Ecommerce disclosure

PRIVACY POLICY IN ACCORDANCE WITH ARTICLE 13 OF EU REGULATION 2016/679

per e-commerce Customers, in relation to the purchase and delivery of products Euthalia as well as customer care services, To the conduct of marketing, profiling and market research activities

 

For us, data protection is a very serious subject so we would like to inform you about thee mode with thee whatidata are processed andd to the rights you may exercise under thea current normativa On data protection, in particular of the EU Regulation 2016/679 (hereinafter also: “GDPR”).

This disclosure covers the activities related to the purchase of products Marketed through the e-commerce channel “Pamper yourself”, accessible from the website https://coccolatevi.it/ (hereinafter referred to as: “the Site”), as well as acustomer care services and atthe Activities of a promotional and advertising nature (sending marketing communications, profiling and market research). For processing activities not made explicit in this policy, please refer to the appropriate policy general for users of the Website.

Data processing is carried out:

jointly by Euthalia Ltd. and AFA S.r.l.s in their capacity as Co-Processors under Art. 26 GDPR, for the purposes indicated in points 3.2 e 3.4;
individually by AFA S.r.l.s. as an autonomous data controller, for the purposes stated in 3.1 and 3.3;
individually by Euthalia S.r.l. as Autonomous Data Controller, for the purposes indicated in Section 3.5.

 

1. Co-owners treatment*

Co-owner 1

Euthalia Ltd.

Registered Office:

Ignazio Ciampi Street No. 18,
00162 - Rome (RM)
E-mail contact: privacy@euthalia.it

 

 

 

Co-owner 2

AFA Ltd.s.

Registered Office:

Matteotti Street, No. 6,

25010 - Montirone (BS)

E-mail contact: coccolatevi@afaitalia.it

 

 

 

* The essential contents of the co-ownership agreement are available to interested parties upon explicit request.

 

2. The categories of data that vare subjected to treatment

The categories of “personal data” (ex Art. 4.1 of the GDPR) processed by the co-owners may be, merely by way of example but certainly not exhaustively:

­ Biographical and identifying data (information needed to complete the purchase, including the name e the surname, the date and place of birth, etc.);
­ Contact information (information needed to complete the purchase, including the’address for billing and for shipping, e-mail address, phone number);
­ Browsing data (such as, but not limited to, IP address, etc.);
­ Related data to payment methods;
­ Data related to services provided and products supplied (such as, but not limited to, Information related to customer care services, information about products purchased through our sales channels and purchasing preferences, which can also be detected by responses to our satisfaction questionnaires).

 

3. Lawfulness and finality treatment

Personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR) and any other applicable data protection legislation. Details are provided below:

 

3.1 Purposes aimed at To the fulfillment of a legal obligation (ex Art. 6(1)(c) of the GDPR) pursued individually by AFA Ltd.s. as autonomouso Titolare treatment
a. Fulfilment of obligations required by Laws, Regulations and Community Legislation, or by provisions issued by Authorities or Supervisory and Control Bodies in relation to or in any case connected with the existing and/or future contract (such as, but not limited to, tax compliance, accounting and financial processes).

 

The period of preservation Of personal data, relative to the purposes set forth in this section is:

For the purpose: a, 10 years from the end of the contractual relationshipcommercial, i.e. from carrying out eachpurchase.

 

These times may lengthen in the event of litigation, findings by public or judicial authorities, as well as any special legal provisions.

 

3.2 Purposes aimed at the performance of a contract or pre-contractual measures (ex Art. 6(1)(b) GDPR)pursue jointly by Euthalia Ltd. and AFA Ltd.s. as Co-owners treatment
a. Adfulfillment of obligations Contracts related to contracts for the purchase of products and services offered on the Site (by way of example, execution and management of purchase orders dethe products and of services featured in the catalog of e-commerce, shipping of orders for one or more products);
b. Handling of inquiries by customer service, which uses the personal data provided to fulfill inquiries and service requests (if the requester is not a customer or user, with respect to our products and services, the basis for processing is not the execution of the contract, but consent under of the’Article 6 paragraph 1 (a) of the GDPR);
c. Tutelisation of contractual rights or otherwise arising from relations between the Parts. It should be noted that if the protection of rights is not directly related to the fulfillment of the contract entered into, the related processing has as the legal basis the legitimate interest, (ex Art. 6 paragraph 1 (f) of the GDPR), of a mandatory nature and arising from the contractual relationship established between the Parts.

