Privacy Policy


The protection of your personal data is one of our first concerns. Hence, we process your personal data exclusively on the basis of the legal regulations (GDPR, Telecommunications Act 2003). In this privacy notice, we inform you about the most important aspects of data processing in the context of our website. 


Based on the EU privacy regulation we give you the following information on how your personal data are processed by us. 


Our contact details: 


Company name: GREAT LENGTHS UNIVERSAL HAIR EXTENSIONS S.p.A. Address: Piazza Pasquali Paoli, 3 – 00186 Rome, Italy 

Phone: 0039 0761 527069 


Explanation of terms

a. Personal data (Art 4 Z 1 GDPR)
The regulations of the GDPR apply to the processing of personal data of natural persons.
As per definition “personal data” are all pieces of information which refer to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, site data, an online identification sign or by one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of this natural person.

b. Processing (Art 4 Z 2 GDPR)
With the term “processing” the GDPR describes every process carried out with or without the help of automated processes or all series of processes related to personal data, like the collection, record, organization, arrangement, retention, adaptation or modification, selection, recall, use, publication by transmission, distribution or any other form of deployment, comparison or connection, restriction, erasure or destruction of data.

c. Responsible subject (Art 4 L 7 GDPR) and processor (Art 4 L 8 GDPR)
The “responsible subject” is a natural or legal person, authority, entity or any other body who decides alone or together with others on the purpose and means concerning the processing of personal data; if the purposes and means of this processing are defined in the European Union Law or the Law of the Member States, the responsible subject or rather the criteria for his/her nomination can be based on the law of the Member States.
The “processor” is a natural or legal person, authority, entity or any other body who processes personal data on behalf of the responsible subject.

d. Consent (Art 4 L 11 GDPR)
The “consent” of a data subject includes every voluntarily given declaration of intent in the context of a determined case, given in an informed and unambiguous way, in the form of a declaration or in a clear affirmative act with which the person makes clear that he/she agrees to the processing of the respective personal data.

e. Pseudonymization
The pseudonymization is the processing of personal data in a way that makes it impossible to relate the personal data to a specific data subject without the addition of further information, provided that this additional information is saved separately and is subject to technical and organisational measures, which ensure that the personal data cannot be assigned to an identified or identifiable person.


Legal basis of the processing of personal data

Your navigation on the Site and/or access to certain sections of the Site may result in the collection and subsequent processing of your personal data by the Controller. In fact, when connecting to the Site, computer systems and software procedures for their operation automatically and/or automatically and indirectly acquire certain information (such as, but simply an example, the so-called "cookies", as specified in the "Cookie Policy", which is located at the end of this policy, "IP" addresses, domain names of the computers used by users who connect to the Site, request, the time of the request to the server, etc.).


Your navigation to the Site and/or any requests for information or services from you may also involve the collection and subsequent processing of your personal data (such as first name, last name, postal and e-mail address, password, age, date of birth, gender, image, profession, marital status, etc.).

In particular, the collection of your personal data may take place:

    - by filling out online forms on your part;

    - through the publication by you of Contributions (as defined below), the content of which may include your personal data conferred directly by you, on social networks independently managed by third parties, such as, but not limited to, Facebook, YouTube, etc. (below "Social Network"). By "Contributions" we mean the images, comments, effect phrases associated with what is the subject of the Site, the contents and any other information that you conceived and published on the pages of the Social Networks dedicated to products of the different brands of the Controller, including the image that you possibly give. The publication of the Contributions can also take place under a pseudonym ("nickname") chosen by you during registration on the Site, and possibly to the image that you have associated with your nickname. In choosing the nickname and any image associated with it, you remain solely responsible for any prejudices that the use of the nickname or image may cause to third parties.

In case you choose to send a request through the "Contact Us" section of the Sit, the granting of some personal data is necessary for the Controller to meet your needs within the functionality of the Site.


Purposes and legal basis of data processing

According to the needs you have expressed from time to time by accessing the various sections of the Site the following are the purposes of the processing of your personal data and its legal basis.

Your personal data will be processed for the following purposes only with your consent to the data processing, which can be revoked at any time according to the procedures indicated by the Controller at the time of the collection of consent:


Managing and responding to your requests

you can decide to give consent to the processing of your personal data for management and response, by the Controller, to your requests in relation to your activities on the Site ("contact us" section of the Site). In connection with this purpose, your consent is required when submitting requests. If you decide not to consent to the processing of your personal data for that purpose, you will not be able to continue sending your request.


