Web Privacy Policy

This policy is provided in accordance with Articles 12, 13, and 14 of Regulation EU 2016/679 (GDPR) and is addressed to users of the company’s website. This site is intended for use in a B2B context. The following applies solely to websites, apps, social profiles, and services under the domains or properties registered or attributable to the publisher COSMATIC S.R.L., particularly the domain cosmatic.com and all associated subdomains.

1. NOTES FOR THE READER

To make this document more understandable and transparent for our users, we have chosen to use simple and conversational language. This less formal tone should not be interpreted as a lack of respect or courtesy toward the user but rather to facilitate communication.

2. WHO IS THIS DOCUMENT FOR?

This Privacy Policy (hereinafter referred to as the “Policy”), provided in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR), explains how COSMATIC S.R.L. (hereinafter also referred to as the “Company” or simply “COSMATIC”) processes personal data collected through the user’s interaction with the applications and services offered on this website.

3. HOW CAN YOU CONTACT US?

COSMATIC S.R.L., as the publisher and Data Controller, is primarily responsible for addressing any questions, concerns, or complaints regarding this Policy or the processing of personal data. If you, as a user and “data subject,” need any clarification regarding your personal data, please contact us at:

COSMATIC S.R.L.
Registered and operational office: Via Libero Grassi 14, 20876 ORNAGO (MB) 
VAT Number: 12976520150 - Tax Code: 02609900242 - REA Code: MI 1587964
PEC: cosmatic@pec.it
e-mail:  privacy@cosmatic.it

4. OUR COMPANY POLICY ON PERSONAL DATA PROCESSING

COSMATIC has always prioritized the security of managed information, especially when it includes personal data (per Art. 4.1 GDPR) or special categories of personal data (per Art. 9 GDPR).

Considering the organization’s context, supply chain needs, and the expectations of interested parties, the Data Controller commits to defining organizational roles, internal and external responsibilities, and the authority of involved parties. Security objectives are set, and actions are planned to achieve them, ensuring continuous improvement in personal data protection over time.

 

5. WHY DO WE PROCESS YOUR PERSONAL DATA, AND ON WHAT LEGAL BASES?

We process your personal data to provide the best possible experience when you access our website, use our services, and interact with us. This includes the following purposes:

5.1 ALLOWING WEBSITE NAVIGATION

When you visit our website, we automatically collect certain information, including your IP address, access data, browser type and version, browser plugins, operating system, and platform. Additional data, such as Clickstream URLs, viewed or searched items, error messages, download issues, time and duration of page visits, and page interactions, may also be collected. Various technologies, including cookies, are used to collect this data. More information about cookies is available in a specific policy in the website footer.

Data acquisition method: Automatically collected from your browsing devices via internet communication protocols (e.g., TCP/IP, UDP).

Lawfulness of processing: Legitimate Interest – Art. 6.1(f) GDPR – to provide and improve website navigation and offer efficient, secure web services while ensuring continuous enhancement of your browsing experience.

Data retention period: Your data is stored only for the time necessary to enable website navigation. Some data is retained for the duration of your visit, while others may be stored until you delete technical and functional cookies (e.g., language settings). For further details on managing cookies, refer to our Cookie Policy in the website footer.

In some cases, anonymized access and page visit data may be retained indefinitely for statistical purposes.

5.2 MANAGING COMMUNICATIONS

We collect your personal data when you communicate with us via our website, email, telephone, or any other method using the contact details provided on this site. For example, we collect your contact details and message content, including information on when and where the messages were sent.

Data acquisition method: Partly provided automatically by the chosen communication protocol, partly voluntarily by you in the message content.

Lawfulness of processing: Legitimate Interest – Art. 6.1(f) GDPR – to respond to your requests and manage necessary communications. In some cases, processing is required under specific contractual or legal obligations – Art. 6.1(b) and (c) GDPR.

Data retention period: Personal data is processed only for the time necessary to provide requested information or assistance and is generally retained for 36 months. In cases of contract finalization, data will be processed and stored as specified in the Customer Privacy Policy available on the website.

5.3 MANAGING DATA COLLECTION FORMS

Users may provide personal data through specific forms (e.g., “Forms”) designed to facilitate user requests and provide quick, accurate responses. These forms may be accompanied by a dedicated privacy notice.

