PRIVACY POLICY

General Information about our ‘Privacy Policy’ (in full compliance with the EU GDPR Legislation).

 

Information regarding the personal data processing policy pursuant to Article 13 of Legislative Decree No. 196/2003, in addition to EU Regulation 679/2016.

 

Welcome to our Website: www.aesthego.com:

Aesthego’s priority is to protect user privacy. Aesthego S.r.l.s., in our capacity as ‘Data Controller’ (hereinafter referred to as: ‘Aesthego’ or ‘Data Controller’) according to Legislative Decree no. 196/2003 (‘Code’), as well as EU Regulation 679/2016 (hereinafter referred to as ‘Regulation’), considers the Privacy and Protection of personal data to be one of Aesthego’s principle concerns.

Aesthego S.r.l.s. invites the ‘User’ to carefully read this ‘Privacy Policy’ before communicating any personal data to the ‘Data Controller’, as it contains important information regarding the protection of the ‘User’ personal data, and because it is applicable to all the ‘User’ accesses and to any activity of navigation in our ‘Websites’, to the use of its services, regardless of the purchase.

 

Following the utilization of the Website or in consequence of sending an e-mail through the ‘Contacts’ section or to an e-mail address indicated on our ‘Websites’; personal data relating to individuals already identified, or who may become identified, may be processed.

This ‘Privacy Policy’ is provided in relation to the ‘Websites’ www.aesthego.com, boutique.aesthego.com/, movement.aesthego.com/, (hereinafter referred to as the ‘Websites’) and is an integral part of Aesthego S.r.l.s. ‘Websites’ and services offered. It is provided to those who interact with the web services of the ‘Websites’, either through simple utilization or through the use of specific services made available through the ‘Websites’ (for example purchasing products, filling out online forms to request information or subscribing to the Newsletter service, etc.) pursuant to Art. 13 of the ‘Code’, as well as Art. 13 of the ‘Regulation’.

 

Therefore, the present document fully describes to the ‘User’ the methods of management of the data processing and also constitutes an expressed informative report in accordance with the current legislation regarding the ‘Protection of Personal Data’.
This ‘Privacy Policy’ also provides information to help the ‘User’ understand how Aesthego S.r.l.s. collects and uses data that identifies ‘Users’. For any further information on our ‘Privacy Policy’, it is possible to contact Customer Assistance at Aesthego S.r.l.s., by writing to info@aesthego.com.

 

The processing of ‘User’ personal data follows a criteria including: transparency, purpose and retention limitation, accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to Art. 5 of the ‘Regulation’.

Therefore, ‘User’ personal data will be processed in accordance with the legislative provisions stipulated in the ‘Regulation’ and confidentiality obligations prescribed therein.

 

‘Personal data processing’ means any operation or set of operations which is carried out on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

  1. DATA CONTROLLER

 

The Data Controller is  Irene Laudini who establishes the purposes and the methods for the processing of data. and can be contacted  at the address indicated above and by email at info@aesthego.com.

 

  1. PERSONAL DATA SUBJECT TO PROCESSING

 

The following personal data is processed through the ‘Websites’:

  1. Web Browsing Data

During normal course of operation, the computer systems and software procedures used to operate these ‘Websites’ acquire certain personal data, the transmission of this data is implicit in the use of internet communication protocols.

This information is not collected with the intent of associating it with identified ‘Users’ but by its nature, could lead to the identification of ‘Users’ through processing and association with data held by third parties.

This category of data includes:

  • IP addresses or domain names of computers used by Users who connect to the Website
  • The URI (Uniform Resource Identifier) addresses of requested resources
  • The time of the request
  • The method used to submit the request to the server
  • The size of the file received in reply
  • The numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding the User’s operating system and computer environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the ‘Websites’ to check its correct functioning, to identify anomalies and/or misuses; in any event, they are deleted immediately after processing.

The data could be used to ascertain any responsibility in the event of hypothetical computer crimes to the detriment of the ‘Websites’ or third parties.

