Last updated: November 18, 2021
This information describes the processing of personal data entered or collected on the website https://skinlabo.us and is provided in accordance with Article 13 of EU Regulation 679/2016 (hereinafter "GDPR") and other applicable legislation or regulations on privacy and protection of personal data.
If you reside in the State of California, please see the California section below to learn more about your privacy rights.
The owner of the processing of your personal data is SKINLABO S.r.l. with registered office Via Pietro Micca, 20, 10122 Turin (TO), VAT 11541460017, in the person of the legal representative Enrico Maria Tricarico (TRCNCM74H07A662R), E-mail: firstname.lastname@example.org (hereinafter “Controller”).
In the event that the Data Controller makes use of data processors or sub-processors pursuant to art. 28 GDPR, the updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.
The types of personal data that we process depend on the purposes for which they are collected.
In general, we are allowed to directly collect the following types of personal data (“Personal Data”):
We also collect non-Personal Data, that is, data that does not personally identify an individual (“Non-Personal Data”). The Non-Personal Data we collect includes how you interact with the website, information generally collected or “logged” by internet websites or internet services when accessed or used by users, and information about your web browser or device accessing or using the website.
Examples of the Non-Personal Data we collect are:
We will not use Non-Personal Data to try to identify you, and if we associate any Non-Personal Data with information that personally identifies you, then we will treat it as Personal Data. Information collected by the website may be collected by us or one of our Service Providers (as defined below) or Online Tool Providers (as defined below).
The processing of your Personal Data by the Controller takes place:
⁃ to conclude contracts with the Controller;
⁃ to comply with pre-contractual, contractual and tax obligations arising from existing relationships;
⁃ to fulfil the obligations established by applicable law, regulation, regulatory guidance or court order.
⁃ to pursue a legitimate interest of the Controller or of third parties, provided that they do not override your interests or your rights and fundamental freedoms requiring Personal Data protection (e.g. the Controller’s right of defense of legal claims), including to provide, maintain, and protect the website; to set up, maintain, and protect accounts to use the website; to improve our online operations; to process transactions; provide customer service, including responding to your inquiries; to perform research and analysis aimed at improving our products and services and developing new products or services; and
To manage and maintain the systems that provide the website.
⁃ to send via e-mail, postal service and/or text messages and/or phone contacts, newsletter, commercial communications and/or advertising material on goods and services offered by the Controller and the measurement of the satisfaction degree on the services’ quality.
to send advertising communications, offers and promotions, via e-mail, post and/or SMS and/or telephone contacts, which are consistent with your interests and your consumer profile. Your profile will allow you to customize the offer of products and services addressed to you. To this end, the Controller will evaluate the type and number of requests for information submitted, including through the website, purchases of goods or services made by you from the Controller, your personal and contact information (e.g. place of residence), as well as any other information in our possession relating to you (e.g. your age and profession).
If you have denied your consent, it will not be possible to carry out the aforementioned activities under B) and/or C) and if you have given your consent to the processing activities under B) and/or C), you will in any case have the right to revoke your consent at any time by editing your profile information.
Additionally, you can opt out of receiving marketing e-mails from us by clicking on the “unsubscribe” link in the e-mails or by sending a written request to the email: email@example.com Please note that it may take up to thirty (30) business days for your opt-out request to be processed . Also, even if you opt out of marketing e-mails, we may continue to send you certain account-related e-mails, such as notices about your account and confirmations of transactions you have requested.
Your Personal Data shall be processed by the Controller only for the time necessary to fulfil the processing purposes as referred to in article 4 above, including retention in accordance with the applicable legal obligations, for administrative purposes and/or to ensure and protect a given right and, in any case, no further than the deadlines set up by the legislation for the prescription of rights.
In particular, for marketing purposes, your Personal Data will be kept by the Controller for a maximum of two years, and for profiling purposes for a maximum of one year.
Personal data are processed on both paper and electronic and/or automated means for the period of time necessary to fulfil the purposes for which they are collected by the Controller or by other duly authorised persons and/or persons in charge of these duties, identified and/or appointed, properly trained and informed on law obligations, as well as through the use of appropriate safety measures to ensure the protection of confidentiality and to avoid the risk of loss or damage, unauthorised accesses, unauthorised processing or not in accordance with the aforementioned purposes.
