Privacy policy

Privacy Policy Statement on the processing of personal data of users of the website “”


Articles. 13 and 14 of Regulation 2016/679/EU (hereafter also “GDPR”)


Purpose of this notice


Beauty & Business S.p.A., (hereinafter also referred to as “B&B” or “Data Controller”) is committed to respecting and protecting your privacy and wishes you feel secure both when simply browsing the website and in the event that you decide to register with us providing your personal data in order to use our services available to Users and/or Customers. On this page, B&B intends to provide certain information on the processing of personal data for users who visit or consult the website accessible online at (the “Website”). The information concerns the website in question only and doed not concern any other websites that may be consulted by the user via links (for which reference is made to the respective privacy statements/policies). The reproduction or use of pages, materials and information found on the Website, by any means and on any medium, is not permitted without the prior written consent of B&B. Copies and/or printouts are permitted for personal and non-commercial use only (for requests and clarifications, please contact B&B at the addresses indicated below). Other uses of the content, services and information found on this website are not permitted.


With regard to the content offered and the information provided, B&B will ensure that the contents of the Website are kept reasonably up-to-date and revised, without offering any guarantee as to the adequacy, accuracy or completeness of the information provided, explicitly disclaiming liability for any errors in the information provided on the Website.


Origin – Browsing data


The Data Controller informs you that the personal data you provide and that gathered at the time of requesting information and/or contact details, registration on the website and use of the services via smartphone or any other instrument used to access the Internet, as well as data necessary for the provision of these services, including browsing data and the data used for the possible purchase of the products and services offered, but also even the so-called User “browsing” data, will be processed in compliance with the applicable legislation. The computer systems and software procedures used for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of the Internet. This is information that is not collected to be associated with identified data subjects, but is information that, by its very nature could, through processing and association with data held by third parties, allow browsing users to be identified. This category of data includes the “IP addresses” or domain names of the computers used by the users who connect to the website, the URI addresses (Uniform Resource Identifier) ​​of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (success, error, etc.) and other parameters related to the operating system and the computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check the correct functioning of the Website. It should be noted that the aforementioned data could be used to establish liability in the case of computer crimes to the detriment of the Website or other websites connected or linked to it: with the exception for this eventuality, web contact data shall not be held for more than few days.


Origin – Data provided by the user


The Data Controller collects, stores and processes your personal data for the purpose of providing the products and services offered on the Website, or for the fulfilment of legal obligations. With regard to certain specific Services and Products, the Data Controller may process your data for commercial purposes. In such cases, specific, separate, optional consent will be required, which is always revocable using the methods and the contact details indicated below.


The optional, explicit and voluntary sending of emails to the addresses indicated in the dedicated area of the Website, as well as the compilation of questionnaires, communication via chat, push notification via app, social networks, call centres, where present, etc., involves the subsequent acquisition of some of your personal data, including that collected through the use of the app and related services, necessary to respond to requests. We also point out that, when using a mobile connection to access digital content and services offered directly by the Data Controller or by our Partners, it may be necessary to transfer your personal data to such third parties. We point out that you may access the Website or connect to areas where you may be able to publish information using blogs or walls, communicate with others, for example from the Data Controller’s page on Facebook®, Instagram®, LinkedIn®, Youtube®, Twitter® and other social networking sites, review products and offers and post comments or content. Before interacting with these areas, please read the General Conditions of Use, carefully taking into consideration the fact that, under certain circumstances, the information you publish can be viewed by anyone with access to the Internet and all the information you include in your publications may be read, collected and used by third parties.