  1. Data Voluntarily Provided By the User

Except for specific information contained therein, this ‘Privacy Policy’ is also intended for the processing of data voluntarily inserted by the ‘User’ when filling out various forms contained on the ‘Websites’. With reference to the aforsaid, Aesthego S.r.l.s. invites the ‘User’ not to include information that may fall within the group of special categories of personal data pursuant to art. 9 of the ‘Regulation’ ([…] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relative to a person’s health, sex life or sexual orientation).

  1. Third Party Data Voluntarily Provided By the User

When using the services offered by the ‘Websites’, the personal data the ‘User’ communicates to Aesthego S.r.l.s. may be processed by third parties (such as in the case of purchasing products to be sent to third parties).

With respect to these hypotheses, the ‘User’ becomes the autonomous ‘Data Controller’, assuming all legal obligations and responsibilities. To this effect, the ‘User’ fully indemnifies Aesthego S.r.l.s. against any objection, claim, request for compensation for damages from processing, etc. that the ‘Data Controller’ receives from third parties whose personal data has been processed, through the ‘User’ use of the ‘Website’s’ services, in violation of the applicable rules on the protection of personal data. In any event, if the ‘User’ provides or otherwise processes personal data of third parties when using the ‘Websites’, as of now, the ‘User’ guarantees that this particular hypothesis of data processing is based, where necessary, on the prior acquisition – by the ‘User’ – of the consent of the third party to process information concerning him/her: the ‘User’ assumes all related liability.

  1. Cookies And Other Tracking Technologies

Information on cookies used by the ‘Websites’ is available here.

  1. PURPOSES FOR WHICH PERSONAL DATA ARE PROCESSED AND LEGAL BASIS

 

Specific security measures have been implemented in order to prevent data loss, illicit or incorrect use of data and unauthorised access.

 

The legal basis for processing personal data for the purposes set out in section 2.A and 2.B is art. 6 ( 1 )(b) of the ‘Regulation’ ([…] processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the same), inasmuch as processing is necessary for the provision of services. The ‘Provision’ of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the services requested.

The purpose referred to in section 2.C represents a legitimate processing of personal data pursuant to art. 6 ( 1 )(c) of the ‘Regulation’ ([…] processing is necessary for compliance with a legal obligation to which the ‘Data Controller is subject). In fact, once the personal data has been conferred, the processing must comply with the legal obligations to which the ‘Data Controller’ is subject.

Data processing carried out for the purposes of marketing, profiling and communication to Third party companies of the Group are based on the issuance of ‘User’ consent pursuant to art. 6 ( 1 )(a) ([…] the data subject has consented to the processing of ‘User’ personal data for one or more specific purposes) and to art. 22 ( 2 )(c) of the ‘Regulation’. Therefore, the ‘Provision’ of ‘User’ personal data for these purposes is entirely optional and does not affect the use of the services. If the ‘User’ wishes to object to the processing of the ‘User’ data for marketing, profiling or communication purposes, the ‘User’ may contact the ‘Data Controller,’ at any time, using the contact details provided in the ‘Contacts’ section of this ‘Privacy Policy’ or, where available, via the ‘privacy settings’ found within the ‘Users’ personal area. With reference to the purpose referred to in point 2.D, please note that if the ‘Data Controller’ uses the electronic mail details provided by the data subject for the purposes of direct sales of its products or services, in the context of the sale of a product, it may, according to art. 130, paragraph 4 of the Code, refrain from requesting the consent of the data subject, provided that the products are similar to those bought by the data subject, who is properly informed and does not refuse such use, initially or on the occasion of subsequent communications.

The ‘Data Controller’ may find it necessary to process personal data of third parties transferred directly by its ‘Users’, for example when the ‘User’ shares the discount code with friends, or if a purchased product is to be sent to a third party, or if the subject who pays the purchase price for the product is not the subject to whom the product is to be delivered.

In all these circumstances, make sure that the ‘User’ obtains the consent of the person to whom the data refer before passing them on to Aesthego and that the ‘User’ has informed any  individual involved about the processing, seeing that the User will be held solely and exclusively responsible for the transfer of information and data relating to third parties, even if not expressly requested, and for the improper or unlawful use of the data. In any event, Aesthego will, in so far as it is obliged to do so by legislation, satisfy its obligation to inform the ‘User’ indicated and, whenever necessary, will ask for the ‘User’ express consent when recording the relevant personal data in its files.

