INFORMATION ON THE PROCESSING OF PERSONAL DATA
Information pursuant to art. 13 of the European Regulation 679/2016 regarding the protection of personal data [GDPR]). In compliance with the requirements set by the General Regulations on the protection of personal data, the Data Controller provides the interested party with the following information in relation to the processing of personal data carried out.
OWNER OF THE TREATMENT
Owner: O.I.S. Luxury Group S.r.l.
Address: Via Giuseppe Broggi, 22 20129 Milan (MI)
VAT number / tax code: 11515560966
Contacts Legal representative: Mattia Maestri
Privacy contact person: Emanuele Speranza
Data Protection Officer: Not present
Data controllers: No joint controllers present
If you intend to request further information on the processing of your personal data or for the possible exercise of your rights, you can contact the above-mentioned privacy contact directly in writing
CATEGORIES OF INTERESTED PARTIES
List of categories of interested parties: Customers or Users, Potential customers
TREATMENT CARRIED OUT
Sale of cosmetic products online
Description: Activity relating to the processing of personal data for the distribution and sale of goods or services.
ORIGIN, PURPOSE, LEGAL BASIS AND NATURE OF THE DATA PROCESSED
Origin: Data collected from the interested party.
Purpose:
1. Sale by computer or radio and television
2. Fulfillment of tax and accounting obligations - Acquisition of data for printing and sending the invoice both in paper and digital form.
3. Sending of informative and/or advertising material also by telephone or internet - Consent received from the interested party during the collection of personal data through acceptance inserted in the informative note. In the event of non-consent, the informative and/or advertising material will not be sent
Legal basis:
For purposes 1: The processing is necessary for the execution of a contract of which the interested party is a part or for the execution of pre-contractual measures adopted at the request of the same
For purposes 2: The processing is necessary to fulfill a legal obligation to which the data controller is subject
For purposes 3: Consent of the interested party
Personal data processed: Fiscal code and other personal identification numbers, Bank coordinates, Credit/debit card data, Contact and communication data, Residential address, E-mail address, Shipping address, Name, address or other identification elements personal
The "particular" data (sensitive data) are those defined by the articles 9 and 10 of Regulation 2016/679/EU ("GDPR"). These data are processed in compliance with the provisions of the GDPR and in the light of the General Authorizations issued by the Authority for the protection of personal data.
Particular data processed: -
Legal basis art. 9
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Recipient categories:
The communication of your personal data is foreseen, carried out on the legal bases provided for by article 6 of Regulation 2016/679/EU, to the following third parties:
Consultants and freelancers also in associated form, Authorized subjects
These bodies, organizations, companies and professionals act as Data Processors appointed by O.I.S. Luxury Group S.r.l. that is, they are themselves the Data Controllers of the personal data transmitted to them.
Your personal data, or the personal data of third parties in your ownership, may also be communicated to external companies, identified from time to time, to which O.I.S. Luxury Group S.r.l. entrusts the execution of obligations deriving from the assignment received to which only the data necessary for the activities requested will be transmitted. All employees, consultants, temporary workers and/or any other "natural person" who, authorized for processing, carry out their activity on the basis of the instructions received from O.I.S. Luxury Group S.r.l., pursuant to art. art. 29 of the GDPR, are designated "Data Processors" (hereinafter also "Data Processors"). To the Appointees or Managers, possibly designated, O.I.S. Luxury Group S.r.l. issues adequate operating instructions, with particular reference to the adoption and compliance with the security measures, in order to be able to guarantee the confidentiality and security of the data. Precisely with reference to the aspects of personal data protection, you are invited, pursuant to art. 33 of the GDPR to report to O.I.S. Luxury Group S.r.l. any circumstances or events from which a potential "violation of personal data (data breach)" may arise in order to allow an immediate assessment and the adoption of any actions aimed at countering this event by sending a communication to O.I.S. Luxury Group S.r.l. at the contact details indicated above. The obligation of O.I.S. Luxury Group S.r.l. to communicate the data to Public Authorities upon specific request.
