Privacy policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Pursuant to Article 13 of Regulation (EU) 679/2016 and of

Legislative Decree 30 June 2003 n. 196 and subsequent amendments


Dear Customer,


in providing us with your personal data, we invite you to read this information, specifying that "Personal data" means what is indicated in Article 4 of Regulation (EU) 679/2016 (GDPR).

Personal data are used by Dorado S.r.l., which is the data controller for the processing, in compliance with the data protection principles established by the GDPR i.



1. METHOD AND PURPOSE OF DATA PROCESSING

We inform you that the data will be processed with the support of the following means:

a) Paper (registration forms, order forms, etc.)

b) IT (management software, accounting, etc.)

c) Telematics

Personal data are collected and processed with the exclusive purpose of the correct and complete performance of our commercial activity towards you (pre-contractual, contractual purposes, relating to the supply of the requested products / services).

The records required by law will also be kept, both accounting and of other nature (purpose

administrative and accounting, fulfillment of legal obligations).



Unless explicitly refused by the interested party, personal data may also be processed for the following purposes:

- sending proposals and commercial communications by post, e-mail, SMS, fax;

- market surveys and statistics.



2. LEGAL REQUIREMENTS FOR DATA PROCESSING

As part of our commercial activity, personal data will be processed in compliance with the general principles of lawfulness, necessity, correctness, relevance and non-excess, on the basis of the fulfillment of pre-contractual agreements or existing contractual obligations, of your specific consent (if required ) or in fulfillment of legal obligations.

The provision of data is mandatory for all that is required by legal and contractual obligations and therefore any refusal to provide them in whole or in part may result in the impossibility of providing the requested products / services.



3. CATEGORIES OF RECIPIENTS

The personal data collected may be:

made available to the Data Controller's Collaborators, as subjects authorized to process the processing for the aforementioned purposes;
processed by third parties, natural or legal persons, only if functional to the performance of the services requested from us, that is to consultants of the Data Controller (as external managers) for the aspects of their competence (of an administrative, commercial, accounting or legal nature) and according to the procedures required by law;
potentially accessible by external managers of the owner for maintenance, control or verification of the tools used for the treatment.


4. TRANSFER OF DATA

Personal data will not be disseminated (except for the above) and will not be transferred to any foreign country; however, the Data Controller reserves the right to use cloud services and in this case the service providers will be selected from those who provide adequate guarantees, as required by art. 46 of the GDPR.



5. PERIOD OF CONSERVATION

The data required for contractual and accounting purposes are kept for the time necessary to carry out the commercial and accounting relationship.

The data of those who do not purchase or use products / services, despite having had a previous contact with company representatives, will be immediately deleted or treated anonymously, where their conservation is not otherwise justified, unless it has been validly acquired. the informed consent of the interested parties relating to a subsequent commercial promotion or market research activity.



6. RIGHTS OF THE INTERESTED PARTY

Pursuant to the GDPR, the interested party may, according to the methods and within the limits established by current legislation,

exercise the following rights:

Right of Access (Article 15) ii: you can ask for confirmation of the existence or not of an ongoing processing of your data;
Right of rectification (article 16) iii: you can ask us for changes, updates and corrections of data especially if they are not accurate;
Right to Erasure (article 17) iv may ask us to erase all or almost all of your personal data provided that the processing is no longer necessary or if by law we do not have the right / obligation to continue processing them;
Right to restriction of processing (Article 18) v: you can ask us to limit the use we make of your data (eg if your personal data are incorrect or if their possession is not legal).
Right to data portability (article 20) vi: you can ask us for a copy of your personal data;
Right of Opposition (Article 21) vii: you can ask us to stop using all of your personal data (e.g. if by law we do not have the right to continue to use them).


It also has the right to withdraw any consent given to the processing of data at any time, the withdrawal takes effect from the moment we become aware of it and does not affect the lawfulness of the processing based on the consent previously given.

Finally, you have the right to lodge a complaint with a supervisory authority.

In all cases described, the exercise of rights will be brought to the attention of those to whom the personal data have been disclosed, except in the cases of exemption provided for by the Regulations.

In some cases (cancellation, limitation, opposition) the exercise of the Rights may no longer make it possible, in whole or in part, to provide the Performance / Services in your favor.

All the rights described are exercised with a request addressed without formalities via email to the address sales@the-body-shop.it to the Data Controller or Data Protection Officer, also through a person in charge, to whom suitable feedback will be provided without delay.



7. IDENTIFICATION OF THE HOLDER OF THE TREATMENT

The Data Controller is the undersigned Dorado S.r.l., with registered office in Rome, Via Ettore Bertolè, in the person of the legal representative, electively domiciled, for the provisions of which

to the GDPR, at the headquarters of the writer and who can be contacted for the purposes of the aforementioned Regulation at the email sales@the-body-shop.it.







i "personal data": any information concerning an identified or identifiable natural person ("interested party"); the natural person is considered identifiable who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social.

ii Article 15 Right of access of the interested party 1. The interested party has the right to obtain from the data controller confirmation that the processing of personal data concerning him is in progress and in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations; d) when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the data subject, all available information on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party. 2.If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to Article 46 relating to the transfer. 3.The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format. 4. The right to obtain a copy referred to in paragraph 3 must not affect the rights and freedoms of others.

iii Article 16 Right of rectification The interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

iv Article 17 Right to cancellation ("right to be forgotten") 1.The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller is obliged to cancel without undue delay, personal data, if one of the following reasons exists: a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes i