Pursuant to art. 13 of European Regulation No. 679 of 2016
and art. 13 of Legislative Decree No. 196 of 30 June 2003
Esthelogue S.r.l., a company belonging to the El.En. S.p.a. Group, is committed to protecting the privacy and confidentiality of personal data and ensures them the necessary protection from any event that might put them at risk of a breach.
Pursuant to article 13 of Legislative Decree No. 196 of 30 June 2003 (“Privacy Code”), Art. 13 of European Regulation No. 679 of 2016 (“Privacy Regulation”), Esthelogue S.r.l. intends to inform all users and/or visitors to www.esthelogue.com (respectively the “Users” or “Data Subject” and the “Site”), on the use of personal data, log files and cookies collected over the Site itself.
The term personal data refers to the definition contained in article 4, paragraph 1) of the Privacy Regulation, i.e. “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (“Personal Data”).
The personal data processing controller is Esthelogue S.r.l., with registered office at Via Baldanzese, No. 17 – 50041 Calenzano (FI) – Italy, Tax and VAT No. 044613900488 (herein after referred to as the “Data Controller”).
The updated list of designated Data processors can be provided on request by the interested parties and/or users.
Like all websites, our site also uses log files in which information is stored that is collected in an automated manner during users visit. In fact, the information systems and software procedures which perform the functions of the website automatically acquire, during their operation, some information, the transmission of which is implicit in the use of internet communication protocols.
The following information is collected:
This information is not collected to associate to identify subjects, but by nature, might lead to identify Users through elaboration and association with data obtained by third parties.
b.1) DEFINITION AND PURPOSE OF COOKIES
A “cookie” is a small text file created by certain websites on the user’s computer when he or she accesses a particular site, whose purpose is to store and transmit information. Cookies are sent from a web server (which is the computer that runs the website visited) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and are stored on the user’s computer; they are then re-sent to the website when the user subsequently visits that site.
Cookies may also remain in the system for long periods of time and may also contain a unique identification code. This enables sites that use them to keep track of the user’s navigation inside the site, for statistical or advertising purposes i.e. in order to create a customised profile of the user based on the pages that user has visited and, hence, to show and/or send the site visitor targeted ads (so-called Behavioural Advertising).
b.2) WHICH COOKIES ARE USED BY THE WEBSITE AND FOR WHICH PURPOSES
This Site uses various types of technical cookies, but not profile cookies.
The Data Controller – following the directions provided by the Italian Data Protection Commissioner in the general Ruling of 8 May 2014 – details below the specific categories of cookies used, as well as the purpose thereof and the results of their deselection:
|TYPE OF COOKIES||PURPOSES||DURATION OF RETENTION||EFFECTS OF
|Navigation cookies||These allow normal navigation
and use of the website
|Valid for the browsing session||Browsing would not be possible
if these were deactivated,
which makes these cookies necessary
|Analytics cookies||These gather information in aggregate form on navigation by users to optimise the experience of navigation and the services themselves.||Established by third parties, reference is made to the privacy notice referred to below||It would not be possible for the Data Controller to obtain the information in aggregate form|
|These facilitate navigation and the service rendered to the user based on a series of criteria selected by the latter||Retained to preserve functionality for 30 days||It would not be possible to retain the selections made by users during navigation|
b.3) THIRD PARTY COOKIES
Third party cookies also operate on this website i.e. cookies created by a website other than the one that the user is currently visiting.
Based on the provisions of the Ruling of the Italian Data Protection Commissioner of 8 May 2014, the Data Controller is bound to provide the updated link to the privacy notices and consent forms of third parties with whom special agreements have been stipulated for the installation of cookies through its own website.
Third party cookies are:
Anonymous third party cookies
The use of anonymous third party cookies is provided for; these cookies facilitate the anonymous gathering and recording of information on pages of the website that have been accessed, without allowing the visitor to be identified, and they are not combined in any way with other information. Such data are used exclusively to track and examine the use of the sites by users, to compile statistics based on information gathered anonymously and by using data in aggregate form.
In particular, users are informed that the web analytics service that issues cookies used by the Data Controller is “Google Analytics”, described below.
b.4) RETENTION PERIOD
By accessing the Site and going beyond the introductory banner containing the short privacy notice, the Users consents to the use of the technical cookies specified in this document. This consent may be revoked at any time by pressing the button “I do not consent” at the end of this privacy and cookies policy.
Individual cookies may be freely selected/deselected using this system, but this may also be done by using one’s web browser (selecting the settings menu, clicking on internet options, opening up the privacy tab and selecting the desired level for blocking cookies).
By failing to accept functional cookies certain pages of the Site will not be visible.
The following categories of personal data could be collected through the use of the Site:
In certain circumstances we may also collect:
The personal data of the Data Subject is processed exclusively for the following purposes:
The legal basis of the processing is the consent freely given.
The Data Subjects have the right to revoke the consent given at any time and without any particular formality: in any commercial communication there will be a section that will allow to easily revoke the consent given.
