Introduction

This document (hereinafter “Privacy Policy”) provides information about the processing of the data collected through this website (hereinafter “Website”) by the company “Angelini Beauty S.p.A.”  acting as joint data controllers (hereinafter jointly referred to as “Companies” or “Controllers”). This Privacy Policy is issued only for this Website and not for any other websites which may be consulted by a user through a link contained therein and it is therefore the policy intended for the concerned parties in compliance with the applicable regulations and the provisions in Article 13 of the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter «Regulation«).

Data Controllers identity and contact information

Angelini Beauty S.p.A. with registered office at Via Melchiorre Gioia, 8, 20124 Milan (MI), Italy

E-mail info@angelinibeauty.it

 

Principles relating to processing of personal data

In accordance with the Regulation, the Controllers are committed to ensuring that personal data is:

  • (a) processed lawfully, fairly and in a transparent manner;
  • (b) collected for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with those purposes;
  • (c) adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed
  • (d) accurate and, where necessary, kept up to date;
  • (e) kept for a period of time that is no longer than is necessary for the purposes for which it is processed;
  • (f) processed using appropriate technical and organisational measures required in order to safeguard thepersonal data;
  • (g) where data is processed on the basis of consent, such consent must be freely given by the data subject, the request for consent shall be presented in a manner that is clearly distinguishable, written in an intelligible and easily accessible form, using clear and plain language.

 

Which data we process

We may process any ordinary personal data, i.e. information that identifies, or at least makes it possible to identify, you as a natural person (e.g. your e-mail address) provided by you when you are interacting with the Website functions including browsing data, or when you may register for our newsletter, also for the purpose of receiving promotions, discounts, incentives and other services, and commercial or promotional information, as well as the data collected through the cookies as specified in the Cookie Policy.

 

Why we process your personal data and how

With your consent the Companies may process your ordinary personal data to allow the use of Website services and functions and optimize its functioning, to run statistical analyses on the visits, to manage requests and reports received through the Website, to register to any reserved areas or initiatives such as contests and the like, as set out in Article 6.1.(a) of the Regulation. The Companies may also process your personal data to comply with the legal obligations required by laws, regulations, EU legislation: the lawful basis for processing data for these purposes is set out by Article 6.1.(c) of the Regulation.

With your optional consent, ordinary personal data may be used by the Controllers for the following purposes:

  1. promotional offers, discounts and other services, as well as the sending of commercial or promotional information and free products, participation in exhibitions or events, the carrying out of market research and notification of all the special initiatives dedicated to Mandarina Duck.
  2. processing data for statistical and historical purposes.

 

The lawful basis for processing for this purposes is Article 6.1.(a) of the Regulation.

Personal data is processed using both automatic and non-automatic tools according to the very purpose of the processing and, in any case, with methods and procedures that guarantee the safety and confidentiality of the data.

 

Compulsory and optional processing

The forms to be filled in on this Website contain data that is essential to handle your communications and requests – marked with a [*] – which, if not entered, will prevent your requests from being processed, as well as optional data, which is not essential to process the request by the person concerned. Failing to enter this data will have no consequences.

 

Browsing data

The processing of personal data of users who visit the Website only (meaning those who do not send communications or use any of the services/functions available) will be limited to browsing data, which means personal data which need to be transferred to the Website in order for the IT systems that manage the Website and the Internet communication protocols to work. For example, this category includes IP addresses, or the domain of the computer use to browse the Website and other parameters related to the operating system used by the user to accexs the Website. The Companies collect this and other data (such as the number of visits and time spent on the Website) for statistical purposes only and anonymously in order to check the Website operation and improve its functions. This information is not collected to be combined with other information about the users and to identify them; however, given its nature, this information may allow for the identification of users by processing and combining it with data controlled by third parties. Browsing data is normally erased after anonymous processing but may be stored and used by the Companies to investigate on and identify the perpetrators of any cybercrimes committed against the Website or through the Website. Without prejudice to this circumstance and the provisions in the Cookie Policy section, the browsing data above is temporarily kept in compliance with the applicable regulations.

 

Links to other websites

The Website may contain links to other websites (so-called third-party websites). You must check out the privacy policy of the third-party websites you visit through the Website and to get information about the conditions applicable to the processing of your personal data. This Privacy Policy applies “EXCLUSIVELY” to the Website as defined above only.

 

Social Media Plugins

On certain webpages of our Website we may implement so-called social media plugins, in particular Facebook (the “Social Networks”) buttons. When you visit a page that displays one or more of such buttons your browser will establish a direct connection to the respective Social Networks server and load the button from there. At the same time Social Networks will know that the respective page on our Website has been visited. This processing is based on Article 6.1.(f) of the Regulation and represents our legitimate interest to improve your Website experience and to optimize our services.

We have no influence on the data that Social Networks collect on the basis of the buttons. According to the available information, however, if you do not click on the respective buttons no personal data will be collected and stored unless you have logged onto to Social Networks account. In that case certain user data (including your IP address at the time) may be collected and linked to the account information already present at Social Networks respectively. If you wish to prevent this, please log out of your social media accounts before visiting our Website.