Purposes of processing and legal basis


The data is processed for the following purposes:

  1. strictly connected to and necessary for registration on the Website, access to services and/or apps developed or made available by the Data Controller, the use of the related information services, the management of requests for contact details or information, the purchase of products and services where offered through the Website;
  2. for activities required for or related to the management of User/Customer requests and sending the feedback that may include the transmission of promotional material;
  3. the fulfilment of obligations under EU and national regulations, the protection of public order, the detection and repression of crimes;
  4. direct marketing, namely sending advertising material, direct sales, performing market research or commercial communication of products and/or services offered by the Data Controller; this activity may also concern the products and services of Alfa Parf Group companies, to which the Data Controller belongs, and may involve sending advertising/information/promotional material and/or invitations to participate in initiatives, events and offers intended to reward users/customers, undertaken using “traditional” methods (e.g. standard post and/or calls from an operator), or via “automated” contact systems (e.g. SMS and/or MMS, telephone calls without an operator, email, fax, interactive applications), pursuant to art. 130, para. 1 and 2 of Leg. Decree 196/03 and subsequent additions and amendments;


The provision of data for the purposes referred to in parts 1), 2) and 3), connected to a pre-contractual and/or contractual stage or required to respond to a user request or required by a specific regulatory provision, is mandatory and failure to provide such data will make it impossible to receive the information and access any services requested; with regard to part 4) of this Privacy Statement, the consent to the processing of data by the user/customer is instead free and optional and always revocable without affecting the usability of the products and services unless it is impossible for the Data Controller to keep updated on new initiatives or particular promotions or benefits available to users/customers. In this regard, we remind you that if you are under the age of 16, you will need the consent or authorisation of those who exercise parental responsibility for you (mother, father, …).


The Data Controller may send commercial information on products and/or services similar to those already provided, in accordance with Directive 2002/58/EU, using the email or postal addresses indicated by you on such previous occasions, to which you can object using the methods and contact details below.


Methods, processing logic, storage times and security measures


The processing is also performed with the aid of electronic or automated means and is performed by the Data Controller and/or by third parties of which the Data Controller may use to store, manage and transmit the data. Data processing shall be performed with the logic of organization and elaboration of your personal data, including in relation to the logs from the access and use of services made available via the web, the products and services used in relation to the purposes indicated above and, in any case, so to guarantee the security and confidentiality of data. The personal data processed will be retained for the time required by the legislation applicable at the time.


With reference to personal data protection, the user/customer is invited, pursuant to art. 33 of the GDPR, to report to the Data Controller any circumstances or events which may lead to a potential “data breach”, in order to allow immediate assessment and the adoption of any actions necessary to counteract such an event, by contacting The measures adopted by the Data Controller do not exempt the Customer from ensuring the use, where required, of adequately complex passwords/PINs, which must be updated periodically, especially in case that he/she suspects they have been breached by/made known to third parties, and guarded carefully and made inaccessible to third parties, in order to avoid improper and unauthorized use.




A cookie is a short string of text that is sent to your browser and possibly saved on your computer (or on your smartphone/tablet or any other device used to access the Internet); this generally occurs every time you visit a website. The Data Controller uses cookies for various purposes, in order to offer you a fast and secure digital experience: for example, allowing you to keep your connection to the restricted area active while browsing through the pages of the website.


Cookies stored on your computer can not be used to retrieve any data from your hard disk, transmit computer viruses or identify and use your email address. Each cookie is unique to the browser and device you use to access the Website. In general, the purpose of cookies is to improve the functioning of the website and the user experience, even if cookies can be used to send advertising messages (as specified below). For more information on what cookies are and how they work, you can consult the “All about cookies” website at


For detailed information on Cookies, read the information below.


Areas of communication and data transfer.


