EU Regulation 679/2016 – General Data Protection Regulation
- Website Privacy Policy
With this policy Comprof Milano srl (hereinafter for brevity Comprof) intends to inform visitors to the website https://professional-haircare.it/en/ (hereinafter for brevity the “Site”) of the policy adopted on the Protection of Personal Data and emphasises its commitment and attention to the protection of the privacy of visitors to the Site. Please read our Privacy Policy carefully. It applies both if you access the Site and simply browse through it using our services, without purchasing any products, and if you decide to make purchases.
Navigation within the Site is free and does not require any registration, with the exception of certain areas in which the user may freely and expressly provide a series of data concerning him or her in order to access specifically identified services (e.g. requesting information via the “Contacts” section, Newsletter, etc.). Where therefore the user intends to provide his/her personal data to access these additional services, he/she will be expressly informed in accordance with EU Regulation 679/2016 General Data Protection Regulation (the “Regulation”) with an indication (by way of example) of the purposes and methods of use of the data by Comprof as well as the right to request at any time the deletion of the data or its update.
Pursuant to and for the purposes of Article 13 of EU Regulation 679/2016 General Data Protection Regulation Comprof provides you with the following information.
Section I
- Identity and contact details of the Data Controller
The website https://professional-haircare.it/en/ (the “Site”) is managed by Comprof Milano srl with registered office in Naples – Piazza Santa Maria Degli Angeli a Pizzofalcone, Italy, Tax Code, VAT No. and Registration with the Register of Companies of Naples No. 07479001211, e-mail info@professional-haircare.it in its capacity as Data Controller pursuant to the Regulation.
The Data Controller has appointed an External Data Processor in Easy Web Srl, with registered office in Naples at Via Saverio Gatto 18 80131, as the agency responsible for web management and communication. Your data may be processed by the employees of the company functions assigned to the pursuit of the purposes indicated, who have been expressly authorised to do so and who have received adequate operating instructions.
Any third parties to whom the data may be communicated in order to carry out processing operations connected with the purposes specified in this statement will be designated in advance by the Data Controller as Data Processors pursuant to Art. 28. The data will not be disseminated.
- Types of personal data processed
No registration is required to access the Site. However, there are sections of the Site that require registration or the use of a username and password, or services for the use of which it is necessary to provide personal data (e.g. to proceed with the online shop, to contact us, newsletters, etc.).
Comprof Milano srl, acts as Data Controller and can be contacted at info@professional-haircare.it and collects and/or receives information about the Data Subject, such as:
Personal details: first name, surname, physical address, nationality, province and municipality of residence, fixed and/or mobile telephone, e-mail address(es).
Telematics traffic data Log, source IP address.
Comprof does not require the Data Subject to provide so-called “special” data, i.e., in accordance with the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sex life or sexual orientation of the person. In the event that the service requested from Comprof requires the processing of such data, the Interested Party will receive prior information and will be required to give consent.
Comprof will only use the personal data collected online for the purposes indicated during registration.
Data relating to connection and navigation within the Site (such as the URI-Uniform Resource Identifier addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment) are collected for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site: to the exclusion of this possibility, the data will be deleted after the time required to provide the services illustrated on the Site.
When processing personal data that can directly or indirectly identify you, we try to observe a principle of strict necessity. For this reason, we have configured the Site in such a way that the use of personal data is kept to a minimum and in such a way as to limit the processing of personal data that enable you to be identified only when necessary or at the request of the authorities and the police (such as, for example, for data relating to traffic and your stay on the Site or your IP address) or to ascertain responsibility in the event of hypothetical computer crimes against the Site.
Some data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, and are deleted immediately after processing.
The data referred to in the preceding points collected when browsing the Site will be processed by employees, collaborators of the Company or external subjects, in their capacity as persons in charge of and responsible for processing, who carry out tasks of a technical and organisational nature on behalf of the Company.
