Datenschutzerklärung
INFORMATION ON THE PROCESSING OF PERSONAL DATA
of users who visit the website or contact the brokerage firm via digital channels (e.g., WhatsApp, email) for the protection of personal data pursuant to Article 13 of Regulation (EU) 2016/679.
Introduction
ESTETEAM SRL has for years considered the protection of the personal data of its and/or potential customers and users to be of fundamental importance, ensuring that the processing of personal data, carried out by any means, whether automated or manual, takes place in full compliance with the safeguards and rights recognized by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "Regulation") and other applicable regulations regarding the protection of personal data.
This Privacy Policy is intended to describe the website's management procedures with regard to the processing of personal data of users/visitors who consult it pursuant to the Regulation.
We intend to guarantee the protection and security of the personal data of each visitor, including those accessing the website from abroad, in accordance with the provisions of this Privacy Policy.
Unless otherwise specified and regulated by a specific privacy notice issued pursuant to Article 13 of the Regulation, this Privacy Policy shall also be considered a document intended to provide specific information pursuant to Articles 13 and 14 of the Regulation to those who browse the Websites and interact with the data controller through the services offered by those Websites.
Please note that this Privacy Policy applies exclusively to this website and does not apply to other websites that may be visited by the user while browsing by clicking on links and/or banners on the Websites.
This Privacy Policy defines what data is collected and how it is used, disclosed, transferred, and/or stored by the Site.
This site collects some personal data from its users.
Data Controller
The data controller is:
ESTETEAM SRL
Registered Office
Via Varesina 174
20156 Milan
VAT No.: 12632430158
REA (Economic and Administrative Index) of the Milan Chamber of Commerce No. 1573635
Tel. +39 02 36754870
Email: privacy@esteteam.it
Certified Email: pec@pec.esteteam.com
If you have any questions regarding this privacy policy, please contact us using the information below.
Our users can submit requests regarding personal data protection, privacy, and security to dpo@esteteam.it
Privacy and GDPR
Here you can find all the details on how we handle personal data, our compliance, and our GDPR policies. To make things easier to understand, we've briefly summarized what the GDPR is:
What is the GDPR?
The GDPR (or General Data Protection Regulation) is the European Union's regulation on the processing of personal data and privacy. With this regulation, the European Commission intends to strengthen and standardize the protection of the personal data of European Union citizens and residents, both within and outside the European Union (EU).
The GDPR comes into force on May 25, 2018, and all companies must comply.
Although the GDPR is a European regulation that applies to European companies, it must also be complied with by countries that have relationships with European citizens and therefore handle their data.
If you have any questions about how we handle your data, please contact us.
Types of Data Collected
You can visit our website anonymously.
Among the personal data collected by the website, either independently or through third parties, are: Cookies, Usage Data, Email, Name, and various types of Data.
Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using the website or the WhatsApp service.
In cases where the website indicates certain Data as optional, Users are free to refrain from providing such Data, without this having any impact on the availability or operation of the Service.
Users who have doubts about which Data is mandatory are encouraged to contact the Owner.
The possible use of Cookies – or other tracking tools – by the site or by the owners of third-party services used processed by the site, unless otherwise specified, is intended to provide the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy, if available.
The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through the site and guarantees that he or she has the right to communicate or disseminate such data, releasing the Data Controller from any liability to third parties.
Processing Methods
The processing of personal data is carried out primarily using electronic procedures and media for the time strictly necessary, in accordance with Article 5 of the Regulation.
Personal data will be processed by the data controller only to the extent necessary to achieve the primary purpose. Specifically, personal data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of the Regulation, i.e., until the termination of the contractual relationship between the data subject and the data controller, without prejudice to a further retention period that may be imposed by law, as also provided for in Recital 65 of the Regulation.
The Data Controller processes Users' Personal Data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
The processing is carried out using computer and/or electronic means, following organizational methods and procedures strictly related to the purposes indicated. In addition to the Data Controller, in some cases, categories of persons involved in the organization of the website and the owner company (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) may have access to the Data, also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors may be requested from the Data Controller at any time.
