Skip to main content

Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force in Italy (D.Lgs.196/03)

1.    General information
The undersigned Company (Pettenon Cosmetics S.p.A. SB), hereinafter also indicated simply as the "Company", hereby communicates information on the processing of your data/company data represented by you (e.g. personal data, addresses, tax code, VAT number, data necessary for the management, including administrative management, of customers, the execution of the contract and the fulfilment of legal obligations, data relating to payments, data necessary to defend or enforce a right of the Company). Only the data necessary for the pursuit of the purposes envisaged in this information notice will be requested and processed by the Company. Some data (those contained in Chamber of Commerce searches and those on solvency status found at credit information companies used for contractual and pre-contractual purposes as well as for legitimate interests such as those of verifying the existence and data of the customer as well as any prejudicial circumstances) may also be found in Chamber of Commerce searches and at credit information companies. 
If the data subject is a legal person, the GDPR does not apply to it. However, the GDPR, and thus what is stated in this information notice, does apply to employees and also to the legal entity for the activities referred to in points 2 (G) and 2 (E) with regard to e-mails, messages (both text messages and via messaging apps) and automated call or call communication systems without the intervention of an operator..
2.    Purposes and legal basis
The Company may process data for the following purposes:
A)    for pre-contractual purposes if a contract has yet to be signed; the legal basis of the processing is the need to execute pre-contractual measures taken at the request of the data subject;
B)    for contractual purposes (e.g. order management, administrative-accounting fulfilments, customer management, sending of information notes on new products to be marketed that are part of the brands covered by the contract ...); the legal basis of the processing is the need for the execution of the contract
C)    to comply with legal obligations, regulations and EU legislation; the legal basis of the processing is the fulfilment of legal obligations;
D)    to assert or defend a right of the Company and therefore for a legitimate interest of the Company itself consisting in allowing the defence and actions for its own protection, including possible debt collection actions; the legal basis of the processing is the pursuit of legitimate interests. In considering these legitimate interests, it has been analysed that they do not compromise or interfere with the interests or fundamental rights and freedoms of the data subject (the legitimate interest has been assessed on the basis of a Triple Test available by contacting the Company);
E)    to assess possible detrimental effects on the establishment or continuation of the relationship (e.g. company in liquidation) and therefore for a legitimate interest consisting in preventing risky situations; the legal basis of the processing is the pursuit of legitimate interests. In considering these legitimate interests, it has been analysed that they do not compromise or interfere with the interests or fundamental rights and freedoms of the data subject (the legitimate interest has been assessed on the basis of a Triple Test available by contacting the Company); 
F)    to assign or discount receivables (and thus for a legitimate interest of the Company in obtaining liquidity before payment deadlines or pending payment); the legal basis of the processing is the pursuit of legitimate interests. In considering such legitimate interests, it has been analysed that they do not compromise or interfere with the interests or fundamental rights and fundamental liberties of the data subject (the legitimate interest has been assessed on the basis of a Triple Test available by contacting the Company); 
G)    In order for the Company to carry out marketing communications on its products/services/initiatives, all by the Company to the e-mail address indicated by you or to other addresses including telephone and postal address (please note that the sending of e-mails and SMS/MMS, messaging apps, may also be carried out electronically with the aid of automated tools); the processing has consent as its legal basis;We inform you that you may also communicate that you wish to be subject to the activities only through e-mail or only through telephone or postal communications by writing to privacy@pettenon.it.Please note that these communications do not include the information notes under point 2 letter A, which are communications that are instead necessary to fulfil the contract;
H)    for the purpose of carrying out market research and/or interviews to evaluate the Company's products and services, all by the Company at the telephone and e-mail addresses indicated by you in the form (we inform you that e-mails and messages on the telephone may also be sent electronically with the aid of automatic tools). We inform you that you may also communicate that you wish to be subject to the activities only by e-mail or only by telephone communication, by contacting the company at the contact details indicated in point 6. You may revoke your consent for these purposes at any time by contacting the company at the addresses indicated in point 6; consent for these purposes is always freely revocable at any time by contacting the company at the addresses indicated below; the legal basis for the processing is consent;
I)    to analyse information relating to commercial activity in order to better understand customer habits and also to guide purchases through marketing communications and specific initiatives (at the addresses provided) all taking into account the analysis itself. Consent for said purposes is always freely revocable at any time by contacting the company at the addresses given; the legal basis for the processing is consent; see also point 10.
L)    in order to share your data with the other companies of the AGF88 Group for the purpose of coordinating the Group's activities, thus avoiding overlapping of customers and reporting any insolvencies and risks (e.g. bankruptcy, prejudicial) in the interest of the AGF88 Group; all for the legitimate interests of having qualified customers and avoiding commercial overlaps; the legal basis of the processing is the pursuit of legitimate interests. In considering these legitimate interests, it has been analysed that they do not compromise or interfere with the interests or fundamental rights and freedoms of the data subject (the legitimate interest has been assessed on the basis of a Triple Test available by contacting the Company).


