Privacy Policy

INFORMATION NOTICE ON PERSONAL DATA PROCESSING PURSUANT TO ARTICLE 13 AND 14 OF EU REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL DATED 27 APRIL 2016 (“GENERAL DATA PROTECTION REGULATION”)

We intend to protect the privacy of our visitors and/or customers; this policy explains how we will process your personal data.

DATA CONTROLLER

Tindora S.r.l.
Via Onorevole Giuseppe Saragat snc, 67100 L’Aquila (AQ), VAT No.: 02008040665

Email address of the Data Controller: info@tindoracosmetics.com

Types of Data we Collect

The Personal Data collected by this Application, independently or through third parties, include: e-mails, Cookies and Usage Data. In particular, we will collect the following data:

(a) Information regarding your computer and your visits to our website.

(b) Information regarding any transaction made between you and us or in any case in relation to our website, including information on any purchase of our products and services.

(c) Information you provide us to register on our web services, email notifications, etc.

(d) Any other information you decide to send us.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or by means of specific explanation texts displayed prior to the data collection.
Personal Data may be freely provided by the User or in case of Usage Data, they are collected automatically when using this Application.
Unless otherwise specified, all Data requested by this Application are mandatory. The User’s refusal to provide them may make it impossible for this Application to provide its Services. In cases where this Application states that some Data are not mandatory, Users are free not to communicate such Data, without consequences as to the availability of the Service or its functioning.
Users who are uncertain about which Data are mandatory are invited to contact the Data Controller.
Any use of Cookies – or of other tracking tools – by this Application or by the owners of third-party services used by this Application, unless otherwise specified, serves the purpose of providing the Service requested by the User, in addition to any other purposes described herein and in the Cookie Policy, if available.

Users are responsible for any third-party Personal Data that are obtained, published or shared through this Application and confirm that they have the right to communicate and spread them, thus holding the Data Controller harmless from any third party liability.

MODE AND PLACE OF DATA PROCESSING

PROCESSING MODES

The Data Controller shall adopt all appropriate security measures to prevent unauthorized access, disclosure, amendment, or destruction of the Personal Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessed by other persons involved in the functioning of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, media agencies) appointed, if necessary, also as Persons in Charge of Data Processing by the Data Controller. The updated list of such Data Processors can be requested to the Data Controller at any time.

LEGAL BASIS FOR DATA PROCESSING

The Data Controller shall process Personal Data relating to Users if one of the following conditions are met:

  • The User has given consent for one or more specific purposes; Note: in some legal systems, the Data Controller may be authorized to process Personal Data without the User’s consent or one of the other legal bases set forth hereinafter, until the User decides to opt out of such processing. However, this does not apply if the Personal Data processing is governed by EU laws on Personal Data protection;
  • Processing is necessary for the performance of a contract to which the User is party and/or for any pre-contractual obligations thereof;
  • Processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

In any case, it is always possible to ask the Data Controller to clarify the specific legal basis that applies to each processing, and in particular whether the Processing is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

PLACE

The Data are processed at the Data Controller’s headquarters and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.
The User’s Personal Data may be transferred to a country other than the one in which the User is located. To find out more about the place of processing, Users can check the section containing details about the processing of Personal Data.

Users are entitled to obtain information about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, as well as about the security measures adopted by the Data Controller to protect their Data.

If any of the above described transfers takes place, Users can find out more by checking the relevant sections of this document or inquire with the Data Controller based on the contact details set forth at heading.

RETENTION PERIOD

The Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

  • Personal Data collected for purposes related to the execution of a contract between the Data Controller and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the Data Controller’s legitimate interest shall be retained until the fulfillment of such interest. Users may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

If the processing is based on the User’s consent, the Data Controller may store the Personal Data for a longer period, until consent is withdrawn. Furthermore, the Data Controller may be obliged to retain the Personal Data for a longer period in order to comply with a legal obligation or upon the order of an authority.

Once the retention period expires, the Personal Data shall be deleted. Therefore, the right to access, erase, rectify data and the right to data portability may no longer be exercised following the expiration of such term.

