PRIVACY AND DATA PROTECTION POLICY

Last updated: November 18, 2021

This information describes the processing of personal data entered or collected on the website https://skinlabo.us and is provided in accordance with Article 13 of EU Regulation 679/2016 (hereinafter "GDPR") and other applicable legislation or regulations on privacy and protection of personal data.

 

If you reside in the State of California, please see the California section below to learn more about your privacy rights.

 

1. THE IDENTITY AND THE CONTACT DETAILS OF THE CONTROLLER.

The owner of the processing of your personal data is SKINLABO S.r.l. with registered office Via Pietro Micca, 20, 10122 Turin (TO), VAT 11541460017, in the person of the legal representative Enrico Maria Tricarico (TRCNCM74H07A662R), E-mail: privacy@skinlabo.com (hereinafter “Controller”).

In the event that the Data Controller makes use of data processors or sub-processors pursuant to art. 28 GDPR, the updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.

1.1 

2. WHICH TYPES OF PERSONAL DATA AND NON-PERSONAL DATA WE PROCESS

The types of personal data that we process depend on the purposes for which they are collected.

In general, we are allowed to directly collect the following types of personal data (“Personal Data”):

1. contact details such as name, surname, e-mail address, certified electronic mail address, address, city, telephone number;
2. Personal Data directly provided by you through communications or attachments to communications (e.g. bank data, company data);
3. use, navigation, functional, session, statistical, profiling data, including the device identifier or IP address of the user, the time the user visits the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user;

The processing also concerns the operations, or the set of operations concerning data collected also through the use of cookies, whose policy can be viewed at the following link: https://skinlabo.us/pages/cookie-policy

 

We also collect non-Personal Data, that is, data that does not personally identify an individual (“Non-Personal Data”).  The Non-Personal Data we collect includes how you interact with the website, information generally collected or “logged” by internet websites or internet services when accessed or used by users, and information about your web browser or device accessing or using the website. 

Examples of the Non-Personal Data we collect are:

• The pages of our website that you viewed during a visit;
• What information, content or advertisements you view or interact with using the website;
• Language preferences;
• The city and state in which you are located (but not your precise geographic location); and 

• Unique identifiers that are not connected and cannot reasonably be connected to your identity.

 

We will not use Non-Personal Data to try to identify you, and if we associate any Non-Personal Data with information that personally identifies you, then we will treat it as Personal Data. Information collected by the website may be collected by us or one of our Service Providers (as defined below) or Online Tool Providers (as defined below).

3. SOCIAL MEDIA

Our services may integrate with social media platforms, such as Facebook, YouTube, and Instagram. When you connect a social media account to our services, then we may collect information about that social media account and share information with that social media account as described in the connection process. This collected information may include, but is not limited to, your name, email address, demographic information from your profile, friend lists, postings or other content, and your profile picture.  You acknowledge and agree that Skinlabo is not responsible for the data collection or use practices of any such connected social media platform.  You should read each social media platform’s privacy policy before connecting that social media account.

4. WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS.

The processing of your Personal Data by the Controller takes place:

 

1. A) without your express consent (including as provided under art. 6, lett. b) - f) of the GDPR) for the following purposes:

              ⁃             to conclude contracts with the Controller;

              ⁃             to comply with pre-contractual, contractual and tax obligations arising from existing relationships;

              ⁃             to  fulfil the obligations established by applicable law, regulation, regulatory guidance or court order.

              ⁃             to pursue a legitimate interest of the Controller or of third parties, provided that they do not override your interests or your rights and fundamental freedoms requiring Personal Data protection (e.g. the Controller’s right of defense of legal claims), including  to provide, maintain, and protect the website; to set up, maintain, and protect accounts to use the website; to improve our online operations; to process transactions; provide customer service, including responding to your inquiries; to perform research and analysis aimed at improving our products and services and developing new products or services; and

To manage and maintain the systems that provide the website.

 

1. Only under your prior specific and distinct consent (including as provided under art. 6, lett. a) and art. 7 of the GDPR), for the following marketing purposes:

              ⁃             to send via e-mail, postal service and/or text messages and/or phone contacts, newsletter, commercial communications and/or advertising material on goods and services offered by the Controller and the measurement of the satisfaction degree on the services’ quality.

 

1. C) Only after your specific and separate consent (including as provided under art. 6 lett. a) and art. 7 of the GDPR), for the following profiling purposes:

to send advertising communications, offers and promotions, via e-mail, post and/or SMS and/or telephone contacts, which are consistent with your interests and your consumer profile. Your profile will allow you to customize the offer of products and services addressed to you. To this end, the Controller will evaluate the type and number of requests for information submitted, including through the website, purchases of goods or services made by you from the Controller, your personal and contact information (e.g. place of residence), as well as any other information in our possession relating to you (e.g. your age and profession).