TRANSFERMENT ABROAD
Transfers to foreign countries (non-EU) or to international organizations: No transfers to foreign countries or to international organizations
Your personal data may be transferred abroad if it is necessary for the management of the assignment received. For the processing of information and data that will eventually be communicated to these subjects, the equivalent levels of protection adopted for the processing of personal data of its employees will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory instruments envisaged by Chapter V of the GDPR will be applied.
METHODS, TREATMENT LOGICS AND STORAGE TIMES
Duration of treatment:
The treatment will last no longer than necessary for the purposes for which the data were collected. The data will be processed for the entire duration of the contractual relationship established and also subsequently, for the fulfillment of all legal obligations, as well as for future commercial purposes.
Your data is collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles and provisions of art. 5 c 1 of the GDPR. The processing of personal data takes place using manual, IT and telematic tools with logic strictly related to the purposes themselves and, in any case, in order to guarantee their security and confidentiality.
NATURE OF THE PROVISION
The processing of personal data will be carried out for the following purposes:
Purposes that do not require consent:
- Sale by computer or radio and television
- Fulfillment of tax and accounting obligations
- Acquisition of data for printing and sending the invoice both in paper and digital form
Purposes that require consent:
- Sending of informative and/or advertising material also by telephone or internet
- Consent received from the interested party during the collection of personal data through acceptance inserted in the information. In the event of non-consent, the informative and/or advertising material will not be sent
Only with your explicit consent to be given at the bottom of this information, will the data, the purposes of which require consent, be processed. The provision of data is in any case optional and will not prejudice the existing contractual relationship with the Data Controller
For the data collected and used for needs attributable to the execution of activities inherent to the contractual relationship and the observance of the legal obligations indicated, your consent is not required. Failure to communicate the personal data referred to above will make it impossible to follow up on the relationship in question. Your consent is not required for the data collected and used for the legitimate interest of the Data Controller (letter f, art. 6, of the GDPR). The communication of the personal data referred to above is optional but necessary for the execution of the services offered by the Data Controller. Any refusal to communicate such data will make it impossible to provide all or part of the requested services.
RIGHTS OF THE INTERESTED PARTIES (Articles from 15 to 22 of the GDPR)
Right of access: The interested party has the right, according to the provisions of the articles from 15 to 22 of the GDPR to request the owner access to their personal data.
Right of rectification: The interested party has the right, according to the provisions of the articles from 15 to 22 of the GDPR to request the owner to rectify their personal data.
Right of cancellation: The interested party has the right, according to the provisions of the articles from 15 to 22 of the GDPR to request the holder to cancel their personal data.
Right of limitation: The interested party has the right, according to the provisions of the articles from 15 to 22 of the GDPR to request the owner to limit the data concerning him.
Right of opposition: The interested party has the right, according to the provisions of the articles from 15 to 22 of the GDPR to oppose their treatment.
Right of portability: The interested party has the right, according to the provisions of the articles from 15 to 22 of the GDPR to exercise their right to data portability.
Right of revocation: The interested party has the right, according to the provisions of the articles from 15 to 22 of the GDPR to exercise their right to withdraw consent.
Right of complaint: The interested party has the right, according to the provisions of art. 77 of the GDPR to exercise their right to lodge a complaint with the supervisory authority.
AUTOMATED PROCESS
Is there an automated process?: NO
Automated Processes or Profiling Methods:-
Legal Basis:-
The Owner reserves the right to make all the changes deemed appropriate or made mandatory by current regulations to this information on the processing of personal data, at its sole discretion and at any time.chin. On these occasions, users will be duly informed of the changes that have occurred.
ACKNOWLEDGMENT
I declare that I have read the information relating to the treatment called: "Online sale of cosmetic products"
CONSENT TO THE PROCESSING OF PERSONAL DATA
I consent for the purpose of: Sending informative and/or advertising material also by telephone or internet - Consent received from the interested party during the collection of personal data through acceptance inserted in the information. In the event of non-consent, the informative and/or advertising material will not be sent.