Privacy Policy

Privacy Policy

Information pursuant to Article 13 of the European Data Protection Regulation 679/2016 [GDPR]). In accordance with the requirements laid down in the General Data Protection Regulation, the Data Controller provides the data subject with the following information in relation to the processing of personal data carried out.

DATA CONTROLLER

Data Controller: O.I.S. Luxury Group S.r.l.

Address: Via Giuseppe Broggi, 22 20129 Milan (MI)

PIVA / CF: 11515560966

Contact Legal Representative: Mattia Maestri

Privacy contact: Emanuele Speranza

Data protection officer: Not present

Joint data controller: No joint controller present

If you wish to request further information on the processing of your personal data or to exercise your rights, you may contact the above-mentioned Privacy Contact Person in writing directly

CATEGORIES OF DATA SUBJECTS

List of data subject categories: Customers or Users, Potential customers

PROCESSING CARRIED OUT

Sale of cosmetic products online

Description: Activity relating to the processing of personal data for the distribution and sale of goods or services.

ORIGIN, PURPOSE, LEGAL BASIS AND NATURE OF DATA PROCESSED

Origin: Data collected from the data subject.

Purpose:

  1. Telematic or radio/TV sales
  2. Fulfilment of fiscal and accounting obligations – Acquisition of data for printing and sending invoices in both paper and digital form.
  3. Sending of information and/or advertising material also by telephone or internet – Consent received from the person concerned during the personal data collection phase through acceptance included in the information notice. If consent is not given, no informative and/or advertising material will be sent.

Legal basis: For purposes 1: Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject’s request For purposes 2: Processing is necessary for compliance with a legal obligation to which the data controller is subject For purposes 3: Consent of the data subject

Personal data processed: Tax code and other personal identification numbers, Bank details, Credit/debit card details, Contact and communication details, Home address, Email address, Shipping address, Name, address or other personal identification details

“Special” data (sensitive data) are those defined in Articles 9 and 10 of Regulation 2016/679/EU (“GDPR”). Such data are processed, in accordance with the GDPR as well as in light of the General Authorisations issued by the Data Protection Authority.

Special data processed: –

Legal basis art. 9

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Recipient categories: The communication of your personal data, carried out on the legal basis provided for in Article 6 of Regulation 2016/679/EU, to the following third parties is envisaged

Consultants and freelancers also in associated form, Authorised entities.

These entities, bodies, companies and professionals act as Data Processors appointed by O.I.S. Luxury Group S.r.l. or are themselves Data Controllers of the personal data transmitted to them.

Your personal data, or the personal data of third parties in its ownership, may also be communicated to external companies, identified from time to time, to which O.I.S. Luxury Group S.r.l. entrusts the execution of obligations arising from the assignment received to which will be transmitted only the data necessary for the activities requested of them. All the employees, consultants, interims and/or any other “natural person” who, authorized to the treatment, carry out their own activity on the basis of the instructions received by O.I.S. Luxury Group S.r.l., according to the art. art. 29 of the GDPR, are designated “Persons in charge of the treatment” (hereafter also “Persons in charge”). O.I.S. Luxury Group S.r.l. imparts adequate operating instructions to the Data Processors or Persons in charge, eventually designated, with particular reference to the adoption and respect of security measures, in order to be able to guarantee the confidentiality and security of the data. Just in reference to the aspects of protection of the personal data you are invited, according to the art. 33 of the GDPR, to report to O.I.S. Luxury Group S.r.l. eventual circumstances or events from which a potential “violation of personal data (data breach)” may arise in order to allow an immediate evaluation and the adoption of eventual actions to contrast such event by sending a communication to O.I.S. Luxury Group S.r.l. at the above mentioned addresses. It remains firm the obligation of O.I.S. Luxury Group S.r.l. to communicate the data to Public Authorities on specific request.

TRANSFER ABROAD

Transfer to foreign countries (non-EU) or to international organisations: No transfer to foreign countries or to international organisations

The transfer abroad of your personal data may take place if it is necessary for the management of the assignment received. The processing of information and data that may be disclosed to these parties will require the equivalent levels of protection adopted for the processing of personal data of its own employees. In any case, only the data necessary for the pursuit of the intended purposes will be communicated, and the regulatory tools provided for in Chapter V of the GDPR will be applied.

MODALITIES, PROCESSING LOGICS AND RETENTION TIMES

Duration of processing: Processing will last no longer than is necessary for the purposes for which the data were collected. The data will be processed for the entire duration of the contractual relationship established and also subsequently, for the fulfilment of all legal obligations, as well as for future commercial purposes.

Your data is collected and recorded in a lawful and correct manner for the above-mentioned purposes in compliance with the principles and requirements of Art. 5 c 1 of the GDPR. Personal data is processed by manual, computerised and telematic means with logic strictly related to the purposes and, in any case, in such a way as to guarantee its security and confidentiality.

NATURE OF CONFERMENT

Personal data shall be processed for the following purposes:

Purposes that do not require consent:

Purposes requiring consent

Only with your explicit consent to be expressed at the foot of this information notice, the data, the purposes of which require consent, will be processed. The provision of data is in any case optional and will not be prejudicial in relation to the contractual relationship in place with the Data Controller

Your consent is not required for the data collected and used for the requirements related to the performance of activities inherent to the contractual relationship and compliance with the legal obligations indicated. Failure to provide the aforementioned personal data will result in the impossibility of carrying out the relationship in question. For data collected and used for the legitimate interest of the Data Controller, your consent is not required (letter f, art. 6, GDPR). The communication of the aforementioned personal data is optional but necessary for the performance of the services offered by the Controller. Any refusal to communicate such data will make it impossible to provide all or part of the services requested.

RIGHTS OF INTERESTED PARTIES (Articles 15 to 22 of the GDPR)

Right of access: The data subject has the right, in accordance with Articles 15 to 22 of the GDPR, to request access to their personal data from the data controller.

Right of rectification: The data subject shall have the right, as provided for in Articles 15 to 22 of the GDPR, to request the controller to rectify his/her personal data.

Right of erasure: The data subject shall have the right, as provided for in Articles 15 to 22 of the GDPR, to request the controller to erase his/her personal data.

Right of restriction: The data subject shall have the right, in accordance with Articles 15 to 22 of the GDPR, to request the data controller to restrict the processing of his/her personal data.

Right to object: The data subject has the right, according to the provisions of Articles 15 to 22 of the GDPR to object to their data being processed.

Right of portability: The data subject has the right, as provided for in Articles 15 to 22 of the GDPR to exercise their right to data portability.

Right of revocation: The data subject has the right, as provided for in Articles 15 to 22 of the GDPR to exercise his or her right to withdraw consent.

Right to complain: The data subject has the right, according to the provisions of Article 77 of the GDPR to exercise their right to complain to the supervisory authority.

AUTOMATED PROCESS

Is there an automated process?: NO

Automated processes or profiling methods: –

Legal basis: –

The Data Controller reserves the right to make any changes to this information on the processing of personal data that it deems appropriate or that are made obligatory by current regulations, at its sole discretion and at any time. On such occasions users will be duly informed of the changes made.

ACKNOWLEDGEMENT

I declare that I have read the information concerning the processing called: “Sale of cosmetic products online”.

CONSENT TO THE PROCESSING OF PERSONAL DATA

I give my consent for the purpose of Sending of informative and/or advertising material also by telephone or internet – Consent received from the person concerned during the collection of personal data through acceptance inserted in the information notice. In case of non-consent we will not proceed with the sending of informative and/or advertising material.