Privacy Policy

PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679

Ondaline Cosmetici s.r.l., Via Galileo Galilei 51D – 35035 Mestrino (PD) Italia, Tax Code and VAT Number 01546740281, as the Data Controller (hereinafter referred to as “Ondaline Cosmetici,” “Controller,” or “Company“), pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”), considers privacy and the protection of Personal Data to be the primary objectives of its operations. Therefore, before submitting any personal data to the Controller, we kindly ask you to carefully read this Privacy Notice, as it contains important information regarding the processing of your Personal Data.

“Personal Data” refers to any information relating to an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

This Privacy Notice:

  • Applies to the websites https://www.ondalinecosmetici.it/ and its related subdomains (hereinafter referred to as the “Site”);
  • Forms an integral part of the Site and the services we offer, particularly concerning third-party production of professional cosmetic lines, including full-service solutions and tailor-made formulations;
  • Is issued pursuant to Article 13 of the Regulation to individuals interacting with the web services of the Site and the Controller, whether through simple browsing or by using specific services made available through the Site.

The Controller can be contacted at the following email address:: giorgiozotti@ondalinecosmetici.it

This document has been prepared in compliance with Article 13 of Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”) to provide you with an understanding of our privacy policy, explain how your personal information is processed when you use our websites (https://www.ondalinecosmetici.it/ and its related subdomains, collectively referred to hereinafter as the “Site”), and, if applicable, to enable you to give free and informed consent to the processing of your personal data.

The information and data you provide or that are otherwise collected during your use of the services provided by Ondaline Cosmetici—such as subscribing to the newsletter or submitting an inquiry (hereinafter referred to as “Services”)—will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that underpin the Company’s operations.

In accordance with the Regulation, the processing carried out by Ondaline Cosmetici will adhere to the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality.

INDEX

  1. Data Controller
  2. Personal Data subject to Processing
  3. Navigation Data
  4. Data voluntarilyprovided by the Data subject
  5. Purpose of Data processing
  6. Legal basis and mandatory or optional nature of processing
  7. Recipients of Personal Data
  8. Retention of Personal Data
  9. Transfer of Data abroad
  10. Data subject rights
  11. Modifications
  12. Cookies

 

01. Data controller

The data controller of personal data is Ondaline Cosmetici s.r.l. (hereinafter referred to as “Ondaline Cosmetici” or the “Company”), with registered office in Via Galileo Galilei 51D – 35035 Mestrino (PD), Italy, tax code and VAT number 01546740281. The Company can be contacted by e-mail at giorgiozotti@ondalinecosmetici.it.

 

02. Personal data subject to processing

As you browse the Site, we inform you that the Company may process your personal data. This data may include identifiers such as your name, an identification number, an online identifier, or one or more factors specific to your physical, economic, cultural or social identity that make you identifiable as a data subject.

Other personal data voluntarily provided by you through information request forms (e.g. for product details or customisation requests) may also be processed. Sensitive data, as defined in Article 9.1 of Regulation (EU) 2016/679, will only be processed with your explicit consent.

a. Navigation data

The IT systems and software procedures used to operate the Site collect certain personal data during their normal operation. The transmission of this data is inherent in the use of Internet communication protocols. This information is not collected to be associated with identified users, but by its very nature it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users accessing the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

This data is used solely to obtain anonymous statistical information on the use of the site, to ensure its correct functioning, to detect anomalies and/or abuses, and is deleted immediately after processing. The data may be used to establish responsibility in the event of hypothetical IT crimes against the Site or third parties; apart from this possibility, web contact data is not kept for more than seven days.

b. Data provided voluntarily by the user

We may process identification and/or contact data such as name, surname, e-mail address and telephone number, as well as data and metadata relating to the services offered and requested.

If you provide Ondaline Cosmetici with personal data relating to third parties, you must ensure – assuming all the related responsibilities – that this specific case of processing is based on a valid legal basis pursuant to Article 6 of the Regulation, which legitimises the communication of such data to Ondaline Cosmetici and its subsequent processing.

 

03. Purpose of data processing

The data processing we intend to carry out may have the following purposes:

  • To enable the provision of the services requested by you, such as:
    • Access to the website;
    • Subscribing to the e-mail newsletter;
    • Sending general information requests;
    • Requesting personalised advice;
    • Configuring products;
  • Responding to requests for assistance or information;
  • Manage your potential relationship with Ondaline Cosmetici;
  • Comply with any legal, accounting or tax obligations;
  • Asserting or defending your rights in legal proceedings, in cases of abuse in the use of the site and/or our services, or in contractual or non-contractual disputes

04. Legal basis and obligatory or optional nature of the processing

The legal basis for the processing of personal data for the purposes set out in Section 3(a-c) is Article 6.1(b) of the Regulation, as such processing is necessary for the provision of services or to respond to requests made by the data subject. The provision of personal data for these purposes is optional; however, failure to provide such data would make it impossible to activate the services offered by the Site.

