Legal notice

LEGAL INFORMATION

Data Controller: Maria Maiorano Skin Care Milano Srl – VAT Number: 13795590960, registered office in Cologno Monzese (MI), Via Barcellona 4/6 – ZIP 20093 – Business Register: MI – 2744030, PEC: mialnoskincare@pec.it

Data Protection Officer (DPO): Maria Maiorano Skin Care Milano Srl has appointed its own Data Protection Officer (DPO) pursuant to Articles 37, 38, and 39 of the GDPR. The DPO can be contacted at the address of the Data Controller indicated above.

The document is divided into:

A. Website/App Privacy Policy: contains all information regarding the processing of personal data through the website and app of users and visitors, including those holding an account.

Membership Information: contains all information regarding the processing of personal data related to registration on the website/app and participation in the loyalty program.

 

---

 

 

Privacy Policy

 

This policy describes how Maria Maiorano Skin Care Milano Srl manages its website/app and digital channels in relation to the processing of personal data (“Personal Data”) of clients/users accessing them.

This Privacy Policy complies with the EU Regulation 2016/679 (GDPR) and national legislation, detailing the methods for processing personal data of clients/users of Maria Maiorano Skin Care Milano Srl’s digital channels.

This information does not apply to other websites, pages, or online services reachable through links published on the website that refer to external resources.

It applies to all websites, web pages, or apps owned by the data controller.

This document does not apply to information collected through channels other than those indicated.

 

---

 

 

Categories of Personal Data Processed

 

1. Navigation/Operation Data:

The IT systems and software procedures used for the website/app operation acquire data automatically during regular usage. Examples include IP addresses, date/time of access, pages visited (URI/URL), server response codes, request methods, device names, OS information, and other technical parameters.

2. Voluntarily Provided Data:

Some website sections request Personal Data (e.g., name, surname, email, phone number, company information for business clients) to allow newsletter subscription, appointment requests, or website/app registration. Membership enrollment is included for loyalty program purposes.

3. Tracking Data (e.g., Cookies):

Tracking occurs via server-side or client-side code, including browser or mobile device tracking (cookies for the website, mobile identifiers for the app). Consent management is detailed in the Cookie Policy.

4. Location Data:

With user authorization, location data may be collected to show nearby stores or relevant products/services. Location data collection is optional and can be disabled through device settings or app settings.

5. Social Sharing Data:

The website may include social plugins/buttons to allow sharing of content on social networks (Facebook, Twitter, LinkedIn, Instagram, etc.).

6. App-Specific Features:

 

• Push Notifications: Users can enable/disable notifications through the device or app settings.

 

 

---

 

 

Cookies and Other Technologies

 

What Are Cookies:

Cookies are small text files sent to your device by visited websites. Third-party cookies are set by domains other than the one you are visiting. Cookies are used for authentication, session tracking, preference storage, and personalization.

Other Technologies:

 

• LocalStorage: Stores session info to avoid repeated login.

• Tracking Pixels: Track user behavior, device info, and marketing performance.

• Plugins/Widgets: Facilitate interaction with social networks or external platforms.

 

Users can manage cookie preferences through their browser. Guidance for popular browsers:

 

• Google Chrome

• Mozilla Firefox

• Safari

• Edge

• Brave

• Opera

  More info: Your Online Choices

 

Types of Cookies Used:

 

• Technical Cookies: Required for site operation; no consent needed.

• Non-Technical Cookies: Installed only with user consent; consent valid for six months and revocable anytime.

 

 

---

 

 

Purposes and Legal Bases of Processing

 

A. Website/App Navigation: Execution of contract (Art. 6.1(b) GDPR); data retained as needed for service.

B. Account Registration: Execution of contract/pre-contractual measures; retained during account usage.

C. Order/Assistance Management: Execution of contract; retained as needed, max 3 months (chatbot: 30 days).

D. Administrative/Fiscal Obligations: Legal obligation (Art. 6.1(c) GDPR); retained max 10 years.

E. Service Requests: Execution of contract; includes appointments, installation, home delivery, returns, payments.

F. Statistical Analysis: Consent (Art. 6.1(a) GDPR); see Cookie Policy.

G. Geolocation: Consent; retained only as needed.

H. Profiling/Targeted Ads: Consent; see Cookie Policy.

I. Marketing Communications: Consent; retained max 24 months.

J. Soft Spam: Art. 130, comma 4 Privacy Code; max 24 months.

K. Customer Profiling: Consent; max 24 months for purchase data, indefinite for other data until revoked.

L. Newsletter Marketing: Consent; max 2 years from last interaction.

M. Product/Service Reviews: Voluntary; may be published; nickname usage allowed.

N. Customer Satisfaction/Market Analysis: Legitimate interest; max 2 years.

O. Fraud Prevention: Legitimate interest; 180 days digital, 5 years traditional.

P. Legal Claims/Defense: Legitimate interest; duration of claim/proceeding.

Q. Aggregated Profiling: Legitimate interest; pseudonymized, retained max 36 months.

Mandatory vs Optional:

Data required for contractual/legal obligations is mandatory; consent-based processing is optional. Users may refuse consent without affecting contract execution.

 

---

 

 

Data Recipients

 

Processed by authorized employees/collaborators. External processors include website/app maintenance, group companies, marketing providers. Third-party independent controllers include commercial partners, authorities, and legal bodies.

Data Transfers Outside the EU:

Transfers to third countries (e.g., USA) comply with GDPR Articles 44–46, using adequate safeguards (e.g., SCCs).

 

---

 

 

User Rights

 

Under GDPR Articles 15–22, users may:

 

• Access, rectify, or erase personal data

• Restrict processing

• Object to processing based on legitimate interest

• Request data portability

• Withdraw consent

• File complaints with the supervisory authority

 

Requests can be sent via PEC to mialnoskincare@pec.it.