3.    Mandatory nature of the provision
The provision of the requested data is necessary for the purposes indicated in point 2 letter A, B, C, D and therefore any refusal to provide such data in whole or in part may make it impossible for the Company to execute the contract or continue the relationship. 
The provision of data for the purposes indicated in point 2 letter E is optional, but failure to provide such data may result in the impossibility of entering into or continuing the relationship. 
The provision of data for the purposes set out in point 2 letter F is optional but failure to provide it may make it impossible to undertake or continue the relationship. 
The provision of the data required for the purposes set forth in point 2 letter G and I is optional as is the relative consent (which can always be freely revoked by contacting the Company) and failure to provide the data and consent shall not entail any consequence other than that the Company shall not be able to carry out the activities indicated in the point or shall not be able to carry them out at the addresses not provided; 
the provision of the data for the purposes referred to in point 2 letter L is optional but failure to provide it may result in the impossibility of following up the contract or continuing the relationship.

4.    Data addressee categories
Without prejudice to further communications (of which you/the company/company you represent will be informed in any case if the communications themselves are not already known) that may be necessary to fulfil legal and contractual obligations, the data collected and processed may be communicated by the Company (communicating the data only if necessary for the pursuit of the purposes indicated in this information notice and communicating only the indispensable data):
- for the purposes indicated in point 2 letter B to banks, professionals (e.g. lawyers), consultants and, auditors), service companies, transporters, forwarding agents judicial authorities and police and supervisory bodies, public bodies, post-couriers (communicating the data necessary to send any communications); 
- for the purposes indicated in point 2 letter C to judicial authorities and police and supervisory bodies, public bodies;
- for the purposes indicated at point 2 letter D to professionals (e.g. lawyers), judicial authorities and police and supervisory bodies, public bodies, post-courriers (communicating the data necessary to send any communications);
- for the purposes indicated in point 2 letter F to factoring companies or companies to which credits are assigned, not to banks, to forwarding agents in the case of sending communications/paper material;
- for the purposes indicated in point 2(G) the data may be communicated to carriers and forwarding agents in the case of sending paper material.;
- for the purposes of point 2(L) the data may be communicated to companies in the AGF 88 group.
For the purposes indicated in point 2 letters A, E, H, I, the data will not be disclosed to third parties.
The data may also be known by the subjects specifically delegated by the company to process the data (administrative/legal and logistics staff, commercial staff also external to the Company, marketing staff also external to the Company, members of the Board of Directors and Board of Statutory Auditors, agents, area managers, IT technicians and information systems staff, consultants also external to the Company - e.g. quality/certification consultants, IT consultants, lawyers, tax consultants - interns, collaborators of the data processors. quality/certification consultants, IT consultants, legal consultants, tax consultants - interns, collaborators of the data processors) and data processors (companies that perform auxiliary activities to those of the Company such as IT consultants, accountants and tax consultants, consultancy companies in general, companies that send communications) always appointed by the Company and whose list can be found by contacting the data controller. 
Please note that for debt collection activities, the Company may make use of debt collection companies and lawyers whose names will be available from the data controller and who may act as data processors or independent data controllers. The names of such persons, if appointed as data processors, will in any case be communicated to you before entrusting the case to them.
5.    Data retention
The data will be stored and processed by the Company for as long as is necessary for the pursuit of the purposes contained in this notice. The period of data retention is as follows:
-for pre-contractual purposes until the eventual approval or formalisation of the contract, unless further retention is required by Italian and European regulations;  
- for contractual purposes for the entire duration of the contract and in any case for as long as necessary for the purposes of point 2 letter C and D
- for legal obligations, regulations and EU legislation, for the periods imposed by these regulatory sources;
-for the purposes referred to in point 2 letter E until the data are analysed;
-for the purposes referred to in point 2 letter F for the entire duration of the contract and thereafter if required by legal obligations;
- for the purposes set forth in point 2 letter G and H, until revocation of consent or request for deletion without prejudice to storage for the purposes set forth in point 2 letter C 2 letter D.  By 31 December of the second year following the year in which you gave your consent, you will in any case be sent a communication to understand whether or not you are still interested in being subject to the activities referred to in point 2(G) and 2 (H)  and therefore in the retention of the data by the Company for the purposes indicated in this point and if this interest ceases, the data will be deleted without prejudice to storage for the purposes set forth in point 2 letter C 2 letter D. If, on the other hand, there is still your interest in being subject to the activities referred to in points 2(G) and 2(H) and therefore to the retention of data by the Company for the purposes indicated in that point, by 31 December of the second year from the communication, you will be sent a further communication of the same nature and so on until your interest remains..
