Privacy Policy

Information pursuant to Articles 13 and 14 of Regulation (EU) 2016/679

With this document (‘Information Notice’) the Data Controller, as defined below

wishes to inform you about the purposes and methods of the processing of your personal data and about your

rights granted to you by Regulation (EU) 2016/679 on the protection of

individuals with regard to the processing of personal data and on their free

movement (‘GDPR’). This Policy may be supplemented by the Controller where any

additional services requested by you entail further processing.

1. Data Controller and Data Processor, DPO

The Data Controller is

THE BEAUTY GROUP S.R.L.

Tax code/VAT number 13650200960

Head Office Address VIA FRATELLI GABBA, 5 CAP 20121 MILAN (MI)

The Data Controller and the DPO, also through the designated structures, will take charge of your

your request and provide you, without undue delay and, at the latest, within one month

of receipt of the same, the information relating to the action taken in respect of your

request.

We inform you that should the Controller have any doubts as to the identity of the individual making the

submitting the request, it may request further information necessary to confirm the identity

of the person concerned.

Categories of Data Subjects: Natural persons, legal persons, public and

private organisations.

2. Treatments

2.1. WEB treatment

PROCESSING: WEB – NAVIGATION DATA

The computer systems and software procedures used to operate this website

acquire, in the course of their normal operation, certain personal data whose transmission is

implicit in the use of Internet communication protocols. This information is not

collected to be associated with identified interested parties, but which by their very nature

could, through processing and association with data held by third parties, allow the

identify users. This category of data includes the IP addresses or domain names of the

computers used by users who connect to the site, addresses in URI notation

(Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used

in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response

numeric code indicating the status of the response given by the server (successful, error, etc.) and other

parameters relating to the user’s operating system and computer environment. These data

are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to

control its correct functioning and are deleted after processing. The data

could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

computer crimes against the site.

Nature of data provision: Compulsory

Consequences of refusal to provide data Failure to provide data will result in

the impossibility for the company to provide the web service provided.

Minimum data protection measures: To be indicated

Personal data retention period: Your personal data will be actively processed for the

duration of the first and third party analytical systems.

Reference processing rules: The legal basis for registration to the Site and the

provision of related services is the necessity of execution of your request, in compliance

Article 6(1)(b) GDPR. Therefore, the acquisition of your

Your prior consent to the processing.

2.2. Trattamento WEB

PROCESSING: WEB – SENDING CURRICULUM VITAE

Through the ‘Work with us’ section of the Site you may provide your personal data and CV to the

Holder in order to apply for open positions or possible future positions. Your personal data

processed exclusively for the management of your application and related activities.

related activities.

Nature of data provision: Obligatory

Consequences of refusal to provide data Failure to provide consent will result in

the impossibility for the Data Controller to receive your Curriculum Vitae and to perform the activities aimed at managing your application.

activities aimed at managing your application.

Minimum data protection measures: password, firewall, antivirus, reCAPTCHA

Personal data storage period: Your personal data processed for the management of your CV

will be kept for N months after receipt or negative result of a selection, in order to

be considered for possible future positions.

Reference processing rules: The legal basis for registration to the Site and the

provision of related services is the necessity of execution of your request, in compliance

Article 6(1)(b) GDPR. Therefore, the acquisition of your

Your prior consent to the processing.

2.3. Trattamento WEB

TREATMENT: WEB – COMMERCIAL NEWSLETTER

Should you wish to be updated on the latest products and services offered by the

Data Controller or third party companies, you will be able to join our

marketing initiatives, allowing the Controller to send you the newsletter and further commercial communications.

commercial communications.

Nature of conferment: Optional

Consequences of refusal to provide data: Failure to provide data will not affect the

satisfaction of your requests and the use of web services but will make it impossible for the

Data Controller to send you commercial communications.

Minimum data protection measures: password, firewall, antivirus, reCAPTCHA

Personal data retention period: Your personal data will be actively processed for the

time necessary for the management of the existing relationship and/or the execution of the contract. The

information collected for the evaluation of the conclusion of the contract, in the event of non

completion, will be deleted within N months..

2.4. Trattamento WEB

TREATMENT: WEB – NEWSLETTER USE OF SERVICE

Should you wish to be updated on the latest products and services offered by the

Data Controller, you will be able to join our marketing initiatives by allowing

the Controller to send you the newsletter and further commercial communications.

