Close
  • Register
  • KIKO Rewards
Cart 0
MenuKIKO Stores
  • KIKO Stores
  • KIKO Rewards

Notice in relation to the processing of the personal data of online customers pursuant to regulation (eu) 2016/679 (“GDPR”)

DATA CONTROLLER

DATA CONTROLLER

KIKO UK LIMITED

Address: 5th Floor – Mutual House 70, Conduit Street – Mayfair, London W1S 2GF, VAT GB111109968

DATA PROTECTION OFFICER (DPO)

DATA PROTECTION OFFICER (DPO)

e-mail address dpo.kikouk@percassi.com

PERSONAL DATA PROCESSED

PERSONAL DATA PROCESSED

Identity data*. Contact details*. Details relating to purchase(s). Browsing activity data (See the Cookie Policy accessible from the KIKO home page https://www.kikocosmetics.com/en-gb

PURPOSES OF PROCESSING
LEGAL BASIS OF PROCESSING
PERIOD FOR WHICH PERSONAL DATA WILL BE STORED
Purchase of goods or services online, management of defect-reporting and complaint handling, customer care.
Execution of a contract involving the data subject.
Retained during the term of the contract with the customer, up to 6 years after the end of the financial year in which the transaction takes place. However, to the extent these records are relevant for tax purposes, tax law applies e.g. minimum retention periods for customs may apply. Although the retention period for customs documents is usually a minimum of 4 years (for duty and tax purposes and for government statistics), it is recommended that the VAT system is followed. This requires documents to be kept for 6 years.
To fulfill regulatory and legal obligations as foreseen by applicable national and international laws.
Necessity to fulfill an obligation imposed by law.
Retained up to 7 years (but specific requirements may apply in certain fields, with respect to certain records and/or with respect to requests from certain public bodies or agencies).
If necessary to ascertain, exercise and/or safeguard Company rights in legal proceedings.
Legitimate interest.
No statutory retention requirement. Data need to be erased if they are no longer necessary in relation to the purposes for which they are collected. Recommended 6-year retention period.
Out-of-court debt recovery.
Legitimate interest.
No statutory retention requirement. Data need to be erased if they are no longer necessary in relation to the purposes for which they are collected. Recommended 6-year retention period.
Registration at the website https://www.kikocosmetics.com/en-gb; signing up for any loyalty programmes and/or logging of data in the Company’s CRM database
Consent (optional and revocable at any time such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. You may always opt out of being subject to registration on the website, loyalty programmes and/or logging of data in the Company's database by contacting privacy.kikouk@percassi.com
No statutory retention requirement in relation to the purposes of marketing initiatives management. Data need to be erased if they are no longer necessary in relation to these purposes. No statutory retention requirement in relation to client relationship management. Data need to be erased if they are no longer necessary in relation to this purpose.
Implementation of any exclusive services requested (gift cards, order tracking, wish-list, full satisfaction or money-back guarantees, etc.)
Participation in contests, events, prize-giving operations, loyalty programmes and online sales campaigns or via social media.
Consent (optional and revocable at any time Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. You may always opt out of being subject to implementation of any exclusive services requested (gift cards, order tracking, wish-list, full satisfaction or money-back guarantees, etc.), participation in contests, events, prize-giving operations, loyalty programmes and online sales campaigns or via social media by contacting privacy.kikouk@percassi.com
No statutory retention requirement in relation to the purposes of marketing initiatives management. Data need to be erased if they are no longer necessary in relation to these purposes. With respect to direct marketing, data must be deleted when the recipient of marketing communications exercises the right to opt-out (although information which is necessary to demonstrate compliance with the opt-out request must be retained).
Direct marketing purposes: for instance, sending via automatic contact methods (such as by text messaging, MMS, e-mail, social networks, instant messaging apps and push notifications) and traditional contact methods (such as by post and telephone calls with operators) - promotional and commercial communications relating to services/products on offer by the Company or the announcement of company events, measuring levels of customer satisfaction, and conducting market surveys and statistical analyses.
Consent (optional and revocable at any time Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. You may always opt out of being subject to direct marketing, such as the sending of promotional and commercial communications relating to services/products on offer by the Company or the announcement of company events, measuring levels of customer satisfaction, and conducting market surveys and statistical analyses, by contacting privacy.kikouk@percassi.com
No statutory retention requirement in relation to the purposes of marketing initiatives management. Data need to be erased if they are no longer necessary in relation to these purposes. With respect to direct marketing, data must be deleted when the recipient of marketing communications exercises the right to opt-out (although information which is necessary to demonstrate compliance with the opt-out request must be retained).
Purposes of profiling: analysing your preferences, habits, behaviour and interests, including the storing of cookies on your computer's hard drive (e.g. analysing your browsing activity, tracking selected products and the contents of your virtual shopping cart, etc. See our cookie policy at the KIKO www.kikocosmetics.com home page) so that we can send you personalised commercial communications/targeted promotional campaigns/offers and services suited to your needs/preferences via automatic contact methods (such as by text messaging, MMS, e-mail, social networks, instant messaging apps and push notifications) and traditional contact methods (such as by post and telephone calls with operators.
Consent (optional and revocable at any time Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. You may always opt out of being subject to profiling linked to direct marketing by contacting privacy.kikouk@percassi.com
No statutory retention requirement in relation to the purpose of profiling linked to direct marketing. Data need to be erased if they are no longer necessary in relation to that purpose. Data must be deleted when the data subject concerned with profiling exercises the right to opt-out (although information which is necessary to demonstrate compliance with the opt-out request must be retained).
Disclosure/transfer of data to companies of the Odissea Group: your biographical personal data and contact details will be disclosed to the companies of the Odissea Group of which KIKO S.p.A. is a member (Womo S.r.l., Bullfrog S.r.l., D-retail S.r.l., Madina S.r.l., Hexagon S.p.a., etc.) to enable these companies to carry out marketing activities (for instance, sending - using electronic, such as text messaging, MMS, e-mail, social networks, instant messaging apps and push notifications, and traditional contact methods, such as telephone calls from an agent and regular mail - promotional and commercial communications relating to services/products on offer by the Company or the announcement of company events, measuring levels of customer satisfaction, and conducting market surveys and statistical analyses) relating to their products.
Consent (optional and revocable at any time).
Until consent is revoked

