Privacy Policy

 

The protection of your personal data is one of our first concerns. Hence, we process your personal data exclusively on the basis of the legal regulations (i.e. General Data Protection Regulation n.2016/679 hereafter “GDPR”), In this privacy notice, we inform you about the most important aspects of data processing in the context of our website.

 

Based on the EU privacy regulation we give you the following information on how your personal data are processed by us.

 

Our contact details:

 

Company name: GREAT LENGTHS UNIVERSAL HAIR EXTENSIONS Società per azioni Società Benefit

Address: Piazza Pasquali Paoli, 3 – 00186 Rome, Italy

Phone: 0039 0761 527069

email: info@greatlengths.com

 

 

Explanation of terms

 

Personal data (Art 4 L 1 GDPR)

The regulations of the GDPR apply to the processing of personal data of natural persons.
As per definition “personal data” are all pieces of information which refer to an identified or
identifiable natural person (“data subject”). An identifiable person is one who can be identified,
directly or indirectly, in particular by reference to a name, an identification number, site data, an
online identification sign or by one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.

 

Processing (Art 4 L 2 GDPR)

With the term “processing” the GDPR describes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

 

Data Controller (Art 4 L 7 GDPR) and Data Processor (Art 4 L 8 GDPR)

The “Data Controller” is a natural or legal person, authority, entity or any other body who jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
The “Data Processor” is a natural or legal person, authority, entity or any other body who processes
personal data on behalf of the Data Controller;

 

Consent (Art 4 L 11 GDPR)

The “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

 

Pseudonymization

The pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

 

Personal data processed and collected

 

Your navigation on the Site and/or access to certain sections of the Site may result in the collection and subsequent processing of your personal data by the Controller. In fact, when connecting to the Site, computer systems and software procedures for their operation automatically and/or automatically and indirectly acquire certain information (such as, but simply an example, the so-called “cookies”, as specified in the “Cookie Policy”, which is located at the end of this policy, “IP” addresses, domain names of the computers used by users who connect to the Site, request, the time of the request to the server, etc.).

Specifically, your navigation to the Site and/or any requests for information or services from you may also involve the collection and subsequent processing of your personal data (such as first name, last name, postal and e-mail address, password, age, date of birth, gender, image, profession, marital status, etc.).
In particular, the collection of your personal data may take place:
- by filling out online forms on your part;
- through the publication by you of Contributions (as defined below), the content of which may include your personal data conferred directly by you, on social networks independently managed by third parties, such as, but not limited to, Facebook, YouTube, etc. (below “Social Network”). By “Contributions” we mean the images, comments, effect phrases associated with what is the subject of the Site, the contents and any other information that you conceived and published on the pages of the Social Networks dedicated to products of the different brands of the Controller, including the image that you possibly give. The publication of the Contributions can also take place under a pseudonym (“nickname”) chosen by you during registration on the Site, and possibly to the image that you have associated with your nickname. In choosing the nickname and any image associated with it, you remain solely responsible for any prejudices that the use of the nickname or image may cause to third parties.
In case you choose to send a request through the “Contact Us” section of the Site, the granting of some personal data is necessary for the Controller to meet your needs within the functionality of the Site.

 

Purposes and legal basis of data processing

 

According to the needs you have expressed from time to time by accessing the various sections of the Site the following are the purposes of the processing of your personal data and its legal basis.
Your personal data will be processed for the following purposes on the basis of the establishment of a precontractual relationship or with your consent to the data processing, which can be revoked at any time according to the procedures indicated by the Controller at the time of the collection of consent:

 

a) managing and responding to your requests 

you can decide to give consent to the processing of your personal data for management and response, by the Controller, to your requests in relation to your activities on the Site (“contact us” section of the Site). In connection with this purpose, your consent is required when submitting requests. If you decide not to consent to the processing of your personal data for that purpose, you will not be able to continue sending your request.

 

b) managing your activities 

your personal data will be used to manage the activities related to your interaction with the Site and the sections in it. For that kind of activities, the collecting of personal data is mandatory for ensure the possibility to navigate on the site. The failure of the conferring will not allow you to navigate on the website.

