PERSONAL DATA POLICY IN ACCORDANCE TO art. 13 Reg. UE 2016/679

Dear Customer,

the information provided below describes, as required by the EU Regulation 2016/679, the processing operations performed on your personal data.

1. DATA CONTROLLER

Data controller is PDT Cosmetici S.r.l. (P.IVA 04754730721)

Registered office: Viale Cavalieri del Lavoro, 45/47 – 70017 Putignano (BA)

PEC: pdtcosmeticisrl@pec.it

E-mail: gdpr@pdtcosmetici.it.

2. PURPOSES AND LEGAL BASIS FOR THE PROCESSING

a. The personal data collected from sending request, site registration form and subsequent stages are processed for the following purposes and on the legal basis indicated below. We need these data to provide the requested service.

PurposeData categoriesLegal BasisFor example
Compliance with a legal obligationPersonal dataProcessing is necessary for compliance with a legal obligation to which the controller is subject (art. 6, 1, c)For example, we need personal data for issuing invoice.
Performance of the contract or the servicePersonal dataProcessing is necessary for the performance of a contract to which the data subject is party (art. 6, 1, b)For example, we need personal data for delivery or return.
Litigation managementPersonal dataProcessing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (art. 6, 1, f)For example, we need personal data to manage legal disputes.

b. In addition, if you have already purchased products from the controller or if you are however customer, some personal data might be processed for further purposes. This shall be without prejudice to the right to object.

PurposeData categoriesLegal BasisFor example
Newsletter and direct marketingPersonal data (name, last name, e.mail)Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (art. 6, 1, f)For example, we may send a newsletter.

c. Finally, if you have never been customer, some personal data might be processed for further optional purposes:

PurposeData categoriesLegal BasisFor example
Personal data (name, last name, e.mail)Personal data (name, last name, e.mail)Consent (art. 6, 1, a)For example, we may send a newsletter. You have the right to withdraw the consent at any time.

3. DATA DISCLOSURE

In connection with previous purposes, we may communicate personal data collected to the following categories of recipient:

RecipientReason
Public bodies, public authoritiesLegal obligation
Banks and credit institutions Insurance company. Advisers and consultants Companies or organizations which provide services for the controller (for ex. IT service, Forwarding services)Ancillary disclosure

4. DATA DISSEMINATION

Personal data shall not be disseminated.

5. DATA TRANSFER TO THIRD COUNTRIES

The controller may transfer personal data to third countries for ancillary reasons connected to previous purposes. Any transfer of personal data shall be based on:
– an adequacy decision;
– appropriate safeguards;
– binding corporate rules.

6. DATA RETENTION

Personal Data will be processed by the Controller: for no longer than is needed for the purposes of the contract although further retention required by law, for purposes under 2.a and 2.b (except opposition); for 5 years for purposes under 2.c (except withdraw).

7. RIGHTS OF DATA SUBJECTS

You are entitled to exercise the following rights at any time: right of access, right to rectification, right to erasure; right to restriction of processing, right to object, right to data portability, right to withdraw the consent.
You have also the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data by the Controller is in violation of the Regulation or applicable law.
To exercise any of the above rights, you have to contact the Controller by writing to the contacts under point 1.

8. AUTOMATED DECISION-MAKING

The controller does not adopt automated decision-making, including profiling.