For the pursuit of the aforementioned purposes, the Data Controller may communicate the personal data of the users/clients and have it processed to/by third parties, with whom we have relationships, where these third parties provide services at our request. We will only provide these third parties with the information necessary to perform the services required, taking all measures to protect your personal data. The data may be transferred outside the European Economic Area if this proves necessary for the management of your contractual relationship. In this case, the recipients of the data will be subject to security and security obligations equivalent to those guaranteed by the Data Controller. In the case of use of services offered directly by our Partners, we will only provide the data strictly necessary for their execution. In any case, we will only disclose the data necessary for the achievement of the intended purposes and, where required, the guarantees applicable to data transfers to third countries. We may also disclose personal data to our suppliers of commercial services, for marketing reasons, for this purpose appointed external data processors. In addition, personal data may be disclosed to the competent public bodies and authorities for the purposes of compliance with regulatory requirements or for establishing liability in the case of computer crimes to the detriment of the website, as well as disclosed to, or allocated to, third parties (as data processors or, in the case of providers of electronic communication services, as independent data controllers), who provide IT and telematic services (e.g. Website hosting, management and development) and whom the Data Controller uses for technical and organizational support instrumental to the functioning of the website. The parties belonging to the aforementioned categories operate as separate Data Controllers or as Data Processors appointed for this purpose by the Data Controller.


Personal data may also be disclosed to employees/consultants of the Data Controller, who are specifically trained and appointed as Officers in Charge of Data Processing.


The categories of recipients to whom the data may be disclosed is available by contacting the Data Controller at the addresses indicated below.


Rights of the data subjects


You can exercise at any time the rights that are recognized by law:

  1. the right of access to your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they may be disclosed, the applicable retention period, the existence of automated decision-making processes;
  2. the right to the rectification, without delay, of inaccurate personal data concerning you;
  3. the right to the erasure of your personal data;
  4. The right to the restriction of the processing or to object to the processing of your personal data, in the cases provided for by law;
  5. in the case of automated decision-making processes, including profiling, the right to object, where the conditions established by law apply;
  6. the right to the portability of the data you provided to the Data Controller, i.e. the right to receive the data in a structured, commonly used and machine-readable format, as well as to transmit such data to another controller without hindrance from the Data Controller, in cases provided for by law;
  7. the right to lodge a complaint with a Supervisory Authority.


To exercise these rights, contact the Data Controller: via email, at;


For the processing referred to in part 4) of the purposes of data processing, the Customer can always revoke his/her consent and exercise the right to object to direct marketing (in “traditional” and “automated” form). The objection, in the absence of a indication to the contrary, will be understood to refer to both traditional and automated communication.


Data Controller and Data Protection Officer


The Data Controller is B&B S.p.A., with registered address in via Cesare Cantù, 1, 20123, Milan.


The above rights can be exercised at the request of the data subject sent via email to;


The use of the Website, including on tablets and/or smartphones, by the Customer and/or the User implies full knowledge and acceptance of the content and any indications included in this version of privacy policy statement published by the Data Controller at the moment the website is accessed. B&B informs you that this privacy policy statement may be changed without prior notice and therefore recommends that it be re-read periodically.


This privacy policy statement was updated on 24 May 2018.






Dear user, we hereby inform you that your personal data will be processed fairly, lawfully, transparently and in compliance with current regulations. To this end, please find here below information relating to data processed via a third-party provider platform (“Platform”; this is the link where you can find the privacy policy of the Platform’s provider The Platform collects, on behalf of the Data Controller, personal data in public social media content featuring a Data Controller Tag or a # (like Instagram).


Data Controller contact details


The “Data Controller” is Beauty & Business S.p.A., with registered office in via Cesare Cantù 1, Milan.


Type of data processed


All data is provided by users voluntarily.


Social Media User shall mean a user who spontaneously publishes their own content on social media with a Data Controller Tag or a # (“Social Media Content”).


In this case, the following public Social Media Content data is collected via the Platform: name, username used on social media, publicly posted photographs (if the photographs contain personal data), Social Media Content captions (if the captions contain personal data), physical address (if available), email address (if available), IP address and geolocation (if available).




Personal data is collected for the purposes of publishing/posting Social Media Content on the Data Controller’s social media channels, only insofar as the graphic part and if necessary the name/username used on social media are concerned.


Personal data is collected for the purposes of publishing/posting Content via paper-based marketing material (such as leaflets)), only insofar as the graphic part and if necessary – at the Data Controller’s discretion – the name/username used on social media are concerned.