Your personal data will be processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected and in accordance with the principle of necessity and proportionality, avoiding the processing of personal data if the operations can be carried out through the use of anonymous data or by other means.
We have adopted specific security measures to prevent the loss of personal data, unlawful or incorrect use and unauthorised access, but please remember that it is essential for the security of your data that your device is equipped with tools such as constantly updated antivirus software and that the provider providing the Internet connection guarantees the secure transmission of data through firewalls, spam filters and similar measures.
Section II
- Purpose and legal basis of processing
The data are used by the Data Controller to fulfil the request for registration and the contract for the supply of the purchased Product, to manage and execute the contact requests forwarded by the Interested Party, for the newsletter service, to provide assistance, to fulfil the legal and regulatory obligations to which the Data Controller is bound by virtue of the activity carried out. Under no circumstances shall Comprof resell the personal data of the Data Subject to third parties or use them for purposes not stated. The purposes for which the data will be used are set out in detail in the specific information notes that from time to time illustrate the characteristics of the processing operations that will be carried out by Comprof.
In particular, the Data Subject’s data will be processed for:
a) registration and requests for contact and/or information material
The processing of the Data Subject’s personal data takes place in order to carry out the activities preliminary and consequent to the request for registration, for the management of requests for information and contact and/or the sending of informative material, as well as for the fulfilment of any other obligation arising.
The legal basis for such processing is the fulfilment of the services inherent in the request for registration, information and contact and/or the sending of information and marketing material (newsletters) and compliance with legal obligations.
b) management of the contractual relationship
The processing of the personal data of the Interested Party takes place in order to carry out the activities preliminary and subsequent to the purchase of a Product, the management of the relative order, the provision of the Service and/or the production and/or shipment of the Product purchased, the relative invoicing and the management of the payment, the handling of complaints and/or reports to the assistance service and the provision of the assistance, the prevention of fraud as well as the fulfilment of any other obligation deriving from the contract.
The legal basis for such processing is the performance of services inherent in the contractual relationship and compliance with legal obligations.
c) promotional activities on Products and marketing similar to those purchased by the Data Subject (Paragraph 47 GDPR)
The Data Controller, even without your explicit consent, may use the contact data communicated by the Data Subject for the purposes of direct sales of its own Products, limited to the case of Products similar to those being sold, unless the Data Subject explicitly objects.
d) commercial promotion and marketing activities on products other than those purchased by the Data Subject
The Data Subject’s personal data may also be processed for purposes of commercial promotion, surveys and market research with regard to products offered by the Controller only if the Data Subject has authorised the processing and does not object to it.
Such processing may be carried out automatically in the following ways:
email;
Text message;
phone contact
and can be carried out:
- if the Data Subject has not withdrawn his consent for the use of the data;
- if, in the event that the processing is carried out by means of contact with a telephone operator, the Data Subject is not registered in the objections register referred to in Presidential Decree no. 178/2010;
The legal basis for such processing is the consent given by the Data Subject prior to the processing itself, which may be revoked by the Data Subject freely and at any time (see Section III).
Services such as the newsletter and the storage of user data requested during registration via the form are managed through HubSpot: the platform stores the requested data on its servers (therefore also outside the European Union). Here you can find information on HubSpot’s terms of use.
HubSpot offers details and insights on the opening of the newsletter (Open Rate, Click Rate etc.); the Data Processor can consult this information in order to assess how attractive the content sent is to the user.
e) IT Security
The Data Controller, in line with the provisions of Paragraph 49 of the GDPR, processes, also through its suppliers (third parties and/or recipients), the personal traffic data of the Data Subject to the extent strictly necessary and proportionate to ensure network and information security, i.e. the ability of a network or an information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.
The Data Controller shall promptly inform the Data Subjects if there is a particular risk of a breach of their data without prejudice to the obligations arising from the provisions of Article 33 of the GDPR concerning personal data breach notifications.
