Privacy Policy

 

The protection of your personal data is one of our first concerns. Hence, we process your personal data exclusively on the basis of the legal regulations (i.e. General Data Protection Regulation n.2016/679 hereafter “GDPR”), In this privacy notice, we inform you about the most important aspects of data processing in the context of our website.

 

Based on the EU privacy regulation we give you the following information on how your personal data are processed by us.

 

Our contact details:

 

Company name: GREAT LENGTHS UNIVERSAL S.p.A. S.B.

Address: Piazza Pasquali Paoli, 3 – 00186 Rome, Italy

Phone: 0039 0761 527069

email: info@greatlengths.com

 

 

Explanation of terms

 

a. Personal data (Art 4 L 1 GDPR)

The regulations of the GDPR apply to the processing of personal data of natural persons.

As per definition “personal data” are all pieces of information which refer to an identified or
identifiable natural person (“data subject”). An identifiable person is one who can be identified,
directly or indirectly, in particular by reference to a name, an identification number, site data, an
online identification sign or by one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.

 

     b. Processing (Art 4 L 2 GDPR)

With the term “processing” the GDPR describes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

     c. Data Controller (Art 4 L 7 GDPR) and Data Processor (Art 4 L 8 GDPR)

The “Data Controller” is a natural or legal person, authority, entity or any other body who jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

The “Data Processor” is a natural or legal person, authority, entity or any other body who processes
personal data on behalf of the Data Controller;

 

     d. Consent (Art 4 L 11 GDPR)

 

The “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

 

     c. Pseudonymization

The pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

 

Personal data processed and collected

 

Your navigation on the Site and/or access to certain sections of the Site may result in the collection and subsequent processing of your personal data by the Controller. In fact, when connecting to the Site, computer systems and software procedures for their operation automatically and/or automatically and indirectly and directly acquire certain information (such as, but simply an example, the so-called “cookies”, as specified in the “Cookie Policy”, which is located at the end of this policy, “IP” addresses, domain names of the computers used by users who connect to the Site, request, the time of the request to the server, etc.).

 

Specifically, your navigation to the Site and/or any requests for information or services from you may also involve the collection and subsequent processing of your personal data (such as first name, last name, postal and e-mail address, password, age, date of birth, telephone number, gender, image, profession, marital status, etc.).

 

In particular, the collection of your personal data may take place:

 

  - by filling out online forms on your part;

- through live e/or automatically chats;

  - through the publication by you of Contributions (as defined below), the content of which may include your personal data conferred directly by you, on social networks independently managed by third parties, such as, but not limited to, Facebook, YouTube, etc. (below “Social Network”). By “Contributions” we mean the images, comments, effect phrases associated with what is the subject of the Site, the contents and any other information that you conceived and published on the pages of the Social Networks dedicated to products of the different brands of the Controller, including the image that you possibly give. The publication of the Contributions can also take place under a pseudonym (“nickname”) chosen by you during registration on the Site, and possibly to the image that you have associated with your nickname. In choosing the nickname and any image associated with it, you remain solely responsible for any prejudices that the use of the nickname or image may cause to third parties.

In case you choose to send a request through the “Contact Us” section of the Site, the granting of some personal data is necessary for the Controller to meet your needs within the functionality of the Site.

 

Purposes and legal basis of data processing

 

According to the needs you have expressed from time to time by accessing the various sections of the Site the following are the purposes of the processing of your personal data and its legal basis.

Your personal data will be processed for the following purposes on the basis of the establishment of a precontractual relationship or with your consent to the data processing, which can be revoked at any time according to the procedures indicated by the Controller at the time of the collection of consent:

 

     a. managing and responding to your requests

you can decide to give consent to the processing of your personal data for management and response, by the Controller, to your requests in relation to your activities on the Site (“contact us” section of the Site, or through live e/or automatically chats). In connection with this purpose, your consent is required when submitting requests. If you decide not to consent to the processing of your personal data for that purpose, you will not be able to continue sending your request.

 

     b. managing your activities

your personal data will be used to manage the activities related to your interaction with the Site and the sections in it. For that kind of activities, the collecting of personal data is mandatory for ensure the possibility to navigate on the site. The failure of the conferring will not allow you to navigate on the website.

 

     c. performing e- mail marketing activities on personal data conferred by using the website

you can decide to give the consent to the processing of your personal data for the performing of marketing activities carried out by the Controller on the personal data released by the user in the context of site use. If you decide not to consent to the processing of your personal data for that purpose, the Controller will not be allowed to send you advertising email for promotional and marketing activities of products or services;

 

     d. performing third – parties marketing activities on personal data conferred by using the website

you can decide to give the consent to the processing of your personal data for the performing of marketing activities carried out by the distributors (hereafter also “third party or licensee”) on the personal data released by the user in the context of site use. If you decide not to consent to the processing of your personal data for that purpose, the distributors will not be allowed to send you advertising email for promotional and marketing activities of products or services;

 

     e. performing profiling activities on personal data released by using the website

you can decide to give the consent to the processing of your personal data for the performing of profiling activities carried out by the Controller on the personal data released by the user in the context of site use.

