fbpx

INFORMATION ON PERSONAL DATA PROCESSING

Pursuant to and for the purposes of Art. 13 of the New European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR), as required by the General Data Protection Regulation of the European Union (GDPR 2016/679, Article 13), before proceeding with the processing, the Data Subject (user of the website www.gregslab.it) acknowledges that any personal data collected through the site are processed by the Company using IT and/or telematic tools, for the purposes indicated in this notice. To this end, the Data Subject is presented with the Privacy Policy prepared by Greg Color Artist di Zakrzewski Grzegorz (hereinafter also “the Company” or “the Data Controller”), creator and promoter of the activities available on the site gregslab.it.

Information on Processing

The personal data subject to processing are collected directly by the Company or by third parties expressly authorized by it, or communicated by the Company to such third parties for the purposes described below.

Legal Basis and Purpose of Processing

The personal data provided by the user during navigation on the website www.gregslab.it are processed by the Data Controller in accordance with the current regulations on personal data protection. Currently, no sensitive data (e.g., email registration, user’s first and last name, phone number) are collected or processed on the site gregslab.it that require explicit consent under current laws.

However, gregslab.it promotes services and/or products for user registration or profiling by redirecting navigation to partner platforms, specifically treatwell.it and Aveda.it, where the legal terms are set out by the owners and managers of the said websites, namely Treatwell IT S.R.L. and Estée Lauder S.r.l. – Aveda Division.

Methods of Processing and Data Retention

It is informed for completeness that any personal data processing is carried out by the Data Controller in compliance with the current Privacy regulations. The Data Controller processes personal data using IT and/or telematic tools and with organizational and logical methods strictly related to the purposes indicated in this information notice, as well as adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data, their loss, and their unlawful and incorrect use. However, the Company cannot guarantee its users that the measures adopted for site security and data transmission on the site are able to limit or exclude any risk of unauthorized access or data dispersion from the user’s devices. For this reason, it is suggested that site users ensure their computer is equipped with adequate software to protect network data transmission (e.g., up-to-date antivirus) and that their Internet Provider has adopted suitable measures for network data transmission security. The Company also undertakes to process the data according to the principles of correctness, lawfulness, and transparency, to collect them to the necessary and exact extent for processing, and to allow their use only by personnel for authorized purposes. The management and storage of the acquired personal data will take place at archives or on servers located within the European Union owned by the Data Controller and/or third companies appointed as External Processors and, in any case, currently located in Italy.

Depending on the different purposes for which they are collected, personal data will be retained for the time strictly necessary to achieve those purposes and, in any case, in accordance with current regulatory provisions.

In any case, the Company will take care to avoid the indefinite use of data, periodically verifying the actual persistence of the interest of the subject to whom they refer.

Recipients and Data Controllers

The collected data will not be disseminated in any way, but will be processed within the limits and for the purposes described by the Company’s employees based on adequate operational instructions (e.g., administrative, commercial, marketing, legal personnel, system administrators, etc.). Some data processing may also be carried out by third parties, appointed as External Processors, whom the Data Controller uses or may use in the management of the contractual relationship, the provision of offered services, and for organizational needs of its activities. In particular, data may be communicated to:

  • Public and private entities that can access the data by virtue of legal, regulatory, or EU normative provisions, within the limits set by these regulations;
  • Entities that need access to the data for purposes related to the existing contractual relationship between the parties, within the limits strictly necessary for auxiliary tasks (e.g., banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, postal couriers, and shipping companies);
  • Consultants, within the limits necessary to carry out their professional assignments.

Transfer of Data Abroad

The management and storage of personal data will take place on servers of the Data Controller and/or third companies duly appointed as External Processors located within the European Union.

Personal data may be transferred abroad, in accordance with current regulations, including to countries not belonging to the European Union. The transfer to non-EU countries, in addition to cases where this is guaranteed by Adequacy Decisions of the Commission, is carried out in such a way as to provide appropriate and opportune guarantees under Articles 46 or 47 or 49 of the Regulation.

Rights of Data Subjects

As a Data Subject, the user may exercise, at any time, the rights provided for in Articles 15, 16, 17, 18, 20, and 21 of the GDPR, which confer the following rights:

  • Obtain confirmation from the Data Controller, pursuant to Article 15, whether personal data concerning them is being processed, and in such case, access the personal data and information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom personal data has been or will be disclosed, in particular if they are recipients in third countries or international organizations; (iv) where possible, the period for which personal data will be stored, or, if not possible, the criteria used to determine that period;
  • Obtain from the Data Controller, pursuant to Article 16, the rectification of inaccurate personal data concerning them without undue delay; considering the purposes of the processing, the Data Subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement;
  • Obtain from the Data Controller, pursuant to Article 17, the erasure of personal data concerning them without undue delay. The Data Controller is obliged to erase personal data without undue delay where one of the grounds listed in Article 17(1) applies;
  • Obtain from the Data Controller, pursuant to Article 18, the restriction of processing where one of the cases listed in Article 18(1) applies;
  • Obtain from the Data Controller, pursuant to Article 20, the portability of data, i.e., to receive in a structured, commonly used, and machine-readable format the personal data concerning them that they have provided to a Data Controller. The Data Subject also has the right to transmit those data to another Data Controller without hindrance from the first Data Controller to which the data were provided, where the conditions listed in Article 20(1) apply. Finally, the Data Subject has the right to have personal data transmitted directly from one Data Controller to another, where technically feasible;
  • Object, in whole or in part, pursuant to Article 21, to the processing of personal data concerning them.

COOKIES

As clarified by the Privacy Guarantor in the FAQs of December 2012, available at www.cookieyes.com, cookies are “small text files” – made up of letters and numbers – “that the sites visited by the user send to their terminal (usually to the browser), where they are stored to be then retransmitted to the same sites on the next visit by the same user.” Through cookies, we cannot access other information stored on your device, even though it is here that cookies are downloaded. Cookies cannot load codes of any kind, carry viruses or malware, and are not harmful to the user’s terminal. When exploring our site, some information is acquired automatically for statistical or informational purposes, and it allows for a better service.

TYPES OF COOKIES

  • Technical/Session – Technical/Navigation Cookies: These are essential for the proper functioning of the site and allow the user to navigate and view the content. Their possible deactivation would result in site malfunctions. Generally, cookies of this type are necessary, for example, to keep a navigation session open or to allow the user to access any reserved areas. Alternatively, they can temporarily remember texts entered while filling out a form when returning to a previous page during the same session.
  • Technical/Functionality Cookies: (User consent is not required for the release of this type of cookie.) They allow the user to make the most of the site’s features and enjoy more comfortable navigation. The site works ideally if these cookies are enabled; however, it is possible to decide not to allow their activation on your device. In general, for example, cookies of this type remember in which language the user prefers to view our content or remember (for a limited period) the items in the virtual cart in case the session is closed before completing the purchase.
  • Technical/Consent Cookies: (User consent is not required for the release of this type of cookie.) This cookie tracks the consent given by the user to the use of cookies on this site, so as not to re-propose – on subsequent visits – the short cookie notice and the request to give consent.

Changes to this Notice

The Data Controller reserves the right to make changes to this Privacy Policy at any time by notifying users on the website www.gregslab.it. In case of non-acceptance of the changes made to this Privacy Policy, the Data Subject may request the Data Controller to delete their personal data. Unless otherwise specified, the previous Privacy Policy will continue to apply to personal data collected up to that time.