The legal basis for such processing is compliance with legal obligations and the legitimate interest of the Data Controller in carrying out processing for the purposes of protecting the company’s assets and the security of Comprof’s offices and systems.
f) profiling
The Data Subject’s personal data may also be processed for profiling purposes (such as analysing the data transmitted and the Services/Products chosen, proposing advertising messages and/or commercial proposals in line with the choices expressed by the users) only if the Data Subject has given his or her explicit and informed consent. The legal basis for such processing is the consent given by the Data Subject prior to the processing, which may be revoked by the Data Subject freely and at any time (see Section III).
g) fraud prevention (Paragraph 47 and Art. 22 GDPR)
The Data Subject’s personal data, excluding special data (Art. 9 GDPR) or judicial data (Art. 10 GDPR) will be processed to allow inspections for the purpose of monitoring and preventing fraudulent payments, by software systems that carry out a check in an automated manner and prior to the negotiation of Products; if these inspections are passed with a negative result, the transaction cannot be carried out; the Interested Party may in any event express his or her opinion, obtain an explanation or contest the decision, stating his or her reasons to the Customer Service department or by contacting info@professional-haircare.it
Personal data collected for anti-fraud purposes only, as opposed to data required for the proper performance of the requested service, will be deleted immediately upon completion of the inspection phases.
h) child protection
The Products offered by the Controller are reserved for persons legally capable, on the basis of the relevant national legislation, of concluding contractual obligations.
i) Fulfilling legal obligations
To comply with obligations imposed by laws or regulations or orders from competent authorities.
The legal basis for such processing is the need to fulfil a legal obligation.
- Communication to third parties and categories of recipients (Art. 13, paragraph 1° GDPR)
The communication of the Data Subject’s personal data is mainly made to third parties and/or recipients whose activity is necessary to carry out the activities inherent to the established relationship and to meet certain legal obligations, such as:
Third party suppliers and Comprof.
Provision of services (support, maintenance, delivery/shipping of products, provision of additional services, providers of electronic communication networks and services) related to the requested performance
Financial and digital payment institutions, banking/postal institutions
Management of receipts, payments, reimbursements related to contractual obligations
External professionals/consultants and consulting companies
Fulfilment of legal obligations, exercise of rights, protection of contractual rights, debt recovery
Financial administration, public bodies, judicial authorities, supervisory and control authorities
Fulfilment of legal obligations, defence of rights; lists and registers kept by public authorities or similar bodies under specific legislation, in relation to contractual obligations
Persons formally delegated or having recognised legal status
Legal representatives, curators, tutors, etc.
The Controller imposes on its Third Party Suppliers and Processors compliance with security measures equal to those adopted in respect of the Data Subject, restricting the scope of the Processor’s action to processing operations connected with the service requested.
The Data Controller does not transfer your personal data to countries where the GDPR does not apply (non-EU countries) unless specifically stated otherwise, for which you will be informed in advance and your consent will be sought if necessary.
The legal basis for such processing is the performance of services inherent to the relationship established, compliance with legal obligations and the legitimate interest of Comprof to carry out processing necessary for these purposes.
- What happens if the Data Subject does not provide the data identified as necessary for the performance of the service requested? (Art. 13, paragraph 2°, letter e GDPR)
The provision of personal data is generally optional.
Only in certain cases the failure to provide data make it impossible to access specific services and obtain what may be requested (e.g. registration – and the provision of personal details, e-mail address, delivery address, credit/debit card details or bank details and telephone number – is necessary to proceed with the purchase of products online);
The data required from time to time are indicated in the data collection forms on the Site – e.g. by indicating them with an asterisk (*).
The collection and processing of personal data is necessary to carry out the services requested as well as the provision of the Service and/or the supply of the Product requested. If the Data Subject does not provide the personal data expressly envisaged as necessary in the order form or in the contact or registration form, the Data Controller will not be able to carry out the processing linked to the management of the services requested and/or the contract and the Services/Products connected thereto, nor the fulfilments that depend on them.
