Privacy Policy of www.fullcosmetics.it

This Application collects some Personal Data from its Users.

This document can be printed using the print command available in the settings of any browser.

Data Controller

Full Cosmetics – Via Montello 22, Vedelago (TV) Italy
Email address of the Controller: info@fullcosmetics.it

Types of Data Collected

Among the Personal Data collected by this Application, either independently or through third parties, there are: first name; last name; phone number; country; email; various types of Data; city; Cookies; Usage Data.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or by specific explanatory texts displayed before the data collection itself. Personal Data may be freely provided by the User, or, in the case of Usage Data, collected automatically during the use of this Application. Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide it, it may be impossible for this Application to provide the Service. In cases where this Application indicates certain Data as optional, Users are free not to communicate such Data without any consequences on the availability or the functioning of the Service. Users who are uncertain about which Data is mandatory are encouraged to contact the Controller. Any use of Cookies – or other tracking tools – by this Application or by the owners of third-party services used by this Application, unless stated otherwise, serves the purpose of providing the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Application and confirms that they have the right to communicate or disclose them, releasing the Controller from any responsibility towards third parties.

Methods and Place of Data Processing

Methods of Processing

The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Personal Data. Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In some cases, in addition to the Controller, other parties involved in the organization of this Application (administrative, sales, marketing, legal staff, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) may have access to the Data. These external parties may also be appointed, if necessary, as Data Processors by the Controller. An updated list of Data Processors can always be requested from the Controller.

Legal Basis of Processing

The Controller processes Personal Data relating to the User in the event that one of the following conditions is met:

  • The User has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be allowed to process Personal Data without the User’s consent or another legal basis specified below, until the User objects (“opt-out”) to such processing. This, however, does not apply when the processing of Personal Data is regulated by European data protection laws;
  • Processing is necessary for the performance of a contract with the User and/or for any pre-contractual obligations;
  • Processing is necessary for compliance with a legal obligation to which the Controller is subject;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.

It is always possible to ask the Controller to clarify the specific legal basis of each processing and to specify whether the processing is based on the law, required by a contract, or necessary to enter into a contract.

Place

Data is processed at the Controller’s operating offices and in any other places where the parties involved in the processing are located. For further information, contact the Controller. The User’s Personal Data may be transferred to a country other than their own. To find out more about the place of processing, the User can refer to the section detailing the processing of Personal Data.

The User has the right to obtain information about the legal basis for Data transfers outside the European Union or to an international organization governed by public international law or set up by two or more countries, such as the UN, as well as about the security measures taken by the Controller to safeguard their Data.

If such transfers take place, the User can find out more by checking the relevant sections of this document or by inquiring with the Controller using the contact information provided.

Retention Period

Data is processed and stored for as long as required by the purpose for which it was collected.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the Controller’s legitimate interests will be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Controller within the relevant sections of this document or by contacting the Controller.

When processing is based on the User’s consent, the Controller may retain Personal Data for a longer period until such consent is withdrawn. Furthermore, the Controller may be obliged to retain Personal Data for a longer period whenever required to do so for compliance with a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data will be deleted. Therefore, the right to access, delete, rectify, and the right to data portability cannot be enforced after the expiration of the retention period.

Purposes of Data Processing

The User’s Data is collected to allow the Controller to provide its Service, comply with legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as for the following purposes: contacting the User, statistics, interaction with social networks and external platforms, and displaying content from external platforms.

To obtain detailed information about the purposes of processing and the Personal Data used for each purpose, the User can refer to the section “Details on the processing of Personal Data.”