Cosmetitrovo collects some Personal Data from its Users.
This document contains a section dedicated to Users residing in Brazil and their rights relating to privacy.
This document can be printed using the print command present in the settings of any browser.
Corso Castelfidardo 30/A - 10128 Torino (TO)
P.iva/codice fiscale 12400550013
Email address of data controller: firstname.lastname@example.org
Cosmetitrovo is a B2B platform that operates in the cosmetic, nutraceutical and more generally in the chemical sector.
Cosmetitrovo allows the research and procurement of raw material and ingredients for cosmetic and chemical industry, packaging, laboratory services and more generally for industry, consultancy and suppliers of the industry.
It allows buyers and suppliers to exchange information via the platform.
At Cosmetitrovo we respect the privacy of people who interact with us through the website https://www.cosmetitrovo.it/ ("the website").
Type of data collected
Some of our services do not require any form of registration, allowing you to visit our website without giving us any information about yourself.
However, most services may require you to register and then provide us with your Personal Data.
The types of Personal Data we collect depend on the interactions you have with Cosmetitrovo and the services you use, but generally may include your name, surname, company name, company position and contact details (e-mail and telephone number) and information about your use of the website. We may also receive your personal data by monitoring how you interact with our services, such as using cookies, local storage and session storage to track visits, clicks, bookmarks, get in touch, request samples, request a quote etc. We may collect your IP address, a number assigned to your computer each time you access the internet, to conduct system administration and report aggregate information to affiliates, business partners and / or suppliers who conduct website analytics and performance reviews of the website on our behalf.
If you wish to request which Personal Data we are processing for you, please contact us as described in the appropriate "Contact" section.
Among the Personal Data collected by Cosmetitrovo, independently or through third parties, there are: Tracking Tool; name; surname; e-mail; telephone number; Company; Company Legal Entity; Role in the company; Usage data.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using Cosmetitrovo.
Unless otherwise specified, all the Data requested by Cosmetitrovo are mandatory. If the User refuses to communicate them, it may be impossible for Cosmetitrovo to provide the Service. In cases where Cosmetitrovo indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or on its operation.
Users who have doubts about which data are mandatory are encouraged to contact the owner.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through Cosmetitrovo and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.
Method and place of processing of the collected data
The Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, may have access to the Data other subjects involved in the organization of Cosmetitrovo (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, postal couriers, hosting, providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processor can always be requested to the Data Controller.
Legal basis of the processing
The Controller processes Personal Data relating to the User if one of the following conditions exists:
the User has given consent for one or more specific purposes; Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User's consent or another of the legal bases specified below, as long as the User does not object ("opt-out") to such treatment. However, this is not applicable if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
the processing is necessary for the execution of a contract with the User and / or for the execution of pre-contractual measures;
the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
the processing is necessary for the performance of a task in the public interest or for the exercise of public authority vested in the Data Controller;
the processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties.
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.
The Data is processed at the Data Controller's operating offices and in any other places where the parties involved in the processing are located. For more information, contact the Controller.
The User's Personal Data may be transferred to a country other than that in which the User is located. To obtain further information on the place of processing, the User can refer to the section relating to the details on the processing of Personal Data.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization governed by public international law or consisting of two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect the Data.
The User can check if one of the transfers described above takes place by examining the section of this document relating to the details on the processing of Personal Data or request information from the Data Controller by contacting him.
The Data are processed and stored for the time required by the purposes for which they were collected.
Personal Data collected for purposes related to the execution of a contract between the Controller and the User will be retained until the execution of this contract is completed.
Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until this interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.
When the processing is based on the User's consent, the Data Controller may keep the Personal Data longer until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
Purpose of processing the collected data
The User Data is collected to allow the Controller to provide the Service, comply with legal obligations, respond to requests or executive actions, protect their rights and interests (or those of Users or third parties), to contact the User, User database management, tag management, Statistics.
To obtain detailed information on the purposes of the processing and on the Personal Data processed for each purpose, the User can refer to the "Details on the processing of Personal Data" section.
Details on the processing of Personal Data
Contact the user
Contact form (Cosmetitrovo)
By filling in the contact form with their data, the User consents to their use to respond to requests for information, quotes, or any other nature indicated by the form header.
Personal Data processed: email; first name; surname; company.
Mailing list or newsletter (Cosmetitrovo)
By registering with the mailing list or newsletter, the User's email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to Cosmetitrovo may be sent. The User's email address could also be added to this list as a result of registering with Cosmetitrovo or after making a purchase.
Personal Data processed: name; surname; e-mail.
Manage contacts and send messages
This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User.
These services may also allow the collection of data relating to the date and time the messages are displayed by the User, as well as the User's interaction with them, such as information on clicks on links inserted in messages.
In the event that the user makes a product request, his contact details are used to communicate to the selected suppliers the contact details to receive an answer.
SendinBlue Email (SendinBlue SAS)
SendinBlue is an address management and email message sending service provided by SendinBlue SAS.
Personal Data processed: Usage data; First name; Surname; e-mail; Tracking Tool.
User database management
This type of service allows the Owner to build user profiles starting from an email address, the name or any other information that the User provides to Cosmetitrovo, as well as to track the User's activities through statistical functions. These Personal Data could also be crossed with publicly available information on the User (such as profiles on social networks) and used to build private profiles that the Owner can view and use to improve Cosmetitrovo.
Some of these services could also allow the programmed sending of messages to the User, such as emails based on specific actions performed on Cosmetitrovo.
SendinBlue Marketing Automation (SendinBlue SAS)
SendinBlue is a User database management service provided by SendinBlue SAS.
Personal Data processed: Usage data; e-mail; Tracking Tool.
This type of service is functional to the centralized management of the tags or scripts used on Cosmetitrovo.
The use of these services involves the flow of User Data through them and, where appropriate, their retention.
Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal Data processed: Tracking Tool.
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.
Google Analytics (Google Ireland Limited)
Google Analytics is a web analytics service provided by Google Ireland Limited ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of Cosmetitrovo, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualize and personalize the advertisements of its own advertising network.
Personal Data processed: Usage data; Tracking Tool.
Aggregation and communication
The searches, requests, day and time, of products of users registered with Cosmetitrovo products are aggregated and shown in various analysis dashboards. This data can be viewed by registered users in the form of high-level trends with no usernames associated with the search activity. To registered and approved suppliers, this data is shown in the form of real-time analysis and periodic dashboards that show how registered users interact, researching and requesting, with the products of their respective suppliers. The real-time and periodic reports show individual registered usernames associated with interactions and searches with suppliers' products and is only accessible by the respective suppliers. Based on this data, suppliers may contact registered users. We may further anonymize and aggregate data collected through this website for statistical purposes to help us improve our products and services.
Personal Data processed: name; surname; e-mail; telephone number; company; business name; Business role; research carried out; time and day of the search carried out; Usage data.
Data processed by: Cosmetitrovo srl.
Heat mapping and session recording
Heat mapping services are used to identify the areas of Cosmetitrovo with which users interact most frequently, in order to detect which of them attract the most interest. These services allow you to monitor and analyze traffic data and are used to keep track of User behavior. of these services could record some sessions and make them available for viewing later.
Hotjar Heat Maps and Records (Hotjar Ltd.)
Hotjar is a heat mapping and session recording service provided by Hotjar Ltd.
Hotjar respects generic "Do Not Track" headers. This means that the browser can tell the script not to collect any User data. This is a setting that is available in all major browsers. More information on opt-out from Hotjar can be found here.
Interaction with live chat platforms
This type of service allows you to interact with live chat platforms managed by third parties, directly from the Cosmetitrovo pages, in order to be able to contact and be contacted by the Cosmetitrovo support service. In the event that an interaction service with live chat platforms is installed, it is possible that, even if the Users do not use the service, it collects Usage Data relating to the pages in which it is installed. Additionally, live chat conversations may be recorded.
Tawk.to widget (tawk.to ltd.)
The Tawk.to Widget is an interaction service with the Tawk.to live chat platform, provided by tawk.to ltd.
Personal Data processed: Data communicated while using the service; Usage data; Tracking Tool.
Information on how to opt out of interest-based advertising
Further information on the processing of Personal Data
Cookie Solution by iubenda (Cookies for remote consent)
The iubenda cookie for remote consent (iubcs-X) is installed by the iubenda Cookie Solution and stores the user's preferences relating to the tracking tools in the domain.iubenda.com.
