Privacy notice according to Art. 13 of EU Regulation 2016/679

According to the EU Regulation 2016/679 (hereinafter referred to as the “Regulation” or “GDPR”) and to the Italian privacy law (“Privacy Law”), RIEEL S.r.l., with its legal office in Cassano D’adda (MI), Piazza Gen– 37129 Verona (Italy), VAT number 07366150964, info@mumi-cosmetics.com (hereinafter referred to as the “Controller“), hereby informs the data subject about the purposes and means by which its personal data will be processed, and the Controller’s marketing, data transmission and data collection policies.

1. Purposes of data processing

Information collected by the Controller through our website www.mumi-cosmetics.com (by filling in the form, sent via email, via the newsletter subscription or otherwise communicated through the site) are processed and used for the following purposes:

  1. Answering the requests of information by the data subject; fulfilling their contractual obligations (like the sale of Controller’s products); management/administration of the contractual relationship; meeting the obligations imposed by the Financial Authorities; meeting all other obligations required by law;
  2. Upon receipt of specific consent from the data subject, sending via e-mail, text message, fax, phone, etc., promotional and advertising material relating to the Controller’s services.

2. Nature of data provision

Provision of data for the purposes specified in Point a) is necessary for the performance of the agreement, since without the availability of such data it will be impossible to enter into a contract and provide the requested services. Provision of data for the purposes specified in point b) is optional. The data subject has the right to object at any time to the processing of their personal data for the purposes of direct marketing, including any profiling for the purposes of direct marketing.

3. Consent

The data subject has the right to withdraw his consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

4. Means of data processing and duration of data storage

The data will be processed with the aid of IT systems operated in full conformity to the security measures required by the Privacy Law and Regulation by persons who have the specific task of doing it. In certain cases, hard copies of processed data may be created, but only by persons who have the specific task of doing it and in full conformity to the security measures required by the privacy laws in force. The Controller will store the personal data for a maximum period of ten years, consistently with the legal requirements regarding the conservation of documents.

5. Transmission to third parties

The personal data may be transmitted to third parties, like, for example, companies affiliated to the Controller, products and services provider (such as for example companies or individual that provides information technology services to the Controller), online payment services provider (e.g. PayPal), sales agents, distributors, resellers, external collaborators, professional consultants (e.g. accountants, lawyers and notaries) and any other entity, natural or legal person, to whom the obligation to communicate data is required by law. In this event the Controller will take all the necessary measures to ensure that the third parties comply with the laws governing data privacy.

6. The rights of the data subject

According to Art. 13, clause 2 of the Regulation, the Controller hereby informs the data subject of his right to:

  1. request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
  2. lodge a claim with a supervisory authority.

The data subject may avail himself of the rights indicated above, as well as those provided by Art. 15 and subsequent Articles of the Regulation, and  by the Privacy Law, by contacting the data controller at the address above. 

8. Cookies

8.1. Technical Cookies

This website uses technical cookies as defined by “Provvedimento del Garante della Privacy of May 8 2014“. In particular this website uses: a) browsing or session cookies, which allow users to navigate and use a website (e.g. to purchase items online or authenticate themselves to access certain sections); b) functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language or products to be purchased to improve the quality of service. As per art. 122 of Italian Privacy Code and “Provvedimento del Garante dell’8 maggio 2014“, for the use of technical cookies Data Subject’s consent is not required.

8.2. Third-party cookies

This website allows sending third-party cookies. In particular:

  • a) Google Analytics. This is a service of web analysis supplied by Google Inc. which utilizes the cookies installed on the computer of the user in order to consent statistical analysis in aggregate form with regard to the use of the website visited.
    The data generated by Google Analytics are stored by Google as indicated in the Cookie Policy that can be found at the link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
    To consult the Privacy Policy of the Google Inc., autonomous Data Controller of the processing of data relating to the service of Google Analytics, please visit the following link: http://www.google.com/intl/en/analytics/privacyoverview.html.
  • b) Youtube is a video content visualization service managed by Google Inc. that allows this application to integrate such contents within its pages.
    Personal data collected: cookies and usage data.
    Place of processing: USA.
    Privacy Policy: http://www.google.it/intl/it/policies/privacy/
  • c) Mailchimp. Mailchimp is an email address management and sending service provided by Mailchimp Inc. This service allows you to manage a database of email contacts used to communicate with the User. This service may also allow you to collect data relating to the date and time the messages are displayed by the User, as well as to the User’s interaction with them, such as information on clicks on the links inserted in the messages.
    Personal data collected: Email.
    Place of processing: USA.
    Privacy Policy: https://mailchimp.com/legal/privacy/
  • d) Instagram. Instagram is an image visualization service managed by Instagram Inc. that allows to integrate such contents within the pages of the website.
    Personal data collected: cookies and usage data.
    Place of processing: USA.
    Privacy Policy: https://www.instagram.com/about/legal/privacy/

8.3. How to disable cookies

Except for technical cookies that are strictly necessary for the navigation, users may eliminate the other cookies directly through their own browser.

Each browser presents different procedures for the management of the settings. Users may get specific instructions through the links provided below.

The disabling of third party cookies is moreover possible in the ways made available directly by the third party company Controller of the Personal Data, as indicated in the links shown in the paragraph “Third-party cookies” above.

9. The rights of the data subject

According to Art. 13, clause 2 of the Regulation, the Controller hereby informs the data subject of his right to:

  1. request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
  2. lodge a claim with a supervisory authority.

The data subject may exercise the rights indicated above, as well as those provided by Art. 15 and subsequent Articles of the Regulation and by the Privacy Law, by contacting the data controller at the address above.