 

c) performing e- mail marketing activities on personal data conferred by using the website

you can decide to give the consent to the processing of your personal data for the performing of marketing activities carried out by the Controller on the personal data released by the user in the context of site use. If you decide not to consent to the processing of your personal data for that purpose, the Controller will not be allowed to send you advertising email for promotional and marketing activities of products or services;

 

d) performing third – parties marketing activities on personal data conferred by using the website

you can decide to give the consent to the processing of your personal data for the performing of marketing activities carried out by the distributors (hereafter also “third party or licensee”) on the personal data released by the user in the context of site use. If you decide not to consent to the processing of your personal data for that purpose, the distributors will not be allowed to send you advertising email for promotional and marketing activities of products or services;

 

e) performing profiling activities on personal data released by using the website

you can decide to give the consent to the processing of your personal data for the performing of profiling activities carried out by the Controller on the personal data released by the user in the context of site use.
In particular, on account of your navigation on site it could be collected tags and text traces concerning your habits and preferences about a product or a service offered by the Controller. If you decide not to consent to the processing of your personal data for that purpose, the Controller will not be allowed to collect personal data concerning your habits and preferences about a product or a service offered by the Controller.

 

f) performing third – party profiling activities on personal data released by using the website

you can decide to give the consent to the processing of your personal data for the performing of profiling activities carried out by the distributors on the personal data released by the user in the context of site use.
In particular, on account of your navigation on site it could be collected tags and text traces concerning your habits and preferences about a product or a service offered by the distributors. If you decide not to consent to the processing of your personal data for that purpose, the distributors will not be allowed to collect personal data concerning your habits and preferences about a product or a service offered by the distributors.

 

g) performing re-marketing activities on personal data released by using the website

you can decide to give the consent to the processing of your personal data for the performing of re- marketing activities carried out by the Controller on the personal data released by the you in the context of site use. In particular you can decide if give the consent to the processing of tags and text traces collected in the context of the above – mentioned point e) for the sending of promotional or marketing advertising in line with your interests. If you decide not to consent to the processing of your personal data for that purpose, the Controller will not be allowed to send you promotional or marketing advertising.

 

h) performing third party re-marketing activities on personal data released by using the website

you can decide to give the consent to the processing of your personal data for the performing of re- marketing activities carried out by the distributors on the personal data released by the you in the context of site use. In particular you can decide if give the consent to the processing of tags and text traces collected in the context of the above – mentioned point f) for the sending of promotional or marketing advertising in line with your interests. If you decide not to consent to the processing of your personal data for that purpose, the distributors will not be allowed to send you promotional or marketing advertising.

 

i) managing of the newsletter service 

you can decide to give your consent to the processing of your personal data in order to subscribe the newslettering service carried out by the Controller by filling in the dedicated web form on the web site. If you decide not to consent to the processing of your personal data for that purpose, the Controller will not be allowed to provide you with the newslettering service.

 

j) activation of the guarantee

you can decide to give your consent to the processing of your personal data in order to subscribe the guarantee service carried out by the Processor by filling in the dedicated web form on the web site. If you decide not to consent to the processing of your personal data for that purpose, the Processor will not be allowed to provide you with the guarantee service.

 

Methods of data processing and security measures

 

The processing of your personal data may include any type of operation, including collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction. Your personal data will be processed mainly in an automated but form, with logic strictly related to its purposes, through the databases, the electronic platforms managed by the Controller or by third parties appointed for this purpose data processors and / or integrated IT systems of the Controller and the aforementioned third parties and / or websites. The Data Controller has assessed the level of security as adequate taking into account the risks that could derive from loss, destruction, modification, unauthorized disclosure, accidental or illegal access, abuse or alteration of your personal data. In particular:
- has adopted security measures appropriate to the risks;
- keep your personal data on servers mainly located in the European territory, (for information on how to transfer personal data outside the European Economic Area, see the following section “Transfer of your personal data outside the European Economic Area”).