- What happens if the Data Subject does not give consent to the processing of personal data for commercial promotion activities on Services/Products different from those purchased?
If the data subject does not give his/her consent to the processing of his/her personal data for such purposes, such processing shall not take place for such purposes, without affecting the provision of the services requested, nor for those for which he/she has already given his/her consent, if requested.
If the Data Subject has given his/her consent and subsequently withdraws it or objects to the processing of his/her data for the purpose of commercial promotion, his/her data will no longer be processed for such activities, without this entailing any consequences or detrimental effects for the Data Subject or for the services requested.
Section III
- Methods of data processing and scope of communication
The data may be processed both electronically and on paper (e.g. for the management of purchases on the Website). Comprof guarantees the lawful and correct treatment of personal data provided through the Website, in full compliance with current legislation, as well as the maximum confidentiality of data provided during registration.
The data will not be disseminated and will be processed by staff expressly authorised to manage the Site.
For purely organisational and functional reasons, we have appointed a number of suppliers of services functional to the management of the Site as external processors of users’ personal data for purposes strictly connected and related to the provision of the services provided.
Finally, depending on the services requested through the Site, the data may be communicated to companies that provide us with services useful for managing purchases.
Your data will be communicated to:
- payment processing companies
- shipping and delivery companies;
- legal, tax and audit advisory services
- Links to other websites
This information is provided only for the website https://en.professional-haircare.it/ and not for other websites that may be consulted by the user via links.
Comprof cannot be held responsible for personal data provided by users to external parties or any websites linked to this Website.
- “Profiling” and/or personalisation tools
Comprof does not carry out any promotional and/or advertising communication activities without the prior express consent of the user.
The Site uses “cookies”, both technical (i.e. to facilitate navigation and use of the Site) and profiling (i.e. to analyse users and their behaviour and preferences, and to provide them with personalised advertising). (as better specified in section IV below and in the Cookie Policy).
For a detailed explanation of the cookies used by the Site and how to disable them, please read our Cookie Policy.
- Place of data processing and transfers outside the European Union
The personal data of the Interested Party are stored in computer and telematic archives at Easy web srl.
The processed data collected through the site may be transferred to countries outside the European Union where our service providers are based.
Under the applicable law, your specific consent to the transfer to third countries is not required as the transfer is made on the basis of the adoption of appropriate safeguards as referred to in Articles 46 and 47 of the Regulation, such as the adoption of standard contractual clauses approved by the EU Commission.
The transfer of your data to any other third countries, where necessary, will take place in full compliance with the guarantees, measures and rights as set out in the Regulation. By simple request to the references indicated in paragraph j), you may receive further information on the transfer of your data and the guarantees provided for their protection, as well as the means of obtaining a copy of such data or the place where they have been made available.
- Data conservation period
Unless the Data Subject explicitly expresses his or her wish to remove them, the personal data of the Data Subject will be kept as long as they are necessary for the legitimate purposes for which they were collected. (see specific information).
In particular, they will be stored for the duration of your registration on the site and in any case for no longer than a maximum period of 12 (twelve) months of inactivity, or if, within this period, no Services are associated with you and/or no Products are purchased through your registration.
In the case of data provided to the Controller for the purposes of commercial promotion for services other than those already acquired from the Data Subject, for which the Data Subject initially gave consent, such data shall be stored for 24 months, unless the consent given is revoked.
In the case of data provided to the Controller for profiling purposes, such data will be retained for 12 months, unless the consent given is always revoked.
The data entered in the Contacts form will be processed for the time necessary to handle your request correctly.
It should also be added that, in the event that a user submits to Comprof personal data not requested or not necessary for the performance of the service requested or the provision of a service closely related to it, Comprof cannot be considered the owner of such data, and will delete them as soon as possible.
Regardless of the Interested Party’s decision to remove them, personal data will in any case be stored in accordance with the terms provided for by the applicable legislation and/or national regulations, for the exclusive purpose of guaranteeing the specific fulfilments specific to certain Services.