In addition, clicking a button may also lead to a collection of certain data, such as the user’s IP address. Social Networks may set cookies as well, unless you have disabled the acceptance and storage of cookies in your browser settings (see above).

We receive no information from Social Networks about which social media buttons you may have clicked or seen on our website, but, if at all, we may receive a summarized, non-person-related statistical report on the use of the buttons.

If you wish to obtain more information on the subject go to:

Facebook: https://www.facebook.com/policy.php

 

How we store data and for how long

In compliance with the provisions set out by Article 5.1.(c) of the Regulation, the way the IT systems and programs used by the Companies are set up allows to minimize the use of personal and identification data;

this data is processed only to the extent necessary to achieve the purposes specified in this Privacy Policy;

the data will be stored for as long as necessary to fulfill the purposes that are actually pursued and, in any case, the criteria used to determine the storage duration comply with the terms allowed for by the applicable laws and the principles of data minimization, storage limitation and rational records management. In order to determine the right retention period for the personal data stored by the Website upon your consent, the Controllers also considers the following criteria: the specific purposes described in the policy for which the website stores the personal data; the type of current relationship with you (how frequently you log in to your account; if you submit requests using the contact form; if you continue to receive newsletters or commercial communications; how regularly you browse the website, etc.); any specific request to erase your data or consent withdrawal by you; the data controller’s legitimate business interest.

 

How we guarantee safety and the quality of personal data

The Companies commit to protect the safety of your personal data and complies with the applicable safety provisions to prevent data loss, unlawful or illegal use of and any unauthorized access to the data, with special but not exclusive reference to Articles 25-32 of the Regulation. The Companies use multiple advanced safety technologies and procedures to protect the personal data of users; for example, personal data is stored in safe servers located in places with access control and protection measures in place. You can help the Companies update and keep your personal data correct by communicating any change to your address, qualification, contact information, etc.

 

Who can access data

Personal data will only be made available to those who may need it because of their tasks or positions held in the Companies and any relevant parent, subsidiary and affiliated companies. These subjects, whose number will be as low as possible, will be trained appropriately in order to prevent losses, destruction, unauthorized access to or unauthorized use of the data.

Additionally, the data may be communicated to: (i) institutions, authorities, public entities for their institutional purposes; (ii) professionals, self-employed workers, even if associated; third parties and vendors hired by the Companies to receive commercial, professional and technical services aimed at managing the Website and its functions (for example IT service and Cloud Computing providers), pursuing the purposes specified above and providing the services to you; (iii) third parties in case of mergers, acquisitions, company or branch transfers, audits or other extraordinary operations. These subjects will only receive the data necessary for their functions and will commit to use it for the purposes above only, and to process it in compliance with the applicable privacy regulations. The data may also be communicated to legitimate recipients pursuant to the applicable laws. Exception made for the above, data is not shared with third parties, either physical or legal persons, who do not perform any commercial, professional or technical functions for the Controllers and will not be disclosed. The subjects who receive the data will process it as Controllers, Processors or people authorized to process personal data, as the case may be, for the purposes specified above and in compliance with the applicable privacy laws.

About the transfer of data to a third Country, including Countries that may not guarantee the same level of protection set out by the applicable regulations, the Controllers informs that the processing will still occur in compliance with one of the methods allowed for by the Regulation, such as the user’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of subjects which have joined international frameworks for the free movement of data (e.g. EU-USA Privacy Shield) or operate in Countries the European Commission considers safe.

 

Rights of the users

The users to whom the data refers have the right to obtain the confirmation as to whether their personal data exist or not and to know its content and the source, check that it is correct or ask for it to be integrated or updated, or rectified, erased or restricted, or to oppose against its processing, to lodge a complaint with a supervisory authority pursuant to Article 15 of the Regulation. Additionally, pursuant to Articles 7, 15, 16, 17,18, 19, 20, 21, 22 and 77 of the same Regulation, each user has the right to ask for information about the collection and use of their personal data, to access it, rectify it, erase it (right to be forgotten), restricted processing, the notification obligation regarding rectification or erasure of personal data or restriction of processing, data portability, the anonymous transformation or the block of data processed against the law, as well as the right, in the cases set out by the law, to oppose to its processing, to lodge complaints regarding the collection and processing of personal data with the competent Supervisory Authority, to withdraw the consent to the processing of personal data at any times, without prejudice to the legitimate processing performed until then based on the consent withdrawn.

If you have any requests about personal data processing by the Companies, to exercise the rights recognized by the applicable regulations, as well as to know about the updated list of subjects who can access the data, you can contact the Controllers using the contact details above.

 

Changes to this Privacy Policy

If any changes are made to this Privacy Policy, the updated version will be published on this Website. So, the Companies invite you to check out this section regularly to learn about the latest and most recently updated version of the Privacy Policy.

This Privacy Policy was updated on March 22, 2019.