Nature of conferment: Optional

Consequences of refusal to provide data: Failure to provide data will not affect the

satisfaction of your requests and the use of web services but will make it impossible for the

Data Controller to send you commercial communications.
Minimum data protection measures: password, firewall, antivirus, reCAPTCHA
Personal data retention period: Your personal data will be processed until
you decide to revoke your consent or object to the processing.
Reference processing rules: The legal basis for registration on the Site and the
provision of related services is the need to execute your request, in compliance
Article 6(1)(b) GDPR. Therefore, the acquisition of your
Your prior consent to the processing.

2.5. Trattamento WEB

PROCESSING: WEB – REQUESTS MADE THROUGH THE SITE
Your personal data may be processed by the Controller to fulfil your requests
made by writing to one of the e-mail addresses available on the Site or by completing the
registration and/or contact forms on the Site.
Nature of conferment: Compulsory
Consequences of refusal to provide data Failure to provide the requested data will result in

the impossibility for the Data Controller to execute your request.

Minimum data protection measures: password, firewall, antivirus, reCAPTCHA
Personal data retention period: The data collected for this purpose will be processed for the
time strictly necessary to fulfil your request and then stored for
10 years after the processing of your request.

Reference processing rules: The legal basis of the processing is the need to
execution of your request, in compliance with Article 6(1)(b) GDPR.
Therefore, the acquisition of your Your prior consent to the processing.

3. Cookies Policy:

3.1. Extended Cookie Policy:

On this site we use technology to collect information to improve your
online experience.
This policy covers the use of cookies and how you can
manage them.
We reserve the right to change this policy at any time. Any changes to
policy will take effect from the date of publication on the Site.

Cookies are small text strings that sites you visit send to your
your terminal equipment (usually your browser), where they are stored and sent back to the same sites the next time you visit.
the same sites the next time the same user visits.

In the course of browsing a site, the user may also receive on his terminal equipment cookies that
sent by different sites or web servers (so-called ‘third parties’), on which some elements may reside (such as, for example, the
certain elements (such as, for example, images, maps, sounds, specific links to pages in other
domains) present on the site that the same person is visiting.
Cookies, usually present in users’ browsers in very large numbers and sometimes even
with characteristics of wide temporal persistence, are used for different purposes
carrying out computer authentication, session monitoring, storing
information on specific configurations concerning users accessing the server, etc.
In order to arrive at a correct regulation of these devices, it is necessary to distinguish them
since there are no technical characteristics that differentiate them from one another precisely
on the basis of the purposes pursued by those who use them.

• First-party, technical (session) persistent cookies
  Technical cookies are those used for the sole purpose of ‘carrying out the transmission of a communication over an electronic communication network, or to the extent strictly necessary for the necessary for the provider of a web service explicitly requested by the user to provide that service’. They are not used for any further purposes and are normally installed directly by the owner or operator of the website. They can be divided into navigation or session cookies, which ensure normal navigation and use of the website of the website (allowing, for example, a purchase to be made or authentication to access restricted areas). access restricted areas). This website makes use of persistent technical session cookies first-party
• First-party, analytical cookies Analytical cookies, also referred to as ‘analytics’, allow detailed statistics on visitors to a website to be compiled. analytics are assimilated to technical cookies where used directly by the website operator to collect information in aggregate aggregated form on the number of users and how they visit the site. This site makes use of first party analytical cookies
• Third-party, analytical cookies
  Analytical cookies, also referred to as ‘analytics’, enable detailed statistics on visitors to a website such as the viewing of certain pages, the number of visitors, the time spent on the site by users and the mode of arrival. This site makes use of a service of the Web analytics service provided by Google.
  
• THIRD-PARTY, profiling cookies
  In order to provide you with additional functions and services within this site, we work with third parties who, independently and outside our direct control may use their cookies to collect information about the activities you perform while browsing the pages of this site. This information may This information may be used to serve you advertisements that match your interests, based on content content you have visited, or to measure the effectiveness of advertising campaigns. These cookies may be contained in various elements within the web page, such as web page, such as advertising banners, images, videos, etc. A sensitive example is the presence of so-called ‘social plug-ins’ or ‘social sharing buttons’ of the of the main social networks (Facebook, Twitter, Google+ and LinkedIn), aimed at sharing of web page content on the social networks themselves. The use of data third-party cookies, over which we have no control, is governed by the relevant control, is governed by the relevant privacy policy, which we ask you to refer to. This website makes use of THIRD-PARTY, profiling cookies.