PURPOSES OF DATA PROCESSING

User Data are collected to allow the Data Controller to provide its Services, as well as for the following purposes: Management of User Database, Statistics, Management of landing page and invitation pages, Management of payments and Remarketing and behavioral targeting.

For further information on the purposes of the processing and the Persona Data used for each purpose, Users can make reference to the relevant sections herein.

DETAILS ON PERSONAL DATA PROCESSING

REMARKETING AND BEHAVIORAL TARGETING

These kinds of services allow this Application and its partners to communicate, optimize and display advertisements based on past use of this Application on part of Users.

This activity is performed by tracking Usage Data and by using Cookies; the relevant information is transferred to the partners to which remarketing and behavioral targeting is linked.

In addition to the opt out option offered by the following services, Users may opt out from receiving third party cookies, by visiting the Network Advertising Initiative opt out page. Detailed information on services:

  • Facebook Custom Audience (Facebook Inc.): Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook Inc which links the activities of this Application with Facebook’s advertising network. Personal Data collected: e-mails and cookies. Place of Processing: USA – Privacy Policy – Opt-Out
  • Facebook Remarketing (Facebook Inc.): Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook Inc which links the activities of this Application with Facebook’s advertising network. Personal Data collected: cookies and usage data. Place of Processing: USA – Privacy Policy – Opt-Out
  • Remarketing with Google Analytics (Google Inc.): Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google Inc which links the tracking activities performed by Google Analytics and its Cookies with the advertising network of Adwords and the Doubleclick Cookie. Personal Data collected: cookies and usage data. Place of Processing: USA – Privacy Policy – Opt-Out
  • Adwords Remarketing (Google Inc.): Adwords Remarketing is a remarketing and behavioral targeting service provided by Google Inc. Personal Data collected: cookies and usage data. Place of Processing: USA – Privacy Policy – Opt-Out

MANAGEMENT OF PAYMENTS

Payment management services allow this Application to process payments through credit card, wire transfer or other methods. The data used for payments are collected directly by the relevant payment service provider, and are in no way processed by this Application.

Some of these services may send out automatic emails to Users, such as e-mails containing invoices or information regarding the payment. Detailed information on services:

  • Stripe (Stripe Inc.): Stripe is a payment service provided by Stripe Inc. Personal Data collected: e-mails and various types of Data as set forth in the privacy policy of the service.  Place of Processing: USA – Privacy Policy
  • PayPal (PayPal Inc.): Paypal is a payment service provided by PayPal Inc. Personal Data collected: e-mails and various types of Data as set forth in the privacy policy of the service.  Place of Processing: USA – Privacy Policy 

RIGHTS OF USERS

Users may exercise certain rights with regard to the Data processed by the Data Controller.

In particular, Users have the right to:

  • Withdraw their consent at any time. Users may withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users may object to the processing of their Data if such processing is carried out on a legal basis other than consent. Further details on their right to object are provided hereinafter.
  • Access their Data. Users have the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to obtain a copy of the Data that has been processed.
  • Verify and request rectification. Users may verify the accuracy of their Data and ask for them to be updated or rectified.
  • Restrict the processing of their Data. Under certain conditions, Users may restrict the processing of their Data. In this case, the Data Controller will not process their Data for any purpose other than storing them.
  • Obtain the deletion or removal of their Personal Data. Under certain conditions, Users may request the deletion of their Data on part of the Data Controller.
  • Receive their Data or have them transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable when the Data is processed by automated means and the processing is based on the User’s consent, pursuant to a contract which the User is a party to or to pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority or to file an action in court.

DETAILS ON THE RIGHT TO OBJECT TO PROCESSING

Where Personal Data are processed for a public interest, in the exercise of an official authority vested in the Data Controller or to pursue a legitimate interest pursued by the Data Controller, Users have the right to object to such processing, on grounds relating to their particular situation.

Users must know that if their Personal Data are processed for direct marketing purposes, they can object to such processing without providing any justification. To learn whether the Data Controller is processing Personal Data for direct marketing purposes Users can make reference to the relevant sections herein.

