A summary of this information has been. drawn up in accordance with European Regulation 679/2016 on Data Protection (GDPR) and Art. 13 of Legislative Decree 196/2003 (The Code that regards the protection of personal data).
With reference to the processing of your personal data, we wish to inform you that:
The personal data you provide or acquired in the context of the contractual relations with you, is used to fulfill the contractual obligations deriving from the contract stipulated with you; for civil and fiscal purposes; as well as for the keeping of accounts, billing, credit management and for commercial purposes.
Where expressly authorized, personal data can also be used by Gabor S.r.l. and/or by third parties for promotional and marketing activities.
Treatment of personal data includes the collection, registration, organization, conservation, modification, consultation, processing, extraction, selection, interconnection, comparison, use, blocking, cancellation and its destruction, with a view to minimize the eventual use thereof.
The data provided is processed in compliance with Italian law, using print and digital tools that are suitable to protect the Client’s security and confidentiality, with a view to use it in minimum measure to comply with the regulatory regime and in line with what is deemed appropriate to minimize risk.
Gabor S.r.l. gives particular attention to the selection of its service providers, so that they respect and, where possible, exceed the minimum regulatory levels of security.
Due to the nature of the services we provide, part of the processing may take place outside the European territory, as is detailed below.
Providing the requested personal data (personal information, tax code, bank details) is mandatory, Failure to provide this information, both in full or in part, would prevent the establishment of a relationship with the company Gabor S.r.l..
The data provided or acquired during the contractual relationship will not be disclosed but may be released to external parties who provide specific services or carry out specific tasks on behalf of the company. Such service providers may include accountants, law firms, credit institutions, transport companies, credit recovery companies, and/or IT service companies. The data provided will be processed by personnel directly designated by the Data Processor.
In the absence of a specific request for cancellation, the data provided will be kept for 5 years from the end of the contractual relationship (or for the minimum time required by law, if longer).
We also inform you that the GDPR and art. 7 of Legislative Decree 196/2003 recognize the right of the interested party to:
– request confirmation of the existence of personal data concerning him/her;
– receive information on the treatment of the data held by Gabor S.r.l.;
– request updates, modification, integration, cancellation, transformation into anonymous form and blocking of personal data used in violation of the law;
– obtain a copy of the personal data collected;
– oppose the use of the data for reasons deemed to be legitimate;
– obtain the intervention of the Guarantor and the Judicial Authority in case of violations. This right can be exercised by sending a request by e-mail to privacy@gaborcosmetics.it che The request will be managed in a reasonable time based on its complexity.
For the details of the treatments in place, refer to the privacy policy below.
Privacy Policy of Gabor S.r.l.
Gabor S.r.l. collects some Personal Data of its Users. Users may be subject to different levels of protection. Some Users therefore enjoy superior protection. Further information on the protection criteria can be found in the applicability section.
Data Controller
GABOR S.r.l. – Via L.Canepa, 13 i.r. 16165 – Genova -Italia – Tel.+39 010.802655 – Fiscal code e VAT number 02709390104 info@gaborcosmetics.it
Company email address: privacy@gaborcosmetics.it
The Data Processor is the legal representative of Gabor S.r.l.
Types of data collected
The Personal Data collected by Gabor S.r.l., independently or through third parties, includes Cookies, Usage Data, Email, Name, Surname and Telephone Number.
Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using the website of Gabor S.r.l..
Unless otherwise specified, Users must provide all the Data requested by Gabor S.r.l.. If the User refuses to communicate this data, it may be impossible for Gabor S.r.l. to provide the Service. In cases where Gabor S.r.l. indicate some data as optional, Users are free to refrain from providing this data, without having any consequence on the availability of the service or on its operation.
Users who have doubts about which data is mandatory are encouraged to contact Gabor S.r.l.
Any use of Cookies or other tracking tools by Gabor S.r.l. or of the operators of third-party services used by Gabor S.r.l., unless otherwise specified, has the purpose of providing the service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy, if available.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through Gabor S.r.l. and guarantees the legal right to communicate or disseminate this information, freeing the Owner from any liability to third parties.
Method and place of processing of the collected data
Processing methods
The Owner will take the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
Data is processed using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties involved in the organization of Gabor S.r.l. may have access to the Data. (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) designated, where necessary, as Data Processors by the Holder. An updated list of these managers may be requested from the Data Controller at any time.
Legal basis of Data Processing
The Owner processes Personal Data relating to the User if one of the following conditions exists:
– – processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
— processing is necessary in order to perform of a task of public interest or for the exercise of public authority conferred upon the Owner;
– processing is necessary for the pursuit of a legitimate interest of the Data Controller or of third parties.
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each treatment of the data and, in particular, to specify whether the treatment is based on the law, provided for by a contract or necessary in order to conclude a contract.
Place where the Data is Processed
The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located. For more information, contact the owner.
The User’s Personal Data may be transferred to a country other than that in which the User is located. To obtain further information on the place of processing, the User can refer to the section relating to the details on the processing of Personal Data
In case of a higher level protection, the User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization governed by public international law or consisting of two or more countries, such as, for example the United Nations. The user also has the right to obtain information regarding the security measures adopted by the Data Controller to protect the Data.
If one of the transfers described above takes place, the User can refer to the respective sections of this document or request information from the Data Controller by making contact at the time a contract is established.
Length of Data Retention
The Data is processed and stored for the time required by the purposes for which it was collected. Therefore:
Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of this contract is complete;
Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until this interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.
When processing is based on the User’s consent, the Data Controller can keep the Personal Data longer until this consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this term, the right of access, cancellation, modification and the right to data portability can no longer be exercised.
Purpose of processing the collected data
The User Data is collected to allow the Owner to provide its Services, as well as for the following purposes: to measure statistics, to manage contact addresses, to send messages, to contact the User, to view content from external platforms and to monitor infrastructure.
Mailing list or newsletter (this Website)
By registering to be on mailing list or to receive the newsletter, the User’s email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to this Website may be transmitted. The User’s email address may also be added to this list as a result of registering on this Website or after making a purchase.
Management of databases of Users / Customers of the online sales service
This type of service allows the Owner to build user profiles starting from an email address, name or any other information that the User provides to this Website. It also serves to track User activities through statistical functions. This Personal Data may also be intersected with publicly available information on the User (such as profiles on social networks) and used to build private profiles that the Owner can view and use to improve this Website. Some of these services could also allow the scheduled sending of messages to the User, such as emails based on specific actions performed on this Website.
Users may choose not to participate in certain advertising features through the corresponding device configuration options, such as the mobile device advertising configuration options or the generic advertising configuration.
Selling goods and services online
The Personal Data collected is used for the provision of services to the User or for the sale of products, including payment and possible delivery. The Personal Data collected to complete the payment may be that relating to the credit card, the bank account used for the transfer or other payment instruments provided. The payment data collected by this website depends on the payment system used.
Rights of the User
Users can exercise certain rights with reference to the Data processed by the Data Controller.
In case of a higher level of protection, the User can exercise all the rights listed below. In any other case, the User can contact the owner to find out which rights are applicable and how to exercise them.
In particular, the User has the right to:
– – withdraw consent at any time. The User can revoke the previously expressed consent to the processing of their Personal Data.
– oppose the processing of their data. The user can oppose the processing of their data when it occurs on a legal basis other than consent. Further details on the right to object are indicated in the section below.
– access their data. The user has the right to obtain information on the data processed by the owner, on certain aspects of the processing and to receive a copy of the data processed.
– verify and ask for modification. The User can verify the correctness of their Data and request its modification or correction
– obtain the limitation of processing. When certain conditions are met, the User can request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any purpose other than its conservation.
– obtain the cancellation or removal of their Personal Data. When certain conditions are met, the User can request the cancellation of their Data by the Owner.
– receive their data or have it transferred to another owner. The User has the right to receive his / her data in a structured format, commonly used and readable by an automatic device and, where technically feasible, to obtain its unhindered transfer to another owner. This provision is applicable when the Data is processed with automated tools and the processing is based on the User’s consent, on a contract to which the User is a party or on connected contractual measures.
– make a complaint. The User can lodge a complaint with the competent personal data protection supervisory authority or take legal action.
Details on the right to object
When Personal Data is processed in the public interest, in the exercise of public authority conferred upon the Owner or to pursue a legitimate interest of the Owner, Users have the right to object to the processing for reasons related to their particular situation.
Users are reminded that, if their Data is processed for direct marketing purposes, they can oppose the processing without providing any reason. To find out if the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.
How to exercise User rights
To exercise User rights, Users can direct a request to the Owner whose contact details are indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case, within one month.
Applicability of the higher level of protection
While most of the provisions of this document apply to all Users, some are expressly subject to the applicability of a higher level of protection in the processing of Personal Data. This higher level of protection is always guaranteed when the procedure:
– is performed by a Data Controller based in the EU;
– concerns Personal Data of Users located in the EU and functions in the offer of goods or services for consideration or free of charge to the User;
– concerns Personal Data of Users located in the EU and allows the Owner to monitor the behavior of such Users to the extent that this behavior takes place within the Union.
Update
This information is subject to modification and revision. The User is invited to consult it regularly. We invite you to notify us if you have not understood any of the contents herein and to contact us for further information.