The Data Subjects can also revoke the consent given by sending a simple communication to the addresses referred in art. 11 below.
Apart from what is specified for cookies and browsing data, the Data Subjects are free to provide personal data contained in the forms on the Site or in any case indicated on the occasion of contacts with the Data Controller to request the sending of informative material or other communications or to access specific services. The absence of this data may make impossible to fulfil the request.
Pursuant to art. 5 of the Privacy Regulation, the personal data will be:
The Data Controller, in accordance with the principles of legality, purpose limitation and data minimisation, pursuant to art. 5 of Privacy Regulation, stores and processes personal data for the time strictly necessary to fulfil the purposes identified above and until the Data Subjects parties to revoke the consent given.
For the purpose of determining the appropriate retention period, the Data Controller shall consider the quantity, nature and sensitivity of the Personal Data, the purposes for which they are processed and if the same purposes can be achieved by means of other instruments.
In particular, for the purposes of marketing, personal data may be kept for a period of 24 months from 25 may 2018, unless renewal thereof (expect the opposition to receive further communications). The Data Controller shall, every two years from the data of publication of this notice, to request the renewal of consent.
The Data Controller shall consider the periods for which he might need to retain the Personal Data in order to fulfil legal obligations (e.g. administrative tasks) or to examine Users’ requests, complaints and defend its rights where necessary.
The processing and retention of digital material, such as pictures or video, will be performed until the data subjects communicate the withdrawal of consent to data processing.
Personal data may be brought to the attention of:
Pursuant to art. 6 of the Privacy Regulation, without the express consent of the Data Subjects the data Controller can disclose the personal data to the supervisory bodies, judicial authorities and all other persons to whom that kind of communication is required by law and to the accomplishment of the purposes of art. 3. These subjects will process personal data as autonomous Data Controllers.
Personal data will not be disclosed, sold or exchanged with any third party without the express consent of the Data Subjects.
The management and conservation of personal data will happen on server (located within the European Union) of the Data Controller and/or of third parties appointed as data processors.
On the Site, the Controller has integrated components of the enterprise Facebook. Facebook is a social network. A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data. Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.
The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.
On the Site, the Controller has integrated components of the service Instagram. Instagram is a service that may be qualified as an audiovisual platform, which allows users to share photos and videos, as well as disseminate such data in other social networks.
The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, UNITED STATES.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject. If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, then Instagram matches this information with the personal Instagram user account of the data subject and stores the personal data. Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is logged in at Instagram at the time of the call to our website. This occurs regardless of whether the person clicks on the Instagram button or not. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our website is made.
The Controller has integrated components of the LinkedIn Corporation on the Site. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data. LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.
On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 280 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers. If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data. Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.
The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.
On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject. If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject. YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
On the Site, the Controller has integrated components of PayPal. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there are no classic account numbers. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also accepts trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject chooses “PayPal” as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order. The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the controller for the processing of the data will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.
PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order.
The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
Pursuant to articles 15-22 of the Privacy Regulation, the Data Subject is entitled:
For the purposes of this article, the Data Subject is entitled to request the cancellation, transformation into an anonymous form or blocking of data processed in violation of the law and, in any case, to abject, for legitimate reason, to their processing.
The Data Controller is aware that the Site and the services contained therein may be of interest to a minor public. For this reason, the Data Controller encourages parents to monitor their children’s use of Internet for a safe and filtered use of its contents, also through the use of parental control tools. In addition to ensuring a child-friendly online environment, these tools can prevents the disclosure of personal data by children or young people without the consent of their parents.
With regard to the collection and processing of personal data, the Data Controller does not perform any processing of personal data provided by minors. The registration on the Site is allowed only for adults. Related to the provision of certain services, the Data Controller collects, without any obligation for the Users, the personal date of birth. In this case, we invite all the Users who are not eighteen years old not to communicate their personal data, reserving the right to inhibit access to the services to the Users who are not eighteen years old.
Appropriate Deka M.E.L.A. S.r.l. could transfer personal data collected through the Site to other companies of the El.En. Group or to third parties located in other countries, even outside the European Union, which does not offer the same level of protection of personal data. The European Commission puts the countries deemed “adequate”, namely those that preparing an adequate protection, in a separate list, which can be viewed at: https://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi#1.
Transfers of personal data outside the European Union and to countries not belonging to the above list will be carried out exclusively under specific agreements between Deka M.E.L.A. S.r.l. and the companies involved, through the use of tools accepted by the European Commission.
If you request information about your data the Data Controller shall respond promptly – unless this proves impossible or involves a manifestly disproportionate effort compared with the right to be protected – and in any case no later than 30 days from the request. The Data Controller will justify any inability to meet the request, or delay in doing so.
Use of functional cookies I consent I do not consent
NOTE: By failing to accept functional cookies certain pages of the website will not be visible.
Use of analytics cookies I consent I do not consent
Last amendment 12 July 2018