Client's information | Pettenon Cosmetic Spa

Client privacy notice pursuant to art. 13 et seq. of EU Reg. 2016/679 ("GDPR")

Introduction	The purpose of this privacy policy is to explain how Pettenon Cosmetics S.p.A. SB collects, processes and stores personal data relating to Data Subjects as customers.
Data Controller	The Data Controller is Pettenon Cosmetics S.p.A. SB, with registered office in San Martino di Lupari (PD), Via del Palù, 7d, VAT number and Tax Code 04937500280. Pettenon Cosmetics S.p.A. SB can be contacted: by writing an e-mail to privacy@pettenon.it; by phone at +39 049 99888; by ordinary mail, to the address of the registered office as indicated above.
DPO/DPO	Pettenon Cosmetics S.p.A. SB has appointed a Data Protection Officer ("DPO"). This function can be contacted at dpo@pettenon.it.
Categories of data processed	For the pursuit of the purposes indicated, Pettenon Cosmetics S.p.A. SB will process the following categories of personal data: personal data identifying the customer, or of the customer's employees and collaborators if a legal person (); personal (professional) contact data of the customer, or of the customer's employees and collaborators if they are a legal person (); personal data related to economic relations with the customer (*) information related to the evaluation of the products and services provided by the Data Controller.
Sources of processed data	The main source of personal data is the Data Subject. Other sources include: with reference to some data of the Data Subject (e-mail, company contact details, role) the source may be the company and/or commercial activity where the Data Subject works he/she works; With reference to data such as contained in the Chamber of Commerce and/or relating to the state of solvency, the sources may be the Chambers of Commerce and credit information companies.
Consequences in case of failure to provide personal data	The provision of personal data marked with the symbol (*) is mandatory: in the absence of them, it is impossible for Pettenon Cosmetics S.p.A. SB to carry out the related processing activities, as envisaged by the purposes listed below. The provision of all other personal data is optional: in the absence of such data, Pettenon Cosmetics S.p.A. SB will not be able to carry out all or part of the processing envisaged, with the consequent impossibility of proceeding with the relevant processing.
Purpose, legal basis and storage time	Purpose	Legal bases	Storage time
	(1) Carry out the operations connected and instrumental to the acquisition of preliminary information at the conclusion of the contract	6 (1) (b), for the fulfilment of needs related to pre-contractual activities	Until the possible approval or formalization of the contract, without prejudice to any further storage provided for by Italian and European regulations
	(2) Manage customer relationships, including accounting, ordering, billing management	6 (1) (b), for the fulfilment of needs related to the contract	For the entire duration of the contract and thereafter if required by law
	(3) Perform operations imposed by regulatory obligations inherent in the contract, including the archiving of documents	6 (1) (c), for compliance with a legal obligation to which the Owner is subject	For the period imposed by legal obligations, regulations and EU legislation
	(4) Carry out administrative, accounting, contractual and financial analyses and checks, also in order to assess any elements detrimental to the establishment or continuation of the relationship	6 (1) (f), for the pursuit of the legitimate interest of the Data Controller consisting in monitoring the quality of the services provided and avoiding risk situations	Until the end of the operations analysis and verification of data, i.e. for the period necessary to evaluate the results of the activities carried out
	(5) To share data with third parties (independent owners) for the purposes of administrative and accounting management of the receivables claimed by the company, including the assignment of receivables or advance invoices	6 (1) (f), for the pursuit of the legitimate interest of the Data Controller consisting in obtaining liquidity before payment deadlines or pending payment	For the entire duration of the contract and thereafter if required by law
	(6) To carry out marketing communications on products, services and/or initiatives to the e-mail address or other addresses including the telephone, also electronically with the aid of automated tools	6 (1) (a), based on the consent expressed by the Data Subject	Until the withdrawal of consent or the request for deletion of data, and in any case for a maximum of 36 months from the registration of consent or its renewal in the manner provided for by the Data Controller's systems