Cookie Management

Below is a list of the most common browsers with links to their cookie management settings:

• Internet Explorer 8 e superiori
• Safari 2 o superiore
• Opera 10.5 e superiori
• FireFox 3.5 e superiori
• Google Chrome 10 e superiori;

Browsers provide a ‘private’ browsing mode, by activating which cookies are
always deleted after closing each browsing session.
Secondly, you can disable third-party profiling cookies by visiting the
http://www.youronlinechoices.com.
You can also disable Google Analytics cookies by downloading the appropriate
browser add-on for disabling Google Analytics at the following
web address: https://tools.google.com/dlpage/gaoptout.

Cookie Policy Terze Parti

Cookie Policy Facebook https://it-it.facebook.com/policies/cookies/

Cookie Policy Google https://www.google.it/intl/it/policies/technologies/cookies/

Cookie Policy Google https://www.linkedin.com/legal/cookie-policy

Cookie Policy Twitter https://twitter.com/it/privacy

Granting of consent for the use of cookies
By continuing navigation from the banner containing the so-called short information,
by scrolling down this page or clicking on any of its elements, you consent to the use of cookies
employed on this website by accepting the cookie policy described above.
You can always revoke your previously given consent through the methods
indicated in the paragraph entitled ‘COOKIE MANAGEMENT’.

4. What rights do you have as a data subject:

In relation to the processing operations described in this Policy, as a data subject you

may, as provided for in European Regulation 679/2016, exercise the rights set out in articles

15 to 21 and, in particular:

• right of access – Article 15 GDPR: right to obtain confirmation as to whether or not personal data processing of personal data concerning you and, if so, to obtain access to your personal data, including a copy thereof.
• right of rectification – Article 16 GDPR: the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or integration of incomplete personal data incomplete personal data;
• right to erasure (right to be forgotten) – Article 17 GDPR: Right to obtain, without unjustified delay, the deletion of personal data concerning you .
• right of restriction of processing – Article 18 GDPR: right to obtain the limitation of processing, when:

1. the data subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of such data;

2. the processing is unlawful and the data subject objects to the erasure of the personal data and

requests instead that its use be restricted;

3. the personal data are necessary to the data subject for the establishment, exercise or defence of of a legal claim;

4. the data subject has objected to the processing pursuant to Art. 21 GDPR, during the period pending of the verification as to whether any legitimate reasons of the data controller prevail over those of the data subject.

• right to data portability – Article 20 GDPR: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Controller and the right to transmit them to another controller without hindered, if the processing is based on consent and is carried out by automated means. Furthermore, the right to have your personal data transmitted directly from the Bank to another data controller if this is technically feasible;
• right of opposition – Article 21 GDPR: right to object, at any time on reasons relating to your particular situation, to the processing of personal data concerning you concerning you based on the lawfulness of the legitimate interest or the performance of a task carried out in the public interest or in the exercise of official authority, including profiling, unless there are legitimate reasons for the Controller to continue the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims; you may object at any time to the processing if personal data are processed for direct marketing purposes, including profiling, insofar as it is related to such direct marketing;

The above rights may be exercised vis-à-vis the Controller by contacting the references above.

The exercise of your rights as a data subject is free of charge in accordance with Article 12 GDPR. However, in the case of requests that are manifestly unfounded or excessive, including by reason of their repetitiveness, the Controller may charge you a reasonable fee, in light of the administrative costs incurred in handling your request, or refuse to comply with your request.

– RIGHT OF REVOCATION:

The data subject has the right to revoke his or her consent at any time. Withdrawal of the consent shall not affect the lawfulness of the processing based on the consent before revocation.

· RIGHT OF COMPLAINT:

The interested party has the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).

I hereby declare that I have received from the Data Controller the information on the use of my personal data and to consent, pursuant to the privacy legislation, to the processing by the same of the special categories of personal data provided by me for the the performance of activities necessary for the activation and management of relations, operations and services requested by me.

This site is protected by reCAPTCHA, its use is subject to the Privacy Policy and terms of terms of use of Google.