Address: via Giorgio e Guido Paglia n. 1/D - 24122, Bergamo (IT) (“Company”)
DATA PROTECTION OFFICER (DPO)
e-mail address firstname.lastname@example.org
PERSONAL DATA PROCESSED
After completion of the storage time indicated above, the data will be destroyed, cancelled or made anonymous.
|PURPOSES OF PROCESSING||LEGAL BASIS OF PROCESSING||PERIOD FOR WHICH PERSONAL DATA WILL BE STORED|
|Purchase of goods or services online, management of defect-reporting and complaint handling, customer care.Registration on the site www.kikocosmetics.com; membership of loyalty programmes and/or registration of data in the Company's CRM.Activation of requested exclusive services (gift card, order tracking, wish list, satisfied or reimbursed).Participation in competitions, events, prize operations, loyalty programmes, on-line and social initiatives.Management of notification and complaint activities, customer care.||Execution of the contract for which you are party||For the duration of the contract and, after validity, for an ordinary period of 10 years.|
|Satisfaction of obligations pursuant to regulations and national and international laws.||Need to meet legal obligations||Duration under the law (10 years for satisfaction of administrative-accounting obligations)|
|If necessary, to ascertain, exercise or protect the rights of the company in a Court of Law||Legitimate interest (legal protection)||In the case of legal dispute, for the entire duration of the same, until the completion of the terms of enforceability of the impeachment action.|
|Recovery of extra-judicial debits||Legitimate interest (legal protection)||In the case of legal dispute, for the entire duration of the same, until the completion of the terms of enforceability of the impeachment action.|
|Direct marketing aims: by way of example, dispatch - with automated contact means (e.g. sms, mms, e-mail, social networks, instantaneous messaging service, push notifications) and traditional means (operator calls and traditional post) - of promotional and commercial communications relative to services/products offered by the Company or the notification of corporate events, as well as communication of level of client satisfaction, execution of market research and statistical analysis.||Consent (optional and revocable at any time)||Identity data and contact data: until consent revoked Data concerning purchase details: 7 years from collection|
|Communication/transfer of data to companies in the Odissea Group: your vital statistics and contact data will be communicated to companies in the Odissea Group that KIKO S.p.A. belongs to (Womo S.r.l., Bullfrog S.r.l., D-retail S.r.l., Madina S.r.l., Hexagon S.p.a.) to allow these companies to execute marketing services (e.g., the dispatch - with automated contact means such as sms, mms, e-mail, social networks, instantaneous messaging apps and traditional means such as operator calls and traditional post - of promotional and commercial communications for services/products offered by the companies or notification of corporate events, as well as the execution of market research studies and statistical analysis) concerning their products.||Consent (optional and revocable at any time)||Until cancellation of consent|
OBLIGATORY PROVISION OF DATA
Data marked with an asterisk (*) in the data collection form must be provided to be able to put in place and execute the contract; therefore any refusal to provide such data impedes the entering into and the execution of the contract.
RECIPIENTS OF THE DATA
The data may be processed by external entities acting as data controllers, such as public authorities or inspection and monitoring bodies. All entities offering electronic payment services on their own payment system are independent data controllers.
Moreover, such data may be processed on behalf of the Company by external entities designated as data processors to whom appropriate operating instructions are given. These entities mainly fall into the following categories:
a. companies belonging to the KIKO Group offering support services to Data Controller for organizational matters;
b. companies providing e-mail sending services;
c. companies that offer the services essential for the pursuit of the goals set out in this notice (media agencies, IT suppliers, shippers, etc.);
d. companies providing support for conducting market studies
The data can also be communicated/transferred to other companies of the group owned by Odissea S.r.l. (Womo S.r.l., Bullfrog S.r.l., D-retail S.r.l., Madina s.r.l., Hexagon S.p.a.) to which KIKO belongs, for the aims indicated above and only following the express consent of the interested party that is elective and can be revoked at any moment.
THIRD PARTIES AUTHORISED TO PROCESS DATA
Your personal data may be processed by company employees tasked with the pursuit of the goals set out above, who are expressly authorised to process data and have received appropriate data processing guidelines
TRANSFER OF PERSONAL DATA TO NON-MEMBER COUNTRIES OF THE EUROPEAN UNION
In consideration of the global nature of the Company's activities, the data may be transferred abroad to countries located within and outside the European Union, to third party, which, depending on the case, will operate as data processor, or autonomous data controller. In any case, it is understood that the transfer of personal data to countries located outside the European Union will be carried out in compliance with the measures established by the applicable legislation, ensuring an adequate level of protection to the interested parties.
RIGHTS OF THE DATA SUBJECT - LODGING COMPLAINTS WITH THE SUPERVISORY AUTHORITY
By contacting the privacy office via e-mail sent to email@example.com, data subjects may ask the Controller or the DPO for access to personal data, or the rectification of inaccurate personal data and the completion and the deletion of personal data, and also have the right to restrict processing of the data in the cases set out in article 18 GDPR, and object to processing in the case of legitimate interests of the controller.
Where processing is based on consent or is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract, and the processing is carried out by automated means, the data subjects have the right to receive the personal data concerning them in a structured, commonly used, machine-readable format, and, if technically feasible, the right to have their personal data transmitted to another controller without hindrance.
Data subjects have the right, at any time, to withdraw consent given for marketing and/or profiling purposes, and to object to the processing of personal data for marketing purposes, including any profiling connected with direct marketing. This will not prejudice the possibility available to any data subject who prefers to be contacted for the aforementioned purposes exclusively by traditional means to indicate his/her objection only to the receipt of communications by electronic means.
Information notice regarding the processing of users’ personal data in accordance with eu regulation 2016/679 (“GDPR”) - NEWSLETTERS here >>
Information notice regarding the processing of users’ personal data in accordance with eu regulation 2016/679 (“GDPR”) - CONTACT US - here >>