‘User’s’ personal data will be processed, with the ‘User’ consent where necessary, for the following purposes, where applicable:

3.1. To allow navigation of the ‘Websites’ and the delivery of services made available by the ‘Data Controller,’ including the management of the ‘Websites’s’ security, as well as the contractual and administrative/accounting relationships;

3.2. To inspect specific requests addressed to the ‘Data Controller,’ including any requests for ‘Customer Assistance’ sent by completing the ‘Contact Us’ form;

3.3.To fulfill any obligations stipulated by applicable laws, regulations or European Union legislation, or to satisfy requests from authorities;

3.4. To conduct ‘Direct Marketing’ via email for products which are similar to those the ‘User’ have already purchased, pursuant to Art. 130, paragraph 4 of the Code, unless the ‘User’ has expressly refused to receive such communications, which the ‘User’ may express during registration on the ‘Websites’ or on subsequent occasions;

3.5. To send the ‘User’ promotional and marketing communications, which includes the sending of newsletters and market research information, through automated tools (for example SMS, MMS, Whatsapp Messages, Telegram Messages, email, push notifications, fax) and other means (paper mail, telephone with operator).

Please, note that the ‘Data Controller’ collects a single affirmation of consent for the marketing purposes described here, in accordance with the ‘Provision’ issued by the Italian Data Protection Authority ‘Guidelines on promotional activities and obstructing spam’ of July 4, 2013. If, in any event, the ‘User’ wishes to object to the processing of data for marketing purposes carried out with the means specified here, the ‘User’ may contact the ‘Data Controller’ at any time, at the addresses indicated in the ‘Contacts’ section of this ‘Privacy Policy’, without prejudice to the lawfulness of the processing based on the consent given before the revocation;

3.6. To analyse the ‘User’ preferences, habits and choices as a consumer, in order to send the ‘User’ personalised commercial communications and proposals as well as to carry out general analyses for strategic orientation and commercial intelligence purposes;

3.7. For statistical purposes, without it being possible to trace the ‘User’ identity.

3.8 To provide services relating to registration and access to reserved areas or to specific services (during Websites registration processes, Aesthego S.r.l.s. collects the relevant e-mail address, personal data and/or shipment information and login data, with the use of online registration forms);

3.9 When expressly requested, Aesthego S.r.l.s. sends newsletters by e-mail;

3.10 In order to complete the purchasing of products on the ‘Websites’ (Aesthego S.r.l.s. collects ‘User’ personal data, such as e-mail address, personal data, postal address, credit card and bank details and telephone numbers via the order form);

3.11 In order to provide information regarding navigation problems, browser compatibility or uploading of web pages from the ‘Websites’ (collecting and processing data in response to a request for technical assistance);

3.12 To allow the ‘User’ to save the products most preferred in the virtual shopping cart;

 

  1. COLLECTION OF DATA

Aesthego S.r.l.s. collects personal data and other information directly from its ‘Users’ as part of the online registration process, via web pages dedicated to new commercial initiatives (for example the landing page) or through purchase orders for products on our ‘Websites’ in order to complete e-commerce transactions. These data are processed by Aesthego S.r.l.s. within the limits and for the purposes described in the ‘Privacy Notice’ submitted to the ‘User’, in the section dealing specifically with the collection of data, or in this ‘Privacy Policy’, and may also be transferred to third parties for purposes linked to the supply of the services requested by the customer (as dealt with in further detail in the paragraph headed ‘Subjects to whom personal data may be transferred’).

 

Aesthego S.r.l.s. informs the ‘User’ that the personal data being processed may consist of a form of identification, such as a name, an identification number, location data, an online identifier or one or more characteristic elements of the ‘User’ physical, physiological, psychological, economic, cultural or social identity that is suitable to render the data subject identified or identifiable, depending on the type of services requested (hereinafter only referred to as ‘Personal Data’).