Personal data may also be processed by external parties acting as data controllers to fulfill quote requests made through this website or via WhatsApp, email, or contact forms, such as, for example:
a. Supervisory and control authorities and bodies;
b. Insurance companies;
c. Insurance agents/brokers;
d. Other professional insurance intermediaries;
The data may also be processed, on behalf of the Company, by external parties designated as data processors, who have been provided with appropriate operating instructions. These parties essentially fall into the following categories:
a. Companies offering email sending services;
b. Companies offering website maintenance services;
c. Companies offering support in conducting market research.
Type of data processed and purpose of processing relating to browsing the Websites
The Website offers informational and, at times, interactive content. While browsing the Site, information about you may be collected in the following ways:
Browsing data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: IP addresses, browser type used, operating system, domain name and website addresses from which access or exit was made, information on the pages visited by users within the site, access time, time spent on each page, internal navigation analysis, and other parameters relating to the user's operating system and IT environment.
This technical/IT data is collected and used exclusively in an aggregated and non-identifying manner and could be used to ascertain liability in the event of hypothetical computer crimes against the site.
Data provided voluntarily by the visitor
This refers to all personal data freely provided by the visitor to the Site, for example, to register and/or access a reserved area, request information on a specific product or service via a form, write to an email address, or call (VoIP) a toll-free number to contact customer service directly. The processing of such personal data will be based on all the information contained in the specific privacy notices provided pursuant to Articles 13 and 14 of the Regulation by each data controller of the Mondadori Group at the time the personal data is provided.
During registration, as requested in the appropriate forms.
In some cases, personal data collected by cookies may be processed for profiling purposes. The processing of such personal data will be conducted in accordance with the provisions of the cookie policy.
Redirects to external sites
Websites may use so-called social plug-ins. Social plug-ins are special tools that allow you to incorporate social network features directly into the Site (e.g., the Facebook "Share" function).
All social plug-ins on the Site are marked with the respective logo owned by the social network platform.
When you visit a page on the Site and interact with the plug-in (e.g., by clicking the "Share" button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform (in this case, Facebook) and stored by it.
For information on the purposes, types, and methods of collection, processing, use, and storage of personal data by social networking platforms, as well as how to exercise your rights, please consult the privacy policy of the individual social network.
Links to/from Third-Party Sites
From the Site, you can connect via dedicated links to other third-party websites.
In this regard, we cannot be held responsible for any handling of personal data by third-party websites or for the management of authentication credentials provided by third parties.
User Rights
As provided for in Article 15 of the Regulation, the data subject may access his or her personal data, request its rectification and updating if incomplete or incorrect, request its deletion if its collection violated a law or regulation, and object to the Processing for legitimate and specific reasons.
Specifically, we list below all the rights that can be exercised at any time against the data controller and/or joint data controllers:
Right of access: the right, pursuant to Article 15, paragraph 1 of the Regulation, to obtain from the data controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning you, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information regarding their source; h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. All this information can be found in the privacy policy that will always be available in the Privacy section of each website.
Right to rectification: Pursuant to Article 16 of the Regulation, the right to obtain the rectification of inaccurate personal data, taking into account the purposes of the processing. Furthermore, it is possible to have incomplete personal data completed, including by providing a supplementary statement.
Right to erasure: Pursuant to Article 17, paragraph 1 of the Regulation, you have the right to obtain the erasure of your personal data without undue delay, and the data controller will be obliged to erase your personal data.
In some cases, as provided for in Article 17, paragraph 3 of the Regulation, the data controller is entitled not to erase your personal data if their processing is necessary, for example, for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, or for the establishment, exercise, or defense of legal claims.
Right to restriction of processing: the right to obtain restriction of processing pursuant to Article 18 of the Regulation. If processing is restricted, personal data will be processed, except for storage, only with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest.
Right to data portability: Pursuant to Article 20, paragraph 1 of the Regulation, you have the right to request and receive at any time all personal data processed by the data controller and/or joint controllers in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another data controller without hindrance. In this case, you will be responsible for providing us with the exact contact details of the new data controller to whom you intend to transfer your personal data, along with your written authorization.
