Parlux S.p.A., in the person of its legal representative for the time being, with registered offices at Via Goldoni 10/12, 20090 – Trezzano sul Naviglio (Milan) – Italy, has long considered protection of the personal data of its current and/or potential customers and users to be of fundamental importance, guaranteeing that the processing of their personal data using any means, both automated and manual, is carried out in full compliance with the safeguards and rights recognised in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “Regulation”) and in the other regulations applying to the protection of personal data.
2. List of Websites
The following list identifies the Websites concerned.
The Privacy sections of the Websites can be consulted at any time. They contain all information about the use and processing of personal data, details about Parlux S.p.A., and updated information about the contacts and communication channels made available to all Data Subjects by the Data Controller.
3. Types of data processed and purposes of processing with regard to browsing the Websites
Each Website offers information and, sometimes, interactive content. Information about the users browsing each Website may therefore be obtained in the following ways:
- Browsing data
The IT systems and software procedures dedicated to the functioning of each Website obtain, as part of their normal operations, certain personal data whose transmission is inherent to the use of Internet communication protocols.
This category of data includes: IP addresses, the type of browser used, the operating systems, the domain names and addresses of the websites from/to which users arrive/depart, information about the web pages viewed by users, time of access, the time spent on each web page, analysis of user browsing within the Website and other parameters relating to the operating system and the IT environment of the user.
This technical/IT data is collected and used solely in an aggregated and unidentifiable manner and could be used to determine responsibilities in the hypothetical case of IT crimes detrimental to the Website.
- Data provided voluntarily by visitors
This comprises all the personal data given freely by visitors to the Website, for example to register for and/or gain access to a private area, request information about a given product or service using a form, write an e-mail address or telephone (in VoIP mode) a number for direct contact with customer service. That personal data will be processed on the basis of all the specific information supplied, pursuant to articles 13 and 14 of the Regulation, by the Data Controller at the time the data is provided by visitors on registration using the specific forms.
4. Methods of data processing
Personal data is principally processed using electronic procedures and support for the time that is strictly necessary, in accordance with article 5 of the Regulation.
Personal data is only processed by the Data Controller to the extent necessary to achieve the principal purpose. In particular, the personal data will be processed for the minimum necessary period of time, as indicated in Recital 39 of the Regulation, being until termination of the contractual relationship existing between the Data Subject and the Data Controller, without prejudice to any additional period of retention that may be imposed by law, as envisaged for example in Recital 65 of the Regulation.
5. Redirect to external websites
The Websites may use social media plug-ins. Social media plug-ins are special tools that allow certain functionality of the social network platform to be incorporated into the Website (for example, the Facebook “Like” function).
All social media plug-ins present on the Websites are identified by the logo owned by the social network platform concerned.
When a user visits a web page and interacts with the plug-in (for example, by clicking on the “Like” button) or decides to leave a comment, the corresponding information is sent by the browser directly to the social network platform (Facebook in this case), which stores it.
Users should consult the privacy policies of the individual social network platforms for information about the purposes, type and methods of collection, processing, use and storage of personal data by them, as well as about how to exercise their rights.
6. Links to/from third-party websites
The Websites may contain specific links to third-party websites.
In this regard, Parlux S.p.A. CANNOT be held responsible for the management of personal data by third-party websites or for the management of the authentication credentials provided by third parties.
7. Rights of interested parties
As envisaged in article 15 of the Regulation, interested parties may access their personal data, request its rectification and update, if incomplete or erroneous, request its erasure if collected in violation of any law or regulations, or object to its Processing for specific reasons that are legitimate.
In particular, all the rights that can be exercised at any time in relation to the Data Controller are listed below:
Right of access: the right, pursuant to article 15, para. 1, of the Regulation, to obtain confirmation from the Data Controller about whether or not personal data is being processed and, in that case, to obtain access to that personal data and the following information: a) the purposes of the processing;
b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of the personal data or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data is not collected from the interested party, any available information as to its source; h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences for the interested party of such processing. All the above information can be found within the Information document, which will always be available within the Privacy section of each of the Websites.
Right to rectification: the right, pursuant to article 16 of the Regulation, to obtain the rectification of personal data that is inexact. Having regard for the purposes of processing, it is also possible to obtain the completion of any incomplete personal data, including by the provision of a supplementary statement.
Right to erasure: the right, pursuant to article 17, para. 1, of the Regulation, to obtain the erasure of the personal data without undue delay and the Data Controller shall have the obligation to erase the personal data where even just one of the following grounds applies: a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; b) the interested party has withdrawn the consent on which the processing of the personal data is based and there is no other legal ground for its processing; c) the interested party has objected to the processing pursuant to Article 21(1) or (2) of the Regulation and there are no overriding legitimate grounds for the processing of the personal data; d) the personal data has been unlawfully processed; e) the personal data has to be erased for compliance with a legal obligation in Union or Member State law. In certain cases, as envisaged in article 17, para. 3, of the Regulation, the Data Controller can justifiably avoid erasing your personal data if its processing is necessary, for example, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.
Right to restriction of processing: the right, pursuant to article 18 of the Regulation, to obtain the restriction of processing where one of the following applies: a) the interested party has contested the accuracy of the personal data (restriction for the period needed by the Data Controller to verify the accuracy of that personal data); b) the processing is unlawful but the interested party has opposed the erasure of the personal data and requested the restriction of its use instead; c) the Data Controller no longer needs the personal data for the purposes of the processing, but it is required for the establishment, exercise or defence of legal claims; d) the interested party has objected to processing pursuant to Article 21(1) of the Regulation pending verification of whether the legitimate grounds of the Data Controller override those of the interested party. If processing restricted, except with regard to its conservation, the personal data will only be processed with consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for significant reasons of public interest.
Right to data portability: the right, pursuant to article 20, para. 1, of the Regulation, to request and receive at any time all the personal data processed by the Data Controller in a structured, commonly used and machine-readable format, or to request its transmission to another data controller without hindrance. In this case, the interested party is responsible for giving us exact and complete details of the new data controller to which it intends to transfer the personal data, together with a written authority.
Right to object: the right, pursuant to article 21, para. 2, of the Regulation and as confirmed in Recital 70, to object at any time to the processing of the personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
Right to lodge a complaint with the supervisory authority: the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with the Privacy Ombudsman (Garante) if it is considered that the processing of the personal data by the Data Controller infringes the Regulation and/or applicable laws.
To exercise all the rights identified above, it is sufficient to contact the Data Controller by:
writing to Parlux S.p.A., Via Goldoni 10/12, 20090 Trezzano S/N (Milan);
sending an e-mail to firstname.lastname@example.org;
calling this telephone number +39 02 48402600.
*** Version: May 2018