HOW TO EXERCISE THESE RIGHTS

In order to exercise their rights, Users can make a request to the Data Controller through the contact details provided herein. Such requests can be made free of charge and shall be addressed by the Data Controller as soon as possible, and in any case within one month.

COOKIE POLICY

This Application uses Cookies. To learn more and for a detailed information notice, Users can consult the Cookie Policy.

FURTHER INFORMATION ON DATA PROCESSING

LEGAL ACTION

The User’s Personal Data may be used by the Data Controller in court or in the preliminary stages leading to the start of a legal action, in order to respond to the improper use of this Application or the related Services on part of the User.
The User declares to be aware that the Data Controller may be required to reveal Data upon the request of public authorities.

ADDITIONAL INFORMATION

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning specific Services or the collection and processing of Personal Data upon request.

SYSTEM LOGS AND MAINTENANCE

For operational and maintenance purposes, this Application and any third party services may collect System logs, i.e., files that record interactions and which may also contain Personal Data, such as the User’s IP Address.

INFORMATION NOT CONTAINED IN THIS POLICY

Further information concerning the processing of Personal Data may be requested to the Data Controller at any time by using the contact information contained herein.

HOW “DO NOT TRACK” REQUESTS ARE HANDLED

This Application does not support “Do Not Track” requests.
To learn whether any of the third party services it uses support the “Do Not Track” requests, Users are invited to consult their privacy policies.

AMENDMENTS TO THIS PRIVACY POLICY

The Data Controller reserves the right to amend this privacy policy at any time by informing its Users on this page and, if possible, on this Application as well as by sending a notice to Users via any contact information held by the Data Controller, if this is technically and legally feasible. Users are invited to consult this page regularly and make reference to the date of the latest updates at the bottom of this page.

Should the amendments concern processing activities whose legal basis is the User’s consent, the Data Controller shall request the User’s consent again, if necessary.

DEFINITIONS

PERSONAL DATA (OR DATA)

Personal Data means any information which, whether directly or indirectly, also in connection with any other information, including a personal identification number, identifies or allows for the identification of a natural person.

USAGE DATA

The information collected automatically through this Application (also by third party Applications integrated in this Application), among which: IP addresses or domain names of computers accessed by users to connect to this Application, web addresses URI (Uniform Resource Identifier), time of request, method used to make a request to the server, size of file obtained as response, server response status code (successful, error, etc.), country of origin, the features of the browser and the operating system used by the visitor, the various time details per visit (e.g., the time spent on each page) and details regarding the path followed within the Application, with special reference to the sequence of pages visited, the parameters pertaining to the operating system and the User’s IT environment.

USER

The person using this Application who, unless otherwise specified, coincides with the Data Subject.

DATA SUBJECT

The natural person to whom the Personal Data make reference.

PERSON IN CHARGE OF DATA PROCESSING (OR DATA PROCESSOR)

The natural person, entity, public administration and any other entity which processes the personal data on behalf of the Data Controller, pursuant to the provisions contained herein.

DATA CONTROLLER (OR CONTROLLER)

The natural person, entity, public administration, service or other body which, whether individually or with others, establishes the purposes and means for the processing of the personal data and the tools to be used, including the security measures pertaining to the functioning and use of this Application. The Data Controller, unless otherwise specified, is the owner of this Application.

THIS APPLICATION

The hardware and software by means of which the Personal Data of Users are collected and processed.

SERVICE

The Service provided by this Application as defined in the relevant terms and conditions (if applicable) on this website/application.

EUROPEAN UNION (OR EU)

Unless otherwise specified, all references to the European Union contained herein are to be understood as extending to all current members of the European Union and the European Economic Area.

COOKIES

Small portions of code stored on the User’s device.

LEGAL INFORMATION

This information notice has been drawn up on the basis of multiple legal frameworks, including articles 13 and 14 of (EU) Regulation 2016/679.

Unless otherwise specified, this privacy policy refers exclusively to this Application.