 

The period of preservation Of personal data, relative to the purposes set forth in this section is:

For the purposes: a, c, 10 years after the end of the rapcontractual - commercial port, viz. from making each purchase.

For the finality: b, until the request is fulfilled, unless the feedback provided and the information exchanged, is necessary to demonstrate the fulfillment of contractual obligations or arising from the legal relationships established (in which case the retention period will be equal to that indicated above for letters a, c).

These time frames may lengthen in the event of litigation.

 

3.3 Purposes aimed at the performance of a contract or pre-contractual measures (ex Art. 6(1)(b) GDPR)pursue individually by AFA Ltd.s. as autonomouso Titolare treatment
a. Management of administrative, accounting, tax and financial processes related to product delivery or serviceprovided through e-commerce (by way of example, issuance of tax documents, etc.).

 

For thea purpose: a, 10 years from the end of the contractual relationship - commercial, i.e. from carrying out each Purchase.

 

3.4 Purpose for the pursuit of a legitimate interest (ex Art. 6 paragraph 1 (f) of the GDPR) jointly by Euthalia Ltd. and AFA Ltd.s. in their capacity as Joint Data Controllers
a. E-commerce anti-fraud verification and control activities, In connection with customer orders and online payments made by customers;
b. Protection of rights arising from the relations between the Parts of a non-contractual nature or otherwise not directly related to the performance of the contract entered into;
c. Conducting statistical surveys in aggregate, in the form of analysis reports, in relation to revenue centers;
d. Conducting advertising or promotional activities, in the broadest sense of the term (e.g., sending newsletters and informational material, requesting brochures, organizing events, etc.) via e-mail, for the purpose of selling products or services similar to the purchases made by the data subject.

 

The period of preservation Of personal data, relative to the purposes set forth in this section is:

For thee purpose: a, 10 years from the end of the contractual - business relationship, i.e. from the making of each purchase.

For the purpose: b, 5 years from the occurrence of the event subject to legal protection.

For the purpose: c, data are aggregated at the time of collection.

For the purpose: d, for the duration of the contractual - commercial relationship established and, in any case, up to 24 months from the last purchase made, unless the person concerned objects. In this regard, it is specified that any denial or withdrawal of consent for other marketing purposes, other than the aforementioned purpose a, does not amount to opposition to the same and will not result in the termination of this purpose and related activities.

 

These time frames may lengthen in the event of litigation or legal provision.

 

3.5 Purpose covered by the consent of the person concerned (formerly art. 6, paragraph 1 (a) of the GDPR) pursue individually by Euthalia Ltd. as autonomouso Titolare treatment

The purposes Requiring consent are:

a) Carrying out advertising or promotional activities, in the broadest sense of the term (e.g., sending newsletters and informational materialso about promotions, discounts, contests, sweepstakes and other commercial initiatives conducted by Euthalia, as well as requesting brochures, organizing events, etc.) and other marketing activities, through automated modes of contact (e.g: e-mails, text messages, and various messaging systems, including instant and Internet, including to mobile phones);
b) Profiling activities to analyze or predict aspects regarding the personal preferences, the interests, behaviors and business habits user's. Information collected, for example, through your purchases and the pages you visit, is used to understand your consumption habits and to be able to send you advertising or promotional communications tailored to your interests. It should be noted that profiling is carried out with the help of automated decision-making processes, which, however, do not produce legal effects concerning the person concerned nor do they similarly significantly affect the his person, as detailed by Article 22 of the GDPR, as carried out with exclusive reference to advertising or promotional activities (marketing);
c) Conducting market research and survey activities (e.g., conducting market studies and statistical analysis regarding customer satisfaction), through automated contact methods (e.g: e-emails, text messages, and various messaging systems, including instant and internet, including to mobile phones).

