Information regarding the personal data processing policy pursuant to Article 13 of Legislative Decree No. 196/2003, in addition to EU Regulation 679/2016.
Welcome to our Website: www.aesthego.com:
Aesthego’s priority is to protect user privacy. Aesthego S.r.l.s., in our capacity as ‘Data Controller’ (hereinafter referred to as: ‘Aesthego’ or ‘Data Controller’) according to Legislative Decree no. 196/2003 (‘Code’), as well as EU Regulation 679/2016 (hereinafter referred to as ‘Regulation’), considers the Privacy and Protection of personal data to be one of Aesthego’s principle concerns.
Following the utilization of the Website or in consequence of sending an e-mail through the ‘Contacts’ section or to an e-mail address indicated on our ‘Websites’; personal data relating to individuals already identified, or who may become identified, may be processed.
Therefore, the present document fully describes to the ‘User’ the methods of management of the data processing and also constitutes an expressed informative report in accordance with the current legislation regarding the ‘Protection of Personal Data’.
The processing of ‘User’ personal data follows a criteria including: transparency, purpose and retention limitation, accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to Art. 5 of the ‘Regulation’.
Therefore, ‘User’ personal data will be processed in accordance with the legislative provisions stipulated in the ‘Regulation’ and confidentiality obligations prescribed therein.
‘Personal data processing’ means any operation or set of operations which is carried out on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- DATA CONTROLLER
The Data Controller is Irene Laudini who establishes the purposes and the methods for the processing of data. and can be contacted at the address indicated above and by email at firstname.lastname@example.org.
- PERSONAL DATA SUBJECT TO PROCESSING
The following personal data is processed through the ‘Websites’:
- Web Browsing Data
During normal course of operation, the computer systems and software procedures used to operate these ‘Websites’ acquire certain personal data, the transmission of this data is implicit in the use of internet communication protocols.
This information is not collected with the intent of associating it with identified ‘Users’ but by its nature, could lead to the identification of ‘Users’ through processing and association with data held by third parties.
This category of data includes:
- IP addresses or domain names of computers used by Users who connect to the Website
- The URI (Uniform Resource Identifier) addresses of requested resources
- The time of the request
- The method used to submit the request to the server
- The size of the file received in reply
- The numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding the User’s operating system and computer environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the ‘Websites’ to check its correct functioning, to identify anomalies and/or misuses; in any event, they are deleted immediately after processing.
The data could be used to ascertain any responsibility in the event of hypothetical computer crimes to the detriment of the ‘Websites’ or third parties.
- Data Voluntarily Provided By the User
- Third Party Data Voluntarily Provided By the User
When using the services offered by the ‘Websites’, the personal data the ‘User’ communicates to Aesthego S.r.l.s. may be processed by third parties (such as in the case of purchasing products to be sent to third parties).
With respect to these hypotheses, the ‘User’ becomes the autonomous ‘Data Controller’, assuming all legal obligations and responsibilities. To this effect, the ‘User’ fully indemnifies Aesthego S.r.l.s. against any objection, claim, request for compensation for damages from processing, etc. that the ‘Data Controller’ receives from third parties whose personal data has been processed, through the ‘User’ use of the ‘Website’s’ services, in violation of the applicable rules on the protection of personal data. In any event, if the ‘User’ provides or otherwise processes personal data of third parties when using the ‘Websites’, as of now, the ‘User’ guarantees that this particular hypothesis of data processing is based, where necessary, on the prior acquisition – by the ‘User’ – of the consent of the third party to process information concerning him/her: the ‘User’ assumes all related liability.
- Cookies And Other Tracking Technologies
Information on cookies used by the ‘Websites’ is available here.
- PURPOSES FOR WHICH PERSONAL DATA ARE PROCESSED AND LEGAL BASIS
Specific security measures have been implemented in order to prevent data loss, illicit or incorrect use of data and unauthorised access.
The legal basis for processing personal data for the purposes set out in section 2.A and 2.B is art. 6 ( 1 )(b) of the ‘Regulation’ ([…] processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the same), inasmuch as processing is necessary for the provision of services. The ‘Provision’ of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the services requested.
The purpose referred to in section 2.C represents a legitimate processing of personal data pursuant to art. 6 ( 1 )(c) of the ‘Regulation’ ([…] processing is necessary for compliance with a legal obligation to which the ‘Data Controller is subject). In fact, once the personal data has been conferred, the processing must comply with the legal obligations to which the ‘Data Controller’ is subject.
