposes based on consent will be stored until consent is withdrawn by the customer/user.

7. MINORS UNDER 16 YEARS OF AGE

The Site does not contain information or functionalities or services directly intended for users under the age of 16. Minors must not provide information or personal data without the consent of those who hold parental responsibility over them. Therefore, all users who are under 16 years old are advised not to communicate their personal data in any case without prior authorization from a parent or the holder of parental responsibility. If the Company becomes aware that personal data has been provided by a minor (under the age of 16), the Company will immediately destroy such data or request the appropriate consent from the parents (or the holder of parental responsibility), reserving the right to inhibit access to the services available on the Site for any user who has concealed their minor age or has nonetheless communicated their data. personal data in the absence of consent from their parents (or the guardian exercising parental responsibility).

8. RIGHTS OF THE DATA SUBJECT

As the data subject, the user has the right to ask the Data Controller to exercise the following rights:

Right of access

You may request to obtain confirmation regarding the existence or not of processing of your personal data and, if affirmative, to access such data and specific information on the processing, such as, by way of example, the purposes, the categories of data being processed, the existence of other rights indicated below. You may also request a copy of your data.

Right to rectification

You have the right to request and obtain rectification of personal data concerning you and/or the completion of incomplete personal data.

Right to erasure

You will be able to obtain the deletion of your data without undue delay, among other things, if (i) such data are no longer necessary for the purposes for which they were collected, (ii) you object to the processing of your data (as indicated below) and there is no other overriding legitimate reason for the processing, (iii) the data are processed unlawfully, (iv) the data must be deleted to comply with a legal obligation, (v) personal data of a child under 16 years have been collected in relation to the offering of information society services. This right does not apply if the data processing is necessary, among other things, for compliance with a legal obligation or for the establishment, exercise, or defense of a legal claim.

Right to restriction

You have the right to obtain the restriction of the processing of personal data, which means that the data processing will be suspended for a certain period of time. Circumstances that may give rise to this right include situations where the accuracy of personal data has been contested, but we need some time to verify its (in)accuracy. This right does not prevent the continuation of personal data processing.

Right to data portability

In the case of automated processing based on consent or the performance of contractual obligations, you have the right to receive personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
You also have the right to obtain the direct transmission of data from one controller to another, where technically feasible.
The possibility to obtain the deletion of the data remains intact, as indicated above.

Right to object

You have the right to object at any time, for reasons related to your particular situation, to processing based on a legitimate interest of the Controller, unless the latter demonstrates compelling legitimate grounds to proceed with processing that outweigh the interests, rights, and fundamental freedoms of the data subject or for the establishment, exercise, or defense of a legal claim. You also have the right to object to processing for marketing purposes.
Finally, you have the right to lodge a complaint with the Supervisory Authority (http://www.garanteprivacy.it/) if you believe that the data processing violates the provisions of the Regulation.

Exercise of the right

The rights above may be exercised by making a request without formalities to the Data Controller. The request may be sent to the Data Controller by letter or email to the following addresses: Via Galileo Galilei, 5, 20873 Cavenago di Brianza (MB), e-mail: privacy@euroitalia.it

Data Protection Officer (DPO)

Euroitalia has appointed Luca Saglione as Data Protection Officer (DPO), as provided by Article 37 of the EU Regulation 2016/679.

The Data Protection Officer is a new figure whose role is to monitor compliance with the Regulation itself, assessing risks for data subjects (clients, potential clients, employees, suppliers) of any personal data processing carried out by Euroitalia.

He provides support to Euroitalia to inform employees about the obligations arising from the Regulation and other provisions on data protection.

Furthermore, he cooperates with the Data Protection Authority and is the point of contact for Euroitalia on any issues related to the processing of personal data.

If you wish to contact the DPO for any matters concerning the processing of your Personal Data and/or to exercise the rights provided by the Regulation, you can refer to:
E-mail: dpo@euroitalia.it 

This Privacy Policy may be subject to changes and updates, also due to changes in the applicable legislation.
Any changes or updates will be communicated to the user through publication on the Site's home page and will be applicable and binding from that moment onwards.

Therefore, the Company encourages users to periodically visit this page in order to learn about any changes or updates.