Enter the site

PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA

pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)

Introduction

This privacy policy is provided for the website “http://order.miacosmetics.it” (the Site), owned by MIA COSMETICS SRL, with registered office at LUNGOTEVERE FLAMINIO 76 ROMA RM 00196 IT, registered with the Chamber of Commerce of ROME, VAT no. 15073561001, tax code 15073561001, share capital €100,000.00 fully paid up (Data Controller), acting as Data Controller pursuant to the GDPR.

Purchases on the Site

Subject to your provision of data, your personal data will be processed to allow you to make purchases on the Site.

Registration

The information and data requested upon registration will be used to allow you both to access the reserved area of the Site and to use the online services offered by the Data Controller to registered users.

Marketing

Subject to your consent, the Data Controller may process the personal data you provide in order to send you advertising material and/or newsletters relating to its own or third-party products and/or services.

Profiling

Subject to your consent, the Data Controller may process your personal data for profiling purposes, namely to analyze your purchasing choices through the identification of the type and frequency of purchases you make, in order to send you advertising material and/or newsletters relating to its own or third-party products and/or services of specific interest to you.

Soft spamming

The Data Controller may use, for the direct sale of products and/or services offered for sale through the Site, the email address you provided in the context of a purchase on the Site, even without your consent, provided that it concerns a product and/or service similar to the one previously purchased (so-called soft spamming). You may in any case refuse this processing at any time by notifying the Data Controller of your objection.

***

In compliance with the GDPR, we hereby inform you that the Data Controller will process your personal data under the following conditions.

Art. 1. Purpose and legal basis of processing. Mandatory or optional provision. Consequences of refusal to process.

The processing of personal data is aimed at achieving the following purposes:

a. to allow registration on the Site and access to services reserved to registered users, as well as to comply with obligations arising from applicable laws or regulations, in particular in the administrative, accounting and public security fields. The legal basis for processing is the need for the Data Controller to perform pre-contractual measures requested by the data subject or to comply with a legal obligation;

b. in the event of an online purchase order, to allow the conclusion of the purchase contract and the correct execution of the operations connected thereto (and, where required by sector regulations, to fulfill tax obligations). The legal basis for processing is the obligation of the Data Controller to perform the contract with the data subject or to comply with legal obligations;

c. limited to the email address you provided in the context of a purchase through the Site, to allow the Data Controller to directly offer similar products and/or services (so-called soft spamming), provided that you do not object to such processing in the manner set out in this privacy policy. The legal basis for processing is the legitimate interest of the Data Controller in sending this type of communication. This legitimate interest may be considered equivalent to the interest of the data subject in receiving “soft spam” communications;

d. subject to your consent, for sending newsletters and conducting market surveys, also aimed at assessing the degree of user satisfaction, and sending advertising material relating to products and/or services of the Data Controller and/or third parties, by means such as email, sms, mms, traditional methods (postal mail and/or telephone) (marketing purposes); subject to your consent, for processing your commercial profile, by collecting and processing your purchasing choices and habits, in order both to monitor customer satisfaction and to send you advertising material relating to products and/or services of the Data Controller and/or third parties of specific interest to you, by means such as email, sms, mms, traditional methods (postal mail and/or telephone) (profiling purposes). The legal basis for processing is the consent of the data subject;

e. where the chat service is active, to enable the service through which the user may contact and be contacted by the Data Controller, subject to your consent, while browsing the Site. The legal basis is the legitimate interest of the Data Controller in carrying out this type of activity. This legitimate interest may be considered equivalent to the interest of the data subject in using the Site chat service;

f. to respond to your requests through the customer care service. The provision of data is optional, but your refusal will make it impossible for the Data Controller to answer your questions through this service. The legal basis for processing is the legitimate interest of the Data Controller in responding to user requests. This legitimate interest is equivalent to the interest of the user in receiving a response to communications sent to the Data Controller;

g. to reply by email or telephone to your requests. The provision of data is optional, but your refusal will make it impossible for the Data Controller to respond to your requests. The legal basis for processing is the legitimate interest of the Data Controller in responding to user requests. This legitimate interest is equivalent to the interest of the user in receiving a response to communications sent to the Data Controller.

The provision of data for the purposes referred to in points a) and b) is entirely optional. However, since such processing is necessary to make a purchase on the Site, your refusal to provide such data will make it impossible to complete the purchase through the Site.

Consent to the processing of your data for marketing and profiling purposes is entirely optional. Failure to consent will only result in the consequences described below.

Failure to consent to the processing of data for marketing purposes will make it impossible for you to receive advertising material relating to products and/or services of the Data Controller and/or third parties, as well as making it impossible for the Data Controller to carry out market surveys, including those aimed at evaluating user satisfaction, and to send you newsletters.

Failure to consent to the processing of your personal data for profiling purposes will make it impossible for the Data Controller to create your commercial profile by analyzing your purchasing choices and habits, as well as to send you advertising material relating to products and/or services of the Data Controller and/or third parties of specific interest to you.

Without prejudice to the foregoing, it is understood that the Data Controller may in any case use your personal data solely for the purpose of properly fulfilling obligations provided for by current laws and obligations arising from contractual relationships in force between you and the Data Controller.

If you have registered on the Site, you may in any case change your consent for the purposes described above at any time by accessing your personal page.

Please note that you may object to the processing of your personal data also by means of the specific link included at the bottom of any promotional email sent by the Data Controller. Any objection expressed in this way also extends to communications sent by postal mail.

Data provided within the “Invite a friend” service

On the Site, you may recommend the Site or one or more products and/or services offered for sale on the Site to your friends by entering their personal data requested from time to time. You acknowledge that the Data Controller will retain such personal data only for the time strictly necessary to document that your request has been processed. In order to use this service, you must be able to demonstrate, if requested by the Data Controller, that you are legitimately entitled to use your friends’ personal data.