 

If you have denied your consent, it will not be possible to carry out the aforementioned activities under B) and/or C) and if you have given your consent to the processing activities under B) and/or C), you will in any case have the right to revoke your consent at any time by editing your profile information.

 

Additionally, you can opt out of receiving marketing e-mails from us by clicking on the “unsubscribe” link in the e-mails or by sending a written request to the email: privacy@skinlabo.com  Please note that it may take up to thirty (30) business days for your opt-out request to be processed .  Also, even if you opt out of marketing e-mails, we may continue to send you certain account-related e-mails, such as notices about your account and confirmations of transactions you have requested.

 

5. FOR HOW LONG WE RETAIN AND PROCESS YOUR PERSONAL DATA.

Your Personal Data shall be processed by the Controller only for the time necessary to fulfil the processing purposes as referred to in article 4 above, including retention in accordance with the applicable legal obligations, for administrative purposes and/or to ensure and protect a given right and, in any case, no further than the deadlines set up by the legislation for the prescription of rights.

In particular, for marketing purposes, your Personal Data will be kept by the Controller for a maximum of two years, and for profiling purposes for a maximum of one year.

 

6. HOW WE PROCESS YOUR PERSONAL DATA.

Personal data are processed on both paper and electronic and/or automated means for the period of time necessary to fulfil the purposes for which they are collected by the Controller or by other duly authorised persons and/or persons in charge of these duties, identified and/or appointed, properly trained and informed on law obligations, as well as through the use of appropriate safety measures to ensure the protection of confidentiality and to avoid the risk of loss or damage, unauthorised accesses, unauthorised processing or not in accordance with the aforementioned purposes.

 

7. TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA

For the purposes mentioned above, the Personal Data concerning you may be accessible or disclosed to:

              ⁃             employees and collaborators of the Controller, as authorised personnel, within the scope of their respective duties and in accordance with the instructions received. In any case, these persons are subject to confidentiality obligations.

              ⁃           “Service Providers,” by which we mean companies, agents, contractors, service providers, or others engaged to perform functions on our behalf (such as processing of payments, provision of data storage,

hosting of our website, marketing of our products and services, and conducting audits).   When we use a Service Provider, we require that the Service Provider use and disclose the Personal Data and Non-Personal Data received from us only to provide their services to us or as required by applicable law.

              ⁃           “Online Tool Providers,” by which we mean a licensor of software that we include in, or use with, our website, including an API or SDK, that provides a specialized function or service to us and that requires the transmission of Personal Data and/or Non-Personal Data to the Online Tool Provider.  Online Tool Providers may have the right to use Personal Data and Non-Personal Data about you for their own business purposes.  Use and disclosure of Personal Data and Non-Personal Data by an Online Tool Provider is described in its privacy policy. For example, we use Google Analytics https://www.google.com/intl/en/policies/privacy/   

⁃             All public and/or private entities, natural and/or legal persons (legal, administrative and tax counsel offices, collection agencies, judicial authorities, Chambers of commerce, labour offices, etc.) where the communication is deemed to be necessary or functional to the correct fulfilment of contractual obligations as well as of legal obligations.

              ⁃             All the entities (Public Authorities included) having access to Personal Data in accordance with normative and administrative acts; in any case the gathered Personal Data concerning you shall not be sold or transferred to third parties for marketing purposes and shall not be disclosed.

              ⁃             Additionally, the Controller may also disclose your Personal Data to third parties when we believe, in good faith and in our sole discretion, that such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the website, including investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property or safety of us, our users or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent or otherwise address fraud, security or technical issues. 

              ⁃             The Controller may also transfer information (including your Personal Data) to a third party in the event of a sale, merger, or transfer of all or substantially all of the assets of our company relating to the website, or in the unlikely event of a bankruptcy, liquidation, or receivership of our business. We will use commercially reasonable efforts to notify you of such transfer, for example via email or by posting notice on our website.

              ⁃             Lastly, we may also disclose Non-Personal Data, aggregated with information about our other users, to our clients, business partners, merchants, advertisers, investors, potential buyers and other third parties if we deem such disclosure, in our sole discretion, to have sound business reasons or justifications. 

 

8. TRANSFER OF PERSONAL DATA OUTSIDE THE EU AREA.

The process and storage of your Personal Data will take place in Europe. However, the Controller, if it deems it necessary, shall have the right to process your Personal Data outside the European Economic Area (EEA). In such a case, the Controller shall ensure any transfer of Personal Data outside the EEA takes place in accordance with the applicable law, also by concluding, where necessary, agreements in order to grant a comfortably sufficient level of protection and/or by adopting standard contractual terms set up by the European Commission.