Data acquisition method: Voluntarily provided by you when filling out our forms. Lack of data provision will prevent us from offering the requested service.

Lawfulness of processing: Necessary for pre-contractual measures requested by you – Art. 6.1(b) GDPR.

Data retention period: Data is retained only as long as necessary to address your request.

 

6. COOKIES AND OTHER TECHNOLOGIES

When you browse our website, we automatically collect data using “cookies.” A cookie is a text file containing small amounts of data that a website can send to your browser, which may then be stored on your computer to distinguish your device without identifying you. Some pages of our website use cookies to provide better service during future visits.

 

You can configure your browser to notify you before receiving a cookie, allowing you to decide whether to accept it.

We use the ELMO plugin from Warrant HUB S.p.A. to manage your consent for cookies on our website. You can also configure your browser to disable cookies; however, this may result in some website functionalities not working properly.

For instructions on disabling cookies, visit the following pages:

Mozilla Firefox; Microsoft Edge; Google Chrome; Opera; Apple Safari

For details on the specific cookies used on this website, consult the Cookie Policy available in the website footer. For more information about the ELMO tool, visit the provider’s website at https://www.elmobot.eu/.

7. PROCESSING PERSONAL DATA COLLECTED THROUGH OUR SOCIAL PROFILES

When you follow our social media channels (e.g., LinkedIn, Facebook, Instagram, YouTube, Google My Business, X, etc.) or interact with our profiles (e.g., by commenting, sharing, following, or liking), we use your data to interact and communicate with you, propose products and services, and develop our brand.

Data acquisition method: Voluntarily provided by you through our social media profiles.

Lawfulness of processing: Legitimate Interest – Art. 6.1(f) GDPR – to promote our brand via social channels and respond to information requests.

Data retention period: Personal data is retained until the deletion of your social media account or your interaction (e.g., comment or tag) is removed.

Please note that the social media platform acts as an independent data controller and operates under its own privacy policies. Refer to the respective platform’s privacy policy for details.

8. NEWSLETTERS AND DIRECT MARKETING COMMUNICATIONS

We may use your data to send newsletters or other communications we believe may interest you. Where required by law, direct commercial communications will only be sent after obtaining your consent.

Service description: If you wish to stay updated on our products and choose to subscribe to our newsletter or other forms of automated direct communication, you will need to provide certain information, such as your name, email address, or other specific data as indicated in the registration form.

By subscribing to our newsletter service, you consent to the automated sending of commercial communications (e.g., informational notes, promotions, etc.) to your email address. These communications will never be intrusive and will be carried out solely for the purpose of promoting our brand, products, and/or services.

You can revoke your consent for these purposes at any time, free of charge and easily, through the dedicated link included in each email or by using the contact details provided in this notice.

The effectiveness of communications sent via the newsletter service is periodically monitored to assess your interest in the messages. Specifically, we track whether our newsletters are successfully delivered to your mail server, your interaction with the landing page (e.g., whether you open the newsletter), and the number of times it is opened over time.

This monitoring helps us understand your interest in our communications and deactivate automatic sending if messages are not regularly received or there is no interaction from you over extended periods.

 

Data acquisition method: Necessary data (e.g., your name, email address) is voluntarily provided by you during the registration process. Delivery and interaction data (e.g., whether you opened the email) are collected via tracking tools.

Lawfulness of processing: We process data automatically provided through the communication protocol and data obtained from the newsletter management system based on our Legitimate Interest – Article 6(1)(f) of the GDPR – to deliver personalized communications tailored to your interests.

However, under Article 130 of Legislative Decree 196/2003, commercial communications sent in an automated or systematic manner (without operator intervention) can only be carried out if the recipient has provided their consent. This consent is treated by us as equivalent to that required under Article 6(1)(a) of the GDPR and is managed in accordance with the provisions of Article 7 of the GDPR.

Data retention period: Data is retained until you revoke your consent or request deletion.

9. LEGAL OBLIGATIONS AND DATA DISCLOSURE

We may process your data to comply with legal obligations, respond to law enforcement or judicial requests, or defend our rights.

Data acquisition method: Data already collected for other purposes.

Lawfulness of processing: Compliance with legal obligations – Art. 6.1(c) GDPR.

Data retention period: Data is retained only for the time necessary to fulfill legal obligations.

