top of page


Data controller
This privacy policy applies to BeautyPack websites  and to the web application by BeautyPack.

Purposes of the processing
As better explained in the sections that allow users to join - by giving their personal information - to services provided for by the Site, users’ data are processed to allow us to respond to their specific requests. In particular, collection and subsequent processing of data are done for the following purposes:

•   Content sharing over the Site; 

•   Customer relationship management;

•   Requests of information; 

The GDPR does not apply to the processing of aggregate or anonymous data.

Subjects that process your data
For purposes connected to the provision of services requested by the user, personal data will be made available to third parties, who will act autonomous data controllers in providing their services as requested by the user (for example, companies that delivery purchased products) or to whom the communication of data is required to comply with laws or regulations.
We have appointed data processors. In particular,  we have appointed as external data processor for providing hosting service

Personal data will be made available to people expressly authorized by the data controller - and so appointed as persons in charge of the processing, who carry out processing activities necessary for the purposes listed above; such appointed individuals belong to administrative personnel, communication, accounting, legal advice, technical maintenance of information systems, and marketing personnel, depending on the specific request made by the data subject over this Site.
Your data may be transferred abroad, to European Union countries or to other countries deemed as safe by the European Commission, or even to Countries outside the European Union which are not included in the list of safe Countries, with which we will stipulate in advance, the specific agreements for the protection of your privacy, containing standard contractual clauses given by the European Commission decision of 5 February 2010, or that has obtained the Privacy Shield certification for data transfers between EU and US.

How we process your data
All processing activities performed as part of the services available through this Site is made by electronic or telematic means, or by print/manual means.
The data will be processed within the purposes for which they were collected and in compliance with current security standards, for the purposes listed above or specified from time to time in any further information notice given to the user. Personal data will be processed for the time strictly necessary to achieve the purposes for which they are collected.

Navigation data
During their normal operation, the computer systems and software procedures used by this website acquire some personal data, the transmission of which is implicit in the use of internet communication protocols. This is information which is not collected in order to be associated with particular persons, but which by its nature could, through processing and combination with data held by third parties, enable users to be identified. This category includes: IP addresses and domain names of computers utilized by users to connect to the website, addresses of requested resources in URI (Uniform Resource Identifier) notation, the time the request was made, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the state of the response given by the server (successful conclusion, error, etc.) and other parameters relating to the user’s operating system and informatics environment.
This data is used solely to obtain anonymous statistical information on the use of the website and to verify that it is functioning correctly (see also the paragraph on Cookies). The data could be used by the competent authorities to ascertain responsibility in hypothetical cases of computer-related crime resulting in damage to the site.: other than this occurrence, personal data are not stored for more than seven days.

Personal data provided voluntarily by the user
Personal data normally required for the use of services of this Site is constituted by personal records, contact and payment instruments and details. The optional, specific and voluntary sending of e-mail to addresses listed on this Site or filling out electronic forms of contact involves the subsequent acquisition of sender’s address, necessary to respond to requests, and any other personal data included in the message. Specific brief information notices will be provided or displayed on web pages dedicated to specific on demand services. Generally, sensitive data is not processed as per Section 4 D.lgs. 196/2003 (in case of processing of sensitive data for certain services a specific information notice will be given together with the express request for consent by the data subject).

 Data subjects’ rights
You have the right to access your Personal Data at any time in accordance with Articles 15-22 of the GDPR. In particular, you may request the rectification, erasure or restriction of the processing of such data in the cases provided for by Article 18 of the GDPR, you may obtain the portability of Personal Data relating to you in the cases set forth by Article 20 of the GDPR, as well as to lodge a complaint with the competent supervisory authority under Article 77 of the GDPR (Data Protection Authority). You may object to the processing of your Personal Data pursuant to Article 21 of the GDPR in which you give evidence of the reasons for your objection: the Controller reserves the right to evaluate your request, which will not be accepted if there are legitimate grounds for the processing which override your interests, rights and freedoms.

Requests shall be made in writing and sent to the Controller at the following address:

bottom of page