Right to object: Pursuant to Article 21, paragraph 2 of the Regulation and as reiterated in Recital 70, you may object at any time to the processing of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
Right to lodge a complaint with a supervisory authority: Without prejudice to the right to appeal to any other administrative or judicial body, if you believe that the processing of your personal data by the data controller and/or joint controllers infringes the Regulation and/or applicable law, you may lodge a complaint with the competent Data Protection Authority.
When Personal Data is processed in the public interest, in the exercise of official authority vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing on grounds relating to their particular situation.
Please note that if users' data is processed for direct marketing purposes, they may object to the processing without providing any justification. To find out whether the Data Controller is processing data for direct marketing purposes, users can refer to the relevant sections of this document.
To exercise all the rights identified above, simply contact the data controller and/or joint controllers by email. Requests are submitted free of charge and will be processed by the Data Controller as quickly as possible, in any case within one month.
Legal basis for processing
The Data Controller processes Personal Data relating to the User if one of the following conditions applies:
– The User has given consent for one or more specific purposes;
Note: In some jurisdictions, the Data Controller may be authorized to process Personal Data without the User's consent or any other of the legal bases specified below, until the User objects to such processing ("opt-out"). However, this does not apply if the processing of Personal Data is regulated by European data protection legislation;
- Processing is necessary for the performance of a contract with the User and/or for the implementation of pre-contractual measures;
- Processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
- In any case, the Data Controller may always be asked to clarify the specific legal basis for each processing operation, and in particular whether the processing is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Place
The Data is processed at the Data Controller's operating offices and in any other places where the parties involved in the processing are located. For further information, please contact the Data Controller.
The User's Personal Data may be transferred to a country other than their own. To obtain further information on the place of processing, the User can refer to the section containing details on the processing of Personal Data.
The User has the right to obtain information regarding the legal basis for data transfers outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, as well as regarding the security measures taken by the Data Controller to protect the Data.
If any of the transfers described above take place, the User can refer to the relevant sections of this document or request information to the Data Controller can be obtained by contacting the Data Controller using the contact details provided above.
Retention Period
The Data is processed and stored for the time required by the purposes for which it was collected.
Therefore:
– Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until such contract has been fully performed.
– Personal Data collected for purposes related to the Data Controller's legitimate interests will be retained until such interests are fulfilled. Users may obtain further information regarding the legitimate interests pursued by the Data Controller within the relevant sections of this document or by contacting the Data Controller.
– Where processing is based on the User's consent, the Data Controller may retain Personal Data for a longer period until such consent is withdrawn. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period whenever required to do so by law or by order of an authority.
After the retention period, Personal Data will be deleted. Therefore, upon expiration of this period, the right to access, erasure, rectification, and the right to data portability can no longer be exercised.
Purposes of Processing Collected Data
User Data is collected to allow the Owner to provide its Services, as well as for the following purposes: Statistics, Managing addresses and sending email messages, Handling payments, Interaction with external social networks and platforms, Contacting the User, SPAM protection, Commercial affiliation, Management of landing and invitation pages, Performance testing of content and functionality (A/B testing), User database management, Heat mapping and session recording, Interaction with online survey platforms, and Interaction with live chat platforms.
For further detailed information on the purposes of processing and the specific Personal Data relevant to each purpose, the User can refer to the relevant sections of this document.
Details on the Processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
Facebook Permissions Requested by This Site
This Site may request certain Facebook permissions that allow it to perform actions with the User's Facebook account and to retrieve information, including Personal Data, from it.
For more information on the following permissions, please refer to the Facebook permissions documentation and the Facebook privacy policy.
The requested permissions are as follows:
Basic Information
The basic information of the User registered on Facebook, which typically includes the following Data: ID, name, picture, gender, and localization language, and in some cases, Facebook "Friends." If the User has made additional Data publicly available, this will be available.
Sharing
Sharing on behalf of the user.
Insights
Provides access to Insights data for pages, applications, and domains owned by the user.
Likes
Provides access to a list of all pages the user has liked.
Contacting the User
Mailing List or Newsletter (This Site)
By registering for the mailing list or newsletter, the User's email address is automatically added to a contact list to which email messages containing information, including commercial and promotional information, relating to this Site may be sent. The User's email address may also be added to this list as a result of registering on this Site or after making a purchase.
