Privacy Policy
Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. firmly believe that transparency is the basis of its relationship with their customers and users. For this reason, he would like to be completely transparent regarding the way in which your personal data will be processed when you make an online purchase or browse through our website https://eu.smnovella.com (hereinafter the "Site"), and/or make a request to our Customer Service, and also how the data provided during a purchase or visit to one of our points of sale (including by scanning the QR code to access the Site) are processed.
This Privacy Policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter the "GDPR").
1. DATA CONTROLLER, DATA PROCESSORS AND AUTHORISED PERSONS The data controller is Officina Profumo Farmaceutica di Santa Maria Novella S.p.A., with registered office in Florence, Via della Scala 16, in the person of its legal representative pro tempore domiciled at the company's registered office.
You can contact the Data Controller at the following addresses:
- via e-mail: privacy@smnovella.com
- by post: Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. Via della Scala 16, 50123 - Florence, Italy.
The Data Controller may appoint other entities to perform the processing pursuant to Article 28 of the GDPR (hereinafter the "External Data Processors"), as well as persons authorised to carry out processing operations (hereinafter the "Privacy Contact Persons" and "Authorised Persons") pursuant to Articles 28 and 29 of the GDPR. A complete and up-to-date list of External Data Processors as well as Privacy Contact Persons/Authorised Persons can be requested by contacting us at the addresses indicated above.
2. DATA PROTECTION OFFICER
Pursuant to Article 37 of the GDPR, Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. has also appointed a Data Protection Officer ("DPO").
You can contact the DPO at the following addresses:
- via e-mail: dpo@smnovella.com
- by post: Officina Profumo Farmaceutica di Santa Maria Novella S.p.A., Via della Scala 16 - 50123 Florence, to the attention of the Data Protection Officer.
3. TYPE OF DATA PROCESSED, PURPOSE OF PROCESSING, LEGAL BASIS AND NATURE OF DATA PROVISION
3.1 Browsing data
When browsing the Site or accessing the Site by scanning the QR code, the computer systems and software procedures used to operate them acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the user’s computers, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
Browsing data are processed for the following purposes:
- to verify the proper functioning of the Site and the services offered.
Browsing data may also be used for the investigation of criminal offences by the Judicial Authorities.
The legal basis for the processing is the legitimate interest of the Data Controller in the proper functioning of the Site.
The provision of browsing data is necessary for accessing the Site and the application by scanning the QR code.
3.2 Cookies
When browsing the Site or accessing the application by scanning the QR code, cookies are used as explained in the Cookie Policy.
3.3 Personal data provided by the data subject
When you make purchases online or at our points of sale (including accessing the Site by scanning the QR code) or when you make a request to our Customer Service as well as when you browse the Site and/or subscribe to our newsletter, the Data Controller processes your common personal data such as, for example: name and surname, address, contact information (e-mail address and/or telephone number), address, tax code/VAT number, data relating to payment instruments, etc.).
The personal data you voluntarily provide are processed for the following purposes:
- manage your requests, such as - purely by way of example - replying to queries received by the Customer Service and the registration on the Site/creation of an account. The legal basis for the processing is the execution of pre-contractual measures taken at the request of the data subject. The provision of data is necessary in order to allow us to respond to requests;
- manage your purchase order, including the administrative management of the contract, the shipment of products, the management of payments, credits and any disputes and the prevention of fraud as well as the fulfilment of all obligations imposed by applicable laws and regulations. The legal bases for the processing are the performance of a contract to which the data subject is a party and the fulfilment of legal obligations incumbent upon us. The provision of data is necessary for the proper management of the contractual relationship;
- provide information via e-mail about other products and/or services as well as promotional, commercial and marketing activities concerning products similar to those that have been purchased. The legal basis is, pursuant to art. 130.4 of the Privacy code, the legitimate interest of the Data Controller in the sale of this products. The provision of data is optional;
- personalize communications based on the language and geographical region of residence (deduced from the address indicated during registration). The legal basis is the Data Controller’s legitimate interest in sending communications that are understandable and may relate to the Data Controller’s activities in which you can participate. The provisions of personal data is optional;
- shopping cart abandonment. The products placed in the cart remain visible and available for 14 days. In this situation, until you complete the purchase you can receive by e-mail a notification reminding you of the possibility to complete an interrupted purchase. The legal basis is the Data Controller’s legitimate interest to increase sales (art. 6, point 1. lett. f) of the GDPR). You can always oppose such processing by exercising the rights set out in art. 21 GDPR. The provision of personal data is optional.
In addition, with your consent, your personal data may be processed for the following purposes:
- marketing, i.e. to contact you and/or to send you (by post, telephone, e-mail, social network, MMS or SMS messages and other forms of electronic communication) the newsletter, information and promotional communications, including of a commercial nature, advertising material, catalogues and invitations to events, relating to the products and services of Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. If you decide not to receive marketing communications anymore, you can always unsubscribe using the appropriate button at the bottom of our e-mails that we send commercial communications, or you can write to privacy@smnovella.com; moreover, if you decide not to receive marketing calls, you can be registered in the Public opt-out registry;
- profiling, i.e. to send you information and promotional communications, including of a commercial nature, advertising material, catalogues and invitations to events, relating to the products and services of Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. according to your interests and preferences.
The legal basis for the processing is the consent of the data subject. The consent is optional and can be revoked at any time.
The provision of data is optional.
