Privacy statement
concerning the processing of personal data

 

The protection of your personal data is one of our prime concerns. Hence, we process your personal data exclusively on the basis of the legal regulations (GDPR, Telecommunications Act 2003). In this privacy notice, we inform you about the most important aspects of data processing in the context of our website.

Based on the EU privacy regulation we give you the following information on how your personal data are processed by us.

Our contact details:

Company name: GREAT LENGTHS UNIVERSAL HAIR EXTENSIONS SRL
Address: Piazza Pasquali Paoli, 3 – 00186 Rome, Italy
Phone: 0039 0761 527069
email: info@greatlengths.com

For the sake of clarity, we note that no legal claims can be derived from this notification.


Explanation of terms


a. Personal data (Art 4 Z 1 GDPR)
The regulations of the GDPR apply to the processing of personal data of natural persons.
As per definition “personal data” are all pieces of information which refer to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, site data, an online identification sign or by one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of this natural person.

b. Processing (Art 4 Z 2 GDPR)
With the term “processing” the GDPR describes every process carried out with or without the help of automated processes or all series of processes related to personal data, like the collection, record, organization, arrangement, retention, adaptation or modification, selection, recall, use, publication by transmission, distribution or any other form of deployment, comparison or connection, restriction, erasure or destruction of data.

c. Responsible subject (Art 4 L 7 GDPR) and processor (Art 4 L 8 GDPR)
The “responsible subject” is a natural or legal person, authority, entity or any other body who decides alone or together with others on the purpose and means concerning the processing of personal data; if the purposes and means of this processing are defined in the European Union Law or the Law of the Member States, the responsible subject or rather the criteria for his/her nomination can be based on the law of the Member States.
The “processor” is a natural or legal person, authority, entity or any other body who processes personal data on behalf of the responsible subject.

d. Consent (Art 4 L 11 GDPR)
The “consent” of a data subject includes every voluntarily given declaration of intent in the context of a determined case, given in an informed and unambiguous way, in the form of a declaration or in a clear affirmative act with which the person makes clear that he/she agrees to the processing of the respective personal data.

e. Pseudonymization
The pseudonymization is the processing of personal data in a way that makes it impossible to relate the personal data to a specific data subject without the addition of further information, provided that this additional information is saved separately and is subject to technical and organisational measures, which ensure that the personal data cannot be assigned to an identified or identifiable person.

Legal basis of the processing of personal data


The legal basis of the processing of personal data is defined in article 6 of the European General Privacy Regulation. The processing of your personal data takes place either for the fulfillment of your contract (art. 6 clause 1 lit b GDPR) with us, for the fulfillment of our legal obligations (art. 6 clause 1 lit c GDPR) or for the purpose of the protection of our legitimate interests (art. 6 clause 1 lit f GDPR), provided that in the latter case your interests or fundamental rights and your fundamental freedom which require the protection of personal data, will not prevail. Furthermore, the processing may possibly be based on your consent, provided that you have granted it to us.

Our legitimate interests consist in the development and in the maintenance of our business relationship with you, the observance of internal standards and legal requirements, the security of assets as well as the prosecution.

Duration of data retention


Your personal data will be deleted, if they are no longer needed for justifiable and admissible purposes or as soon as you revoke your consent and we are not legally bound or in any other way authorised to save these data anymore. Your data will be saved in particular to respect legal retention obligations as long as they may be needed for the enforcement, the implementation and defence of claims or for the enforcement and implementation of claims, the representation of interests and the defence against accusations in administrative or judicial or other institutional procedures.

Collection of access data and log files from the provider


Our provider (or rather the computer centre where the website is hosted) will collect the information communicated by your internet provider: in particular the name of the website, date/time of access, transmitted data amount, the IP-address which has been assigned to you, the HTTP status code, information on the browser used and the operative system used by you as well as partly the so-called “referrer” (the source page from where you accessed the actual website or file). An evaluation takes place – if this is carried out automatically by the web hoster – only for statistical purposes, whereby the single user will remain anonymous.
The collection of these data is furthermore necessary to retrace a (possible) abuse and hence is used for legal security.
 

Your rights

 
You basically have the right to information concerning your personal data which we process unless the communication of this information would put our or third-party business or trade secrets at risk.
Further rights which you are entitled to, are the rights to rectification of incorrectly saved personal data referring to your person, erasure of your personal data, restriction of the processing of your personal data, data portability as well as the right to object against the processing of personal data.

If the processing of your personal data bases on your consent, you have the right to withdraw the consent at any time per mail to the (address) or via email to office@great-lengths.at without affecting the legitimacy of the data processing carried out before then which was based on your consent.
If you believe that the processing of your data violates the Data Protection Act or your data protection rights are infringed in any other way, you can lodge a complaint with a supervisory authority. In Italy this is the Data Protection Authority (Garante per la protezione dei dati personali).

We reserve the right to, if necessary, update or modify the privacy statement. The respective updated version is available at www.greatlengths.com/privacy-policy.