Personal data collected: Email, Name, Phone Number
Contact form (This Site)
By filling out the contact form with their data, the User consents to their use to respond to requests for information, quotes, or any other kind of request as indicated by the form header.
Personal data collected: Email, Name, Phone Number, City, and all data necessary to respond to the User's request.
Address Management and Email Sending
These services allow us to manage a database of email contacts, phone numbers, or any other contact information used to communicate with the User.
These services may also collect data relating to the date and time the User views messages, as well as the User's interaction with them, such as information on clicks on links included in messages.
GetResponse (Implix Sp. z o.o.)
GetResponse is an address management and email message sending service provided by Implix Sp. z o.o.
Personal data collected: Email and all data necessary to respond to the User's request.
Place of processing Poland – Privacy Policy
Brevo
Brevo is an email address management and message sending service provided by Brevo Inc.
Personal data collected: Email and Name, and all other data necessary to respond to the User's request.
Place of processing: USA – Privacy Policy
TypeForm
TypeForm is a form creation and management service provided by TypeForm S.L. that allows this site to integrate such content into its pages.
Personal data collected: Email and Name. Various types of data as specified in the service's privacy policy.
Place of processing: Spain – Privacy Policy
SPAM Protection
These services analyze the traffic of this Site, potentially containing Users' Personal Data, in order to filter it from traffic, messages, and content recognized as SPAM.
Third Party Service Account Access
These services allow this Site to access Data from your accounts on third-party services and perform actions with them.
These services are not activated automatically, but require the express authorization of the User.
Twitter Account Access (Twitter, Inc.)
This service allows this Site to connect with the User's account on the Twitter social network, provided by Twitter, Inc.
Personal data collected: Various types of data as specified in the service's privacy policy.
Place of processing: USA – Privacy Policy
Facebook Account Access (This Site)
This service allows this Site to connect with the User's account on the Facebook social network, provided by Facebook, Inc.
Permissions requested: Sharing, Insights, and Likes.
Place of processing: USA – Privacy Policy
Statistics
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to track User behavior.
Google Analytics (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports, and sharing them with other Google services.
Google may use Personal Data to contextualize and personalize the ads of its own advertising network.
Google also provides a browser add-on for disabling Google Analytics at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Personal data collected: Cookies and Usage data.
Place of processing: USA – Privacy Policy – Opt Out
Facebook Ads conversion tracking (Facebook, Inc.)
Facebook Ads conversion tracking is a statistics service provided by Facebook, Inc. that connects data from the Facebook advertising network with actions performed on this site.
Personal data collected: Cookies and Usage data.
Place of processing: USA – Privacy Policy
Content commenting
Commenting services allow Users to formulate and publish their comments regarding the content of this Site.
Users, depending on the settings chosen by the Owner, can also leave comments anonymously. If the Personal Data provided by the User includes an email address, this may be used to send notifications of comments regarding the same content. Users are responsible for the content of their comments.
If a third-party commenting service is installed, it is possible that, even if Users do not use the commenting service, it may collect traffic data relating to the pages on which the commenting service is installed.
FACEBOOK COMMENTS (FACEBOOK, INC.)
Facebook Comments is a service managed by Facebook, Inc. that allows Users to leave comments and share them within the Facebook platform.
Personal data collected: Cookies and Usage data.
Place of processing: USA – Privacy Policy
Donation/Payment Management
Donation management services allow this Site to process donations by credit card, bank transfer, or other means. The payment data is acquired directly by the payment service provider without being processed in any way by this Site.
Some of these services may also allow scheduled messages to be sent to the User, such as emails containing invoices or notifications regarding the payment.
PayPal (PayPal)
PayPal is a payment service provided by PayPal Inc., which allows the User to make donations or payments online using their PayPal credentials.
Personal data collected: Various types of Data as specified in the service's privacy policy.
Place of processing: Luxembourg – Privacy Policy
Interaction with Social Networks
These services allow interactions with social networks or other external platforms directly from the pages of this Site.
The interactions and information acquired from this Site are in any case subject to the User's privacy settings for each social network.
