Bellissimo Srl

Via Regaldi 7 int 12/A 10154 Torino, Italia
+39 011 2478137 / info@bellissimo.it

Privacy & Cookies Policy

This Privacy & Cookie Policy informs users, in accordance with Articles 13 and 14 of EU Regulation 2016/679 (GDPR), about the processing of personal data collected through this website and its related third-level domains (hereafter collectively referred to as “the Site” or “the Sites”), without extending to other websites that users may access via links included on the Site.

The processing of personal data is carried out in compliance with current data protection legislation and is guided by principles of fairness, lawfulness, transparency, and data protection.

The Data Controller is:

Bellissimo Srl, with headquarters in Via Regaldi 7, int. 12/A, 10154 Torino, Italy

Email: news@bellissimo.it

This notice is a general obligation that must be provided before or, at the latest, at the moment personal data is collected directly. If personal data is not collected directly from the data subject, the notice must be provided within a reasonable period or at the time the data is communicated (not registered) to third parties or the data subject. In accordance with the EU General Data Protection Regulation (GDPR – Reg. (EU) 2016/679), Bellissimo Srl, as Data Controller, informs users as follows.

Sources and categories of personal data

The personal data held by this organization is collected directly from the data subjects. This Site does not collect special categories of data, which include information revealing racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, membership in unions or organizations of a religious, philosophical, political, or trade-union nature, health data, or data concerning sexual life.

Cookies

Like any website, this Site stores cookies in the user’s browser to improve the user experience and to transmit information. Cookies are small text strings sent by the sites visited to the user’s device (usually the browser), where they are stored — sometimes for extended periods — and later retransmitted to the same sites on the next visit.

Browsing data

The IT systems and software procedures that operate the Site automatically acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. These are information not collected to be associated with identified users but which could, by their nature and through processing or association with data held by third parties, allow user identification. This category of data includes IP addresses or domain names of computers used by visitors, URI (Uniform Resource Identifier) addresses of requested resources, time of request, request method, size of the returned file, server response codes (success, error, etc.), and other parameters related to the user’s operating system and IT environment. This data is used only to obtain anonymous statistical information on Site usage and to ensure the Site functions properly and is deleted immediately after processing. It may be used to investigate potential computer crimes against the Site.

This Site uses SSL or TLS encryption for security and to protect the transmission of confidential content, such as requests you send as a Site user. An encrypted connection can be recognized when the browser address changes from “http://” to “https://” and a lock icon appears.

If SSL or TLS encryption is active, the data you transmit cannot be read by third parties.

Profiling data

No profiling data regarding user habits or consumer preferences is collected directly. However, third-party elements or links may allow autonomous third parties to collect such information. See the section on third-party cookies.

Data provided voluntarily by the users

The optional, explicit, and voluntary sending of emails to addresses provided on the Site results in the subsequent collection of the sender’s email address, necessary to respond to inquiries, as well as any other personal data included in the message. Similarly, completing forms on the Site containing personal data involves processing the data to fulfill pre-contractual obligations or deliver requested services. Form information may include personal identification data, contact details, phone numbers, accommodation information, email addresses of the users and third parties involved.

Users are responsible for personal data of third parties obtained, published, or shared through the Site and confirm they have the right to disclose such data, releasing Bellissimo from any liability.

Newsletters & Mailing lists

Email contacts used for sending communications come from voluntary subscriptions, including confirmation requests, or from information acquired in connection with the sale of products or services by the Data Controller. Communications may include promotional materials. Contacts are not obtained from public subscriber lists.

Recipients may opt out of future communications by clicking the unsubscribe link in any message or contacting the Data Controller via the details below.

Contact Form

By completing the contact form, users consent to the use of their data to respond to information requests, quotes, or other inquiries submitted through the form. Sensitive or judicial data should not be provided. If voluntarily provided, such data will be deleted if unnecessary for processing.

Purpose and legal basis for processing

Personal data is used:

1. to enable navigation of the Site (Art. 6(1)(f) GDPR);

2. where applicable, to provide the requested service or performance as part of the ordinary activities carried out by the organization (Art. 6(1)(b) GDPR).