If you have purchased products or services from Ondaline Cosmetici, your data may be processed without your consent for the purposes of direct marketing communications relating to products or services similar to those you have purchased (so-called “soft spam”). The processing of your data for these purposes is based on the legitimate interest pursuant to Article 6(1)(f) of the Regulation and Article 130(4) of Legislative Decree 196/2003. In any case, in accordance with Article 21 of the Regulation, you have the right to object to this processing at any time, whether initially or in response to subsequent communications, simply and free of charge by contacting the data controller at the above address. You also have the right to obtain without delay confirmation that such processing has been discontinued (Article 15 of the Regulation).

The purpose outlined in section 3(d) constitutes the processing of personal data carried out pursuant to Article 6.1(c) of the Regulation, as it is necessary to comply with a legal obligation to which the Company is subject.

The processing for the purposes set out in section 3(e) is carried out in accordance with Article 6.1(f) of the Regulation, as it reflects the legitimate interest of the controller.

05. Recipients of personal data

Your personal data may, for the purposes set out in section 3 above, be disclosed to:

  • a. Entities acting as data processors pursuant to Article 28 of the Regulation, including:
    – Persons, companies or professional firms providing assistance and consultancy services to Ondaline Cosmetici in accounting, administrative, legal, fiscal, financial or debt recovery matters related to the provision of services;
    – Entities with which it is necessary to interact for the provision of the Services (e.g. hosting providers, WhatsApp Business);
    – Entities engaged in technical maintenance activities (including maintenance of network equipment and electronic communications networks).
    (collectively referred to as “recipients”). The list of data processors involved in the processing may be requested from the Controller.
  • b. Entities, organisations or authorities acting as independent data controllers to whom your personal data must be disclosed by law or by order of public authorities;
  • c. Persons authorised by the Company to process personal data pursuant to Article 29 of the Regulation, who are required to carry out activities strictly related to the provision of services and who are bound by confidentiality agreements or have an adequate legal obligation to maintain confidentiality (e.g. employees of Ondaline Cosmetici).

06. Data retation

Personal Data processed for the purposes set out in Section 3(a-e) will be kept for the time strictly necessary to achieve those purposes, in accordance with the principles of data minimisation and storage limitation as set out in Article 5.1(e) of the Regulation. In any case, the Controller will process personal data for the time necessary to fulfil contractual and legal obligations.

Specifically, the data will be kept as follows:

  • website access data will be kept for 365 days;
  • email newsletter subscriptions will be kept until consent is withdrawn and in any case no longer than 24 months from the last activity of the contact;
  • Requests for general information and personalised advice will be kept for the time necessary to carry out pre-contractual measures and/or the contract, and in any case for no longer than 12 months from the last activity of the contact;
  • Product configuration requests will be kept for the time necessary to fulfil pre-contractual measures and/or the contract, but in any case no longer than 12 months from the last activity of the contact. ;

Further information regarding the data retention periods and the criteria used to determine these periods may be requested by contacting the Data Controller.

07. Transfer of data abroad when using WhatsApp Business for service-related information/consultation requests

Please note that when platforms such as WhatsApp Business are used for requests for information and/or consultation in relation to the services offered, it may be necessary to transfer the data subject’s information (including identification details, contact details and metadata relating to the dates, times and content of individual requests) outside the European Union, in particular to the United States.

This transfer of personal data to the United States is based on the adequacy decision adopted by the European Commission under the EU-US Data Privacy Framework (DPF), the agreement that governs data transfers between the European Union and the United States. Further details can be found in the data transfer appendix of the WhatsApp Business Policy, available at the following link: https://www.whatsapp.com/legal/businesswhatsapp business policy

08. Data subject rights

Pursuant to Article 15 et seq. of the Regulation, you have the right at any time to access, correct or delete your personal data, to restrict its processing in the cases provided for in Article 18 of the Regulation, and to obtain the data concerning you in a structured, commonly used and machine-readable format in the cases provided for in Article 20 of the Regulation. You may at any time revoke the consent you have given pursuant to Article 7 of the Regulation; you may lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali WWW.GARANTEPRIVACY.IT) pursuant to Article 77 of the Regulation if you consider that the processing of your data is contrary to the legislation in force.

