ARCO COSMETICI S.R.L.
Via dell’Industria, 41/45 - 24126 Bergamo - Italy
Tel. +39.035.322829 - Fax +39.035.314435
Following the consultation of this website, data related to identified or identifiable people may be processed.
This document describes the management methods of the shop.arcocosmetici.com website in reference to personal data processing.
This information is provided in accordance with art. 13 of EU Regulation 2016/679 (later, “GDPR”) to those who interact with the services available through this website.
This report is provided solely for this website and not for other websites that may be consulted through links by the user.
In accordance with current legislation on the protection of personal data (EU Regulation 2016/679), we wish to inform you that your data will be processed properly and transparently, for legal purposes and protecting your privacy and your rights.
1. DATA CONTROLLER
The data processing holder is ARCO COSMETICI S.R.L. based in Via dell’Industria, 41/45 24126 Bergamo.
2. RECIPIENTS OF THE DATA TREATMENT
3. PURPOSE OF THE PROCESSING DATA AND LEGAL BASIS
The personal data provided are solely processed for purposes strictly connected and necessary for the use of the Website and the Services requested.Your personal data are being processed:
We will use your personal data
A) For the execution of a contract, the supply of a service/product and/or the fulfilment of legal obligations for the following purposes:
1. process product orders placed on the Site;
2. acquire preliminary information for the conclusion of the contract and/or the supply of the service;
3. to carry out communications relating to orders and shipments (e.g. to send order confirmation emails, to send shipment confirmation emails or to send emails requesting feedback on the service obtained);
4. to fulfil fiscal and/or accounting obligations (e.g. issue of invoices);
5. to comply with obligations required by law, regulation, Community legislation or an order of the Authority (such as anti-money laundering);
6. provide assistance and respond to requests in relation to the products purchased.
A) Only prior to Your specific and distinct consent (art.6.1 letter a) GDPR), for the following Marketing Purposes:
- Send to You via e-mail newsletter, commercial communications and/or advertising material on products or services offered by the Data Controller. You can withdraw Your consent at any time. Having established the legitimate age to express consent to the processing of data to 14 years of age, ARCO COSMETICI SRL does not deliberately acquire data of children under 14 without the parents’ prior consent.
If the user wishes to proceed with the online purchase of a product, the age limit for completing the purchase is 18 and no personal data may be submitted by minors without the previous consent of their parents. The company does not collect data from minors intentionally.
You can always ask us to stop receiving such communications by contacting us at the contact details given in paragraph 13 "RIGHTS OF THE INTERESTED PARTIES".
4. FACULTY TO PROVIDE US YOUR DATA
Your personal data are necessary for all the purposes indicated in points 1. 2. 3. 4. 5. 6. of the previous paragraph; it is therefore clear that, if you decide not to provide us your data, we will not be able to guarantee you our services or part of them.
The supply of data for the purpose referred to in point B. is optional: you may freely decide not to provide us with any data or to deny us the possibility of using the data provided, without this precluding us from guaranteeing you the service.
5. ACCESS TO DATA
Your data may be made accessible for the purposes listed in points 3.A) and 3.B):
- to employees, cooperators, internal data processors (if appointed) of the Holder;
- to professional studios, consultants, providers of installing services, IT and telecommunication systems assistance and maintenance, system administrators that carry out outsourcing activities on behalf of the Holder as external process managers;
- to public authorities and administrations;
- credit and financial institutions, insurance companies.
Some of the subjects listed above are designated as Data Processors; the full list of designations is available at the Data Controller's offices.
6. DATA COMUNICATION
With no need of a stated consent (art. 6.1 letter b) and c) GDPR), the Holder may communicate your data for the purposes listed in point 3.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those entity to whom communication is mandatory by law. These subjects will process the data in their capacity as independent data controllers.
Your data will not be spread.
7. DATA TRANSFER
Your data may be disclosed, in compliance with the current legislation, to external companies appointed by the Holder to perform various services, as for instance the assistance and maintenance of the Website and related Services.
In general, Your personal data will not be transferred or stored in a destination outside the European Economic Area.
If necessary for the management of the contractual relationship, some data might be transferred outside the European Economic Area. In this case, the recipients of Your data will be subject to obligations of protection and security equivalent to those guaranteed by the Data Controller.
