fbpx
+390523882276 info@stepcosmetici.com

PREMISE 

For Step Cosmetici Srl personal data represent a heritage of great value and an asset to be protected, adopting procedures and behaviors to guarantee its protection. Transparency towards data subjects is therefore a primary objective, pursuedby means of effective communication tools aimed at making basic information on the processing of their data available to the interlocutors. In this regard, this information page, created according to the requirements of Reg.UE 2016/679 “General Data Protection Regulation”, contains specific information referring to the following areas:

  • data processing related to the operation of this site;
  • processing of data related to contractual relationships established with customers and suppliers.

GENERAL INFORMATION 

The interested parties (pursuant to Art.4, c.1 of the GDPR) are informed of the following general profiles, valid for all areas of processing:

  • all data are processed in accordance with current regulations on privacy(EU Reg. 2016/679 and

Legislative Decree 196/2003, as amended and supplemented by Legislative Decree 101/2018);

  • all data are processed in a lawful, correct and transparent manner towards the interested party, in compliance with the general principles provided for by Article 5 of the GDPR;
  • SPexcellent security measures are observed to prevent data loss, illicit use, or incorrect and unauthorized access (GDPR, Art.32).

Data controller

The Data Controller is the undersigned Company (in the person of the legal representativepro-tempore) who can be contacted for any request regarding privacy or to exercise the rights listed below, at the following addresses:

Contact details

Step Cosmetici Srl

Tel: 0523-882276 – Email: info@stepcosmetici.com 

Rights of the interested parties

  • right to request the presence and access to personal data concerning him (Art.15 “Right of access”)
  • right to obtain the correction / integration of inaccurate or incomplete data (Art.16 “Right of rectification”)
  • right to obtain, if there are justified reasons, the deletion of data (Art.17 “Right to cancellation”)
  • right to obtain the limitation of processing (Art.18 “Right to limitation”)
  • rightor to receivethe data concerning him in a structured format (Art.20 “Right to portability)
  • right to object to processing and automated decision-making processes, including profiling (Art.21, 22)
  • the right to revoke a consent previously given;
  • right to submit, in case of failure to reply, a complaint to the Data Protection Authority.

The following specific information is as follows, referring to:

  • data processing related to the operation of the site
  • data processing ofcustomers / suppliers of the Data Controller

1) DATA PROCESSING RELATED TO THE OPERATION OF THIS SITE

1.1 Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This isinformation that is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used  to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful,  error, etc.) and other parameters relating to the operating system and the user’s computer environment.

Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c)

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data couldalso be used to ascertain responsibility in case of hypothetical computer crimes against the site (legitimate interests of the owner).

Scope of communication

(GDPR-Art.13, comma 1, lett.e,f)

The data may be processed exclusively by internal personnel, duly authorized and trained to process (GDPR-Art.29) or by any persons responsible for the maintenance of the web platform (appointed in this case external managers) and will not be disclosed to other subjects, disseminated or transferred to non-EU countries  (unless prior compliance with the requirements of Chapter V of the GDPR). Only in the event of an investigation may they be made available to the competent authorities. 

Data retention period (GDPR-Art.13, paragraph 2, letter a)

The data are normally kept for short periods of time, with the exception of any extensions related to investigation activities.

Bestowal

(GDPR-Art.13, paragraph 2, letter f)

The data are not provided by the interested party but automatically acquired by the technological systems of the site. 

 

1.2 Informational Cookies 

This information is provided pursuant to Article 13 of EU Reg. 2016/679 “GDPR”, as well as current specific regulations on cookies:

  • “Cookie guidelines and other tracking tools” of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021);
  • Guidelines 5/2020 on consent pursuant to Reg. (EU) 2016/679, adopted by the European Data Protection Board.

 

What are cookies: Cookies are short fragments of text (letters and / or numbers) that allow the web server to store information on the client (the browser) to be reused during the same visit to the site (session cookies) or later, even after days (persistent cookies). Cookies are stored, according to user preferences, by theindividual browser on the specific device used (computer, tablet, smartphone). Similar technologies, such as web beacons, clear GIFs and all forms of local storage introduced with HTML5, can be used to collect informationon user behavior and use of services. In the remainder of this policy we will refer to cookies and all similar technologies simply using the term “cookies”.

Possible types of cookies 

In relation to the provision “Cookie guidelines and other tracking tools” of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021) and in the Register of measures 231 of 10 June 2021, the  categories of cookies used, the purposes and the coding criteria are classified below. 