For the purposes mentioned above, the Personal Data concerning you may be accessible or disclosed to:
⁃ employees and collaborators of the Controller, as authorised personnel, within the scope of their respective duties and in accordance with the instructions received. In any case, these persons are subject to confidentiality obligations.⁃ “Service Providers,” by which we mean companies, agents, contractors, service providers, or others engaged to perform functions on our behalf (such as processing of payments, provision of data storage,
hosting of our website, marketing of our products and services, and conducting audits). When we use a Service Provider, we require that the Service Provider use and disclose the Personal Data and Non-Personal Data received from us only to provide their services to us or as required by applicable law.
⁃ All public and/or private entities, natural and/or legal persons (legal, administrative and tax counsel offices, collection agencies, judicial authorities, Chambers of commerce, labour offices, etc.) where the communication is deemed to be necessary or functional to the correct fulfilment of contractual obligations as well as of legal obligations.
⁃ All the entities (Public Authorities included) having access to Personal Data in accordance with normative and administrative acts; in any case the gathered Personal Data concerning you shall not be sold or transferred to third parties for marketing purposes and shall not be disclosed.
⁃ Additionally, the Controller may also disclose your Personal Data to third parties when we believe, in good faith and in our sole discretion, that such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the website, including investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property or safety of us, our users or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent or otherwise address fraud, security or technical issues.
⁃ The Controller may also transfer information (including your Personal Data) to a third party in the event of a sale, merger, or transfer of all or substantially all of the assets of our company relating to the website, or in the unlikely event of a bankruptcy, liquidation, or receivership of our business. We will use commercially reasonable efforts to notify you of such transfer, for example via email or by posting notice on our website.
⁃ Lastly, we may also disclose Non-Personal Data, aggregated with information about our other users, to our clients, business partners, merchants, advertisers, investors, potential buyers and other third parties if we deem such disclosure, in our sole discretion, to have sound business reasons or justifications.
The process and storage of your Personal Data will take place in Europe. However, the Controller, if it deems it necessary, shall have the right to process your Personal Data outside the European Economic Area (EEA). In such a case, the Controller shall ensure any transfer of Personal Data outside the EEA takes place in accordance with the applicable law, also by concluding, where necessary, agreements in order to grant a comfortably sufficient level of protection and/or by adopting standard contractual terms set up by the European Commission.
You may request access to your Personal Data by accessing your account profile or by sending an email to firstname.lastname@example.org. We will try to locate and provide you with your Personal Data and give you the opportunity to correct this data, if it is inaccurate, or to delete it, at your request
If you need further assistance with removing any content you posted through the website, you can email us at email@example.com. Removal of your posted content may not ensure complete or comprehensive removal from our computer systems.
We ask individual users to identify themselves and the information requested to be accessed, corrected, or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, would be extremely impractical (for instance, requests concerning information residing on backups), or relate to information that is not associated with your Personal Data. In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.
Please be aware that if you ask us to delete your Personal Data, you may not be able to continue to use the website. Also, even if you request that we delete your Personal Data, we may need to retain certain information for a limited period of time to satisfy our legal, audit and/or dispute resolution requirements.
We support the development and implementation of a standard "do not track" browser feature that provides customers with control over the collection and use of information about their web-browsing activities. Once a standardized "do not track" feature is released, we intend to adhere to the browser settings accordingly.
Residents of California, Nevada, or Canada
Residents of California
Residents of Nevada
We do not sell your Personal Data. However, you may contact us at firstname.lastname@example.org with questions.
Residents of Canada
3) To obtain from the Controller the erasure of Personal data concerning you without undue delay, within the limits and in compliance with the applicable law.
4) To obtain from the Controller the restriction of processing.
5) To receive Personal Data concerning you provided to the Controller in a structured, commonly used, machine-readable format. You also have the right to data portability and then to transmit these data to another Controller without hindrance from the Controller to which the Personal Data have been provided where the processing is based on consent or on a contract and it is carried out by automated means.
6) To object at any time, on grounds relating to your particular situation, to processing of Personal Data concerning you if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or the processing is necessary for the purposes of the legitimate interest pursued by the Controller or third parties.
7) If you consider your rights to be infringed by the Controller, you have the right to lodge a complaint with the Autorità Garante per la Protezione dei Dati Personali (piazza Montecitorio 121, 00186 Roma (RM) - www.garanteprivacy.it) and/or with other competent authority in accordance with the GDPR provisions.
The Controller, following the exercise of the rights as referred to in points 2),3) and 4) shall communicate any rectification or erasure or restriction of the processing to each of the recipients to whom the Personal Data have been disclosed in accordance with the applicable law.
In order to enforce the aforementioned rights against the Controller, you are required to submit a written request by sending a registered mail to is SKINLABO S.r.l., based in Corso Galileo Ferraris 22 Bis, 10121 Turin (TO) or an E-mail to email@example.com.