-for the purposes indicated in point 2 letter L, for the entire duration of the contract, except for the exercise of the rights indicated in point 7 of this information notice;
-for the purposes indicated in point 2 (I) until the revocation of consent or the request for cancellation (always possible by writing to the Company's contact details) or for a maximum of 12 months after registration, unless the data is truly anonymised so that it does not make it possible, even indirectly or by cross-referencing the information with other databases, to identify the data subjects;
- in any case, all data may be retained for a period necessary to assert or defend a right of the Company, in accordance with Italian civil and criminal law, and therefore for a maximum of 10 years from the termination of the relationship, except in the event of litigation or disputes that require a further retention period and subject to further retention if required by local regulations applicable to the data subjects.
6.    Data Controller and Data Protection Officer
The Data Controller of the data provided is: Pettenon Cosmetics S.p.A. SB with registered office in Via del Palù, 7/d, 35018 - San Martino di Lupari (PD), Tel. +39 049 99888 FAX +39 049 9988809, e-mail privacy@pettenon.it.
There is a Data Protection Officer for the Company, who can be contacted at the Company's registered office in Via del Palù, 7/d, 35018 - San Martino di Lupari (PD), as well as at the e-mail address dpo@pettenon.it
7.    Rights
Please note that the GDPR provides that the data subject may request (by contacting us at the contact details set out in point 6) access to and rectification of your personal data, erasure of your data or limitation of the processing concerning you, data portability; you may also have the opportunity, again by contacting us, to oppose the processing of your data and to exercise the other rights contained in Chapter 3 Section 1 of the GDPR, including the right to withdraw consent, where applicable: the withdrawal of consent shall not affect the lawfulness of the processing based on the consent given before the withdrawal.
8.    Complaints 
If you believe that the processing of data is in breach of the provisions of the GDPR, you have the right to lodge a complaint with the Italian Supervisory Authority (whose contact details can be found at www.garanteprivacy.it), as provided for in Article 77 of the GDPR, or to take appropriate legal action (Article 79 of the GDPR).  
In addition, he may also apply to the Control Authority of the state where he normally resides or works.
The list of Supervisory Authorities can be found at www.garanteprivacy.it/home/footer/link).
9.    Data of collaborators/employees
Please note that should the data subject to whom this information notice is addressed need to communicate to the Company, for reasons inherent to the performance of the contract, the names and contact details of his or her collaborators, the data subject shall inform the collaborator of the information contained in this notice and of the fact that he or she will communicate the data to the Company, which may process the data for reasons inherent to the performance of the contract, obtaining his or her consent to the communication and processing where necessary.
10.    Logic used for profiling
The profiling referred to in point 2(L) is carried out by the Company through the analysis, also in an automated way, of the data (e.g. category of activity, target clientele, geographical area) and of the characteristics and actions of the data subject (e.g. adhesion to an event, adhesion to particular initiatives, purchase of certain products, filling in questionnaires, actions carried out while surfing the Company's websites if the data subject has accepted profiling cookies on the websites themselves, various actions such as, for example, the evaluation of the actions carried out when receiving marketing e-mails such as whether or not to open them). A profile is then created, which is also placed in specific groups (clusters). Profiling has the purposes indicated in point 2(L) and therefore to better understand the customer's propensity to purchase and also to propose services and products in line with the customer's needs through specific communications and initiatives; this processing, however, does not constitute a particular risk for the customer given the type of basic profiling that does not require data of a particularly delicate nature or that would allow particularly confidential aspects of private life to be reconstructed in detail. In any case, the data subject will always have the right to obtain human intervention, to express his opinion, to obtain an explanation of the decision taken and to contest the decision
11.    Processing procedures
The data may be processed by the Company in paper, manual, computer and telematic form (thus storing and processing the data on both paper and computer). The data will be stored and processed by the Company, adopting all the measures necessary for their protection, in compliance with all the regulations in force (and therefore also in compliance with the principles of correctness, lawfulness and transparency and protection of confidentiality and rights) and with logics strictly related to the purposes indicated in this information notice. Only the operations necessary for the pursuit of the purposes indicated in this statement will be carried out on the data. The data will be stored, as far as the Company is concerned, at the offices of the Company and at the data processors appointed by the Company (as well as at the third parties indicated in this notice to whom the data are communicated and who process them as autonomous data controllers). The data will also be organised in databases - databases including computerised databases.

Informative note updated on 29/03/2024. This update is carried out as part of a policy of constant revision of the information notice. Versions of previous disclosures can be obtained by contacting the Data Controller