Privacy policy
PERSONAL DATA POLICY IN ACCORDANCE TO art. 13 Reg. UE 2016/679
Dear Customer, the information provided below describes, as required by the EU Regulation 2016/679, the processing operations performed on your personal data.
1. DATA CONTROLLER
Data controller is PDT Cosmetici S.r.l. (P.IVA 04754730721)
Registered office: Viale Cavalieri del Lavoro, 45/47 – 70017 Putignano (BA)
PEC: pdtcosmeticisrl@pec.it
E-mail: gdpr@pdtcosmetici.it.
2. PURPOSES AND LEGAL BASIS FOR THE PROCESSING
a. The personal data collected from sending request, site registration form and subsequent stages are processed for the following purposes and on the legal basis indicated below. We need these data to provide the requested service.
Purpose | Data categories | Legal Basis | For example |
---|---|---|---|
Compliance with a legal obligation | Personal data | Processing is necessary for compliance with a legal obligation to which the controller is subject (art. 6, 1, c) | For example, we need personal data for issuing invoice. |
Performance of the contract or the service | Personal data | Processing is necessary for the performance of a contract to which the data subject is party (art. 6, 1, b) | For example, we need personal data for delivery or return. |
Litigation management | Personal data | Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (art. 6, 1, f) | For example, we need personal data to manage legal disputes. |
b. In addition, if you have already purchased products from the controller or if you are however customer, some personal data might be processed for further purposes. This shall be without prejudice to the right to object.
Purpose | Data categories | Legal Basis | For example |
---|---|---|---|
Newsletter and direct marketing | Personal data (name, last name, e.mail) | Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (art. 6, 1, f) | For example, we may send a newsletter. |
Personal data (name, last name, e.mail) | Personal data (name, last name, e.mail) | Consent (art. 6, 1, a) | For example, we may send a newsletter. You have the right to withdraw the consent at any time. |
c. Finally, if you have never been customer, some personal data might be processed for further optional purposes:
Purpose | Data categories | Legal Basis | For example |
---|---|---|---|
Personal data (name, last name, e.mail) | Personal data (name, last name, e.mail) | Consent (art. 6, 1, a) | For example, we may send a newsletter. You have the right to withdraw the consent at any time. |
3. DATA DISCLOSURE
Recipient | Reason |
---|---|
Public bodies, public authorities | Legal obligation |
Banks and credit institutions Insurance company. Advisers and consultants Companies or organizations which provide services for the controller (for ex. IT service, Forwarding services) | Ancillary disclosure |
4. DATA DISSEMINATION
Personal data shall not be disseminated.
5. DATA TRANSFER TO THIRD COUNTRIES
The controller may transfer personal data to third countries for ancillary reasons connected to previous purposes. Any transfer of personal data shall be based on:
- an adequacy decision;
- appropriate safeguards;
- binding corporate rules.
6. DATA RETENTION
Personal Data will be processed by the Controller: for no longer than is needed for the purposes of the contract although further retention required by law, for purposes under 2.a and 2.b (except opposition); for 2 years for purposes under 2.c (except withdraw).
7. RIGHTS OF DATA SUBJECTS
You are entitled to exercise the following rights at any time: right of access, right to rectification, right to erasure; right to restriction of processing, right to object, right to data portability, right to withdraw the consent.
You have also the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data by the Controller is in violation of the Regulation or applicable law.
To exercise any of the above rights, you have to contact the Controller by writing to the contacts under point 1.
8. AUTOMATED DECISION-MAKING
The controller does not adopt automated decision-making, including profiling.