 

The period of preservation Of personal data, relative to the purposes set forth in this section is:

For the purpose: a, 24 months, from release Of consent, unless revoked.

For the finality: b, c: 12 months, from issuance of consent, unless revoked.

 

4. Recipients or categories of recipients of personal data (formerly Art. 13 para. 1 (e) of the GDPR) *

Within the framework of the above purposes, the Co-owners treatment mayyear convey the syour data a:

Offices and internal functions of each Contitolare;
Accounting management consultants and accountants;
Companies and professionals providing IT services, including electronic data processing, software and cloud management, website management, and IT consulting;
Professionals licensed for the purpose of the study and resolution of any legal and contractual problems, including lawyers and tax lawyers;
Advertising and communication companies and agencies;
Postal couriers and companies that carry out enveloping and shipping of products;
Internal Revenue Service and other public administrations and public authorities;
Companies that provide payment and online transaction management services in e-commerce.

 

* The complete and updated list of the Addressees (ex art. 4.9 of the GDPR) è disponibile at the co-owners Of the processing of personal data at the above contact details.

 

5. Recipients or categories of recipients of personal data (ex Article 13 paragraph 1 (f) of the GDPR) * and transfer of data to countries outside the EU

The co-owners inform you. which under thethe purposes stated above, will be able to transfer the his data in countries outside the EU and the EEA, including through third parties engaged by it, acting as Data Processors, as well as through the latter's Sub-providers. In such cases, the transfer will take place in accordance with the provisions of Articles 44 et seq. of the GDPR and applicable legal provisions by entering into agreements, if necessary, that guarantee an adequate level of protection Or providing other guarantees of adequacy among those expressly provided for in the above articles. Therefore, as often as the his personal data were to be transferred outside the EEA and, in particular, to states that do not benefit from an adequacy decision of the European Commission **, the Controller will adopt one of the conditions of legitimacy for this purpose provided for in the applicable Regulations.

In particular, For the purposes 3.2, (a) and 3.4(a), his data will come relocated in the United States of America to society Stripe Payments Europe Ltd and to the company parent company Stripe Inc, adhering to the Data Privacy Framework, as well as to additional countries not included in the EU and EEA at which these companies and their subcontractors operate.

For more details, the interested party can apply to. to the co-owners via the contacts listed in Section 1 of this policy.

 

* The complete and updated list of Recipients (ex art. 4.9 of the GDPR) is available from the Data Controllers at the contact details above.

** The updated list of suitable non-EEA countries deemed adequate by the European Commission can be obtained on the website: Adequacy decisions (europa.eu)

 

6. Rights of the Data Subject (ex. art. 13 paragraph 2 (b) of the GDPR)

The person concerned may assert the following rights:

right to data subject access [Art. 15 of the EU Regulation]. (the opportunity to be informed about the processing done on one's Personal Data and, if necessary, to receive a copy of it);
Right to rectification of one's Personal Data [Art. 16 of the EU Regulation] (the data subject has the right to rectification of inaccurate personal data concerning him or her);
right to erasure of one's Personal Data without undue delay (“right to be forgotten”) [Art. 17 of the EU Regulation] (the data subject has, as well as will have, the right to erasure of their data);
Right to restrict the processing of one's Personal Data in the cases provided for in Article 18 of the EU Regulation, including in the case of unlawful processing or contestation of the accuracy of Personal Data by the data subject [Article 18 of the EU Regulation];
right to data portability [Art. 20 of the EU Regulation], the data subject may request in a structured format his or her Personal Data in order to transmit it to another data controller, in the cases provided for in the same article;
Right to object to the processing of one's Personal Data [Art. 21 of the EU Regulation] (the data subject has, as well as will have, the right to object to the processing of one's Personal Data);
Right not to be subjected to automated decision making, [Art. 22 of the EU Regulation] (the data subject has, as will have, the right not to be subjected to a decision based solely on automated processing).

 

Further information about the data subject's rights can be obtained by requesting to one of the co-owners Full excerpt of the above articles. 