 

 

  1. TRANSFERS OF PERSONAL DATA

 

Some of the ‘User’ personal data is shared with ‘Recipients’ that may be situated outside the European Economic Area. The ‘Data Controller’ ensures that these Recipients process ‘User’ personal data in compliance with Art. 43 and Art. 44 of the Code, as well as articles Art. 44 – 49 of the ‘Regulation’. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Union Commission. More information is available by sending a written request to the ‘Data Controller’ at the addresses indicated in the ‘Contacts’ section of this ‘Privacy Policy’.

 

  1. DATA SUBJECT’S RIGHTS

 

Pursuant to art. 7 of the Code, at any time, the ‘User’ has the right to obtain confirmation of the existence or otherwise of their personal data and to know its content and origin, verify its accuracy or request its integration, updating, or rectification; the ‘User’ has the right to request the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, and to oppose, in any event, and for legitimate reasons, its processing. Starting from 25 May 2018 the ‘User’ also has the right to request access to their data, to oppose its processing, to request the limitation of its processing in the cases provided for by art. 18 of the ‘Regulation’, where technically possible, as well as obtaining the data concerning the User in a structured common-use format that is readable via an automatic device, in the cases provided for by art. 20 of the ‘Regulation’.

Requests should be sent in writing to the ‘Data Controller’ at the addresses indicated in the ‘Contacts’ section of this ‘Privacy Policy.’

In any case, ‘Users’ are always entitled to lodge complaints with the competent supervisory authority (‘Italian Data Protection Authority’), pursuant to art. 77 of the ‘Regulation’, if the ‘User’ considers the processing of this data to be in violation of the laws in force.

 

  1. PERSONAL DATA RECIPIENTS

 

‘User’ personal data may be shared for section 3 of this ‘Privacy Policy’, with:

7.1. Subjects that typically act as data processing supervisors pursuant to art. 29 of the Code and 28 of the ‘Regulation’, namely:

  • Persons, companies or professional firms that provide assistance and advice to Aesthego on accounting, administrative, legal, tax and financial matters;
  • Subjects delegated to carry out technical maintenance activities;
  • Credit institutions and insurance companies and brokers;

7.2. Persons, entities or authorities who require the communication of the ‘User’ personal information as mandated by law or by order of the authorities;

7.3. Persons authorised by the ‘Data Controller’, pursuant to art. 30 of the Code and 29 of the ‘Regulation’, to process the personal data necessary to carry out activities strictly related to the provision of services, who are committed to respecting the ‘User’ confidentiality or have an appropriate legal confidentiality obligation (for example shipping agents or companies conducting marketing activities or providers of marketing services). These subjects, acting as ‘Data Processors’, will process the ‘User’ personal data exclusively on behalf of Aesthego S.r.l.s. and exclusively for the purposes indicated in this ‘Privacy Policy’ and, in any event, within the scope envisaged by the law and in accordance with any consents that the ‘User’ may provide.

In addition to the companies that act as ‘Data Processors’, personal data are also made available to third parties (autonomous data controllers) who process the data autonomously, solely for the purpose of executing contracts for the purchase of products on the ‘Websites’ and for additional purposes linked to the supply of the services requested by the ‘User’ (for example in purchasing transactions, the bank providing electronic remote payment services, by means of credit/debit card).

These third parties, with whom Aesthego S.r.l.s. works in close contact and who may be the recipients of the User’s personal data, include, merely by way of example: social media platform partners, who may offer connection services (such as connection to profile information) from their social media platforms to our ‘Websites’; providers of services connected with the delivery of products purchased or the handling of payments; providers of IT services or solutions backing up the internal customer care service or Marketing (e.g. the “Live chat” service).

‘User’ data will not be disseminated. However, this does not prejudice the transfer or dissemination of data required by law, by police forces, judicial authorities, information and security organizations or other public bodies for purposes connected with the defense or security of the State or the prevention, verification or repression of crimes.

7.4. Aesthego S.r.l.s., limited to the pursuit of internal administrative purposes;

7.5. Aesthego S.r.l.s., limited to the pursuit of the purposes set out in point 3.7, subject to the ‘User’s’ explicit consent (as specified in point 3). These subjects are collectively defined as ‘Recipients’.