Additionally, all personal data may be processed:

3. for purposes related to compliance with obligations imposed by law, as well as by provisions issued by authorities authorized by law (Art. 6(1)(c) GDPR), including, by way of example and not limitation, the fulfillment of administrative, accounting, and/or tax obligations related to the provision of e-commerce services and/or the performance of a concluded purchase contract (e.g., maintaining accounting records and issuing sales invoices);

4. for the establishment, exercise, or defense of a right in judicial or extrajudicial proceedings, based on the legitimate interest of the organization (Art. 6(1)(f) GDPR);

5. for operational purposes, based on the legitimate interest of the Data Controller, in particular for the collection of navigation and usage logs in order to protect the website and services from cyberattacks and to identify potentially malicious or fraudulent activities (Art. 6(1)(f) GDPR);

6. for direct marketing purposes, based on the legitimate interest of the Data Controller, including the use of cookies and advertising IDs to display advertisements, as well as the use of email addresses to send newsletters and communications regarding initiatives, events, commercial or promotional content, the sale of services, and the assessment of customer satisfaction (Art. 6(1)(a) GDPR).

Consequences of refusing to provide data

Providing personal data is optional; however, it is necessary for processing purposes outlined under points 1) and 2). If users do not provide essential data or prevent its processing, it will not be possible to carry out the requested services or fulfill contractual obligations. This may result in the inability to comply with legal obligations, such as accounting, tax, or administrative requirements.

Except for browsing data, users are free to provide personal data for cookies or specific requests via forms (e.g., for products or services). Failure to provide such data may prevent the requested service or information from being delivered. For all non-essential data, including special categories of data, provision is optional. If consent is withheld or data is provided incompletely or incorrectly, including special categories of data, the required processing may be incomplete, potentially resulting in penalties, loss of benefits, or failure to fulfill obligations. The organization assumes no liability for such consequences.

Methods of data processing

Data collected through the website is processed using automated tools only for the time strictly necessary to achieve the purposes for which it was collected. Processing takes place on servers located in Italy or the EU and is carried out only by authorized technical personnel or by personnel responsible for maintenance and administration. Specific security measures are in place to prevent data loss, unlawful or incorrect use, unauthorized access, and breaches of confidentiality.

“Data processing” refers to collection, registration, organization, storage, modification, analysis, deletion, or destruction, or any combination of these operations. Data processing is carried out using manual, IT, and telematic tools, with logic strictly related to the purposes of processing, in a manner that ensures data security and confidentiality. Personal data is processed in compliance with Article 5 of EU Regulation 2016/679, which requires that data be processed lawfully and fairly, collected for specified, explicit, and legitimate purposes, accurate, up-to-date when necessary, relevant, complete, and not excessive. Processing respects the rights and fundamental freedoms of data subjects, including their privacy and personal identity, with appropriate protective and security measures. The organization has implemented, and will continue to enhance, data access and storage security measures.

No automated decision-making or profiling is carried out.

Transfers outside the EU

Data processing is carried out primarily within Italy and the EU but may also occur in non-EU or non-EEA countries if deemed necessary for efficient fulfillment of processing purposes, while ensuring adequate safeguards.

Processing that occurs in non-EU or non-EEA countries, when connections to the Site originate from such countries at the request of the user, is outside the responsibility of the Data Controller.

Data retention

Personal data will generally be retained as long as necessary to fulfill the purposes of processing based on the category of data collected. The Data Controller may be required to retain personal data for a longer period to comply with legal obligations or authority requests.

Categories of recipients

Only essential data may be shared:

- with personnel responsible for processing, both internal and external, who perform specific tasks or operations (e.g., site administration, analysis of browsing or traffic data, management of emails and voluntarily submitted forms);

- in the cases and with the recipients required by law.

Data will not be disclosed except as required by law or after anonymization. Except for cookies and third-party elements, services will only be provided where prior general consent for third-party communication is given. Specific consents may be requested when necessary, and recipients will use the data as independent data controllers.

In some cases (outside the ordinary management of this Site), authorities may request information for oversight of personal data processing. In such cases, providing information is mandatory, subject to administrative penalties.

Data subject rights

At any time users may: exercise their rights (access, rectification, deletion, restriction, portability, objection, absence of automated decision-making) where applicable under Articles 15–22 of the GDPR (regulation); file a complaint with the Data Protection Authority (www.garanteprivacy.it); or, where processing is based on consent, withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted based on consent prior to withdrawal.

Requests should be sent to the Data Controller via email at: news@bellissimo.it

Format of the Privacy Notice

This Privacy Notice is accessible via any Internet browser.

Users are encouraged to report any difficulties in viewing this notice so that alternative means of access can be provided if necessary.

This document is subject to updates. Users are responsible for reviewing the latest version.