10. LINKS TO EXTERNAL WEBSITES

Links to other websites provided on our website are for informational purposes only. These external websites are beyond our control, and this Policy does not apply to them. When you access other websites, their operators may collect and use your data under their privacy policies, which may differ from ours.

11. SECURITY OF YOUR PERSONAL DATA

We have implemented physical, technical, and organizational measures to ensure adequate levels of security for personal data under our control, preventing reasonably foreseeable risks such as unauthorized destruction, loss, modification, disclosure, or access.

Your data is stored on secure servers within the European Economic Area (EEA). If you have a password to access our web services, it is your responsibility to keep it secure and confidential.

12. INTERNATIONAL DATA TRANSFERS

Our data processing generally occurs within the EEA. However, if personal data is transferred outside the EEA to countries without an adequacy decision by the European Commission, COSMATIC S.R.L. ensures appropriate safeguards, such as Standard Contractual Clauses (SCCs), pseudonymization, and encryption when possible. For example, we use ICT services from U.S.-based companies (e.g., Microsoft 365, Google) that have adhered to the EU-U.S. Data Privacy Framework (DPF).

For more details, visit: https://www.dataprivacyframework.gov/s/.

13. WHO CAN PROCESS YOUR PERSONAL DATA?

For the purposes described above, the following entities may process your personal data:

Our employees and collaborators, adequately trained on data protection.

External service providers, such as cybersecurity experts and website managers, acting as Data Processors under Art. 4.8 GDPR.

Public authorities, when required by law, acting as independent Data Controllers under Art. 4.7 GDPR.

14. WHAT ARE YOUR RIGHTS?

In accordance with applicable law and depending on the legal basis for the processing of your personal data, you can exercise the following rights:

Right of Access to Personal Data
You have the right to obtain confirmation as to whether or not we are processing personal data concerning you, and, if so, access to the personal data being processed. You are entitled to obtain a copy of the data being processed. This right applies only if it does not adversely affect the rights and freedoms of others. Please note that for repeated requests, we may charge you an administrative fee based on our costs. If you have an account (e.g., for accessing a reserved catalog area), you can log into your user profile to obtain a copy of your data, correct, modify, or delete inaccurate data. You may also request the closure of your account at any time by emailing privacy@cosmatic.it

Right to Rectify, Erase, or Restrict the Processing of Personal Data
If you wish to rectify, delete, or restrict the processing of your personal data, please contact us using the details provided. It is your responsibility to ensure that the data you provide (e.g., in your account) is truthful, accurate, complete, and kept up to date.

Right to Withdraw Consent
If you have given us your consent to process your personal data, you can withdraw it at any time (e.g., unsubscribing from newsletters).

Right to Data Portability
If the processing is based on your consent or a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another data controller without hindrance from us.

Right to Object
As a user, you have the right to object to the processing of your data in certain circumstances. For example, you can exercise this right if the processing is based on our legitimate interests (or those of third parties). You can challenge the validity of our legitimate interests; however, we may have the right to continue processing such personal data based on our legitimate interests, where relevant to legal actions, or where the data is necessary for the establishment, exercise, or defense of legal claims. You also have the right to object to the processing of your personal data for direct marketing purposes.

Right Not to Be Subject to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing.

Right to Compensation
Please note that anyone who suffers material or non-material damage caused by a violation of Regulation (EU) 2016/679 has the right to seek compensation for the damage from the data controller or processor.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to your ability to contact our Company to exercise your rights concerning our data processing activities, you may lodge a complaint with the competent independent administrative authority in the Member State of the European Union where you habitually reside, work, or where the alleged violation of data protection laws occurred. In Italy, you can file a complaint with the following supervisory authority: https://www.garanteprivacy.it

14.1 FORMS TO EXERCISE YOUR RIGHTS

To exercise your rights with the data controller, you can use the following form:

https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924

Please remember that to exercise your rights, we need to verify your identity.

15. CHANGES TO THE POLICY

This Policy was last updated on October 1, 2024.

16. QUESTIONS ABOUT THIS POLICY

The publisher of this website is COSMATIC  S.R.L., acting as the Data Controller of your personal data. If you have any questions, concerns, or complaints regarding this Policy or the management of your data, you can contact us via email at: privacy@cosmatic.it