PRIVACY STATEMENT
PRIVACY STATEMENT
Last updated: 20 October 2021
The company Angelini Beauty, S.A. (hereinafter, "Angelini" or the “Data Controller"), in accordance with Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter, “GDPR" or "General Data Protection Regulation") and Legislative Decree 196/2003 (Privacy Code), provides you with the following information about the processing of your personal data, as a user/visitor of the www.annemoller.com website (hereinafter, the “Website”).
The Data Controller is Angelini Beauty, S.A., registered at Calle Josep Irla i Bosch, 1-3, 08034 Barcelona, Spain, e-mail: dpo.spain@angelinibeauty.es.
The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted directly at the following addresses: Data Protection Officer - DPO Calle Josep Irla i Bosch, 1-3, 08034 Barcelona, Spain, e-mail: dpo.spain@angelinibeauty.es.
-
Purposes and lawfulness of the processing
All personal data provided by you is processed in accordance with the legal provisions in a correct, lawful and transparent manner for the purposes set out below, and in accordance with the following conditions of legitimacy (Lawfulness of processing).
-
Purposes of processing
Lawfulness of processing
-
Appropriate and comprehensive management of any communication or request that you may send to Angelini (for example, a request for information or assistance) as well as the management of your user profile within the Website, where applicable [management of your requests].
The processing of your personal data for this purpose is necessary for the performance of a contract or for the performance of pre-contractual measures (here interpreted as the "legal relationship" established between you and the Data Controller, deriving from any request you make ) (Art. 6.1. b of the GDPR).
-
Appropriate and comprehensive management of reports related to cosmetic surveillance [cosmetic surveillance].
The processing of your personal data for this purpose is a legal obligation (Art. 6.1.d of the GDPR).
-
Compliance with legal obligations. In certain circumstances, we are required by law to use your personal data (for example, to inform you of a possible security breach related to your data and the measures we have taken to address the situation) [compliance with legal obligations].
The processing of your personal data for this purpose is a legal obligation (Art. 6.1.c of the GDPR).
-
Remote communications or through the website itself (e-mail, SMS, Internet or online communications, postal mail, non-automated telephone calls and communications through social networks such as Facebook, Instagram and LinkedIn) about news and promotions related to Angelini products and events in which Angelini or organizes or in which it participates [commercial communications].
The processing of your personal data for this purpose requires your consent (art. 6.1.a of the GDPR).
You can withdraw your consent at any time by using the corresponding link that appears at the bottom of all e-mail or SMS messages or by contacting the Data Controller.
-
-
Profiling
The personalization of commercial communications, as defined in section 2, letter (d), is carried out based on an analysis of your data related to interests, needs, preferences, activities and your interaction with us (known as "profiling”).
We believe that creating a profile adds value to your relationship with us, as it allows us to reach out to you and send or show you communications and content that take into account your profile which is therefore of greater interest, use, and more enjoyable for to you.
The information we use to do this is specifically the following: date of birth; responses provided by you directly when completing specific questionnaires or forms; answers provided by you during public contests or studies and market research carried out on our products, services and activities; your opinion about us and our products, services and activities; participation in our events; interaction with our communications and content; information on the use and manner of use of the contents and services offered on Angelini's websites and platforms.
We use various tools to collect and process this information, including analytics and profiling cookies and similar tracking technologies (such as web beacons). The data collected using these technologies includes: IP address, information about the device used and the data obtained through the browser or the device used (such as the unique identifier of the device and the operating system), information about browsing behaviour or the use of digital content and services as well as statistical data.
For detailed information on the use of cookies and similar tracking and analytics technologies on Angelini's specific platforms and websites and to consent to their use, see the specific "cookie policy" offered on the aforementioned Angelini websites and web platforms.
-
Category of data processed
The Data Controller will process the following categories of your personal data:
-
if you have to send communications or requests to Angelini (for the purposes of section 2 letter a), your personal data necessary for the correct management of your communication or request (in particular, name and surnames, postal address, e-mail address and telephone number) and any other personal data that you may include in your message;
-
if you have created a user for the Website (for the purposes of section 2 letter a), your data associated with your user account (in particular, username and password as well as your preferences within the Website ).
