Information notice for customers and suppliers on the processing and the protection of personal data
(art 13 of the EU Regulation 679/2016)
This information notice describes the processing of personal data gathered within the scope of contractual
or pre-contractual relationships between our company and you or your company/enterprise/organisation
and it is made pursuant to Article 13 of the EU Regulation n. 679/3016 (hereinafter “GDPR”) and to the
applicable national legislation on privacy and personal data protection.
1. IDENTITY AND CONTACT DETAILS OF CONTROLLER AND DPO.
The Controller of your personal data is SKINLABO S.R.L. based in Turin, Via Pietro Micca 20, VAT n.
IT11541460017, recorded in the Register of Companies of Turin, E-mail: email@example.com (hereinafter
Data Protection Officer contacts: mr. Saverio Olivieri, E-mail: [.]; ph.: [.]
If the Controller appoints processors or sub-processors in accordance with Article 28 GDPR, their updated
list is kept at the Controller’s registered office.
2. WHICH TYPES OF PERSONAL DATA WE PROCESS.
The types of personal data that we process depend on the purposes for which they are collected.
In general, we are allowed to directly collect the following types of personal data:
A) contact details such as name, surname, e-mail address, certified electronic mail address, address, city,
B) data concerning your corporate and entrepreneurial organisation such as identity and contact details
pertaining to stakeholders, directors, employees and consultants;
C) banking data and tax identification;
D) data provided directly from you through communications or attachments to communications;
Hereinafter “Personal Data”
3. WHY WE PROCESS YOUR PERSONAL DATA: LEGAL BASIS.
The processing of your Personal Data by the Controller takes place:
A) without your express consent (art. 6, lett. b) - f) GDPR) for the following purposes:
- to contract with the Controller;
- to comply with pre-contractual, contractual and tax obligations arising from existing relationships;
- to fulfil the obligations established by law, by a regulation, by the European legislation or by Authority
- to pursue a legitimate interest of the Controller, provided that such legitimate interest is not overridden
by the rights of freedomof the affectede data subject (e.g. the Controller’s right of defense of legal claims).
B. Only under your prior specific consent (art. 6, lett. a) and art. 7 GDPR), for the following marketing
- sending via e-mail, postal service and/or text messages and/or phone contacts, newsletters, commercial
communications and/or advertising material on goods and services offered by the Controller and the
measurement of the satisfaction degree on the services’ quality;
- sending via e-mail, postal service and/or text messages and/or phone contacts commercial and/or
promotional communications of third parties (e.g. business partners).
C. Only under your prior specific and distinct consent (art. 6, lett. a) and art. 7 GDPR), processing for
purposes of evaluating personal data in order to analyse or predict the behaviour of a data subject and
processing informations to subsequently personalise advertising.
If you have denied your consent it will not be possible to carry out the aforementioned activities and, in any
case, if you have expressed your consent, you will have the right to withdraw your consent any time.
4. HOW LONG WE RETAIN AND PROCESS YOUR PERSONAL DATA.
Your Personal Data shall be processed by the Controller for no longer than is necessary for the purposes for
which they are further processed (article 3), and will be kept only in accordance with the legal obligations,
for administrative purposes and/or to ensure and protect a given right and, in any case, no further than the
deadlines set up by the legislation for the prescription of rights.
In particular, for marketing purposes, Personal Data will be kept by the Controller for no longer than 2
5. HOW WE PROCESS YOUR PERSONAL DATA.
Personal Data are processed on both paper and automatic technologies for no longer than to fulfil the
purposes for which they are collected by the Controller or by other duly authorised persons and/or persons
in charge of these duties, constantly identified and/or appointed, properly trained and informed on law
obligations, as well as through the use of appropriate safety measures to ensure the protection of
confidentiality and to avoid the risk of loss or damage, unauthorised accesses, unauthorised processing or
not in accordance with the aforementioned purposes.
6. TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA.
For the purposes mentioned above, the gathered personal data concerning you may be accessible or
- employees of the Controller, as authorised personnel, within the scope of their respective duties
and in accordance with the instructions received. In any case, these persons are subject to
- third parties carrying out outsourcing activities which are connected, functional or support to
those of the Controller;
- all public and/or private entities, natural and/or legal persons (legal, administrative and tax counsel
offices, Courts, Chambers of commerce, labour offices, etc.) where the communication is deemed
to be necessary or functional to the correct fulfilment of contractual obligations as well as of legal
- all the entities (Public Authorities included) having access to Personal Data in accordance with
normative and administrative acts; in any case the gathered Personal Data concerning you shall not
be sold or transferred to third parties for marketing purposes and shall not be disclosed.