In particular, on account of your navigation on site it could be collected tags and text traces concerning your habits and preferences about a product or a service offered by the Controller. If you decide not to consent to the processing of your personal data for that purpose, the Controller will not be allowed to collect personal data concerning your habits and preferences about a product or a service offered by the Controller.

 

     f. performing third – party profiling activities on personal data released by using the website

you can decide to give the consent to the processing of your personal data for the performing of profiling activities carried out by the distributors on the personal data released by the user in the context of site use.

In particular, on account of your navigation on site it could be collected tags and text traces concerning your habits and preferences about a product or a service offered by the distributors. If you decide not to consent to the processing of your personal data for that purpose, the distributors will not be allowed to collect personal data concerning your habits and preferences about a product or a service offered by the distributors.

 

     g. performing re-marketing activities on personal data released by using the website

you can decide to give the consent to the processing of your personal data for the performing of re- marketing activities carried out by the Controller on the personal data released by the you in the context of site use. In particular you can decide if give the consent to the processing of tags and text traces collected in the context of the above – mentioned point e) for the sending of promotional or marketing advertising in line with your interests. If you decide not to consent to the processing of your personal data for that purpose, the Controller will not be allowed to send you promotional or marketing advertising.

 

     h. performing third party re-marketing activities on personal data released by using the website

you can decide to give the consent to the processing of your personal data for the performing of re- marketing activities carried out by the distributors on the personal data released by the you in the context of site use. In particular you can decide if give the consent to the processing of tags and text traces collected in the context of the above – mentioned point f) for the sending of promotional or marketing advertising in line with your interests. If you decide not to consent to the processing of your personal data for that purpose, the distributors will not be allowed to send you promotional or marketing advertising.

 

     i. managing of the newsletter service

  1. you can decide to give your consent to the processing of your personal data in order to subscribe the newslettering service carried out by the Controller by filling in the dedicated web form on the web site. If you decide not to consent to the processing of your personal data for that purpose, the Controller will not be allowed to provide you with the newslettering service.

     

    Methods of data processing and security measures

     

    The processing of your personal data may include any type of operation, including collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction. Your personal data will be processed mainly in an automated but form, with logic strictly related to its purposes, through the databases, the electronic platforms managed by the Controller or by third parties appointed for this purpose data processors and / or integrated IT systems of the Controller and the aforementioned third parties and / or websites. The Data Controller has assessed the level of security as adequate taking into account the risks that could derive from loss, destruction, modification, unauthorized disclosure, accidental or illegal access, abuse or alteration of your personal data. In particular:     

    - has adopted security measures appropriate to the risks;     

    - keep your personal data on servers mainly located in the European territory, (for information on how to transfer personal data outside the European Economic Area, see the following section “Transfer of your personal data outside the European Economic Area”).

     

    Data Retention

     

    In order to ensure compliance with the principles of necessity and proportionality of the processing, the Data Controller has identified different times for storing personal data in relation to the individual purposes pursued:

    1. for the purpose of managing of the Site as well as for activities connected your interaction with the Site and the sections present on it, your personal data will be kept for the time strictly necessary and in any case at most as long as your profile is active;
    2. for the purpose of managing and responding to your requests on the Site (“contact us” section of the Site or through live e/or automatically chats), your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
    3. for the purposes of performing e- mail marketing activities on personal data conferred by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
    4. for the purposes of performing of third – parties marketing activities on personal data conferred by using the website your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
    5. for the purposes of performing profiling activities on personal data released by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
    6. for the purposes of performing of profiling activities on personal data released by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
    7. for the purposes of performing re- marketing activities on personal data conferred by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
    8. for the purposes of performing third party re- marketing activities on personal data conferred by using the website, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy;
    9. for the purposes of managing of the newsletter service, your personal data will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy.

     

    Your personal data will be deleted, if they are no longer needed for justifiable and admissible
    purposes or as soon as you revoke your consent and we are not legally bound or in any other way authorized to save these data anymore. Your data will be stored in particular to respect legal
    retention obligations as long as they may be needed for the exercise or defense of legal claims.