In addition, personal data shall in any case be kept for the fulfilment of obligations (e.g. fiscal and accounting) that remain even after the termination of the contract (Art. 2220 c.c.); for these purposes the Data Controller shall keep only the data necessary for the relative pursuit.
This is without prejudice to cases in which the rights deriving from the contract and/or registration have to be asserted in court, in which case the Data Subject’s personal data, only those necessary for such purposes, will be processed for the time necessary for their pursuit.
The data relating to the details of your purchases will, on the other hand, be processed for analysis or promotional purposes for a maximum period of 7 years from their registration (in accordance with the authorisation provision issued by the Guarantor Authority for the protection of personal data of 22 December 2015); subsequently the data will be deleted or made anonymous.
Your bank details will be kept securely for the time necessary to confirm your order and payment, after which they will be deleted. In the event of non-payment, your data will be processed for the duration of the claim and thereafter for a period 3 to 5 years, according to the type of claim.
Regarding the conservation time of data collected through the use of profiling tools (e.g. cookies), please see our Cookie Policy.
- Rights of Data Subjects
By sending a communication to Comprof Milano srl, email info@professional-haircare.it, you may at any time exercise your rights [5] as referred to in Articles 15 to 22 of the Regulation, including knowing what data we are processing, how and for what purposes we use them, modify the data you have provided or delete them, ask us to limit the use of your data, request to receive or transmit your data, without prejudice to the possibility of changing your consent (if any). You can also object to the processing of your data, in particular for marketing purposes or the analysis of your preferences.
Articles 15 to 22 of the Regulation recognise specific rights, including:
- obtain confirmation as to whether or not personal data concerning you are being processed;
- obtain access to your personal data and to the information indicated in Article 15 of the Regulation;
- obtain the rectification of inaccurate personal data concerning you without undue delay or the integration of incomplete personal data;
- obtain the deletion of your personal data without undue delay;
- obtain the limitation of the processing of your personal data;
- be informed of any rectification or erasure or restriction of processing of your personal data;
- receive or transmit to another Data Controller in a structured, commonly used and machine-readable format your personal data;
- to object at any time, on grounds relating to your particular situation, to the processing of your personal data.
In particular, your right to revoke at any time any processing consents you may have given and to object to our analysis activities remains unaffected.
Furthermore, pursuant to Article 21 of the Regulation, you shall have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out in pursuit of the legitimate interests of the Controller pursuant to Article 6, paragraph 1, letter f of the Regulation.
- Who can you contact for a complaint
The Data Controller is Comprof Milano srl, in the person of its legal representative pro tempore; PEC: comprofmilano@legalmail.it
If you have any general questions about the information we collect and how we use it, please contact us by email at info@professional-haircare.it or by sending a letter to Comprof Milano srl-CIS DI NOLA ISOLA 8-8032 NOLA (NA) CAP 80035
If you are not satisfied with our answer, you can contact the Data Protection Authority:
Piazza di Monte Citorio, 121 – 00186 Roma
Telephone: + 39-06-6967 71 / + 39-06-6967 72917
Email: urp@gpdp.it
- Applicable law
This Privacy Policy is governed by EU Regulation 679/2016, which ensures that personal data is processed in accordance with the fundamental rights and freedoms and dignity of the Data Subject, with particular reference to confidentiality, personal identity and the right to protection of personal data.
- Review clause
Comprof Milano srl reserves the right to revise, modify or simply update, wholly or partially, at its sole discretion, in any way and / or at any time, without notice, this Privacy Policy also in consideration of changes in laws or regulations regarding the protection of personal data. Amendments and updates to the Privacy Policy may be notified to users by (i) sending emails to users registered on the Site and/or (ii) publishing them on the Site’s Home Page, as appropriate, and will be binding as soon as they are published and/or notified. We therefore ask you to regularly access this section to check the publication of the most recent and up-to-date Privacy Policy or to check your email inbox.