I The aforementioned rights may be exercised in accordance with the Regulations by sending, also, an e-mail to the Owners, also individually, to the following addresses:

 

Euthalia Ltd: privacy@euthalia.it;
AFA S.r.l.s.:  coccolatevi@afaitalia.it.

In accordance with Article 19 of the EU Regulation, the co-owners proceedsono ad Inform recipients to whom personal data have been disclosed, any rectification, deletion or restriction of processing required where possible.

To enable faster response to your requests made in the exercise of the above rights, they may be addressed to to the Joint Owners, including individually, addressing them to the contact details given in 1.

 

7. Right to file a complaint (former Article 13 paragraph 2 (d) of the GDPR)

If a data subject believes that his or her rights have been compromised, he or she has the right to lodge a complaint with the Data Protection Authority in the manner specified by the Authority at the following address Internet http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 or by sending communication inscription all Data Protection Authority.

 

8. Possible consequence of non-disclosure and nature of data provision (former Article 13 paragraph 2 (e) of the GDPR)
8.1 In the case of fulfilling legal or contractual obligations

It is informed which where the processing purposes have as their legal basis a legal or contractual (or even pre-contractual) obligation, the data subject must necessarily provide the requested data.

Otherwise there will be an inability on the part of the of the co-owners To proceed with the pursuit of the specific processing purposes.

 

8.2 In case of pursuit of legitimate interest

Similarly, with respect to purposes based on a legitimate interest and not requiring consent, the data subject's objection results or will result in the impossibility of proceeding with the realization of the respective purposes and any related services to which the data subject has objected, respectively, without prejudice to overriding compelling legitimate reasons of the Data Controller or aimed at the protection of rights in court.

 

8.3In case of consent of the person concerned

For other purposes, for which consent is required, the Data Subject may revoke his or her consent at any time and the effects will run from the time of revocation, subject to the time limits provided by law. In general terms, revocation of consent has effect only for the future. Therefore, processing that was carried out prior to the revocation of consent will not be affected and will retain its legitimacy.

Failure or partial consent may not guarantee full delivery of the services, with reference to to individual Purposes for which consent is withheld.

 

When data are no longer needed, Taking into account the conservation periods above, these are regularly deleted. Qhen their deletion is impossible or possible only with disproportionate effort due to a particular storage mode the data may not be processed and must be stored in inaccessible areas.

 

9. Existence of decision-making processes automatizzati irrelevanti Pursuant to Article 22 of the GDPR

The use of purely automated decision-making processes as detailed in Article 22 of the GDPR. If in the future it is decided to establish such processes for individual cases, the data subject will be notified separately if this is required by law or updated in this policy.

It should be noted that, in relation to the purpose 3.4, letter a), partially automated decision-making processes are adopted that do not fall within the scope of Article 22 GDPR: anti-fraud controls related to e-commerce involve the use of systems that report any suspicious activities of users when they make purchase orders. These alerts have a support function and do not involve automatic blocking of users, but are instrumental to assessments and decisions made independently by the Data Controllers.

It should be noted also That in relation to purpose 3.5 lett. b), subject to the consent of the person concerned, are adopted automated decision-making processes that fall outside the scope of Article 22 of the GDPR, as effettuati With exclusive reference to advertising or promotional (marketing) activities.

10. Method of treatment

Personal data will be processed in paper, computerized and telematic form and entered in the relevant databases that can be accessed, and thus come to the knowledge of, the expressly designated employees from individual co-owners as Data Processors and Authorized Persons in charge of the processing of personal data, who may carry out consultation, use, processing, comparison and any other appropriate operation, including automated operations, in compliance with the provisions of the law necessary to ensure, among other things, the confidentiality and security of the data as well as the accuracy, updating and relevance of the data to the stated purposes.

Spoilers:
Everything smells good in here!

Join the Pamper yourself Family e receive immediately -10% on the first purchase. You We will write only good things, I promise. More perfume, more offerings, plus cuddle exclusive just for you.

code: PROFUMODICOCCOLE


Welcome to the Pamper yourself Family! Use this code during checkout for one 10% discount on your first purchase and access exclusive content in the area Pamper yourself more.
(We will also send you a emails, so you always have everything with you).