Privacy Policy on the Processing of Personal Data of Program Participants. "The New Glam Lounge" pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR") 1. Data Controller The Data Controller of your personal data is Exelite S.p.A. ante Liu.Jo S.p.A. (hereinafter, "Liu.Jo" or "Data Controller"), with registered office in Viale J.A. Fleming, 17 - 41012 - Carpi (MO) - Italy, C.F. and P.IVA 02322360369. Liu.Jo would like to provide you below with the relevant information about the methods and purposes of the processing of your personal data, in accordance with Article 13 of Regulation (EU) 2016/679 (hereinafter, "GDPR"), in relation to your subscription to the loyalty program "The New Glam Lounge". 2. Data Protection Officer Liu.Jo has appointed a Data Protection Officer ("DPO"), who can be contacted at the following e-mail address: dpo@liujo.it. 3. Purposes of processing, legal basis, and data retention Liu.Jo may process your personal data (both in electronic and paper format) such as, but not limited to first name, last name, date of birth, residential address, e-mail, phone number, purchase details, discounts, benefits, rewards, etc. This personal data is processed for the following purposes:
4. Provision of personal data For the purposes of Program Management, Cluster and Stars and Fulfillment of legal obligations, the provision of data is mandatory. Refusal to provide such data will not allow participation in the Program. For the purpose of Marketing and Profiling, the provision of data is optional, and refusal to provide the relevant consents will not preclude enrollment in the Program. In addition, you may at any time revoke the consent given for Marketing and Profiling purposes through the appropriate channels made available by the Data Controller. 5. Data recipients Your personal data may be communicated to external parties operating as data controllers such as, by way of example, authorities and supervisory and control bodies and, in general, parties, public or private, entitled to request your personal data. Your data may also be processed by external parties designated as Data Processors (pursuant to Article 28 of the GDPR), who carry out specific activities on behalf of the Data Controller (by way of example: accounting, tax and insurance fulfilments, mailing of correspondence, management of collections and payments, etc.). 6. Authorized subjects The data may be processed by employees of the company functions assigned to the pursuit of the above purposes, who have been expressly authorized to process the data and have received appropriate operating instructions. 7. Personal data transfers Your personal data will not be transferred outside the European Economic Area ("EEA"). 8. Rights of the Data Subject and Complaint to the Supervisory Authority By contacting the Data Controller at privacyconsumer@liujo.it or the DPO at dpo@liujo.it, you may exercise the rights recognized by Articles 15-22 of the GDPR, and in particular, you may request from the Data Controller access to the data concerning you, their rectification, integration or deletion, as well as the restriction of processing in the cases provided for in Article 18 of the GDPR. You may also, where processing is based on consent or contract and is carried out by automated means, have the right to receive in a structured, commonly used and machine-readable format your personal data, as well as, if technically feasible, the right to transmit them to another Data Controller without hindrance. You have the right to object at any time, easily and free of charge, for reasons related to the particular situation, to the processing of your personal data in cases of legitimate interest of the owner. In any case, you have the right to lodge a complaint with the competent supervisory authority in the Member State where you usually reside or work or with the Authority of the State where the alleged violation occurred. |