PRIVACY POLICY RELATING TO YELLOW PROFESSIONAL WEBSITE

Dear user, we hereby inform you that your personal data will be processed in compliance with current legislation and will be based on principles of integrity, lawfulness and transparency. To this end, we have provided the following information regarding the processing carried out through the Site.

 

1. Details of the Data Controller

1.1 The “Data Controller” is Beauty & Business S.p.A., with registered office in Milan, at Via Cesare Cantù, 1.

 

2. Type of data processed

2.1 Identifying data (forename and surname) and contact details (e-mail address, telephone number, postal address, name of exhibition (if it contains personal data), profession.

2.2 Browsing data.

 

3. Origin of the data

3.1 All identifying data are provided voluntarily by the Data Subject.

3.2 The Data Subject may provide the data:

a. while browsing the Site, accessible through their browser;

b. when using social platforms (e.g. Meta). The platform constitutes only a means for the collection of data by the Data Controller for the purposes referred to in Article 4 below. Therefore, when the Data Subject provides the data to the platform, the latter will be processed by the Data Controller in accordance with this policy.

 

4. Purpose and legal basis

4.1 Identifying data are processed to respond to requests from the Data Subject, who may also be contacted through agents of the Data Controller to obtain, for example, information regarding the supply of products or services.

• Legal basis of the processing for the purposes referred to in this Article 4.1: the fulfilment of contractual obligations and/or the execution of pre-contractual measures adopted at the request of the Data Subject.

4.2 The identifying data shall be processed, subject to the consent of the Data Subject, for marketing activities (the sending of newsletters, promotions, discounts or commercial information). The Data Subject may revoke the consent given at any time and object to marketing activities by contacting the Data Controller at the addresses indicated in this policy.

• Legal basis of the processing for the purposes referred to in this article 4.2: consent of the Data Subject, expressed by filling in the appropriate consent box.

4.3 The identifying data shall be processed, subject to the consent of the Data Subject, for profiling activities, e.g. to create homogeneous groups of users, personalise commercial communications or carry out targeted advertising campaigns, including through lookalike audience tools on digital platforms. The Data Subject may revoke the consent given at any time and object to such profiling by contacting the Data Controller at the addresses indicated in this policy.

• Legal basis of the processing for the purposes referred to in this Article 4.3: consent of the Data Subject, expressed by filling in the appropriate consent box.

4.4 The identifying data shall be processed, subject to the consent of the Data Subject, for communication to third parties (i.e. the subjects forming part of the distribution network of the Data Controller, including but not limited to Agents, distributors and retailers), so that the latter may carry out marketing activities with respect to the Data Subject. By way of example, third parties may send promotional communications to the Data Subject. The Data Subject may revoke the consent given at any time by contacting the Data Controller at the addresses indicated in this policy.

• Legal basis of the processing for the purposes referred to in this Article 4.4: consent of the Data Subject, expressed by filling in the appropriate consent box.

4.5 The browsing data are processed for browsing the Site. The servers and IT systems used to operate the Site acquire, during their normal operation, certain personal data, transmission of which is implicit in the use of Internet communication protocols.
These data, although not collected to be associated with identified Data Subjects, could, by their very nature, through processing and association with data held by third parties, allow users to be identified.
This category of personal data includes the IP of the devices used by the users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to upload the request to the server, the size of the file obtained in response, the numerical code indicating the state of the response provided by the server (success, error, etc.) and other parameters related to the user's operating system and IT environment. Please refer to the cookie policy.

• Legal basis of the processing for the purposes referred to in this Article 4.5: legitimate interest of the Data Controller.

4.6 The personal data shall be processed for the exercising and/or defence of rights in court and debt collection.

• Legal basis of the processing for the purposes referred to in this Article 4.6: legitimate interest of the Data Controller.

4.7 Your contact details shall be processed to request the renewal of your consent once the time frames referred to in Articles 4.2, 4.3 and 4.4 above have elapsed.

• Legal basis of the processing for the purposes referred to in this Article 4.7: legitimate interest of the Data Controller.