Preference cookie stores the User's preferences detected on Cosmetitrovo, such as their time zone and region, in the local domain.
Users can exercise certain rights with reference to the Data processed by the Data Controller.
In particular, the User has the right to:
opt-out consent at any time. The User can revoke the consent to the processing of their Personal Data previously expressed.
oppose the processing of their data. The user can oppose the processing of their data when it occurs on a legal basis other than consent. Further details on the right to object are indicated in the section below.
access their data. The user has the right to obtain information on the data processed by the owner, on certain aspects of the processing and to receive a copy of the data processed.
verify and ask for rectification. The User can verify the correctness of their Data and request its updating or correction.
obtain the limitation of the treatment. When certain conditions are met, the User can request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose than their conservation.
obtain the cancellation or removal of their Personal Data. When certain conditions are met, the User can request the cancellation of their Data by the Owner.
receive their data or have them transferred to another owner. The User has the right to receive his / her data in a structured format, commonly used and readable by an automatic device and, where technically feasible, to obtain its unhindered transfer to another owner. This provision is applicable when the Data is processed with automated tools and the processing is based on the User's consent, on a contract to which the User is a party or on contractual measures connected to it.
propose a complaint. The User can lodge a complaint with the competent personal data protection supervisory authority or take legal action.
Details on the right to object
When Personal Data are processed in the public interest, in the exercise of public authority vested in the Controller or to pursue a legitimate interest of the Controller, Users have the right to object to the processing for reasons related to their particular situation.
Users are reminded that, if their Data are processed for direct marketing purposes, they can oppose the processing without providing any reasons. To find out if the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.
How to exercise your rights
To exercise the User's rights, Users can direct a request to the contact details of the Owner indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.
Further information on the treatment
Defense in court
The User's Personal Data may be used by the Owner in court or in the preparatory stages for its eventual establishment for the defense against abuse in the use of Cosmetitrovo or related Services by the User.
The User declares to be aware that the Owner may be obliged to disclose the Data by order of the public authorities.
System log and maintenance
For needs related to operation and maintenance, Cosmetitrovo and any third party services used by it may collect system logs, which are files that record the interactions and which may also contain Personal Data, such as the User IP address.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
Response to "Do Not Track" requests
Cosmetitrovo does not support "Do Not Track" requests.
To find out if any third-party services used support them, the User is invited to consult the respective privacy policies.
If the changes affect treatments whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.
Information for Users residing in Brazil
Legal basis under which we process your personal information
We only process your personal information if one of the legal bases for such processing exists. The legal bases are as follows:
your consent to processing the mentioned activities;
compliance with legal obligations that we are required to meet;
the execution of rules dictated by laws or regulations or by contracts, agreements or other similar legal instruments;
studies conducted by research companies, preferably carried out on anonymized personal information;
the execution of a contract and related pre-contractual obligations, if you are a party to that contract;
the exercise of our rights in court, administrative procedures or arbitration;
the defense or physical safety of you or a third party;
health protection - in the context of procedures put in place by entities or professionals in the health sector;
our legitimate interest, provided that your fundamental rights and freedoms do not override those interests; And
To find out more about the legal bases, you can contact us at any time using the contact details provided in this document.
Categories of personal information processed
To find out which categories of personal information are processed, you can refer to the section "Details on the processing of Personal Data" in this document.
Why we process your personal information
To find out why we process your personal information, please refer to the sections "Details on the processing of Personal Data" and "Purpose of the Processing of Collected Data" in this document.