     

    Data Recipients

     

    Your personal data may be communicated to and processed by:

 

  1. legal or natural persons acting as external data processors, carrying out outsourcing activities, appointed by the Controller or by the external data processors of the Controller (including subjects providing IT services or site managers, managers of electronic platforms, partners, credit institutions, professional firms);
  2. employees and / or collaborators of external data processors (including system administrators) who, operating under the direct authority of external data processors, will be authorized to process your personal data. Your personal data will not be disclosed to third parties, except in the event that your personal data should be disclosed by the Controller to third parties who will act as independent Controllers or consultants in order to protect the own rights, nor disseminated. In the event that you have entered personal data in your nickname and / or has an image associated with it, however, there may be dissemination of such personal data through the Site or Social Networks.

     

     

  3. Distributors, formally authorized to the use of the website on the basis of the license agreement signed with Great Lengths Universal Hair Extensions S.p.A., acting as autonomous Data Controllers for their own processing activities performed.

     

     

     

    Transfer of your personal data outside the European Economic Area

     

    Your personal data could be transferred to recipients belonging to USA, according to the Standard Contractual Clauses adopted by the Data Controller.

    Data Protection Officer Contact

     

    The Data Protection Officer appointed by the Data Controller has the following contact data: dpo@greatlengths.com

     

    Data subject’s rights

      

    Data Protection applicable Law recognizes you, as data subject, numerous rights. In particular, you have the right to:     

    1. obtain confirmation from the Data Controller of the existence or not of your personal data, even if not yet registered and their communication in an intelligible form as well as access to your personal data (obtaining a copy) and related information (including the purposes of the processing, the categories and origin of the personal data, the categories of recipients to whom they have been or may be communicated, the retention period (when possible), the rights that can be exercised);    
    2. obtain from the Data Controller the correction of your personal data and the integration of your incomplete personal data;     
    3. obtain from the Data Controller the cancellation of your personal data without undue delay, inter alia, when personal data are no longer necessary with respect to the purposes for which they were processed o the legal basis for their treatment no longer exists;    
    4. obtain from the Data Controller the transformation into anonymous form or the blocking of your personal data processed in violation of the law, including those whose retention is not necessary, in relation to the purposes for which the personal data were collected or subsequently processed;     
    5. obtain from the Data Controller the limitation of the processing of your personal data, inter alia, when you contest the accuracy or object to the processing, for the period necessary for the respective assessment;     
    6. receive, in a structured format, commonly used and readable by an automatic device, your personal data as well as transmit or, if technically possible and in the cases provided by the applicable law, obtain the direct transmission of your personal data to another data controller without impediments, in cases where the processing is carried out by automated means and is based on your consent or is necessary for the execution of a contract of which you are a part;    

    Furthermore, if the processing of your personal data bases on your consent, you have the right to withdraw the consent at any time per mail to the (address) or via email to info@greatlengths.com. If you believe that the processing of your data violates the data protection applicable law, or your data protection rights are infringed in any other way, you can lodge a complaint with a supervisory authority. In Italy the competent supervisory authority is the “Autorità Garante per la protezione dei dati personali”.

     

    Right to objection

     

    At any time and for reasons related to your particular situation, you have the right to object to the processing of your personal data (including profiling) that is necessary for the pursuit of a legitimate interest of the Controller or third parties. In this case, the Data Controller refrains from further processing your personal data unless he demonstrates the existence of binding legitimate reasons that prevail over your interests, rights or freedoms or is necessary for the assessment, exercise or defense of a right in court.

     

    Cookie Policy

     

    Our website uses cookies. Cookies are small text files which your browser files and stores on your terminal device. They do not cause any harm. Cookies save the information like for example your preferred language, the articles placed in the virtual shopping cart or other personal settings of the page.

    We use cookies to make our offer more user-friendly. Some cookies will remain saved on your terminal device until you delete them. They enable us to recognize your browser at your next visit. The deactivation of cookies may restrict the functionality of our website.

     

    Characteristics and purposes of cookies

     

    Our Site uses the following categories of cookies, which can be from us or third parties.

     

    Technical and functional cookies

     

    1. Technical cookies or “technical cookies”: They are used to facilitate your navigation on the Site and the use of its features. Among the technical cookies, we point out the essential cookies, also called “strictly necessary”, which enable functions without which it would not be possible to fully use the Site as well as the performance cookies or “performance cookies” that allow you to improve the functionality of the Site.
    2. Function cookies or “functionality cookies”: They allow the Site to remember the choices you made (for example the language or the geographical area in which you are) and propose them to subsequent accesses in order to provide better and personalized services (for example, they can be used to offer content similar to those you have previously requested).

     

    Profiling cookies

     

    This website uses profiling cookies that are those that allow the Controller to create a personal profile of your browser based on your behavior.

    Profiling cookies can be used in two manners:

  1. Behavioral advertising: you can identify your buying habits, interests, orientations (religious, political, sexual, etc.), you can send personalized promotional messages and you can show them your personalized advertisements even on sites other than yours;
  2. Behavioral analytics: it allows you to understand exactly what pages you visit and what actions you take to better understand your site's preferences and how to optimize your site, on the one hand, to offer a better service through the customization of content, on the other.