A complete list of data processing supervisors is available by sending a written request to the ‘Data Controller’ at the addresses indicated in the ‘Contacts’ section of this ‘Privacy Policy’.

 

  1. DATA STORAGE PERIOD

 

‘Personal data’ that is processed for the purposes set out in sections 3.1 and 3.2 will be kept for the time strictly necessary to achieve those same purposes. With regard to information processed for the provision of services, the ‘Data Controller’ will keep this personal data for the period of time envisaged and permitted by Italian law to protect its own interests (Article 2946 of the Italian Civil Code and ff.).

Personal data processed for the purposes set out in section 3.3 will be kept up until the time stipulated by the specific obligation or applicable law.

For the purposes set out in section 3.4, the ‘User’s’ personal data will be processed until the ‘User’ presents an objection to its processing.

For the purposes set out in section 3.5 and 3.6, the ‘User’ personal data will be processed for a maximum period of seven years, starting from its registration, in accordance with what is stipulated in the provision issued by the Italian ‘Data Protection Authority’ for the protection of personal data following a request for prior verification pursuant to art. 17 of the Code presented by the ‘Data Controller’.

Further information regarding the data retention period and the criteria used to determine this period may be requested via a written request sent to the ‘Data Controller’ at the addresses indicated in the ‘Contacts’ section of ‘Privacy Policy’. In any case, the ‘Data Controller’ is granted the possibility to keep the ‘User’ personal data for the period of time provided and allowed for by Italian law to protect their interests (Article 2947 ( 1 )( 3 ) of the Italian Civil Code).

 

  1. PROCESSING BASED ON AUTOMATED DECISIONS AND PROFILING

 

For further information on the processing of personal data based on automated decision-making and profiling, the ‘User’ may consult Aesthego’s ‘Cookie Policy’.

In any event, if the ‘User’ has subscribed to one of our services using authentication methods on social media or on Google, Aesthego S.r.l.s. may access particular personal data (for example first name, surname, e-mail etc.) found in the social media account or the ‘User’s’ profile, in keeping with the operating conditions applying to the platform in question. Aesthego S.r.l.s. may also collect any of the ‘User’s’ personal data when interacting with third party social media functions, such as ‘I Like’.

Apart from the situations described above relating to the profiling of ‘Users’ behavior on the ‘Websites’ and the analysis of consumer tastes and habits, Aesthego S.r.l.s. does not adopt any other automated data processing methods that could have decision-making effects on the ‘Users’ legal domain.

 

  1. MINORS

This ‘Websites’ and the services it offers are not intended for subjects under 18 years of age, and the ‘Data Controller’ does not intentionally collect personal information relating to minors. In the event that information relating to minors is involuntarily registered, the ‘Data Controller’ will delete them promptly, upon the ‘Users’ request.

 

  1. APPLICABLE LAW AND CONTACTS

 

This ‘Privacy Policy’ is regulated by European Union law and by Italian law (the Italian ‘Data Protection Act’, Italian Legislative Decree no. 196/2003 dated 30 June 2003, as subsequently amended) regulating the processing of personal data of ‘Users’ of our ‘Websites’.

These legislative provisions ensure that personal data are processed in a manner that respects fundamental rights and liberties, as well as the dignity of the Data Subject, with particular reference to confidentiality, personal identity and the right to safeguard personal data.

 

  1. MODIFICATIONS

The ‘Data Controller’ reserves the right to modify or simply update, wholly or partially,  the ‘Privacy Policy’ of our ‘Websites’ also as a result of variations in the applicable legislation. Therefore, the ‘Data Controller’ invites the ‘User’ to regularly visit this section (https://www.aesthego.com/privacy-policy/ ) to keep up-to-date with the most recent and updated version of the ‘Privacy Policy’ in order to always be informed on the data collected and how Aesthego S.r.l.s. uses it.

 

  1. CONTACT US

To exercise the above rights or for any other requests, please write to the ‘Data Controller’ at the physical address info@aesthego.com, inserting the subject ‘Request for exercise of privacy rights’ in the subject field of the communication.