CATEGORY

PURPOSE

ENCODING CRITERIA

Navigation, session and functionality technicians

Ensure normal navigation and use of the site

They are codified as technical because they are used for the sole purpose of “carrying out the transmission of a communication over a communication and electronic network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contractor or user to provide this service”.

Analytical

(comparable to technicians)

Collect information on the number of

visitors and on pages viewed

FIRST-PARTY COOKIES  They are coded as comparable to technical cookies, since they are used only to produce aggregate statistics in relation to the individual site (even possibly with IP in clear, in compliance with the purpose constraint)

THIRD-PARTY COOKIES  They are coded as comparable  to technical cookies, since they are used  with  IP address masking, without combination with other processing and without transmission to other third parties

Profiling and analytical identifiers

Define profiles identifying user preferences and habits

They are coded as profilative because they are used to trace to specific, identified or identifiable subjects, specific actions or recurrent behavioral patterns in the use of the features offered (patterns)  in order to group  the different profiles within homogeneous clusters  of different sizes, so that it is also possible to modulate the provision of the service in an increasingly personalized way,  and to send targeted advertising messages, i.e. in line with theuser’s preferences in surfing the net.

Functionality ensure through the pop-up banner

Prophylactic cookies are blocked by default at the first access to the site, during which the user is presented with abanner with which the user can express his choices:

  • accept only technical cookies (so keepprofilative cook ies blocked);
  • accept all cookies;
  • express personalized preferences on which cookies to accept.

These preferences must remain registered, accessible and possibly modifiable, through a link placed in the fixed structure of the sitor (eg: footer).

Correlations with portals and social networks On the pages of the site there may be buttons, widgets, plug-ins, links, Social Network cookies to facilitate interaction with Social platforms and content sharing. Byway  of example, but not limited to:  facebook pixel, facebook  remarketing, facebook segmentation, etc. (which in any case use technologies and tools that reduce the identifying power of cookies, such as anonymization  or hashing / cif ratura systems  ). It should be noted  that the processing of data entered by the user on the various social channels takes place according to the rules and privacy settings of the social network itself, accepted by the user at the time of registration. For information, here are some links tothe mainsocial networks, through which you can manage your privacy settings and cookie acceptance:

Insights on the types and methods of managing preferences

Through the main browsers, by clicking on the appropriate icons, it is possible to obtain an analytical classification of the cookies used by the site, completewith: cookie name, contents, domain, sending mode, persistence.

Through the main browsers it is also possible to:

  • block by default the receipt of all (or some) types of cookies
  • remove all or some of the cookies installed

For information on setting individual browsers see the following paragraph. Please note that blocking or deleting cookiescould compromise the navigability of the site. The site may contain links to third-party sites and third-party cookies; For more information, please view the privacy policy of any linked sites.

Management of preferences through the main  browsers  The user can decide whether or not to accept cookies using the settings of his browser (note that, by default, almost all web browsers are set to automatically accept cookies). The settingcan be modified and defined specifically for different websites and web applications.  In addition, the best browsers allow you to define different settings for “proprietary” cookies and for those of “third parties”. Usually, the configuration ofcookies is carried out from the “Preferences”, “Tools” or “Options” menu.

Below are the links to the guides for managing cookies of the main browsers:

Internet Explorer:http://support.microsoft.com/kb/278835

Internet Explorer [versione mobile]: http://www.windowsphone.com/enus/howto/wp7/web/changingprivacyandotherbrowsersettings

Chrome:http://support.google.com/chrome/bin/answer.py?hl=enGB&answer=95647

Safari [mobile version]: http://support.apple.com/kb/HT1677

Firefox:http://support.mozilla.org/enUS/kb/Enabling%20and%20disabling%20cookies

Android:https://support.google.com/accounts/answer/61416?hl=it&co=GENIE.Platform%3DAndroid  Opera:http://help.opera.com/opera/Windows/1781/it/controlPages.html#manageCookies

Further information

Italian) 

1.3 Iscrizione newsletter (Email Us)

The newsletter service provides interested parties with useful information related to our market sector, events and initiatives, the products / services offered, as well as any promotional offers.

Purpose and legal basis of the processing

(GDPR-Art.13, paragraph 1, letter c)

Only the email address  is requested, for the sole purpose of sending the newsletter. The telephone number is also required to carry out the treatment but it is not mandatory.  Registration is subject to the acceptance of specific, free and informed consent (GDPR-Art.6, paragraph 1, letter a)

Scope of communication

(GDPR-Art.13, comma 1, lett.e,f)

The data are processed exclusively by personnel duly authorized and trained to process (GDPR-Art.29) or by any persons responsible for maintainingthe web platform or sending newsletters (appointed in this case external managers). The data will not be disseminated or transferred to non-EU countries. 