Managing your activities

your personal data will be used to manage the activities related to your interaction with the Site and the sections in it.


Methods of data processing and security measures

The processing of your personal data may include any type of operation, including collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction. Your personal data will be processed mainly in an automated but form, with logic strictly related to its purposes, through the databases, the electronic platforms managed by the Controller or by third parties appointed for this purpose data processors and / or integrated IT systems of the Controller and the aforementioned third parties and / or websites. The Data Controller has assessed the level of security as adequate taking into account the risks that could derive from loss, destruction, modification, unauthorized disclosure, accidental or illegal access, abuse or alteration of your personal data. In particular:     

- has adopted security measures appropriate to the risks;     

- keep your personal data on servers mainly located in the United States. 

Data Retention


In order to ensure compliance with the principles of necessity and proportionality of the processing, the Data Controller has identified different times for storing personal data in relation to the individual purposes pursued:

  • for the purpose of managing of the Site as well as for activities connected your interaction with the Site and the sections present on it, your personal data will be kept for the time strictly necessary and in any case at most as long as your profile is active;
  • for the purpose of managing and responding to your requests on the Site ("contact us" section of the Site), your personal data will be kept for the time strictly necessary to process your request.

Your personal data will be deleted, if they are no longer needed for justifiable and admissible 
purposes or as soon as you revoke your consent and we are not legally bound or in any other way authorized to save these data anymore. Your data will be stored in particular to respect legal 
retention obligations as long as they may be needed for the exercise or defense of legal claims.

Data Recipients


Your personal data may be communicated to and processed by:

  • legal or natural persons acting as external data processors, carrying out outsourcing activities, appointed by the Controller or by the external data processors of the Controller (including subjects providing IT services or site managers, managers of electronic platforms, partners, credit institutions, professional firms);
  • employees and / or collaborators of external data processors (including system administrators) who, operating under the direct authority of external data processors, will be authorized to process your personal data. Your personal data will not be disclosed to third parties, except in the event that your personal data should be disclosed by the Controller to third parties who will act as independent Controllers or consultants in order to protect the own rights, nor disseminated. In the event that you have entered personal data in your nickname and / or has an image associated with it, however, there may be dissemination of such personal data through the Site or Social Networks.


Data subject's rights


Data Protection applicable Law recognizes you, as data subject, numerous rights. In particular, you have the right to:     

  1. obtain confirmation from the Data Controller of the existence or not of your personal data, even if not yet registered and their communication in an intelligible form as well as access to your personal data (obtaining a copy) and related information (including the purposes of the processing, the categories and origin of the personal data, the categories of recipients to whom they have been or may be communicated, the retention period (when possible), the rights that can be exercised);    
  2. obtain from the Data Controller the correction of your personal data and the integration of your incomplete personal data;     
  3. obtain from the Data Controller the cancellation of your personal data without undue delay, inter alia, when personal data are no longer necessary with respect to the purposes for which they were processed o the legal basis for their treatment no longer exists;    
  4. obtain from the Data Controller the transformation into anonymous form or the blocking of your personal data processed in violation of the law, including those whose retention is not necessary, in relation to the purposes for which the personal data were collected or subsequently processed;     
  5. obtain from the Data Controller the limitation of the processing of your personal data, inter alia, when you contest the accuracy or object to the processing, for the period necessary for the respective assessment;     
  6. receive, in a structured format, commonly used and readable by an automatic device, your personal data as well as transmit or, if technically possible and in the cases provided by the applicable law, obtain the direct transmission of your personal data to another data controller without impediments, in cases where the processing is carried out by automated means and is based on your consent or is necessary for the execution of a contract of which you are a part;    

Furthermore, if the processing of your personal data bases on your consent, you have the right to withdraw the consent at any time per mail to the (address) or via email to office@great-lengths. If you believe that the processing of your data violates the data protection applicable law, or your data protection rights are infringed in any other way, you can lodge a complaint with a supervisory authority. In Italy the competent supervisory authority is the “Autorità Garante per la protezione dei dati personali”. 


Right to objection


At any time and for reasons related to your particular situation, you have the right to object to the processing of your personal data (including profiling) that is necessary for the pursuit of a legitimate interest of the Controller or third parties. In this case, the Data Controller refrains from further processing your personal data unless he demonstrates the existence of binding legitimate reasons that prevail over your interests, rights or freedoms or is necessary for the assessment, exercise or defense of a right in court.