If a service for interacting with social networks is installed, it is possible that, even if Users do not use the service, it may collect traffic data relating to the pages on which it is installed.
+1 button and Google+ social widgets (Google Inc.)
The +1 button and Google+ social widgets are services for interacting with the Google+ social network, provided by Google Inc.
Personal data collected: Cookies and Usage data.
Place of processing: USA – Privacy Policy
LinkedIn button and social widgets (LinkedIn Corporation)
The LinkedIn button and social widgets are services for interacting with the LinkedIn social network, provided by LinkedIn Corporation.
Personal data collected: Cookies and Usage data.
Place of processing: USA – Privacy Policy
Facebook Like button and social widgets (Facebook, Inc.)
The Facebook Like button and social widgets are services allowing interaction with the Facebook social network, provided by Facebook, Inc.
Personal data collected: Cookies and Usage data.
Place of processing: USA – Privacy Policy
Tweet button and social widgets (Twitter, Inc.)
The Tweet button and social widgets are services allowing interaction with the Twitter social network, provided by Twitter, Inc.
Personal data collected: Cookies and Usage data.
Place of processing: USA – Privacy Policy
Pinterest button (Pinterest, Inc.)
The Pinterest button is a service allowing interaction with the Pinterest social network, provided by Pinterest, Inc.
Personal data collected: Cookies and Usage data.
Place of processing: USA – Privacy Policy
GetSiteControl (GetWebCraft Limited)
GetSiteControl Chat Widget: interaction with live chat.
Personal data collected: Cookies and Usage data.
GetSiteControl Promo widget: interaction with data collection platforms and other third parties.
Personal data collected: Cookies and Usage data.
GetSiteControl social widget: interaction with social networks and other external platforms.
Personal data collected: Cookies and Usage data.
GetSiteControl contact form: contact the user.
Personal data collected: Email, Cookies, and Usage data.
GetSiteControl Subscribe widget: interaction with data collection platforms and other third parties.
Personal data collected: Email, Cookies, and Usage data.
GetSiteControl Survey Widget: interaction with online survey platforms.
Personal data collected: Cookies and Usage data.
Place of processing: Cyprus – Privacy Policy
Content on external platforms
These services allow you to view content hosted on external platforms directly from the pages of this Site and interact with them.
If a service of this type is installed, it may collect traffic data relating to the pages on which it is installed, even when Users do not use it.
Google Fonts (Google Inc.)
Google Fonts is a font display service managed by Google Inc. that allows this Site to integrate such content within its pages.
Personal data collected: Cookies and usage data
Place of processing: USA – Privacy Policy
Google Maps (Google Inc.)
Google Maps is a map display service managed by Google Inc. that allows this Site to integrate such content within its pages.
Personal data collected: Cookies and usage data
Place of processing: USA – Privacy Policy
Google Translate (Google Inc.)
Google Translate provides automatic translation of the Site into various languages, which the user can choose from the widget at the top of each page.
Personal data collected: Cookies and Usage Data
Place of processing: USA – Privacy Policy
Getsmartlook.com
These services are used to identify which areas of a page are visited by mouse cursors or clicks, in order to determine which areas attract the most interest. These services monitor and analyze traffic data and track User behavior.
Personal data collected: Cookies and Usage Data.
Place of processing: Czech Republic – Privacy Policy
Remarketing and Behavioral Targeting
These services allow this Site and its partners to communicate, optimize, and serve advertisements based on the User's past use of this Site.
This activity is carried out by tracking Usage Data and using Cookies, information that is transferred to the partners involved in the remarketing and behavioral targeting activity.
Face Book Remarketing (Facebook, Inc.)
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this website with the Facebook advertising network.
Personal data collected: Cookies and Usage data.
Place of processing: USA – Privacy Policy
DNS Services
CloudFlare is a traffic optimization and distribution service provided by CloudFlare Inc.
CloudFlare's integration methods filter all traffic on this website, i.e., communications between this website and the user's browser, also allowing the collection of statistical data on this website.
Personal data collected: Various types of data as specified in the service's privacy policy.
Place of processing: USA – Privacy Policy
CloudFlare Cookie _cfduid: Read more