The ‘Data Controller’ may find it necessary to process personal data of third parties transferred directly by its ‘Users’, for example when the ‘User’ shares the discount code with friends, or if a purchased product is to be sent to a third party, or if the subject who pays the purchase price for the product is not the subject to whom the product is to be delivered.
In all these circumstances, make sure that the ‘User’ obtains the consent of the person to whom the data refer before passing them on to Aesthego and that the ‘User’ has informed any individual involved about the processing, seeing that the User will be held solely and exclusively responsible for the transfer of information and data relating to third parties, even if not expressly requested, and for the improper or unlawful use of the data. In any event, Aesthego will, in so far as it is obliged to do so by legislation, satisfy its obligation to inform the ‘User’ indicated and, whenever necessary, will ask for the ‘User’ express consent when recording the relevant personal data in its files.
‘User’s’ personal data will be processed, with the ‘User’ consent where necessary, for the following purposes, where applicable:
3.1. To allow navigation of the ‘Websites’ and the delivery of services made available by the ‘Data Controller,’ including the management of the ‘Websites’s’ security, as well as the contractual and administrative/accounting relationships;
3.2. To inspect specific requests addressed to the ‘Data Controller,’ including any requests for ‘Customer Assistance’ sent by completing the ‘Contact Us’ form;
3.3.To fulfill any obligations stipulated by applicable laws, regulations or European Union legislation, or to satisfy requests from authorities;
3.4. To conduct ‘Direct Marketing’ via email for products which are similar to those the ‘User’ have already purchased, pursuant to Art. 130, paragraph 4 of the Code, unless the ‘User’ has expressly refused to receive such communications, which the ‘User’ may express during registration on the ‘Websites’ or on subsequent occasions;
3.5. To send the ‘User’ promotional and marketing communications, which includes the sending of newsletters and market research information, through automated tools (for example SMS, MMS, Whatsapp Messages, Telegram Messages, email, push notifications, fax) and other means (paper mail, telephone with operator).
3.6. To analyse the ‘User’ preferences, habits and choices as a consumer, in order to send the ‘User’ personalised commercial communications and proposals as well as to carry out general analyses for strategic orientation and commercial intelligence purposes;
3.7. For statistical purposes, without it being possible to trace the ‘User’ identity.
3.8 To provide services relating to registration and access to reserved areas or to specific services (during Websites registration processes, Aesthego S.r.l.s. collects the relevant e-mail address, personal data and/or shipment information and login data, with the use of online registration forms);
3.9 When expressly requested, Aesthego S.r.l.s. sends newsletters by e-mail;
3.10 In order to complete the purchasing of products on the ‘Websites’ (Aesthego S.r.l.s. collects ‘User’ personal data, such as e-mail address, personal data, postal address, credit card and bank details and telephone numbers via the order form);
3.11 In order to provide information regarding navigation problems, browser compatibility or uploading of web pages from the ‘Websites’ (collecting and processing data in response to a request for technical assistance);
3.12 To allow the ‘User’ to save the products most preferred in the virtual shopping cart;
- COLLECTION OF DATA
Aesthego S.r.l.s. informs the ‘User’ that the personal data being processed may consist of a form of identification, such as a name, an identification number, location data, an online identifier or one or more characteristic elements of the ‘User’ physical, physiological, psychological, economic, cultural or social identity that is suitable to render the data subject identified or identifiable, depending on the type of services requested (hereinafter only referred to as ‘Personal Data’).
- TRANSFERS OF PERSONAL DATA
- DATA SUBJECT’S RIGHTS
Pursuant to art. 7 of the Code, at any time, the ‘User’ has the right to obtain confirmation of the existence or otherwise of their personal data and to know its content and origin, verify its accuracy or request its integration, updating, or rectification; the ‘User’ has the right to request the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, and to oppose, in any event, and for legitimate reasons, its processing. Starting from 25 May 2018 the ‘User’ also has the right to request access to their data, to oppose its processing, to request the limitation of its processing in the cases provided for by art. 18 of the ‘Regulation’, where technically possible, as well as obtaining the data concerning the User in a structured common-use format that is readable via an automatic device, in the cases provided for by art. 20 of the ‘Regulation’.