Data retention period (GDPR-Art.13, paragraph 2, letter a)

The data are kept until the eventual “un-registration”, freely carried out at any time through the link contained at the bottom of each message sent.

Bestowal

(GDPR-Art.13, paragraph 2, letter f)

Failure to provide the email address and consent will make it impossible to obtain the newsletter service.

1.4 Quotation

The page allows the interested party to request a quotation for the development and creation of a personalized Makeup & Skin Care line. The identification data, those relating to the form and contact data of the applicant are requested.

Purpose and legal basis of the processing

(GDPR-Art.13, paragraph 1, letter c)

The identification and contact data necessary to be able to respond to the requests for quotation of the interested parties are requested. The sending of the request is subject to specific, free and informed consent (GDPRArt.6, paragraph 1, letter a) 

Scope of communication

(GDPR-Art.13, comma 1, lett.e,f)

The data are processed exclusivelyby personnel duly authorized and trained to process (GDPR-Art.29). The data will not be disseminated or transferred to non-EU countries. 

Data retention period (GDPR-Art.13, paragraph 2, letter a)

The data are kept for times compatible with the purpose of collection 

Bestowal

(GDPR-Art.13, paragraph 2, letter f)

The provision of data referring to the mandatory fields is necessary in order to obtain an answer, while the optional fields are aimed at providing the staff with additional useful elements to facilitate contact.

1.5 Contact

The page allows the interested party to request information or to make an appointment. Identification and contact data are requested.

Purpose and legal basis of the processing

(GDPR-Art.13, paragraph 1, letter c)

The identification and contact data necessary to be able to respond to the requests of the interested parties are requested. The sending of the request is subject to specific, free and informed consent (GDPR-Art.6, paragraph 1, letter a)

Scope of communication

(GDPR-Art.13, comma 1, lett.e,f)

The data are processed exclusively by personnel duly authorized and trained to process (GDPR-Art.29). The data will not be disseminated or transferred to non-EU countries. 

Data retention period (GDPR-Art.13, paragraph 2, letter a)

The data are kept for times compatible with the purpose of collection 

Bestowal

(GDPR-Art.13, paragraph 2, letter f)

The provision of data referring to the mandatory fields is necessary in order to obtain an answer, while the optional fields are aimed at providing the staff with additional useful elements to facilitate contact.

1.6 Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails and / or ordinary e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. If the sender sends his curriculum vitae to submit his professional application, he remains solely responsible for the relevance and accuracy of the datasent. It should be noted that any curriculum without authorization to process data will be immediately deleted.

2) DATA PROCESSING RELATED TO RELATIONSHIPS WITH CUSTOMERS AND SUPPLIERS

2.1 Object of the processing

The company processes personal identification data of customers / suppliers (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and of their possible operational contacts (name, surname and contact details) acquired and used in the provision of the products / services provided.

 

2.2 Purpose and legal basis of the processing The data are processed for:

  • conclude contractual / professional relationships and provision of services;
  • fulfill pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications related to them;
  • fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
  • exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection ofcredit positions; ordinary internal operational, managerial and accounting needs).

Failure to provide the aforementioned data will make it impossible to establish a relationship with the Data Controller. The aforementioned purposes represent, pursuant toArticle 6, paragraphs b, c, f, suitable legal bases of lawfulness of the processing. If it is intended to carry outtreatments for different purposes (eg: marketing communications, production of photo / video content, etc.) a specific consent will be requested from the interestedparties.

2.3 Processing methods and storage time

The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are processed both on paper and electronically. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations.

2.4 Scope of processing 

The data are processed by internal subjects regularly authorized and instructed pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects operating as Data  Processors or Independent Data Controllers (consultants, technicians, banks, transporters, etc.). The data may be transferred outside the EU as part of the management of international orders, in compliance with the conditions set out in Chapter V of the GDPR, aimed at ensuring that the level of protection of the interested parties is not compromised “Art.45 Transfer on the basis of an adequacy decision, Art.46 Transfer subject to adequate guarantees, Art.47 Binding rules ofthe company,  Art.49 Specific derogations”). The data are not subject to automated processes that produce significant consequences for the interested party.

3) POLICY UPDATE

It should be noted that this information may be subject to periodic revision, also in relation to the relevant legislation and jurisprudence. In case of significant changes, appropriate evidence will be given for a reasonable time on the home page of the site. However, the interested party is invited to consultthispolicy periodically.

Come On In

Street Fratelli Bandiera 48B
29015 Castel San Giovanni (PC) – Italy

Follow Us

Email Us