Your privacy rights in Brazil, how to make a request and how it will be handled by us
Your privacy rights in Brazil
You have the right to:
obtain confirmation of the existence of processing activities regarding your personal information;
access your personal information;
obtain the rectification of your incomplete, inaccurate or outdated personal information;
obtain anonymization, blocking or deletion of unnecessary or excessive personal information, or information that is processed contrary to the provisions of the LGPD;
obtain information regarding the possibility of giving or refusing your consent and the relative consequences;
obtain information about the third parties with whom we share your personal information;
obtain, upon your explicit request, the portability of your personal information (with the exception of anonymised information) to other suppliers of products or services, provided that our trade and industrial secrets are safeguarded;
obtain the deletion of personal information processed if the processing was carried out on the basis of your consent, unless one or more of the exceptions provided for in Article 16 of the LGPD are applicable;
withdraw your consent at any time;
file a complaint regarding your personal information with the ANPD (National Data Protection Authority) or with a consumer protection body;
oppose processing activities in cases where such processing is not carried out in compliance with the provisions of the law;
request clear and adequate information regarding the criteria and procedures used in the context of automated decision-making processes; And
request the review of decisions that harm your interests, made exclusively on the basis of automated decision-making processes of your personal information. These include decisions to outline your personal, professional, consumer or creditor profile, or other aspects of your personality.
You will never be discriminated against, nor will you suffer in any way any treatment that is unfavorable to you, following the exercise of your rights.
How to submit a request
You can make an explicit request to exercise your rights free of charge, at any time, using the contact details in this document or through your legal representative.
How and in how long will we handle your request
We will do our best to respond to your request as soon as possible.
In any case, if it is impossible for us to do so, we will make sure to communicate to you the factual or legal reasons that prevent us from immediately satisfying or following up on your request. If your personal information is not processed by us, if we are able to do so, we will indicate the natural or legal person to whom to address your requests.
In the event that you decide to submit an access request or a request for confirmation of the existence of the processing of personal information, please make sure to specify whether you prefer to receive your personal information in electronic or paper format.
You will also need to let us know if you would like an immediate response, in which case you will receive a simplified response, or if you need complete information instead.
In the latter case, we will reply within 15 days from the moment of your request, providing you with all the information regarding the origin of your personal information, the confirmation or not of the existence of personal information concerning you, all the criteria used for the processing. and the purposes of such processing, while safeguarding our trade and industrial secrets.
In the event that you decide to submit a request for rectification, deletion, anonymization or blocking of personal information, we will make sure to immediately inform the other parties with whom we have shared your personal information of your request so that they can in turn fulfill your request - except in cases where such communication is impossible or excessively burdensome for us.
Transfer of personal information outside of Brazil in cases permitted by law
We may transfer your personal information outside of Brazilian territory in the following cases:
when the transfer is necessary for international legal cooperation between intelligence services, investigative and criminal procedure bodies, as required by the tools made available by international law;
when the transfer is necessary to defend your life or physical safety or that of third parties;
when the transfer is authorized by the ANPD;
when the transfer derives from an obligation assumed in the context of an international cooperation agreement;
when the transfer is necessary for the exercise of public order or for the performance of a public service;
when the transfer is necessary for the fulfillment of a legal obligation, the execution of a contract and related pre-contractual obligations, or the normal exercise of rights in management, administration or arbitration.
Definitions and legal references
Personal Data (or Data)
Any information that, directly or indirectly, also in connection with any other information, including a personal identification number, makes a natural person identified or identifiable constitutes personal data.
These are the information collected automatically through Cosmetitrovo (also from third-party applications integrated into Cosmetitrovo), including: the IP addresses or domain names of the computers used by the User who connects with Cosmetitrovo, the addresses in URI notation (Uniform Resource Identifier ), the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) the country of origin , the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the IT environment of the User.
The individual using Cosmetitrovo who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Processor)
Data Controller (or Controller)
The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of Cosmetitrovo. The Data Controller, unless otherwise specified, is the owner of Cosmetitrovo.
Cosmetitrovo (or this Application)
The hardware or software tool through which the Personal Data of Users are collected and processed.
The service provided by Cosmetitrovo as defined in the relative terms (if available) and on this site / application.
European Union (or EU)
Unless otherwise specified, any reference to the European Union contained in this document is intended to be extended to all current member states of the European Union and the European Economic Area.
Cookies are Tracking Tools which consist of small pieces of data stored in the User's browser.
By Tracking Tool we mean any technology - eg. Cookies, unique identifiers, web beacons, integrated scripts, e-tags and fingerprinting - which allow users to be tracked, for example by collecting or saving information on the User's device.
This privacy statement is drawn up on the basis of multiple legislative systems, including articles. 13 and 14 of Regulation (EU) 2016/679.
Unless otherwise specified, this privacy statement concerns only Cosmetitrovo.