You may submit a request to object to the processing of your data pursuant to Article 21 of the Regulation, stating the reasons for your objection: the Data Controller reserves the right to evaluate your request, which shall not be accepted if there are compelling legitimate grounds for processing that override your interests, rights and freedoms.

Requests must be addressed in writing to the Data Controller.

09. Changes

This Privacy Policy is effective as of 07/11/2024. Ondaline Cosmetics reserves the right to modify or simply update all or part of its content, including in the light of changes in current legislation. Ondaline Cosmetici will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the site. Ondaline Cosmetici therefore invites you to regularly consult this section in order to acquaint yourself with the most recent and updated version of the Privacy Policy, so that you are always aware of the data collected and how it is used by the company.

10. Cookies and online trackers

This cookie policy relates exclusively to the site (‘Site’) and should be understood as an integral part of the Site’s Privacy Policy.

01 – Definitions, characteristics and enforcement

Cookies are small text files sent by websites visited by the user, which are stored on the user’s computer or mobile device to be sent back to the same websites the next time the user visits them. Cookies allow a site to remember a user’s actions and preferences (such as login credentials, language, font size, other display settings, etc.) so that they do not need to be re-entered when the user returns to the site or navigates from one page to another within the site. Cookies are therefore used for computer authentication, session monitoring and storage of information relating to the activities of users accessing a site, and may also contain a unique identification code that makes it possible to track the user’s navigation within the site for statistical or advertising purposes. While browsing a site, the user may also receive cookies on his/her computer or mobile device from sites or web servers other than the one he/she is visiting (“third party cookies”). Certain operations cannot be carried out without the use of cookies, which are therefore in some cases technically necessary for the operation of the site itself.

Depending on their characteristics and functions, there are different types of cookies that may remain on the user’s computer or mobile device for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user’s device until a predetermined expiry date.

Under current Italian law, the use of cookies does not always require the express consent of the user. In particular, “technical cookies”, i.e. those used for the sole purpose of carrying out the transmission of a communication over an electronic communications network or to the extent strictly necessary to provide a service expressly requested by the user, do not require such consent. In other words, these are cookies that are essential to the operation of the site or necessary to carry out activities requested by the user.

02 – Types of cookies used by the Site

The Site uses the following types of cookies and offers the possibility of deselecting them, with the exception of cookies from third parties, for which the user must refer directly to the relevant methods for selecting and deselecting the respective cookies, indicated by means of links:

Technical cookies – navigation or session cookies – which are strictly necessary for the operation of the website or to enable the user to benefit from the content and functionalities requested.

No analytical or profiling cookies are currently installed by this site.

03 –  Come visualizzare e modificare i cookie attraverso il proprio programma di navigazione (c.d. browser)

L’utente può selezionare quali cookie autorizzare attraverso l’apposita procedura predisposta nella sezione Impostazioni relative ai cookie, nonché autorizzare, bloccare o cancellare (in tutto o in parte) i cookie attraverso le specifiche funzioni del proprio programma di navigazione (c.d. browser): tuttavia, nell’ipotesi in cui tutti o alcuni dei cookie vengano disabilitati è possibile che il Sito risulti non consultabile o che alcuni servizi o determinate funzioni del Sito non siano disponibili o non funzionino correttamente e/o l’utente potrebbe essere costretto a modificare o a inserire manualmente alcune informazioni o preferenze ogni volta che visiterà il Sito.

For more information on how to set your browser preferences for the use of cookies, please refer to your browser’s instructions:

04 – Cookie settings

Below, the user can make a choice and specifically indicate which cookies he/she wishes to authorise.

The user is informed that the non-acceptance of technical cookies may make it impossible to use the website, view its contents and use its services. The blocking of functional cookies may result in certain services or functions of the Site not being available or not functioning properly and may force you to change or manually enter certain information or preferences each time you visit the Site. With regard to cookies sent directly by the Site’s operator, in addition to the procedure made available on this page, the User may also block or delete (all or part of) cookies through the specific functions of his/her browser (see above).

The choices made by the user in relation to the Site’s cookies are in turn recorded in a specific technical cookie with the characteristics listed in the relevant cookie table. However, this cookie may not function properly in certain circumstances: in such cases, the user is advised to delete unwanted cookies and to disable their use through the functions of his or her browser. Your cookie preferences will need to be reset if you use different devices or browsers to access the Site.