-
if you need to create a report in relation to cosmetic surveillance (for the purposes of section 2 letter b), the data necessary to comply with the related legal obligations imposed on the Data Controller. More specifically, as an "informant", as a guarantee of the accuracy and relevance of the data and its verifiability for the purposes of the scientific evaluation of the reports: e-mail address or telephone number, to obtain, if necessary, additional information about what has already been communicated ("follow-up"); and, to correctly manage the report, any classification as a medical-health professional (for example, doctor, dentist, nurse, pharmacist, forensic doctor) or type of non-health professional, such as a patient, lawyer or person related to the subject to which the report refers (e.g. friend, relative, helper). As the person to whom the report refers (the "patient"): initials of name and surname, city and country of residence, age (or age range) and/or date of birth, sex, height and weight, and data related to sex life or that reveal racial or ethnic origin, health of the person (medical history, any current or previous pathology, pharmacological and non-pharmacological therapies, pregnancy, lactation) "special categories of data") subject to cosmetic vigilance obligations, in particular with respect to the "Safety Information" of the cosmetic product, such as adverse reactions, special situations (abuse, overdose, improper use (misuse), therapeutic error, exposure during pregnancy or lactation, with or without associated adverse reactions, lack of efficacy or suspected transmission of an infectious agent through the cosmetic product;
-
all the data necessary to comply with legal obligations (for the purposes indicated in section 2, letter c) (such as your contact data for communications required by law or the authorities).
-
data related to interests, needs, preferences, activities and interaction with us (for the purposes of section 2, letter d) (see a detailed list of data used for "profiling" in section 3);
-
Data sources
The Data Controller will obtain your personal data:
-
directly from you and from your interaction with us.
-
Nature of data transfers
The transfer of your personal data to manage your requests (purpose in accordance with paragraph 2, letter a) is mandatory to enable the Data Controller to process your report: if you do not provide this data, it will be impossible for you to receive a response to your report (in particular, to receive a response to a request from you for information or assistance).
The transfer of your personal data for cosmetic surveillance (purpose according to paragraph 2, letter b) and to comply with legal obligations (purpose according to paragraph 2, letter c) is mandatory to the extent that it derives from legal provisions.
The submission of your personal data for commercial communications (purpose indicated in section 2, letter d) is merely optional: if you do not provide this data, you will not be able to receive personalized remote communications or through the website itself (e-mail, SMS, Internet or online communications, postal mail, non-automated telephone calls and communications through social networks such as Facebook, Instagram and LinkedIn) about news and promotions related to Angelini products and events in which Angelini or organizes or in which it participates, based on profiling.
-
Processing methods
The data processing is carried out using both automated and non-automated tools, using a logic that is strictly related to the purposes of the processing and, in any case, following methods and procedures that guarantee the security and confidentiality of the data.
-
Categories of recipients of the personal data
For the purposes indicated above (section 2), your personal data may be communicated:
-
to persons authorized by the Data Controller to carry out personal data processing operations (Data Controller employees or collaborators);
-
to the data processors designated by the Data Controller (suppliers of IT, technology and online services, internet providers);
-
to independent data controllers (to manage your requests: couriers and forwarding companies; for cosmetic surveillance: national and European medicine and drug agencies, other companies, including Angelini Group companies, linked to the Data Controller by licence contracts and distribution agreements or, in the case of transfer of marketing authorizations for the cosmetic product; to comply with legal obligations: public authorities).
Your data may also be transferred in accordance with the law to tax authorities, law enforcement and judicial and administrative authorities, for the evaluation and prosecution of crimes, prevention and protection against threats to public security, for the establishment, exercise or defense of legal claims by the Data Controller;, as well as for other reasons related to the protection of the rights and freedoms of third parties.
-
Data retention period
We store your personal data for a limited period of time depending on the purpose of the processing. Once this period has elapsed, your data will be permanently deleted or, in any case, irreversibly anonymized.
Your personal data will be stored in accordance with the terms and criteria specified below:
-
for the management of your requests (purpose in accordance with paragraph 2, letter a) for a maximum period of 6 (six) months from the appropriate and complete management of your request;
-
for cosmetic surveillance (purpose in accordance with paragraph 2, letter b) for at least 10 (ten) years after the marketing authorization has expired;
-
to comply with legal obligations (purpose in accordance with paragraph 2, letter c) for a maximum period of 10 (ten) years from the end of the calendar year in which the Data Controller has complied with the legal obligation, in order to document and be able to demonstrate proper compliance with the law (for example, having correctly informed you of any security breaches that may have affected your data, and the measures we have taken to address such situations).
-
for commercial communications (purpose indicated in section 2, letter d), until you withdraw your consent or exercise your right to object, which may be done at any time using the corresponding link at the bottom of each communication by e-mail or SMS or by contacting the Data Controller and, in any case, for a maximum period of five (5) years from the moment you have given your consent;
For technical reasons, the termination of the processing and the consequent deletion of your personal data, or its anonymization, will occur within 30 (thirty) days following the periods indicated above.