 

Data Retention

 

In order to ensure compliance with the principles of necessity and proportionality of the processing, the Data Controller has identified different times for storing personal data in relation to the individual purposes pursued:

  1. for the purpose of managing of the Site as well as for activities connected your interaction with the Site and the sections present on it, your personal data will be kept for the time strictly necessary and in any case at most as long as your profile is active;
  2. for the purpose of managing and responding to your requests on the Site (“contact us” section of the Site), your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
  3. for the purposes of performing e- mail marketing activities on personal data conferred by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
  4. for the purposes of performing of third – parties marketing activities on personal data conferred by using the website your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
  5. for the purposes of performing profiling activities on personal data released by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
  6. for the purposes of performing of profiling activities on personal data released by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
  7. for the purposes of performing re- marketing activities on personal data conferred by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
  8. for the purposes of performing third party re- marketing activities on personal data conferred by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
  9. for the purposes of managing of the newsletter service, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
  10. for the purposes of managing the guarantee service, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy. 

Your personal data will be deleted, if they are no longer needed for justifiable and admissible
purposes or as soon as you revoke your consent and we are not legally bound or in any other way authorized to save these data anymore. Your data will be stored in particular to respect legal
retention obligations as long as they may be needed for the exercise or defense of legal claims.

 

Data Recipients

 

Your personal data may be communicated to and processed by:

 

  1. legal or natural persons acting as external data processors, carrying out outsourcing activities, appointed by the Controller or by the external data processors of the Controller (including subjects providing IT services or site managers, managers of electronic platforms, partners, credit institutions, professional firms);

  2. employees and / or collaborators of external data processors (including system administrators) who, operating under the direct authority of external data processors, will be authorized to process your personal data. Your personal data will not be disclosed to third parties, except in the event that your personal data should be disclosed by the Controller to third parties who will act as independent Controllers or consultants in order to protect the own rights, nor disseminated. In the event that you have entered personal data in your nickname and / or has an image associated with it, however, there may be dissemination of such personal data through the Site or Social Networks.

  3. Distributors, formally authorized to the use of the website on the basis of the license agreement signed with Great Lengths Universal Hair Extensions S.p.A., acting as autonomous Data Controllers for their own processing activities performed.

 

Transfer of your personal data outside the European Economic Area

 

Your personal data could be transferred to recipients belonging to USA, according to the Standard Contractual Clauses adopted by the Data Controller.

 

Data Protection Officer Contact

 

The Data Protection Officer appointed by the Data Controller has the following contact data: dpo@greatlengths.com

 

 

Data subject’s rights

  

Data Protection applicable Law recognizes you, as data subject, numerous rights. In particular, you have the right to:     

  1. obtain confirmation from the Data Controller of the existence or not of your personal data, even if not yet registered and their communication in an intelligible form as well as access to your personal data (obtaining a copy) and related information (including the purposes of the processing, the categories and origin of the personal data, the categories of recipients to whom they have been or may be communicated, the retention period (when possible), the rights that can be exercised);    
  2. obtain from the Data Controller the correction of your personal data and the integration of your incomplete personal data;     
  3. obtain from the Data Controller the cancellation of your personal data without undue delay, inter alia, when personal data are no longer necessary with respect to the purposes for which they were processed o the legal basis for their treatment no longer exists;   
  4. obtain from the Data Controller the transformation into anonymous form or the blocking of your personal data processed in violation of the law, including those whose retention is not necessary, in relation to the purposes for which the personal data were collected or subsequently processed;
  5. obtain from the Data Controller the limitation of the processing of your personal data, inter alia, when you contest the accuracy or object to the processing, for the period necessary for the respective assessment;  
  6. receive, in a structured format, commonly used and readable by an automatic device, your personal data as well as transmit or, if technically possible and in the cases provided by the applicable law, obtain the direct transmission of your personal data to another data controller without impediments, in cases where the processing is carried out by automated means and is based on your consent or is necessary for the execution of a contract of which you are a part;

Furthermore, if the processing of your personal data bases on your consent, you have the right to withdraw the consent at any time per mail to the (address) or via email to info@greatlengths.com. If you believe that the processing of your data violates the data protection applicable law, or your data protection rights are infringed in any other way, you can lodge a complaint with a supervisory authority. In Italy the competent supervisory authority is the “Autorità Garante per la protezione dei dati personali”..

 

Right to objection

 

At any time and for reasons related to your particular situation, you have the right to object to the processing of your personal data (including profiling) that is necessary for the pursuit of a legitimate interest of the Controller or third parties. In this case, the Data Controller refrains from further processing your personal data unless he demonstrates the existence of binding legitimate reasons that prevail over your interests, rights or freedoms or is necessary for the assessment, exercise or defense of a right in court.