The full text of EU Regulation 679/2016 can be found on the website of the Data Protection Authority www.garanteprivacy.it.
SECTION IV
COOKIES
- General information, deactivation and management of cookies
Cookies are data that are sent from the website and stored by your internet browser on your computer or other device (e.g. tablet or mobile phone). Technical cookies and third party cookies may be installed by our website or its subdomains.
However, the user can manage, or request the general deactivation or deletion of cookies, by modifying the settings of his internet browser. This deactivation, however, may slow down or prevent access to certain parts of the site.
The settings for managing or deactivating cookies may vary depending on the internet browser you are using, so for more information on how to do this, we suggest that you consult your device manual or the “Help” function of your internet browser.
Below are links explaining how to manage or disable cookies for the most popular internet browsers:
Internet Explorer: Delete and manage cookies
Google Chrome: Clear, enable, and manage cookies in Chrome – Android – Google Chrome Help
Mozilla Firefox: Cookie management | Firefox support
Opera: Web preferences
Safari: Managing cookies and website data in Safari on the Mac
16.1 Technical cookies
The use of technical cookies, i.e. cookies that are necessary for the transmission of communications over electronic communication networks or cookies that are strictly necessary for the provider to provide the service requested by the customer, allows our website to be used safely and efficiently.
Session cookies may be installed in order to allow you to access and remain in the private area of the portal as an authenticated user.
Technical cookies are essential for the proper functioning of our website and are used to allow users normal navigation and the possibility of using the advanced services available on our website. The technical cookies we use can be divided into session cookies, which are only stored for the duration of browsing until the browser is closed, and persistent cookies, which are stored in the memory of the user’s device until they expire or are deleted by the user. Our website uses the following technical cookies:
Technical navigation or session cookies, used to manage normal navigation and user authentication;
Functional technical cookies, used to store customisations chosen by the user, such as language;
Technical analytics cookies, used to find out how users use our website so we can evaluate and improve its performance.
16.2 Third-party cookies
Third-party cookies may be installed: these are analytical and profiling cookies from Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook. These cookies are sent from the websites of these third parties outside our site.
Third-party analytical cookies are used to collect information about user behaviour on the site. These cookies are collected anonymously in order to monitor the performance and improve the usability of the site. Third-party profiling cookies are used to create profiles of users in order to propose advertising messages in line with the choices made by users.
The use of these cookies is governed by the rules laid down by the third parties themselves, therefore, Users are invited to read the privacy notices and the instructions for managing or disabling cookies published on the following web pages:
For Google Analytics cookies:
– Privacy Policy: Privacy policy – Privacy and terms – Google
– How to manage or disable cookies: Enabling or disabling cookies – Android – Google Account Guide
16.3 Profiling cookies
Profiling cookies may be installed by the Data Controller(s), by means of so-called web analytics softwares, which are used to prepare detailed analysis reports in real time about: visitors to a website, search engines of origin, keywords used, language of use, most visited pages.
They may collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, navigation origin, pages visited and number of pages, duration of visit, number of visits made.
For further information please see the cookie policy https://en.professional-haircare.it/cookie-policy/
EU Regulation 679/2016 – General Data Protection Regulation
- Newsletter Privacy Policy
a) Who processes your personal data:
Comprof Milano srl with registered office in Naples – Piazza Santa Maria Degli Angeli a Pizzofalcone, Italy, tax code, VAT number and registration with the Register of Companies of Naples n.07479001211, e-mail info@professional-haircare.it as Data Controller pursuant to the Regulation.
The Data Controller has appointed an External Data Processor in Easy Web Srl, with registered office in Naples at Via Saverio Gatto 18 – 80131, as the agency responsible for web management and communication. Your data may be processed by the employees of the company functions assigned to the pursuit of the indicated purposes, who have been expressly authorised to process them and who have received adequate operating instructions.
The newsletter and the storage of user data requested during registration via the form are managed through HubSpot: the platform stores the requested data on its servers (therefore also outside the European Union). Here you can find information on HubSpot’s Privacy Policy.