In any case, only the data necessary for the pursuit of the aforementioned purposes will be communicated and the adequate guarantees applicable to transfers of data to third parties will be respected. (e.g.: Standard data protection clauses adopted by the European Commission).
Personal data are not subject to disclosure.
8. PROCESSING METHOD AND CONSERVATION PERIOD
The treatment of Your personal data is carried out by means of the operations indicated in art. 4 n.2) GDPR and specifically: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and/or automated processing. Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed in order to prevent the loss of data, illicit or incorrect use and unauthorized access. Appropriate measures are also adopted concerning the processing of personal data deriving from the activities of communication or disclosure of personal data on the institutional website, in implementation of the current regulatory provisions on transparency, advertising of the administrative action, as well as consultation of documents on the initiative of the individual subjects. For this purpose, any document containing personal data is available on the website only through the internal search engine and only for a period sufficient to the achievement of the purposes for which the documents have been made public. The accessibility of documents containing personal data exclusively by those entitled is guaranteed by their availability in areas with limited access.
9. HOW LONG WE KEEP THE DATA
We will retain your data for the period of time set out below:
- Purchase data: 10 years from the end of the relationship or the provision of the service
- Browsing data: 7 years
- Cookies: disappear when you close your browser
- Personal data provided through contact forms: 10 years
- Data provided through subscription to the newsletter: 2 years from the granting of consent but you may at any time ask us not to send you any more commercial communications
10. NATURE OF DATA BESTOWAL AND CONSEQUENCES OF REFUSING TO RESPOND
The bestowal of data for the purposes set out in point 3.A) is mandatory. In their absence, we will not be able to guarantee the Services listed in point 3.A). On the other hand, the bestowal of data for the purposes set out in point 3.B) is optional. You can therefore decide not to provide any data, or subsequently deny the possibility to process data already provided. If this is the case, You will not be able to receive any newsletter, commercial/marketing communication and advertising material related to the Services offered by the Holder. However, You will continue to be eligible to the Services set out in point 3.A).
11. TYPES OF DATA PROCESSING
a) Personal Data
Collected through the registration and/or order request form on the site (e.g. name, surname, postal address, e-mail address, tax code, payment details, etc.). Failure to bestowal may cause the impossibility to receive what has been requested.
b) Surfing data
During their ordinary operations, IT systems and software procedures used to operate this website acquire some personal data which transmission is implicit in the use of internet communication protocols.
The transmission of this navigation data, which is not directly provided by you, is connected with the use of Internet communication protocols (e.g. page access, time of request, session ID numbers, IP addresses, URL addresses, time of request, etc.). This data makes it possible to reconstruct the path of your visits to the site.
This information is not collected to be associated with identified interested parties, but by their nature could, through processing and association with data held by third parties, allow users to be identified.
This data could only be used by the authorities to ascertain responsibility in the event of hypothetical computer crimes against the site.
No user’s personal data is acquired on purpose by the website.
Cookies are not used to transmit personal information nor will c.d. persistent cookies of any kind, namely systems for users tracking.
The use of c.d. session cookies (which are not persistently memorized on the user’s computer and vanish when the browser is closed) is strictly limited to the transmission of session identifiers necessary to allow the safe and efficient surfing of the website.
C.d. cookies session used in this website avoid the turning to other IT techniques potentially injurious to user’s surfing confidentiality and do not allow the acquiring of the user identifying personal data.
d) Data deliberately provided by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site means the acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the message.
12. DATA CONTROLLER AND DATA PROCESSOR
The Data Controller is ARCO COSMETICI S.R.L. based in Via dell’Industria 41/45 - 24126 Bergamo - Italy.
The updated list of the persons in charge for the processing is kept at the legal residence of the Holder of treatment data and can be viewed on Your request.
13. RIGHTS OF THE INTERESTED PARTIES
The subjects to whom the personal data refer have, at any time, the right to obtain confirmation of the existence of the same data, to verify the accuracy, or to request its integration or updating, or cancellation (art. 15-19 UE REGULATION 2016/679).
Interested parties who believe that the processing of personal data reported to them through this website is in violation of the provisions of the Regulation have the right to submit a complaint with the Guarantor, (https://www.garanteprivacy.it/).
The Holder periodically checks the privacy and security policy and, if necessary, revises it in relation to regulatory, organizational or technological changes. In case of policy changes, the new version will be published on this page of the website.
Version updated to 16/12/2020