In compliance with the provisions of art. 13 of the General Data Protection Regulation 2016/679 (“GDPR”) and the Italian regulations in this regard, in its capacity as Data Controller (“Data Controller”), Società Cosmetici SpA provides you with certain necessary information on the personal data and the special categories of personal data that it may process following your sending an e-mail containing questions or requests for information to Società Cosmetici’s e-mail address.
The Data Controller is Società Cosmetici S.p.A., VAT number 08935000011, represented by its pro tempore legal representative, Chairman of the Board of Directors, Mr. Ermanno Langè, with registered office at Via San Francesco d'Assisi, 14, 10122, Torino (TO).
Nature of the data to be processed
The Data Controller may process certain categories of your personal data that you provide while browsing the Site www.orizya.it oor on sending e-mails optionally, expressly and voluntarily to the Data Controller's e-mail address. Specifically:
a) The e-mail address you use to contact the Data Controller;
b) Identification data (name, surname, nickname);
c) All the personal data included in the communication you send.
d) Browsing data (e.g. IP address, computer domain names) the transmission of which is implicit in the use of Internet communication protocols.
The Data Controller does not process special categories of personal data.
Purpose and legal basis of processing
Your data as specified under Art. 2 lett. a), b) and c) above are processed by the Data Controller exclusively to contact you in response to the e-mail you send.
The legal basis for processing the personal data that you provide is Art. 6, par. 1 lett. b) - processing is necessary for the performance of a contract to which you are a party –, lett. c) - processing is necessary to fulfil a legal obligation to which the Data Controller is subject - and lett. f) – legitimate interest of the Data Controller - of Regulation 2016/679.
The provision of data is optional. However, if you fail to provide the data, it will not be possible to respond to the questions posed and requests for information made.
The browsing data as specified in Art. 2 lett. d) above are used for: • Extracting anonymous statistical information on the use of the site, which are cancelled immediately after processing; • Managing supervision requirements of the methods of use of the Site; • Checking liability in the event of hypothetical computer crimes. The legal basis for this processing is the need to render the Site functions usable following access of the User and the legitimate interest of the Data Controller.
Methods of data processing
The data you provide will be processed by the Data Controller and the parties authorised thereby for processing, principally with electronic and manual systems according to the principles of fairness, honesty and transparency provided for under the applicable regulations regarding personal data protection and protecting the confidentiality of the data subject to whom the data refer by means of technical and organisational security measures to guarantee an adequate level of security.
The Data you provide are gathered using digital and/or analogue methods, with or without the aid of electronic or, in any case, automated tools, also suitable for storing, managing or transmitting the data themselves, but nevertheless suitable to ensure the security of the data, and will be kept in the Data Controller’s digital and analogue files. The Data Controller adopts the precautions and physical, organisational and computer security measures to avoid the misuse and disclosure of third-party data. In any case, the data will be processed by the Data Controller in compliance with the security measures provided for by law - with particular reference to art. 32 of the Regulation - and, in general, to the legal provisions in force.
The personal data that are processed are generally kept for 10 years in compliance with statutory and tax obligations (limitation period). At the end of that period the data will be eliminated or converted into anonymous form.
Communication, disclosure and transfer of data
Without prejudice to the communications made in compliance with legal and contractual obligations, the data may be communicated to:
The full list of independent third-party data controllers and Data Managers is available on request at the Data Controller's headquarters.
The personal data will not be subject to distribution.
The data are not transferred outside the European Union.
In relation to the data described until this point, you will be able to exercise the rights provided for under the Regulation (articles 15-21), at any time, by sending a certified e-mail (PEC) to e-mail address firstname.lastname@example.org by writing by registered letter with return receipt to the address of the registered office as indicated above. These rights include the right to:
The gathering and use of the information obtained through the plugin are governed by the respective privacy notices of the social networks. Please refer to those notices for further information: