Subject: Information on data processing
pursuant to Article 13 of EU Regulation no. 2016/679
with this communication, Sensi SkinFood S.r.l. wishes to inform you about the management methods of this website with reference to the processing of personal data of those who consult it ("User / users").
This information is provided, pursuant to art. 13 of the European Regulation 2016/679 concerning the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data" no. 679/2016 (so-called GDPR), to those who will interact with web services accessible from the home page https://sensiskinfood.com also by sending an email to firstname.lastname@example.org or to the telephone number 01251922188 to receive information or assistance.
It should be noted that the information is provided only for this site and not for other external websites consulted/accessible by the user through any links on the site itself; therefore, the user is invited to consult by direct access to the respective privacy policies.
Sensi SkinFood S.r.l. therefore wishes to inform you on what data it collects and with what modalities and that the personal data you provide will be processed in compliance with the principles of lawfulness, correctness, pertinence and non-excess and with the obligations of confidentiality and security, in compliance with current legislation in so as to guarantee respect for the fundamental rights and freedoms of the User.
In particular, the following information is provided.
1. Data Controller
The owner of the processing of personal data is the company Sensi SkinFood S.r.l. with registered office in 10015 – Ivrea (TO), Via G. Jervis nr. 77, CF. and VAT no. 03796230047.
2. Contact details
The Data Controller can be contacted at the registered office in 10015 – Ivrea (TO), Via G. Jervis n. 77 or to the email address email@example.com.
3. Object of the processing and type of data processed
The personal data being processed refer to:
Browsing data (log files) collected automatically: the computer systems and software/application procedures dedicated to the operation of this website detect, during their operation, some personal data potentially associated with identifiable users. This data transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their nature could, through associations with data held by third parties, allow the identification of the user. This type of data includes the IP address and the domain names of the devices used to connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the requests, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the computer environment used by the user. These data, necessary for the use of web services, are also processed for the time strictly necessary in order to obtain statistical information on the use of the site and services and to check their correct functioning. The provision of such data - being directly connected to web browsing - is mandatory.
Data voluntarily provided by the User: the Data Controller also processes the data that is voluntarily provided by the User and in particular: (i) personal data or name, surname, age; (ii) contact details or telephone number, residential and/or domicile address, country of residence, login credentials, e-mail address provided when creating your account, purchasing products and requesting information and/or assistance; (iii) payment and billing data provided for the purpose of completing the purchase and based on the type of payment chosen (for example, credit card number, expiry date and security code).
4. Purpose and legal basis of the processing
Sensi SkinFood S.r.l. will process the user's personal data for the following purposes:
allow access, navigation, registration on the site, management of one's account, storage of one's data and information, use of the services of the same or online purchase; execute the pre-contractual requests sent by the user; allow the conclusion of the contract between the Parties and the correct execution of the connected and instrumental obligations arising from the same; by way of example such as the fulfillment and management of the order, the shipment of the goods, customer assistance and the management of any complaints/refunds/returns; ensure correct performance of accounting, tax, social security, commercial, technical obligations and for all corporate activities in general deriving from and inherent in the relationship with the User; comply with legal obligations and respond to requests from public and state authorities; verify the correctness and completeness of the data provided also in order to protect the rights of the Company also in court.
The legal basis of these treatments is constituted by the fulfillment of contractual obligations (letters iii and iv), by the execution of pre-contractual measures (letters i and ii), by the fulfillment of legal obligations (letters iv and v) and by the interest of the Data Controller (letter vi).
The provision of such data for the purposes indicated above is optional; however, being the same and their treatment necessary for the achievement of the purposes indicated above and/or for the fulfillment of obligations established by current legislation, their failure to communicate will make it impossible for the user to access and/or navigate on the Site and/or register and use the services dedicated to registered users, including the possibility of purchasing the marketed products online.
Sensi SkinFood S.r.l. will also process the user's personal data - but only with his explicit consent - for the following purposes:
direct marketing: sending newsletters and/or email communications relating to initiatives, events or promotions that may be of interest to the User; analysis of usage, preference and consumption data of the products sold through automated data processing including profiling.
The legal basis for the processing of personal data for these purposes is the explicit consent of the interested party, which is optional; in case of refusal, the User will not be able to stay updated on the news and/or promotions offered by the Owner.
It should be noted, however, that the withdrawal of consent will not affect the lawfulness of the data processing based on the consent given up to the moment of the withdrawal.
5. Methods of treatment and conservation
Data processing is carried out using tools suitable for guaranteeing their security, integrity and confidentiality and may be carried out manually and/or automatically, on paper and/or electronically, protected by adequate security measures.
The management and storage of data will take place at the headquarters of the Data Controller company (in special locked archives/supports) and/or on servers located in Canada and Ireland owned by the Shopify company with registered office at 150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4 – Canada, company that manages the e-commerce platform, and on servers located in Italy owned by Aruba S.p.a. with registered office in Via San Clemente n. 53 - 24036 Ponte San Pietro (BG), the company that manages the Owner's email domain.
6. Duration of treatment
In compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR n. 2016/679, the Users' personal data will be kept for 10 years from the conclusion of the contract - or for the different time in which the Company is subject to obligations of a civil, fiscal and tax nature, provided for by law or regulation - except for 'need to extend the retention period, for the purposes of judicial protection of the rights of the Data Controller, until the expiry of any prescription terms.
The data collected for promotion and/or marketing purposes will be kept until the consent is revoked and, in any case, for a period not exceeding 24 months.
The data collected for profiling purposes will be kept until the consent is revoked and, in any case, for a period not exceeding 12 months. Once the storage terms indicated above have elapsed, personal data will be destroyed or made anonymous.
7. Recipients of the data
The data collected will not be disseminated and will not be communicated without the explicit consent of the User, with the exception, however, of the necessary communications relating to the existing relationship, or resulting from the contractual relationship. In fact, the Company - without it being necessary to request your specific consent - can communicate your personal data to categories of subjects better indicated below, such as for example: external subjects, even if not present within the EU (on the basis of the adequacy decisions of the European Commission or on the basis of the standard model clauses), which provide the Company with specific processing, administrative or instrumental services or perform related or necessary support activities for the achievement of the aforementioned purposes, such as for example:
1. consultants, accountants, experts or lawyers who provide functional services for the purposes indicated above, also for the protection of the company's rights and for credit recovery;
2. companies that provide IT services, companies that manage the e-commerce platform and the email domain;
3. subjects who process data in execution of specific legal obligations;
4. third parties who carry out outsourced activities on behalf of the Data Controller.
The aforementioned subjects will act as Data Processors specifically appointed by the Data Controller.
The processing of personal data will also be carried out by Sensi Skinfood S.r.l. through specifically authorized and appointed subjects within the scope of the tasks assigned by the Data Controller and in compliance with the provisions of art. 29 of the GDPR n. 2016/679.
The list of data processors and those authorized to process it can be consulted at the headquarters of the Data Controller indicated above upon request by the User.
Judicial authorities, as well as those subjects to whom the communication is mandatory by law. These subjects will process the data in their capacity as independent Data Controllers.
8. Transfer of data abroad
User data may be transferred to third party recipients located in countries outside the European Union.
In fact, as part of the online registration and purchase services, the data is processed by the company Shopify - which is the e-commerce platform used by Sensi SkinFood S.r.l. – and having its registered office at 150 Elgin Street, Suite 800, Ottawa, Ontario, K2P 1L4 – Canada.
The transfer of the data in question outside the European Economic Area is based pursuant to art. 45 of the GDPR on the basis of an adequacy decision consisting of a preliminary assessment carried out by the Commission which considered that the third country in question guarantees an adequate level of protection of personal data.
9. Data of minors under the age of 18
The company's e-commerce is not intended for minors under the age of 18 and the Company does not collect personal data from minors of this age.
10. What are the User's rights with reference to their personal data
At any time, the User, pursuant to articles from 15 to 22 of EU Regulation no. 2016/679, has the right to:
a) ask if your personal data is being processed;
b) obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and the retention period;
c) obtain access, rectification, updating, integration or cancellation/anonymization of data;
d) obtain the limitation of the treatment in certain hypotheses (art. 18 of the GDPR);
e) obtain the personal data transmitted in a structured format, commonly used and readable by an automatic device and be able to transmit them to another data controller without impediments;
f) oppose the treatment at any time, in whole or in part, and also in the case of treatment through an automated decision-making process, including profiling if carried out;
h) withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
j) propose a complaint to the Guarantor for the protection of personal data or to the competent judicial authorities.
The user can exercise his rights with a written request sent to the Data Controller addressed to the contact details indicated above.
The date of the last update is shown below.
Drafting date : 17 September 2020