Legal basis for processing data


Data processing consent.


Retention period


Personal data shall be held for the time strictly required to pursue the purposes for which it was collected, without prejudice to other timeframes required by law or needed to uphold rights during judicial proceedings.


Transmission and disclosure of personal data


The data processed may be transmitted to the following categories of individuals:

  • Data Controller employees authorised to process data
  • Consultants / social media platform managers / Alfaparf Group companies / companies or self-employed professionals working with the Data Controller in various capacities, by way of example: individuals part of Alfaparf Group’s distribution network (such as distributors, salons, agents, retailers, sales representatives using online channels like marketplaces, online shops)
  • Competent public authorities


The individuals belonging to the specified third-party categories act as the Data Processors or operate entirely autonomously as separate Data Controllers.


How data is processed, security measures and retention time


All data shall be processed mainly in an electronic format. Personal data, as well as any other information that can be associated, directly or indirectly, with a specific individual is collected and processed by applying technical and organisational security measures that ensure an adequate level of security to the risk, while taking into account the state of the art and implementation costs, or, where envisaged, security measures required by specific legislation, for example but not limited to: measures envisaged by applicable provisions issued by the Personal Data Protection Authority and shall only be accessible to specifically authorised personnel.


The personal data processed will be held in a form allowing for your identification, as a Data Subject, for the time strictly necessary to fulfil the purposes for which it was collected and subsequently processed, without prejudice to the need to retain it for longer at the request of the competent authorities for the prevention and prosecution of offences or in any case to enforce or uphold rights during judicial proceedings.


Rights of data subjects


You may assert your legal rights at any time:

  1. the right to access your personal data, obtain evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom it may be transmitted, the applicable retention period, the existence of automated decision-making processes;
  2. the right to have inaccurate personal data rectified without delay;
  3. the right to have your personal data erased, where applicable;
  4. the right to obtain the limitation of the processing or to object to it, where envisaged by the law;
  5. the right to withdraw your consent at any time, if given for marketing and profiling purposes;
  6. in the case of automated decision-making processes, including profiling, to object if the conditions provided for by law apply;
  7. the right to request portability of the data you have provided to the Data Controller, i.e. to receive the data in a structured, commonly used format that can be read by an automatic device, and to transmit said data to another data controller, without any impediment from the Data Controller, in the cases provided for by law;
  8. the right to raise a complaint with the Personal Data Protection Authority.


To assert these rights, please contact the Data Controller via email at




Beauty & Business SpA (“Company”) may collect photographic user content (“Content”) through a third-party service (“Platform”).


By accepting these terms and conditions (“Terms”), and those of the Platform available at, you grant Beauty & Business SpA, and the Alfaparf Group in general, the right to use your photographic Content, which consists in an image you have posted on social media. The right is granted free of charge, without limitation in terms of time and space.

  • The use consists, at the sole discretion of the Company: a) in the publication by the Company of the Content on its social media channels (YELLOWPRO; YELLOW.PROFESSIONAL), as well as social media channels managed by the branches of the Alfaparf Group; b) in the creation of paper-based/digital material for marketing purposes (e.g. leaflets/brochures; the material created may also be used by the distribution network of the Alfaparf Group (for instance by agents, distributors, retailers, e-tailers). You understand that publication is always at the Company’s discretion. Your request for publication does not therefore impose any obligation on the Company or establish any legal relationship with it;
  • you declare that you are the owner of the Content and that you are, in any case, entitled to grant the Company the right to use the Content. Otherwise you shall be solely responsible before the third-party owner of the right incorporated in the Content, and declare that you shall indemnify the Company against any third-party claims;
  • you understand that the Company, at its sole discretion, may not mention your social media name/username (or your name or the name of the photographer if on the photograph) when reproducing your content.
  • you understand that the Company may remove the Content from social media channels at its discretion, without anything being owed to you;


These terms and conditions are governed by Italian law.


Beauty & Business SpA

Choose two colors to compare