INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to Art. 13 Reg. EU 2016/679

Dear Visitor,
below we provide, in accordance with EU Regulation 2016/679 (hereinafter referred to as the “Regulation”), information on the processing of your personal data.

1. OWNER
The data controller is PDT Cosmetici S.r.l. (VAT NO. 04754730721)
Registered office: Viale Cavalieri del Lavoro, 45/47 – 70017 Putignano (BA)
PEC: pdtcosmeticisrl@pec.it
E-mail: gdpr@pdtcosmetici.it.

2. PURPOSE AND LEGAL BASIS OF PROCESSING

a. Personal data collected during browsing are processed for the purposes set out below on the legal basis set out below. The provision of such data is necessary to access the site or to respond to any requests. If you refuse, you will not be able to access the site or respond to requests.

Purpose Categories of data processed Legal basis Let’s take an example
Fulfilment of legal obligations Personal data (mainly browsing data) Necessary for compliance with a legal obligation to which the data controller is subject (Art. 6, 1, c. Regulation) For example, we will process your personal data if we are obliged to respond to requests made by a public authority.
Website management Personal data (mainly browsing data) Necessary for contract implementation or execution of pre-contractual measures (art. 6 (1)(b) Regulation) Some personal data may be acquired by our Site in the course of its normal operation. These are mainly the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
Management of requests Personal data (mainly personal data, contact data voluntarily provided by the user) Necessary for contract implementation or execution of pre-contractual measures (art. 6 (1)(b) Regulation) For example, the processing of data transmitted by sending an e-mail message will be necessary to provide a reply.
Litigation management Personal data (mainly personal data, contact data, browsing data) Necessary for the purposes of pursuing the legitimate interests of the data controller or a third party (Art. 6(1)(f) Regulation) For example, the data could be used to ascertain liability in the event of hypothetical computer crimes against the Site.

3. CATEGORIES OF RECIPIENTS
Within the scope of the above-mentioned purposes, the data collected may be communicated to the following subjects:

Recipient Motivation
Public bodies, control and inspection bodies, bodies assimilated to public bodies Adempimento di un obbligo di legge
Professionals, consultants or companies acting on behalf of the holder Other organisations providing services for the holder (e.g. IT services, shipping services) Parent, subsidiary or associated companies Instrumental to the execution of the service

4. DISSEMINATION OF DATA
The data will not be disseminated.

5. DATA TRANSFER
The controller may transfer personal data to a third country for regions that are instrumental to the above purposes. In the event that it is necessary to use entities residing outside the European Union, we inform you that the precautions required by the Regulation will be adopted, basing the transfer on:
– adequacy decisions of the recipient third countries expressed by the European Commission;
– adequate guarantees given by the person residing outside the European Union;
– binding corporate rules.

6. DATA RETENTION
The personal data collected will be kept for the time strictly necessary to perform the service or process the request, as well as for the further period required by law. Some data may be kept for a longer period in the event of hypothetical computer crimes against the Site.

7. RIGHTS OF THE DATA SUBJECT
In relation to the data provided, you may request to exercise the following rights: access, cancellation, rectification, restriction of processing, objection to processing, data portability, revocation of consent given when processing is based on consent.
If you believe that a processing operation is in breach of Regulation (EU) 2016/679, you can also file a complaint with the supervisory authority (data protection authority) of the member state where you reside, work or where the breach occurred.
To exercise your rights, you can send a written request or e-mail to the holder’s addresses listed above (point 1).