	(7) To carry out marketing communications on products, services and/or initiatives at the e-mail address, also with the aid of automated tools, following purchases of products or services of the Data Controller (so-called "soft spam")	6 (1) (f), for the pursuit of the legitimate interest of the Data Controller by virtue of and within the limits of the provision of art. 130 of Legislative Decree 196/2003 and subsequent amendments. ("Italian Privacy Code")	Until the objection of the data subject communicated in the manner provided by the Data Controller, and in any case for a maximum of 36 months from the last purchase of products or services
	(8) To carry out market research and/or evaluation interviews of the Data Controller's products-services at telephone and e-mail numbers, also electronically with the aid of automated tools	6 (1) (f), for the pursuit of the legitimate interest of the Data Controller in inviting the customer to the initiative, and subsequently 6 (1) (a), based on the consent expressed by the Data Subject	With reference to the invitation, until any objection; with reference to market research and/or interview data, until consent is revoked or data deletion is requested, and in any case until any anonymization of the information collected
	(9) Analyze information relating to commercial activity to better understand customer habits and also guide purchases through marketing communications and specific initiatives (to the addresses provided), taking into account the analysis itself	6 (1) (a), based on the consent expressed by the Data Subject	Until the withdrawal of consent or the request for deletion of data, and in any case for a maximum of 36 months from registration, except for a real anonymization that does not allow, even indirectly or by cross-referencing the information with other databases, to identify the data subjects
	(10) To share the Data Subject's data with the other Companies of the AGF88 Group in order to coordinate the Group's activities, thus avoiding overlapping customers and reporting any outstanding payments and risks in the interest of the AGF88 Group	6 (1) (f), for the pursuit of the legitimate interest of the Data Controller consisting in having qualified customers and avoiding commercial overlaps	For the entire duration of the contract, except for the exercise of the rights attributed by law to the Data Subject
Categories of subjects who may process personal data	Within the limits of the obligations, tasks and purposes indicated above, personal data will be processed exclusively by personnel (employees and/or external collaborators) of Pettenon Cosmetics S.p.A. SB, as well as by third parties appointed as Data Processors pursuant to Article 28 of the GDPR. The list of Data Processors can be requested from Pettenon Cosmetics S.p.A. SB by writing to the references indicated above.
Scope of communication and dissemination of personal data	Personal data may only be disseminated with the express consent given by the Data Subject. Pettenon Cosmetics S.p.A. SB may also communicate personal data to third parties (independent data controllers), even without the consent of the Data Subject, in order to execute legal obligations, including: public and private bodies, including following inspections or audits (e.g. tax authorities, social security institutions); subjects who may access the data by law (e.g. Tax Police bodies, Judicial authorities).
International transfers	In relation to the technological tools used by Pettenon Cosmetics S.p.A. SB and/or its Processors, personal data may be transferred outside the European Economic Area ("EEA"): in such cases, Pettenon Cosmetics S.p.A. SB guarantees that the transfer will only take place to countries (i) considered adequate by the European Commission, (ii) that have entered into Standard Contractual Clauses or (iii) that have other eligibility mechanisms for relocation outside the EEA. You can always contact Pettenon Cosmetics S.p.A. SB at the references indicated for more information on the transfer of your personal data outside the EEA.
Rights of the Data Subject	At any stage of the processing, the Data Subject may exercise the rights provided for by the GDPR, and in particular the right to: access their personal data, as well as obtain their rectification or deletion; obtain the limitation of processing concerning you; object to the processing, in the event that Pettenon Cosmetics S.p.A. SB exercises its legitimate interest; obtain data portability, where applicable; revoke consent, where applicable: the revocation does not affect the lawfulness of the processing already carried out and based on the consent previously given; lodge a complaint with the supervisory authority: for Italy, with the Italian Data Protection Authority (www.gpdp.it). The exercise of the rights referred to above can be done by sending a request to the Data Controller's references indicated above or by contacting the DPO.