HubSpot offers details and insights on the opening of the newsletter (Open Rate, Click Rate etc.); the Data Processor can consult this information in order to assess how attractive the content sent is to the user.
b) Why we process your data:
The data you are providing us with by filling in this electronic form is necessary to enable us to subscribe you to the Newsletter and to update you by sending you promotional material (by email) on products, services (e.g. purchasing methods, home delivery, etc.), initiatives and events as well as to carry out market research (to better understand your interests and to be able to improve our offer).
The legal basis for the processing of your data will be your consent in accordance with Article 6, paragraph 1, letter a of the Regulation.
c) Your consent:
In order to be able to update you on our products, services, initiatives and events, to send you promotional material or to carry out market research, we need your explicit consent (pursuant to Art. 6, paragraph 1, letter a) of the Regulations). If you do not wish to provide your consent, we will not be able to proceed with your registration for our Newsletter. Your consent is freely revocable (cf. letter h) of the information notice) without prejudice to the lawfulness of the processing prior to revocation, also by simply using the link present in all our Newsletters) or by writing to info@professional-haircare.it
d) What data are needed:
We ask you to provide all the data requested as “compulsory” (*) because they are necessary for your subscription to our Newsletter; if you do not fill in the form or if it is incomplete, your registration cannot be completed.
e) How we process your data:
Your data will be processed by computer in compliance with the regulations in force – and their subsequent amendments and/or supplements – issued by the Data Protection Authority (including the Guidelines on promotional activities and combating spam of 4 July 2013), and, in any event, in such a way as to ensure their security and confidentiality and prevent their unauthorised disclosure or use, alteration or destruction.
f) How long we store your data:
Your data will be processed for the duration of your subscription to our Newsletter service or – in any case – until you revoke your consent (which can be requested at any time, also using the link in all our Newsletters); thereafter, the data will be deleted or made anonymous.
g ) Who processes your data:
Your data will not be disclosed. In order to allow you to receive our Newsletter and to be contacted by Comprof, your data may be disclosed (within their respective area of responsibility) to persons authorised to process them by Comprof, as well as to companies that provide us with services useful for the management of our site or that carry out marketing activities on our behalf.
Your data may be disclosed to the following recipients as external data processors:
(i) companies that analyse your purchases on our behalf;
(ii) companies appointed on our behalf to manage the “Customer Service”;
(iii) companies in charge of managing our website and its computer files;
(iv) companies involved in the operation and maintenance of the Site;
(v) companies offering emailing services; Site maintenance services; marketing services;
(vi) Group companies
h) Your data are transmitted outside the European Union:
To allow us to properly manage our Site and the Newsletter service you have requested, your personal data may be transferred to countries outside the European Union where our sales-related service providers are based..
The applicable law provides that your specific consent to the transfer to third countries is not required as the transfer is made on the basis of the adoption of adequate safeguards referred to in Articles 46 and 47 of the Regulation, such as the adoption of standard contractual clauses approved by the EU Commission as is the case with the retail companies that operate Fendi shops worldwide and our service providers.
The transfer of your data to any other third countries, where necessary, will take place in full compliance with the guarantees, measures and rights provided for in the Regulation. By simple request to the references indicated in paragraph j), you may receive further information on the transfer of your data and the guarantees provided for their protection as well as the means of obtaining a copy of such data or the place where they have been made available.
i) What are your rights?
By means of a communication to be sent to Comprof Milano srl, email info@professional-haircare.it you may at any time exercise your rights pursuant to Articles 15 to 22 of the Regulation, including knowing what data we are processing, how and for what purposes we use it, modifying the data you have provided or cancelling it, asking us to limit the use of your data, requesting to receive or transmit your data, without prejudice to the possibility of changing your consent (if any). You may also object to the processing of your data, in particular for marketing purposes or the analysis of your preferences.
j) Who can you contact for a complaint:
We would like to remind you that if you consider that the processing of your personal data is in breach of the provisions of the Regulation, you can always lodge a complaint with the Data Protection Authority (www.garanteprivacy.it), or, if different, with the Data Protection Authority of the Member State in which you normally reside or work or in which the alleged breach occurred.
You can also always object to the processing of your data, in particular for marketing purposes.
EU Regulation 679/2016 – General Data Protection Regulation
- Contacts Privacy Policy
a) Who processes your personal data:
Comprof Milano srl with registered office in Naples – Piazza Santa Maria Degli Angeli a Pizzofalcone, Italy, tax code, VAT number and registration with the Register of Companies of Naples n.07479001211, e-mail info@professional-haircare.it as Data Controller pursuant to the Regulation.
The Data Controller has appointed an External Data Processor in Easy Web Srl, with registered office in Naples at Via Saverio Gatto 18 – 80131, as the agency responsible for web management and communication. Your data may be processed by the employees of the company functions assigned to the pursuit of the indicated purposes, who have been expressly authorised to process them and who have received adequate operating instructions.
Your data may be disclosed to the following recipients as external data processors:
(i) companies that analyse your purchases on our behalf;
(ii) companies appointed on our behalf to manage the “Customer Service”;
(iii) companies in charge of managing our website and its computer files;
(iv) companies involved in the operation and maintenance of the Site;
(v) companies offering emailing services; Site maintenance services; marketing services;
(vi) Group companies.
b) How we collect and why we process your data:
The data you provide us with by filling in the form in the “Contacts” section (title, first name, last name, date of birth, e-mail, mobile phone number, country of residence) or by using the e-mail or telephone contact services are necessary for us to:
- responding to and handling your request or report.
The legal basis for the processing of your data will be the management of your requests in accordance with Article 6, paragraph 1, letter b) of the Regulation.
c) Your consent:
Your consent is not required in order to be able to handle your request or report in accordance with Article 6, letter b of the Regulation.
d) Which data are processed and which are necessary:
For the above purposes Comprof may process the following categories of personal data:
- personal data (title, first name, surname, date of birth);
- contact details (country of residence, email, mobile phone);
- data on purchases made, only if the request relates to purchases made (boutique where the sale took place, number of products purchased, indicating type, quantity and price).
We ask you to provide all the data requested as “compulsory” (e.g. title, first name, last name, email, mobile phone, country of residence) because they are necessary to manage your request in the best possible way; if you do not fill in the data or if they are incomplete, we may not be able to manage your request.
If you provide personal data of third parties (e.g. your family members, other customers or potential customers), you must ensure that such third parties are informed and have consented (where necessary) to the use of the data as described in this policy.
e) How we process your data:
Your data will be processed with and without electronic means and stored on servers in Italy.
f) How long we store your data:
In general, your data will be processed for the time necessary to handle your request correctly and then deleted.
g) Who processes your data:
Your data will not be disclosed. In order to handle your request (limited to their respective areas of competence), the data will be disclosed to persons authorised by Comprof and competent to handle your request, your purchase and related services, as well as to companies that provide us with services useful for the management of our site, customer service, purchases or that carry out related activities on our behalf.
h) What are your rights?
By means of a communication to be sent to Comprof Milano srl, email info@professional-haircare.it you may at any time exercise your rights pursuant to Articles 15 to 22 of the Regulation, including knowing what data we are processing, how and for what purposes we use it, modifying the data you have provided or cancelling it, asking us to limit the use of your data, requesting to receive or transmit your data, without prejudice to the possibility of changing your consent (if any). You may also object to the processing of your data, in particular for marketing purposes or the analysis of your preferences.
i) Who can you contact for a complaint:
We would like to remind you that if you consider that the processing of your personal data is in breach of the provisions of the Regulation, you can always lodge a complaint with the Data Protection Authority (www.garanteprivacy.it), or, if different, with the Data Protection Authority of the Member State in which you normally reside or work or in which the alleged breach occurred.