At the end of the storage period referred to above, the data will be destroyed, erased or made anonymous.

OBLIGATORY PROVISION OF DATA

OBLIGATORY PROVISION OF DATA

Data marked with an asterisk (*) in the data collection form must be provided to be able to put in place and execute the contract; therefore any refusal to provide such data impedes the entering into and the execution of the contract.

RECIPIENTS OF THE DATA

RECIPIENTS OF THE DATA

The data may be processed by external entities acting as data controllers, such as public authorities or inspection and monitoring bodies. All entities offering electronic payment services on their own payment system are independent data controllers.

Moreover, such data may be processed on behalf of the Company by external entities designated as data processors to whom appropriate operating instructions are given. These entities mainly fall into the following categories:

- companies providing e-mail sending services;

- companies that offer the services essential for the pursuit of the goals set out in this notice (media agencies, IT suppliers, shippers, etc.);

- companies providing support for conducting market studies.

THIRD PARTIES AUTHORISED TO PROCESS DATA

THIRD PARTIES AUTHORISED TO PROCESS DATA

Your personal data may be processed by company employees tasked with the pursuit of the goals set out above, who are expressly authorised to process data and have received appropriate data processing guidelines.

TRANSFER OF PERSONAL DATA TO NON-MEMBER COUNTRIES OF THE EUROPEAN UNION

TRANSFER OF PERSONAL DATA TO NON-MEMBER COUNTRIES OF THE EUROPEAN UNION

Data will not be transferred outside of the European Union.

RIGHTS OF THE DATA SUBJECT - LODGING COMPLAINTS WITH THE SUPERVISORY AUTHORITY

RIGHTS OF THE DATA SUBJECT - LODGING COMPLAINTS WITH THE SUPERVISORY AUTHORITY

By contacting the Office KIKO UK LIMITED 5th Floor – Mutual House 70, Conduit Street – Mayfair, London W1S 2GF, or via e-mail sent to privacy.kikouk@percassi.com or to the DPO: dpo.kikouk@percassi.com data subjects may ask the Controller or the DPO for access to personal data, or the rectification of inaccurate personal data and the completion and the deletion of personal data, and also have the right to restrict[1] processing of the data in the cases set out in article 18 GDPR, and object to processing in the case of legitimate interests of the controller.

Where processing is based on consent or is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract, and the processing is carried out by automated means, the data subjects have the right to receive the personal data concerning them in a structured, commonly used, machine-readable format, and, if technically feasible, the right to have their personal data transmitted to another controller without hindrance.

Data subjects have the right, at any time, to withdraw consent given for marketing and/or profiling purposes, and to object to the processing of personal data for marketing purposes, including any profiling connected with direct marketing. This will not prejudice the possibility available to any data subject who prefers to be contacted for the aforementioned purposes exclusively by traditional means to indicate his/her objection only to the receipt of communications by electronic means.

Data subjects have the right to lodge a complaint with the competent supervisory authority of the State in which the alleged violation occurred.

[1] What is the right of restriction?

It is the temporary processing of data which consists of data conservation only, in the following cases:

- The data subject contests the accuracy of his/her personal data, for the time necessary for the controller to verify the accuracy;

- The processing is unlawful because the data subject is against his/her data erasure and requests the restriction of their use;

- The data controller no longer needs the personal data but data subject needs his/her data for court proceedings purposes;

The data subject objects to the processing pursuant to art. 21.1 pending the verification whether the legitimate grounds of the controller override his/her legitimate grounds.


Notice in relation to the processing of the personal data of online customers COOKIE policy pursuant to regulation (eu) 2016/679 (“GDPR”) here >>

Information notice regarding the processing of users’ personal data in accordance with eu regulation 2016/679 (“GDPR”) - NEWSLETTERS here >>

Information notice regarding the processing of users’ personal data in accordance with eu regulation 2016/679 (“GDPR”) - CONTACT US - HERE >>

Top
Close