7. PERSONAL DATA TRANSFER OUTSIDE THE EU AREA.
The collection and process of Personal Data will be made in Europe. In any case, the Controller, if deemed it
necessary, shall have the right to process your Personal Data outside the EU Area (EEA). In such a case, the
Controller shall ensure here and now that the extra-EU data transfer takes place in accordance with the
applicable law, also by concluding, where necessary, agreements in order to grant a comfortably sufficient
level of protection and/or by adopting standard contract terms set up by the European Commission.
8. YOUR RIGHTS.
Under article 15 et seq. of the GDPR and in accordance with the applicable national privacy and personal
data protection legislation, you are entitled:
1. (Right to basic information): to obtain confirmation of your collected and procesed
Personal Data and to obtain access to them as well as to the following information:
- purposes of the processing;
- categories of Personal Data;
- recipients or categories of recipients to whom the Personal Data have been or will be disclosed, with
particular regard to third countries recipients or international organisations;
- if possible, the envisaged period for which Personal Data will be stored, or, if not possible, the criteria
used to determine that period;
- existence of the right to request from the Controller rectification or erasure of personal data or restriction
of processing of Personal Data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where Personal Data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling.
2. (Right of rectification): to obtain from the Controller the rectification of inaccurate
Personal Data concerning you without undue delay. Taking into account the purposes of the processing, the
data subject shall have the right to obtain the completion of incomplete Personal Data, including by means
of providing a supplementary statement.
3. (Right to erasure or “Right to be forgotten”): to obtain the erasure of your Personal Data
without undue delay, within the limits and in compliance with the applicable law.
4. (Right to restrict processing): to obtain from the Controller the processing restriction.
5. (Right of data portability): to receive Personal Data concerning you provided to the
Controller in a structured, commonly used, machine-readable format. You also have the right to data
portability and then to transmit these data to another Controller without hindrance from the Controller to
which the personal data have been provided where the processing is based on consent or on a contract and
it is carried out by automated means.
6. (Right to object to processing): to object at any time, on grounds relating to your particular
situation, to processing of Personal Data if the processing is necessary for the performance of a task carried
out in the public interest or in the exercise of official authority vested in the Controller or the processing is
necessary for the purposes of the legitimate interest pursued by the Controller or third parties.
7. If you consider your rights to be infringed by the Controller, you have the right to lodge a
complaint with the Autorità Garante per la Protezione dei Dati Personali (piazza Montecitorio 121, 00186
Roma (RM) - www.garanteprivacy.it) and/or with other competent authority in accordance with the GDPR
The Controller, following the exercise of the rights as referred to in points 2),3) and 4) shall communicate
any rectification or erasure or restriction of the processing to each of the recipients to whom the Personal
Data have been disclosed in accordance with the applicable law.
In order to enforce the aforementioned rights against the Controller, you are required to submit a written
request by sending a registered mail to SKINLABO s.r.l., Via Pietro Micca 20, 10122, Turin (ITALY) or a
certified electronic mail to [.].
This information notice may be modified and updated at any time. If the Controller shall intend to process
your Personal Data for purposes other than those for which they were initially collected pursuant to the
above mentioned article 3, the Controller, before any further processing, commits to provide appropriate
information regarding this different processing to you and to carry out any further processing in accordance
with the applicable law, also by gathering your express consent where necessary.
WE VALUE YOUR PRIVACY
You can set your consent preferences and determine how you want your data to be used based on the
purposes below. You may set your preferences for us independently from those of third-party partners.
Each purpose has a description so that you know how we and partners use your data.
Processing my personal data for further marketing purposes and in particular for the fulfilment of direct
marketing activities, such as the sending via e-mail, postal service and/or text messages and/or phone
contacts, newsletters, commercial communications and/or advertising material on goods and services
offered by the Controller.
□ I accept. □ I do not accept
Processing for purposes of evaluating personal data in order to analyse or predict the behaviour of a data
subject and processing informations to subsequently personalise advertising.
□ I accept. □ I do not accept
WE VALUE YOUR PRIVACY
We use technologies, such as cookies, and process personal data, such as IP addresses and cookie
identifiers, to personalise ads and content based on your interests, measure the performance of ads and
content, and derive insights about the audiences who saw ads and content. Click below to consent to the
use of this technology and the processing of your personal data for these purposes. You can change your
mind and change your consent choices at any time by returning to this site.
□ I accept.