9. TRANSPARENCY AND CHOICE; DO NOT TRACK SIGNALS

You may request access to your Personal Data by accessing your account profile or by sending an email to privacy@skinlabo.com. We will try to locate and provide you with your Personal Data and give you the opportunity to correct this data, if it is inaccurate, or to delete it, at your request

If you need further assistance with removing any content you posted through the website, you can email us at privacy@skinlabo.com. Removal of your posted content may not ensure complete or comprehensive removal from our computer systems.
We ask individual users to identify themselves and the information requested to be accessed, corrected, or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, would be extremely impractical (for instance, requests concerning information residing on backups), or relate to information that is not associated with your Personal Data. In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.

Please be aware that if you ask us to delete your Personal Data, you may not be able to continue to use the website. Also, even if you request that we delete your Personal Data, we may need to retain certain information for a limited period of time to satisfy our legal, audit and/or dispute resolution requirements.

We may use third-party service providers that collect information for interest-based advertising purposes (advertisements that are tailored to your likely interests, based on categories in which you have shown an interest). To learn more about these third parties and the choices they offer users, please visit the Network Advertising Initiative’s choices page http://www.networkadvertising.org/choices or the Digital Advertising Alliance’s choices page. If you are reading this Privacy Policy from a mobile device, you can learn more about the DAA's mobile choices program here http://www.aboutads.info/choices.

We support the development and implementation of a standard "do not track" browser feature that provides customers with control over the collection and use of information about their web-browsing activities. Once a standardized "do not track" feature is released, we intend to adhere to the browser settings accordingly.

Residents of California, Nevada, or Canada
Residents of California

You may have heard of the California Consumer Privacy Act which provides certain rights to California (CCPA) residents in connection with their Personal Data. We are not currently subject to the CCPA. However, we do provide notice and transparency about our collection and use of Personal Data as described in Privacy Policy. Additionally, you may make certain requests in connection with your Personal Data as described in article 12 below.

Residents of Nevada

We do not sell your Personal Data. However, you may contact us at privacy@skinlabo.com with questions.

Residents of Canada

If you have an objection to the use of your Personal Data as described in this Privacy Policy, you may file a complaint by sending an email to privacy@skinlabo.com. We will attempt to accommodate your objection or complaint, but you understand that, to the extent you object to our processing of Personal Data that is necessary for us to provide the webite to you, certain features and functionalities of the website may no longer to obtain the completion of incomplete Personal Data, including by means of providing a supplementary statement.
3) To obtain from the Controller the erasure of Personal data concerning you without undue delay, within the limits and in compliance with the applicable law.
4) To obtain from the Controller the restriction of processing.
5) To receive Personal Data concerning you provided to the Controller in a structured, commonly used, machine-readable format. You also have the right to data portability and then to transmit these data to another Controller without hindrance from the Controller to which the Personal Data have been provided where the processing is based on consent or on a contract and it is carried out by automated means.
6) To object at any time, on grounds relating to your particular situation, to processing of Personal Data concerning you if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or the processing is necessary for the purposes of the legitimate interest pursued by the Controller or third parties.
7) If you consider your rights to be infringed by the Controller, you have the right to lodge a complaint with the Autorità Garante per la Protezione dei Dati Personali (piazza Montecitorio 121, 00186 Roma (RM) - www.garanteprivacy.it) and/or with other competent authority in accordance with the GDPR provisions.
The Controller, following the exercise of the rights as referred to in points 2),3) and 4) shall communicate any rectification or erasure or restriction of the processing to each of the recipients to whom the Personal Data have been disclosed in accordance with the applicable law.
In order to enforce the aforementioned rights against the Controller, you are required to submit a written request by sending a registered mail to is SKINLABO S.r.l., based in Corso Galileo Ferraris 22 Bis, 10121 Turin (TO) or an E-mail to privacy@skinlabo.com.

13. WHAT HAPPENS IF THE PRIVACY POLICY IS CHANGED.
This information notice may be modified and updated at any time with or without prior notice by posting the updated policy on this page. You can always check the “Last Updated” date at the top of this document to see when the Privacy Policy was last changed. If we make any material changes to this Privacy Policy, we will notify you by reasonable means, which may be by e-mail or posting a notice of the changes on our website prior to the changes becoming effective. We encourage you to check this Privacy Policy from time to time. IF YOU DO NOT AGREE TO CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE SERVICES