This is without prejudice to the cases in which we are required to keep them for a longer period for any litigation, requests from the competent authorities or in compliance with the applicable law.
-
Transfer of personal data outside the EU/EEA
Your personal data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA). However, these will always offer an adequate level of data protection, as established by specific resolutions issued by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
The transfer of your personal data to countries that do not belong to the EU/EEA and that do not guarantee adequate levels of protection will be carried out only after the Data Controller and the recipients of the data have signed specific agreements, which contain safeguard clauses and adequate guarantees for the protection of your personal data, the so-called "standard contractual clauses", also approved by the European Commission, or if the transfer is necessary for the management of your requests.
-
Rights of the data subject
As a data subject, you have the right:
-
to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data (in particular, the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data; the right to lodge a complaint with a supervisory authority; the source of the data; the possible existence of automated decision-making, including profiling, and, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; the appropriate safeguards if the personal data is transferred outside the EU/EEA), as well as a copy of said personal data, provided that this does not adversely affect the rights and freedoms of third parties (right of access);
-
to obtain the correction, modification or update of any data that is inaccurate or no longer correct, as well as to have incomplete personal data completed, including by means of providing a supplementary statement (right to rectification);
-
to request the erasure of your personal data if, in particular, (i) it is longer necessary in relation to the purposes for which it was collected or processed, or (ii) it has been unlawfully processed, or (iii) it has to be erased for compliance with a legal obligation, or, finally, (iv) you have objected to the processing (see below "right to object") and there are no overriding legitimate grounds for the processing which allow the Data Controller to continue processing in any case (right to be forgotten). The data may not be erased if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims;
-
to obtain the restriction on the processing of your personal data, that is, that the Data Controller keeps said data without the power to use it. This right can only be exercised when, in particular, (i) the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data, or (ii) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of its use instead, or (iii) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims or (iv) you have objected to the processing (see below "right to object"), pending the verification whether the legitimate grounds of the controller override those of the data subject (right to restriction);
-
to receive your personal data from the Data Controller, processed by virtue of a contract, in a standard format and the right to have the personal data transmitted directly to a third party indicated by you, where technically feasible (right to data portability).
In addition, as a data subject, you also have the right to object, which means:
-
that you can object, on grounds relating to your particular situation, at any time to the processing of your personal data for opinion polls. In this case, the Data Controller will refrain from any further processing of your personal data.
To exercise these rights, you can contact the Data Controller at any time, by writing to Angelini Beauty S.A., at Calle Josep Irla i Bosch, 1-3, 08034 Barcelona, Spain, or to the e-mail address dpo.spain@angelinibeauty.es.
-
Complaints
If you believe that our use of cookies and similar technologies has been carried out unlawfully, you have the right to lodge a complaint with the data protection authority at the Spanish Data Protection Agency (AEPD) at the following link: https://www.aepd.es/es (the right to lodge a complaint).
You can also lodge a complaint with a data protection authority outside of Spain, if said data protection authority belongs to an EU Member State where you have your habitual residence, or the place of the alleged infringement.
-
Cookies and similar technologies
To find out about the use of cookies and similar technologies by the Website, please consult the corresponding Cookies Policy .
-
Links to other websites
The Website may contain links to third party websites.
Angelini cannot guarantee, and assumes no liability for the content and information provided by said third parties, the integrity or accuracy thereof, nor with respect to the content of said third-party websites or any products and services potentially provided through said third-party websites, nor regarding the processing of personal data of users/visitors by said third parties.
This privacy notice applies only to our Website.
-
Changes to this notice
The constant evolution of our activities could lead to changes in the characteristics of the processing of your personal data described above. As a result, this privacy notice may be subject to changes and additions over time, which may also be necessary as a result of new legislation on the protection of personal data.
The updated version of this privacy notice will be published on this page, in which the date of the last update will be indicated. Please consult this page when you access the Website.
I, the undersigned, _____________________________________________,
confirm that I have read and understood the content of the information provided above regarding the processing of my personal data by Angelini Beauty, S.A. and
-
-
I give my consent
-
I do not give my consent
-
Remote commercial communications or through the website itself (e-mail, SMS, Internet or online communications, postal mail, non-automated telephone calls and communications through social networks such as Facebook, Instagram and LinkedIn) about news and promotions related to Angelini products and events in which Angelini or organizes or in which it participates (purpose indicated in section 2, letter d).
Date __/__/_____
Signature _____________
[End of document]