In any case, ‘Users’ are always entitled to lodge complaints with the competent supervisory authority (‘Italian Data Protection Authority’), pursuant to art. 77 of the ‘Regulation’, if the ‘User’ considers the processing of this data to be in violation of the laws in force.
- PERSONAL DATA RECIPIENTS
7.1. Subjects that typically act as data processing supervisors pursuant to art. 29 of the Code and 28 of the ‘Regulation’, namely:
- Persons, companies or professional firms that provide assistance and advice to Aesthego on accounting, administrative, legal, tax and financial matters;
- Subjects delegated to carry out technical maintenance activities;
- Credit institutions and insurance companies and brokers;
7.2. Persons, entities or authorities who require the communication of the ‘User’ personal information as mandated by law or by order of the authorities;
In addition to the companies that act as ‘Data Processors’, personal data are also made available to third parties (autonomous data controllers) who process the data autonomously, solely for the purpose of executing contracts for the purchase of products on the ‘Websites’ and for additional purposes linked to the supply of the services requested by the ‘User’ (for example in purchasing transactions, the bank providing electronic remote payment services, by means of credit/debit card).
These third parties, with whom Aesthego S.r.l.s. works in close contact and who may be the recipients of the User’s personal data, include, merely by way of example: social media platform partners, who may offer connection services (such as connection to profile information) from their social media platforms to our ‘Websites’; providers of services connected with the delivery of products purchased or the handling of payments; providers of IT services or solutions backing up the internal customer care service or Marketing (e.g. the “Live chat” service).
‘User’ data will not be disseminated. However, this does not prejudice the transfer or dissemination of data required by law, by police forces, judicial authorities, information and security organizations or other public bodies for purposes connected with the defense or security of the State or the prevention, verification or repression of crimes.
7.4. Aesthego S.r.l.s., limited to the pursuit of internal administrative purposes;
7.5. Aesthego S.r.l.s., limited to the pursuit of the purposes set out in point 3.7, subject to the ‘User’s’ explicit consent (as specified in point 3). These subjects are collectively defined as ‘Recipients’.
- DATA STORAGE PERIOD
‘Personal data’ that is processed for the purposes set out in sections 3.1 and 3.2 will be kept for the time strictly necessary to achieve those same purposes. With regard to information processed for the provision of services, the ‘Data Controller’ will keep this personal data for the period of time envisaged and permitted by Italian law to protect its own interests (Article 2946 of the Italian Civil Code and ff.).
Personal data processed for the purposes set out in section 3.3 will be kept up until the time stipulated by the specific obligation or applicable law.
For the purposes set out in section 3.4, the ‘User’s’ personal data will be processed until the ‘User’ presents an objection to its processing.
For the purposes set out in section 3.5 and 3.6, the ‘User’ personal data will be processed for a maximum period of seven years, starting from its registration, in accordance with what is stipulated in the provision issued by the Italian ‘Data Protection Authority’ for the protection of personal data following a request for prior verification pursuant to art. 17 of the Code presented by the ‘Data Controller’.
- PROCESSING BASED ON AUTOMATED DECISIONS AND PROFILING
In any event, if the ‘User’ has subscribed to one of our services using authentication methods on social media or on Google, Aesthego S.r.l.s. may access particular personal data (for example first name, surname, e-mail etc.) found in the social media account or the ‘User’s’ profile, in keeping with the operating conditions applying to the platform in question. Aesthego S.r.l.s. may also collect any of the ‘User’s’ personal data when interacting with third party social media functions, such as ‘I Like’.
Apart from the situations described above relating to the profiling of ‘Users’ behavior on the ‘Websites’ and the analysis of consumer tastes and habits, Aesthego S.r.l.s. does not adopt any other automated data processing methods that could have decision-making effects on the ‘Users’ legal domain.
This ‘Websites’ and the services it offers are not intended for subjects under 18 years of age, and the ‘Data Controller’ does not intentionally collect personal information relating to minors. In the event that information relating to minors is involuntarily registered, the ‘Data Controller’ will delete them promptly, upon the ‘Users’ request.
- APPLICABLE LAW AND CONTACTS
These legislative provisions ensure that personal data are processed in a manner that respects fundamental rights and liberties, as well as the dignity of the Data Subject, with particular reference to confidentiality, personal identity and the right to safeguard personal data.
- CONTACT US
To exercise the above rights or for any other requests, please write to the ‘Data Controller’ at the physical address email@example.com, inserting the subject ‘Request for exercise of privacy rights’ in the subject field of the communication.