Privacy Policy

NOTICE PURSUANT TO ART. 13 OF LEGISLATIVE DECREE NO. 196 OF 30 JUNE 2003 ("PRIVACY CODE")


1. Data Controller and Processor

The Data Controller is Intelsis S.R.L., with registered office in Rome, Via del Cottanello, no. 13, email info@mesaudacosmetics.it, PEC gaonsrl@pec.it, tel. 064501737. The Data Processor is Amit Buaron.


2. Source of personal data

Personal data (e.g. personal details, telephone number, email address, etc.) are collected directly from the person concerned by filling in a paper form or online form.


3. Purpose of processing

Intelsis S.R.L. will process your personal data for the following purposes
1) for the provision of the requested service or for the fulfilment of contractual obligations towards the data subject;
2) for the fulfilment of legal obligations
3) for the performance of aggregate and anonymous statistics, in order to monitor and improve the products or services provided and meet the requirements of the data subject
4) for sending information and promotional communications via sms and/or e-mail, as well as newsletters from Intelsis S.R.L. in relation to its own initiatives and/or those of subsidiary and/or associated companies
5) for communication/marketing purposes to third parties operating in the cosmetics and make-up sector.


4. Provision of data and consequences in the event of failure to consent to processing

The provision of your data for the purposes referred to in points 1) and 2) of art. 3 is compulsory. This processing is necessary to enable the provision and management of the service; your refusal to provide the data in question will make it impossible for you to use the service offered by the Controller. With reference to the purposes of the processing referred to in points 3) and 4) of art. 3, consent to the processing of data is optional and may be expressed by checking the appropriate box for each distinct purpose at the end of this information notice. Failure to consent will have no effect on the possibility of receiving the services requested and will only entail the consequences described below:
- failure to consent to the processing of personal data for the purposes referred to in Article 3, point 3), will make it impossible for Intelsis S.R.L. to proceed with the production of aggregate and anonymous statistics in order to monitor and improve the service offered;
- failure to consent to the processing of personal data for the purposes referred to in art. 3, point 4), will make it impossible for Intelsis S.R.L. to receive information and promotional communications as well as newsletters from Intelsis S.R.L. in relation to its own initiatives and/or those of its subsidiaries and/or affiliates;
- failure to consent to the processing of personal data for the purposes set out in art. 3, point 5), will make it impossible for Intelsis S.R.L. to communicate/assign personal data for marketing purposes to third parties operating in the tourism sector.


5. Modalities of data processing

The processing of the data shall mainly be carried out with the aid of electronic or otherwise automated tools, in accordance with the methods and by means suitable to guarantee the security and confidentiality of the data themselves, in compliance with the provisions of Legislative Decree No. 196 of 30 June 2003 and its Annex B).
In particular, all technical, IT, organisational, logistical and procedural security measures shall be adopted, so that the appropriate level of data protection required by law is guaranteed, allowing access only to the persons in charge of processing by the Data Controller or by the Managers eventually designated by the same.


6. Scope of data communication

The personal data you provide, for the purposes described in art. 3, may be brought to the attention of employees and/or collaborators of Intelsis S.R.L., appointed as data processors, and communicated to the following parties
a) associated and subsidiary companies;
b) third party companies appointed by Intelsis S.R.L. to carry out specific executive phases of the Services provided;
c) third party companies or consultants in charge of the installation, maintenance, updating and, in general, the management of Intelsis S.R.L.'s hardware and software; d) all public and/or private individuals and/or legal entities (administrative, scale and legal consultancy firms), should communication be necessary or functional for the proper fulfilment of contractual obligations undertaken in relation to the services provided, as well as obligations arising from the law; e) all entities (including public authorities) that have access to the data under regulatory or administrative provisions.
The personal data provided by you and subsequently processed in connection with the management of the service are not subject to dissemination.

7. Right of access to personal data

Pursuant to Article 7 of Legislative Decree no. 196 of 30 June 2003, the data subject has the right to
a) obtain confirmation as to whether or not personal data concerning him/her exist and communication of such data in intelligible form; b) obtain, from the Data Controller
- information on the origin of the personal data, on the purposes and methods of processing, on the logic applied in the event of processing carried out with the aid of electronic instruments
- indication of the identification details of the data controller
- indications of the subjects or categories of subjects to whom the data may be communicated or who may become aware of the data in their capacity as designated representative in the territory of the State, data processors or persons in charge of processing;
c) obtain:
- the updating, rectification or integration of data concerning him/her;
- the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is necessary in relation to the purposes for which the data were collected or subsequently processed
- certification to the effect that the operations as per the preceding points have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
d) object, in whole or in part
- on legitimate grounds, to the processing of data concerning him/her, even though they are relevant to the purpose of the collection
- to the processing of personal data concerning him/her, where it is carried out for the purposes of commercial information or sending advertising or direct sales material, or else for the performance of market or commercial communication surveys.
The aforementioned rights may be exercised by making a request to the Data Controller, at the addresses listed in Section 1.
The data subject's right to object to the processing of his/her personal data for marketing purposes, carried out by means of automated contact methods, extends to traditional methods, and in any case the data subject's right to exercise this right in part, pursuant to Section 7(4)(b) of the Code, i.e., in this case, by objecting, for example, only to the sending of promotional communications carried out by means of automated tools, remains unaffected.