Data provided within the “Give a gift” service

On the Site, you may gift one or more products and/or services to a person by entering the personal data requested from time to time. You acknowledge that the Data Controller will retain such personal data only for the time strictly necessary to document that your request has been processed. In order to use this service, you must be able to demonstrate, if requested by the Data Controller, that you are legitimately entitled to use your friends’/contacts’ personal data.

Social networks

By choosing the option of registering and/or accessing the Site through Facebook, Google Plus, Instagram, and Twitter, you accept that the respective social networks used from time to time to access the Site will transmit to the Data Controller the personal data necessary for registration and/or access.

Payment card data

To make a payment using one of the payment cards offered on the Site, the user must enter the confidential payment card details directly on a page that will communicate via a secure encryption protocol with the payment service provider (which will act as an independent data controller), without passing through the Data Controller’s server, which will therefore not process such data in any way. The data will be acquired in encrypted format.

With reference to payment card data, please note that the processing of your personal data is necessary in order to allow the conclusion of the online purchase contract with the Data Controller. Failure to provide such data will therefore prevent you from completing the online purchase process.

PayPal

It is also possible to purchase on the Site using PayPal. In this case, you will be redirected to a page external to the Site, where you must enter the personal data required by PayPal, which will act as an independent data controller in order to complete the purchase process. Personal data will not pass through the Site server, which therefore will not process such data in any way. The processing of your personal data is necessary to allow the conclusion of the online purchase contract with the Data Controller. Failure to provide such data will therefore prevent you from completing the online purchase process.

Bank transfer

If you choose bank transfer as a payment method, in the event of any refund, the Data Controller will ask you for the bank details necessary to arrange payment.

Special or judicial data

The Data Controller does not process judicial data, but does process special categories of data.

The sensitive data processed are the following: genetic data

Public profile

If you have registered on the Site, you may make your profile public, allowing users to view your personal data. You undertake to indemnify the Data Controller against any damage or prejudice, including potential damage, that you may suffer as a result of the publication of the personal data published on your profile.

Geolocation

When accessing the Site, you may receive a notification on your device (desktop and/or mobile) giving you the option to allow or deny identification of the device itself (so-called geolocation). You may change geolocation settings at any time through your device settings. Data relating to the device’s location will in no way be collected and/or stored by the Data Controller. The legal basis for processing consists of the legitimate interest of the Data Controller in providing services relevant to the user’s location. This legitimate interest is equivalent to the user’s interest in receiving services as relevant as possible to their location.

Art. 2. Methods of processing

Your personal data will mainly be processed with the aid of electronic or in any case automated means, using methods and tools suitable to guarantee security and confidentiality in compliance with the GDPR. The information acquired and the processing methods will be relevant and not excessive with respect to the type of services provided. The data will also be managed and protected in environments whose access is under constant control.

Art. 3. Communication and disclosure of data

Your data may be communicated to:

• all subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative provisions
• companies or third parties entrusted with printing, enveloping, shipping and/or delivery and/or collection services for products purchased through the Site
• post offices, couriers, suppliers (e.g. dropshipping sales) or freight forwarders entrusted with delivering products purchased through the Site
• banking institutions and companies that manage national or international payment circuits through which online payments for products purchased through the Site are made
• companies, consultants or professionals possibly entrusted with the installation, maintenance, updating and, in general, management of the hardware and software of the Data Controller or used by the latter for the provision of its services, as well as external companies entrusted with sending advertising communications on behalf of the Data Controller
• employees and/or collaborators of the Data Controller, the company entrusted with carrying out customer care activities, the subjects managing online payment transactions, the subjects responsible for repairing damaged products or products covered by the legal guarantee of conformity, and all those public and/or private subjects, natural persons and/or legal entities (legal, administrative and tax consulting firms, Judicial Offices, Chambers of Commerce, Labor Offices and Agencies, etc.), where communication is necessary or functional for the proper fulfillment of obligations deriving from the law. The data concerning you will not be disclosed, except in anonymous and aggregated form, for statistical or research purposes.

Art. 4. Data Controller

The Data Controller of personal data may be contacted at the following addresses:

MIA COSMETICS SRL LUNGOTEVERE FLAMINIO 76 ROMA RM 00196 IT

Phone: 0815029629
Email: luigi@miacosmetics.it
Through the contact form available on the Site.

Art. 5. Retention of personal data

Personal data will be stored and processed for marketing purposes for a period of 24 months and for profiling purposes for a period of 12 months. At the end of this period, the Data Controller may ask the user to renew consent to the processing of their data for such purposes or make the data anonymous and retain it only for statistical or historical purposes.

For all other purposes provided for in the privacy policy, personal data will be retained only for the time necessary to ensure the proper provision of the services offered.

In the event of closure of the Site account at the initiative of the user, the data contained therein will be retained for administrative purposes for a period not exceeding 90 days, without prejudice to any specific legal obligations concerning the retention of accounting documentation or for public security purposes.

Art. 6. Rights of the data subject

Pursuant to art. 13 of the Privacy Regulation, the Data Controller informs you that you have the right to:

• request from the Data Controller access to your personal data and the rectification or erasure thereof or restriction of processing concerning you, or to object to such processing, in addition to the right to data portability; withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
• lodge a complaint with a supervisory authority (e.g. the Data Protection Authority).

The above rights may be exercised by submitting an informal request to the Data Controller at the contact details indicated above.

Art. 7. Amendments

The Data Controller reserves the right to make changes to this privacy policy at any time, giving appropriate notice to users of the Site and in any case ensuring adequate and equivalent protection of personal data. In order to review any changes, you are invited to consult this privacy policy regularly.