 

 

Third Party’s cookies: Google Analytics

 

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google
Analytics uses so-called “cookies”, text files which will be saved on your computer and facilitates the analysis as regards the use of the Site by you. The information generated by the cookie
concerning your use of this website is normally transmitted to a server of Google in the US and
saved there. In case of activation of the IP-anonymization on this website, your IP-address will first be shortened within the Member States of the European Union or in other contractual countries in
which the agreement of the European Economic Area applies. Only in exceptional cases the entire IP-address will be transmitted to a server of Google in the US and shortened there. On behalf of the provider of this website Google will use this information to evaluate your use of this website, to
create reports on the website activities and to perform further services connected to the website use and the internet use vis-à-vis the website provider.

The IP-address transmitted from your browser in the framework of Google Analytics, will not be
combined with other data from Google.

You can prevent the storage of cookies through specific settings in your browser software: but
please note that in this case you will eventually not be able to use all functions of our website to
their full extent. Furthermore, you can prevent the collection of data which are generated through
cookies and refer to your use of this website (incl. your IP-address) as well as the processing of
these data by Google by downloading and installing the browser plug-in available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

 

This website uses Google Analytics with the extension „__anonymizelp()”. By that the shortened IP-addresses are further processed, and hence a personalization can be excluded. If the data
collected on you allow a personalization, this will immediately be excluded, and the personal data will then be deleted.

We use Google Analytics to analyses the use of our website and to be able to regularly improve it.

Through the gained statistics we can improve our offer and render it more interesting for you as a user. In exceptional circumstances, when personal data are transmitted to the U.S., Google
submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House,
Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User

conditions: https://www.google.com/analytics/terms/us.html, overview on the data

protection: https://support.google.com/analytics/answer/6004245?hl=en, as well as the privacy statement: https://policies.google.com/privacy?hl=en.

 

Alternative Google Analytics Opt Out (also for mobile devices)

By clicking the following link an opt-out cookie its stored on your device. This prevents Google
Analytics from collecting data within this website in the future. The opt-out only works in this
browser, and only for this domain. If you delete your cookies in this browser, you need to click on this link again.

Set Google Analytics opt-out cookie

 

Description of the methods of consent for the installation of cookies

 

For the use of technical and analytical cookies, your consent is not required. You can, however, disable them by following the procedure described in the paragraph “How to enable or disable cookies on your browsers”.

For the use of profiling cookies your consent is required. You can, however, disable them by following the procedure described in the paragraph “How to enable or disable cookies on your browsers”.

In any case, you can at any time change your preferences regarding cookies.

The following table describes the cookies sent to your browser by accessing the Site.

 

GREAT LENGTHS UNIVERSAL HAIR EXTENSIONS S.P.A. Cookies

 

COOKIE NAME

Provider

Type

Deadline

greatlenghts.com

HTTP

will be kept for the time strictly necessary and, in any case, to pursue the indications described in this Privacy Policy

HTML

Session

 

 

THIRD PARTY’S Cookies

 

COOKIE NAME

Provider

Type

Deadline

google.com

google-analytics.com

..

facebook.com

 

 

 

 

 

How to enable or disable cookie on your browsers

 

You can block the acceptance of cookies by your navigation browser. However, this operation could make it less efficient or prevent access to some functions or pages of the Site. Below are the methods offered by the main browsers to block the acceptance of cookies:

 

Internet Explorer:  https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Firefox:  https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

Chrome:  https://support.google.com/chrome/answer/95647?hl=en-GB

Safari: https://support.apple.com/en-ie/HT201265

 

Other services from third party providers and social buttons

 

On our website we also use services of third-party providers (for example Google Maps, YouTube). Should the mentioned providers use these personal data, this would in any event take place outside of the sphere of responsibility of the provider of this website.

These services always require your IP-address for the presentation of contents, because without the IP-address, the third-party providers would not be able to send contents to your browser. We are committed to use only contents from providers who use the IP-address exclusively to deliver
contents. However, we cannot influence it, if third-party providers save the IP-address for example for statistical purposes. Third-party providers can also send cookies to your web browser.

 

The “buttons” for Facebook, Twitter, Google+, YouTube, Pinterest and Instagram in the footer or
the side menu are no plugins of external pages but links. In this case only by clicking on them a link will be opened in a new window which then calls up the respective services. Only then a data
transmission takes place, like for example the transmission of information concerning the “opening page”.  

Social networks provider to which the buttons refer are autonomous controllers of data processing. More information about the individual privacy policies of social network platforms and how to manage and deactivate their cookies can be found on social network platforms.