Finally, we would like to point out that, with your consent, the Data Controller may store the data from online purchases relating to the payment method you have indicated in order to facilitate subsequent purchases.
4. SOCIAL NETWORKS
From the Site, it is possible to connect to Facebook, Google, Twitter, LinkedIn and Amazon. By using the social network connection features on the Site, the Data Controller can access the information in your social network profile that you share (according to the settings selected in your profile) and use it in accordance with the privacy policy of the social network and this Privacy Policy.
5. PROTECTION OF MINORS
The protection of minors online is a fundamental element of Officina Profumo Farmaceutica di Santa Maria Novella corporate policy. Therefore, the Data Controller don’t accept registrations or orders from persons who are under the legal age and will not knowingly collect and process the personal data of such persons. By purchasing on the Site or registering by accessing the Site by scanning the QR code, you declare that you are of legal age according to the legislation of your country of residence.
6. THIRD-PARTY ADVERTISERS AND LINKS TO OTHER WEBSITES
The Site may include advertisements from parties other than Officina Profumo Farmaceutica di Santa Maria Novella (hereinafter the “Third Parties”) and links to other websites and/or applications. If you access these websites and/or applications, Third Parties may collect information about you when you interact with their content, advertising and services under the terms and conditions described in the respective websites/applications.
7. PROCESSING METHODS AND RETENTION TIMES
The Data Controller have adopted specific security measures to prevent loss, unlawful or incorrect use of and unauthorised access to data.
Personal data are stored for the time strictly necessary to achieve the purposes for which they were collected. In particular:
- for the management of your requests, the storage time is equal to the time necessary to process the request plus any additional period required by law;
- for the management of your purchase order the data processed for this purpose will be kept for up to ten years from the fulfilment of the purchase order;
- to carry out information activities the data relating to tour purchases to be able to send you communications on similar products will be kept for 24 months from the purchase made;
- for personalize communications based on the language and geographical region of residence, personal data will be processed for this purpose until the personal data will be processed to carry out information activities and for marketing purposes;
- for marketing, personal data will be processed for this purpose for 24 months from the date you have given your consent;
- for profiling, personal data will be processed for this purpose for 24 months from the date you have given your consent;
- shopping cart abandonment, the products included in the cart remain visible and available for 14 days.
8. DISCLOSURE OF DATA
To comply with specific legal obligations or for reasons that are strictly related to furthering the relationship with Officina Profumo Farmaceutica di Santa Maria Novella, in relation to the purposes indicated above, your personal data collected during the provision of the service may be disclosed to the following recipients: external consultants in legal, tax and commercial matters, banking institutions, judicial authorities, public bodies and institutions as well as other third parties, in their capacity as Data Processors or independent data controllers, if this is strictly necessary for the proper management of the contractual relationship.
9. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
The personal data are shared, with particular reference to management and conservation, Recipients, appointed as Data Processors pursuant to Article 28 of the GDPR, which could be found outside the European Economic Area, in particular in Canada and in the United States. This transfer is done in accordance with and within the limits provided for by the applicable legislation, particularly Articles 44 et seq. of the GDPR . The transfer of personal data to Canada, pursuant to Article 45 GDPR, is in compliance with the Decision 2002/2/EC, which declared the adequacy of the protection provided by the Canadian law on the safeguarding and protection of personal data. The transfer of data to the United States is in compliance with the Decision 2023/4745/EU with Recipients, who have joined the Data Privacy Framework, or with other suitable guarantees as standard contractual clauses, pursuant to Article 46 par. 3 lett. a) GDPR.
Furthermore, the Data may be transferred abroad, within and/or outside the European Union, to external companies/companies of the SMN Group, for the pursuit of the purposes indicated above, in accordance with and within the limits provided for by the applicable legislation, particularly Articles 44 et seq. of the GDPR.
For more detailed information, please write to the following e-mail address privacy@smnovella.com.
10. RIGHTS OF THE DATA SUBJECTS
As provided for in Article 13 of the GDPR, the User may at any time:
A) request from the Data Controllers access to and rectification or erasure of personal data or restriction of processing concerning the User;
B) object to the processing of personal data (see the next paragraph);
C) exercise the right to data portability;
D) withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
E) lodge a complaint with a supervisory authority.
The rights described above in letters a), b), c) and d) may be exercised by submitting a request to the Data Controller at the following addresses without following any specific formalities:
- via e-mail: privacy@smnovella.com.
- by post: Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. Via della Scala 16, 50123 - Florence, Italy.
To stop receiving communications or to change your contact preferences, please write to privacy@smnovella.com providing your full name, the e-mail address at which you wish to be contacted and, if necessary, a copy of your identification document, so that your request can be handled correctly.
11. RIGHT TO OBJECT
In compliance with Article 21 paragraph 1 and 2 GDPR for processing based on legitimate interest or for marketing purposes, you are the right to object which can be exercised by writing to privacy@smnovella.com. You can write to this email address in order to stop commercial communication from the Data Controller. In addition, to unsubscribe from the newsletter service or stop receiving marketing communications, click on the "unsubscribe" link at the bottom of each communications you receive, at any time.
12. AMENDMENTS
TheData Controller reserves the right to amend the Privacy Policy at any time, including due to changes in applicable legislation, by updating this page. We therefore invite you to periodically check the Privacy Policy for updates.
This Privacy Policy (Rev. 03) was issued and is effective from November 27, 2023