Information on the processing of personal data . In force from 01/12/2024

INTRODUCTION

This policy takes into account the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Privacy Code (Legislative Decree No. 196 of 30 June 2003). The document has also been drawn up in accordance with the Guidelines of the Privacy Commissioner (in particular the Guidelines on combating spam issued by the Privacy Authority on 4 July 2013).

Data Controller of the Processing: SKIN SYSTEM SRL

Website to which the present privacy policy refers: https://www.skinsystem.company/ (Website) .

The Data Controller has not appointed a DPO (Data Protection Officer). Therefore, you can send any information requests directly to the Data Controller.

INFORMATION GENERAL

This document describes how the Data Controller processes your personal data provided on the Website.

The following describes the main processing of your personal data. In particular, the legal basis for the processing is explained, whether the provision of data is mandatory and the consequences of failure to provide data. a22> failure to provide personal data of personal data personal data. To describe to the best your rights, where necessary, we have specified if and when a specific processing of data is carried out. a39> specific processing of personal data is not carried out is not carried out.

Registration on the Website

The Website does not offer the possibility of registration. Therefore, the Data Controller does not process your personal data for this purpose.

Purchases on the Website

It is not possible to make purchases on the Website. Therefore, your personal data will not be processed for this purpose. The Data Controller does not process user data to send “reminder” emails regarding the purchase of the Data Controller’s products and/or services.

Responding to your requests

Your data will be processed in order to respond to your requests for information. The provision of data is optional, but your refusal will make it impossible for the Data Controller to process your request. the impossibility for the Data Controller of Processing to respond to your questions. The legal basis of the processing is the legitimate interest of the a31> Data Controller of the Processing to follow up on the requests of the user. This legitimate interest is equivalent to the user’s interest in receiving a response to the communications sent to the Data Controller of the Processing.

Generic marketing

Il Titolare del Trattamento non Le invierà materiale pubblicitario e/o newsletter relativo a prodotti propri o di terzi. Utilizziamo servizi di Google, come Google Ads e Google Analytics, per personalizzare gli annunci pubblicitari e migliorare l’esperienza utente. Ciò include la raccolta di dati personali e cookie, utilizzati per mostrarti annunci in linea con le tue preferenze. Al momento del consenso, ti verrà chiesto di autorizzare l’uso di questi dati. Maggiori dettagli sull’uso dei cookie e la gestione del consenso sono disponibili nella cookie policy di questo sito web.

Profiling

Il Titolare del Trattamento non effettua “profilazione” con i Suoi dati personali. Pertanto, non Le invierà materiale pubblicitario e/o newsletter relativi a prodotti propri o di terzi di Suo specifico interesse.

Transfer of data

Il Titolare del Trattamento non cede a terzi i Suoi dati personali.

Geolocation

The Website does not implement tools for geolocation of the user’s IP address.

Curriculum Vitae

It is not possible to send CVs via the Website. Therefore, your data will not be processed for these purposes.

Booking appointments

There are no third-party systems on the Website for booking appointments with the Data Controller. Therefore, your data will not be processed for this purpose. In any case, you can always contact the Data Controller at the addresses indicated in the epigraph.

Photos and videos

The Data Controller does not request the publication of photographs and/or videos depicting you. Therefore, your data will not be processed for these purposes.

Web scraping

The use of any automated process or system to access, acquire, copy or monitor any part of our website, including, but not limited to, web scraping, crawling or spidering techniques, is expressly prohibited. The Data Controller reserves the right to take all necessary measures, including legal action, to prevent and prosecute any unauthorised scraping activity. By using the Site, you or any third party agrees not to: (i) use automated systems, such as bots, scrapers, or spiders, to access or interact with the Site; (ii) collect content, data, or other information from the Site without express written authorisation; (iii) distribute, display, publish, or otherwise use content acquired through scraping techniques without consent. Any violation of this clause will be considered a material breach of the terms of use of the Site and will result in appropriate measures being taken, including the possible suspension of access to the site and the initiation of legal action to protect the interests of the Data Controller.

Communication of personal data

As part of its ordinary activities, the Data Controller may disclose your personal data to certain categories of subjects. In Article 2 You can find the list of entities to whom the Data Controller of the a9> Processing communicates your personal data. To facilitate the protection of your rights, Article 2 may specify in certain cases when your data is not communicated to third parties.

The “communication” of personal data to third parties is different from “transfer” (regulated in the previous point). In fact, in communication, the third party to whom the data is transmitted can only use it for the specific purposes described in the relationship with the Data Controller. In transfer, on the other hand, the third party becomes the independent Data Controller of the personal data. Furthermore, your consent is always required to transfer your personal data to third parties.

Without prejudice to the foregoing, it is understood that the Data Controller may in any case use your personal data to correctly fulfil the obligations provided for by the laws in force.

INFORMATION SPECIFIC PRIVACY POLICY SPECIFIC

Art. 1 Processing methods

1.1 Your personal data will mainly be processed using electronic or automated means, in accordance with methods and using tools that guarantee the security and confidentiality of personal data.

1.2 Le informazioni acquisite e le modalità del trattamento saranno pertinenti e non eccedenti rispetto alla tipologia dei servizi resi. I Suoi dati saranno altresì gestiti e protetti in ambienti informatici sicuri e adeguati alle circostanze.

1.3 Through the Website, no “special data” is processed. Special data are those that a12> can reveal racial and ethnic origin, the beliefs religious, philosophical or of other kind, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade union nature, philosophical, political or trade union organisations, state of health and sexual life.

1.4 Tramite il Sito non vengono trattati dati giudiziari.

Art. 2 Communication of personal data

The Data Controller may disclose your personal data to specific categories of subjects. The Data Controller wishes to inform users that, when using the YouTube service (managed and owned by Google LLC), certain personal data may be collected and shared. This data collection is essential to provide and improve the user experience on our Site and to allow the viewing of video content integrated via the YouTube API. Specifically, when a user views video content via the YouTube API on our Site, the following information may be collected: IP Address: Used to connect the user’s device to YouTube for video transmission. Behavioural Data: Includes information about how the user interacts with videos, which videos are viewed and for how long. Location Information: Used to provide relevant content based on the user’s geographical location. This data is collected automatically by the system and, in some cases, may be stored to improve the user experience and for internal YouTube analytics purposes. Please note that our Site uses YouTube API services and, by viewing content through these APIs, the user accepts YouTube’s Terms of Service, which can be viewed at https://www.youtube.com/t/terms. For further details on data management by Google LLC, users are invited to consult the Google LLC privacy policy at http://www.google.com/policies/privacy and the YouTube privacy policy at https://www.youtube.com/intl/ALL_it/howyoutubeworks/our-commitments/protecting-user-data/. Details on the use of user API data User API data: When a user interacts with YouTube videos embedded in our Site, data such as viewing preferences, viewing history, and interactions with video content (likes, comments, shares) may be collected. This data is made available through the YouTube API and helps us understand how users interact with video content. Access to data via the Client API: Our Site may use specific API calls to request and receive data from YouTube. This may occur when a user views a video, with the system automatically recording the relevant information. Data collection: Data is collected automatically by the YouTube system when users interact with YouTube videos on our Site. This process is essential to providing a smooth and personalised user experience. Data retention: The data collected is stored securely in YouTube’s systems for a period that does not exceed the need for use. YouTube takes all necessary security measures to protect this data from unauthorised access or unlawful use. Use of data: YouTube uses this data for various purposes, including: Internal Analysis: To better understand user interactions with video content and improve the quality of YouTube services. Content Personalisation: To offer users a more personalised experience based on their preferences and interaction history. Improvement of User Experience: To identify and resolve any technical issues and optimise the usability of a9> video content. The following are indicated the subjects to whom the Data Controller of the Processing reserves the right to communicate your data:

• The Data Controller of the Processing may communicate your personal data to all those parties (including public authorities) who have access to your personal data pursuant to the provisions of a18> personal data pursuant to regulatory or administrative measures or administrative measures.
• Your personal data may also be disclosed to all those public and/or private entities, natural and/or legal persons (legal, administrative and tax consultancy firms, judicial offices, chambers of commerce, chambers and offices of labour, etc.), if such disclosure is necessary or functional to the proper fulfilment of the obligations arising from the law.
• The Data Controller of the Processing shall rely on employees and/or collaborators in any capacity. For the proper functioning of the a15> Website the Data Controller of the Processing may communicate your personal data to these employees and/or collaborators.
• In its own ordinary activity of managing the Website, the Data Controller of the Processing uses the services of companies, consultants or professionals appointed for installation, maintenance, updating and, in general, the management of the hardware and software of the Data Controller of the a28> Processing or of which the latter uses for the provision of its services. Therefore, only with reference to these purposes, your data may be processed also by these subjects.
• The Data Controller of the Processing does not use CRM platforms (companies that a10> carry out in particular the activity of sending automated communications to users). Therefore, your personal data will not be disclosed to these companies.
• The Data Controller does not use external companies to provide customer care services.
• The Data Controller does not use banks or companies that manage payment circuits.
• The personal data of purchasers is not disclosed to couriers or shippers.

The Data Controller reserves the right to modify the above list based on its ordinary operations. Therefore, you are invited to regularly access this policy to check which entities the Data Controller communicates your personal data to.

Art. 3 Storage of personal data

3.1 This article describes for how long the Data Controller reserves the right to process personal data. a10> reserves the right to retain your personal data for.

• Your personal data will be stored for only the time necessary to ensure the correct performance of the service. a6> time necessary to ensure the proper performance of the a11> services offered through the Website.
• For customer care purposes, the data will be deleted once the assistance service has been completed and, in any case, within a maximum period of 3 months from the last email exchange with the data subject.

3.2 Without prejudice to the provisions of Article 3.1, the Data Controller may retain your personal data for the time required by specific regulations, as amended from time to time.

Art. 4 Transfer of personal data

4.1 The Data Controller is based in a country that presents an adequate level of data protection. a9> has an adequate level of security from the a16> point of view regulatory. If the transfer of your personal data takes place in a country outside the EU and for the a30> which the European Commission has expressed an opinion of adequacy, the transfer is considered in every case secure from a45> point of view regulatory. The present Article 4.1 indicates from time to time the Countries in which your personal data may be possibly a64> transferred and where the European Commission has issued a finding of adequacy.

• Users are therefore advised to regularly access this article to check whether a9> the transfer of your personal data takes place in a country with these characteristics.

4.2 As indicated in Article 4.1, your data may also be transferred to countries outside the EU and for which the European Commission has not issued an adequacy decision. EU countries for which the European Commission has not issued an adequacy ruling. You are therefore invited to regularly review the a23> present Article 4.2 to verify in which of a28> these countries your data may be transferred.

4.3 In this article, the Data Controller indicates the countries in which it specifically conducts its business. This circumstance may imply the application of the legislation of the country in question, together with that governing the relationship with the user as indicated in the Introduction.

• At the user’s request, the Data Controller will apply the most favourable legislation provided for by the user’s national legislation to the processing of personal data.

Article 5. Rights of the data subject

The Data Controller informs you that you have the right to:

• request the Data Controller to grant you access to your personal data and to correct or delete it or limit its processing or to object to its processing, in addition to the right to data portability
• withdraw consent at any time without affecting the lawfulness of processing based on consent given prior to withdrawal
• lodge a complaint with a supervisory authority.

The above rights may be exercised by sending a request to the contacts indicated in the Introduction.

Article 6. Amendments and Miscellaneous

The Data Controller of the Processing reserves the right to make changes a9> make changes to the present policy at any time, giving appropriate notice to users of the Website and guaranteeing in every case an a27> adequate and similar protection of personal data . In order to view any changes, you are invited to consult regularly this policy. In the event of substantial changes to this privacy policy, the Data Controller of the a52> Processing may give notification also by email.