 

5. Retention period

5.1 The personal data collected for the purposes referred to in Article 4.1 above shall be kept for the time necessary to provide the requested feedback and for any subsequent activity necessary to fully manage the request.

5.2 The personal data collected for the purposes referred to in Articles 4.2, 4.3 and 4.4 above shall be kept for a period not exceeding 24 months, starting from the granting of consent, unless the Data Subject revokes their previously granted consent. It should be understood that withdrawal of consent shall not affect the lawfulness of any processing operations based on such consent before the withdrawal thereof.

5.3 The data collected for the purposes referred to in Article 4.5 above shall be kept for the entire session and until the browser is closed.

5.4 The data collected for the purposes referred to in Article 4.6 above shall be kept for the time strictly necessary for the management of any dispute and, in any case, until the settlement of the proceedings (including out-of-court) and for any subsequent period necessary to protect the rights of the Data Controller in compliance with the applicable limitation periods.

5.5 The data collected for the purposes referred to in Article 4.7 above shall be stored for the time necessary for such transmission and for the management of the outcome.

 

6. Communication of data and storage methods

6.1 The Controller may communicate the personal data to the following parties, as data processors or data controllers:

• personnel of the Controller who have been expressly authorised to process data (persons in charge of processing);
• professionals/external companies/social platforms/Alfa Parf Group companies, in their roles as autonomous data controllers;
• Distribution network of the Data Controller, under the conditions set forth in Article 4.4 above.
• competent public authorities.

6.2 the data of the Data Subject may be transferred to parties, as data controllers or data processors, based in countries located inside and outside the European Union. The transfer of personal data to countries located outside the European Union will be carried out in compliance with the measures established by the applicable legislation, ensuring an adequate level of protection to the Data Subjects (Articles 45 and/or 46 letter(c) and/or 49(a) or (b)).

6.3 Your data shall be collected and recorded lawfully and fairly, to pursue the purposes indicated above and in respect of the fundamental principles established by the applicable legislation. Your personal data may be processed using both manual tools and IT and electronic instruments, but always subject to suitable technical and organisational measures to guarantee their security and confidentiality, above all in order to reduce the risks of destruction or loss, even accidental, of the data, unauthorised access, or processing that is not permitted or does not comply with the purposes of the collection.

 

7. Nature of the conferral

7.1 Processing for contractual/pre-contractual purposes.

The conferral of the data referred to in Articles 2.1 and 2.2 above, for the purposes referred to in Article 4.1 above, is necessary to offer the Data Subject the requested services. Failure to confer the aforementioned data may make it impossible for the Data Controller to provide the service requested by the Data Subject.

7.2 Processing for marketing, profiling and communication to third parties.

Marketing, profiling and communication to third parties, as identified above (so that the latter may carry out marketing activities with respect to the Data Subject) shall be conducted exclusively with the consent of the Data Subject. If no consent is given, the Data Controller shall be forbidden from using the data for marketing, profiling and transfer to third parties for their marketing activities.

 

8. Rights of the Data Subject

8.1 The Data Subject may, at any time, exercise the rights granted by law:

a. to access the personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients to which the data may be communicated, the applicable storage period, the existence of automated decision-making processes;

b. to obtain, without delay, the rectification of inaccurate personal data relating to the Data Subject;

c. to obtain, in the relevant cases, the erasure of the data of the Data Subject;

d. to obtain the restriction of processing or object to processing, in the cases envisaged by law;

e. in the case of automated decision-making processes, including profiling, to object if the conditions envisaged by law are in place;

f. to request the portability of the data that the Data Subject has provided to the Controller, i.e. to receive the data in a structured, commonly-used and machine-readable format, including to send the data to another controller, without impediment from the Controller itself, in the cases envisaged by law;

g. to obtain the revocation of consent, without prejudice to the lawfulness of the processing operations carried out until such revocation.

h. to lodge a complaint with the Italian Data Protection Authority.

To exercise these rights, please contact the Controller by e-mail at privacy@alfaparfmilano.com