Privacy Policy

Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. and the subsidiary company Santa Maria Novella UK Limited firmly believe that transparency is the basis of its relationship with their customers and users (Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. and Santa Maria Novella UK Limited are referred together as “Officina Profumo Farmaceutica di Santa Maria Novella” or “we” or “us”). For this reason, we would like to be completely transparent regarding the way in which your personal data will be processed when you make an online purchase or browse through our website https:// uk.smnovella.com/ (hereinafter the "Site"), and/or make a request to our Customer Service, and also how the data provided during a purchase or visit to one of our points of sale (including by scanning the QR code to access the application) are processed. This Privacy Policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter the "GDPR") and also satisfies the requirements under the equivalent data protection laws in the United Kingdom (the “UK GDPR”).

1.     Data Controller, Data Processors and Authorised Persons

For the purpose of verifying the proper functioning of the Site and the services offered and the purpose of managing your purchase order (as further detailed in paragraphs 3.1 and 3.3(b) below), the data controller is Santa Maria Novella UK Limited, with register office in London, 111 Park Street Mayfair, W1K 7JF – England. You can contact the Data Controller at the following addresses:

• Via e-mail: privacy@smnovella.com
• By post: Santa Maria Novella UK Limited, 107 Walton Street - London, SW3 2HP – England.

For the purpose of managing your request, marketing and profiling (as further detailed in paragraphs 3.3(a, c, d and e) below, the data controller is Officina Profumo Farmaceutica di Santa Maria Novella S.p.A., with registered office in Florence, Via della Scala 16, in the person of its legal representative pro tempore domiciled at the company's registered office. You can contact the Data Controller at the following addresses: -              via e-mail: privacy@smnovella.com -              by post: Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. Via della Scala 16, 50123 - Florence, Italy.   We may appoint other entities to perform the processing pursuant to Article 28 of the GDPR (hereinafter the "External Data Processors"), as well as persons authorised to carry out processing operations (hereinafter the "Privacy Contact Persons" and "Authorised Persons") pursuant to Articles 28 and 29 of the GDPR. A complete and up-to-date list of External Data Processors as well as Privacy Contact Persons/Authorised Persons can be requested by contacting us at the addresses indicated above.

2.     Data Protection Officer

Pursuant to Article 37 of the GDPR, Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. has also appointed a Data Protection Officer ("DPO"). You can contact the DPO at the following addresses: -        via e-mail: dpo@smnovella.com -        by post: Officina Profumo Farmaceutica di Santa Maria Novella S.p.A., Via della Scala 16 - 50123 Florence, to the attention of the Data Protection Officer.

3.     Type of data processed, purpose of processing, legal basis and nature of data provision

3.1      Browsing data

When browsing the Site or accessing the application by scanning the QR code, the computer systems and software procedures used to operate them acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.    This category of data includes the IP addresses or domain names of the user’s computers, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. Browsing data are processed for the following purposes:

1. to verify the proper functioning of the Site and the services offered.

Browsing data may also be used for the investigation of criminal offences by the Judicial Authorities. The legal basis for the processing is the legitimate interest of the Data Controller in the proper functioning of the Site. The provision of browsing data is necessary for accessing the Site and the application by scanning the QR code.

3.2          Cookies

When browsing the Site or accessing the application by scanning the QR code, cookies are used as explained in the Cookie Policy.

3.3      Personal data provided by the data subject

When you make purchases online or at our points of sale (including accessing the application by scanning the QR code) or when you make a request to our Customer Service as well as when you browse the Site and/or subscribe to our newsletter, we processes your common personal data such as, for example: name and surname, address, contact information (e-mail address and/or telephone number), address, tax code/VAT number, data relating to payment instruments, etc.). The personal data you voluntarily provide are processed for the following purposes:

1. manage your requests, such as - purely by way of example - replying to queries received by the Customer Service, registration on the Site/creation of an account and subscription to informative newsletters. The legal basis for the processing is the execution of pre-contractual measures taken at the request of the data subject. The provision of data is necessary in order to allow us to respond to requests;
2. manage your purchase order, including the administrative management of the contract, the shipment of products, the management of payments, credits and any disputes and the prevention of fraud as well as the fulfilment of all obligations imposed by applicable laws and regulations. The legal bases for the processing are the performance of a contract to which the data subject is a party and the fulfilment of legal obligations incumbent upon us. The provision of data is necessary for the proper management of the contractual relationship;
3. provide information about other products and/or services as well as promotional, commercial and marketing activities concerning products similar to those that have been purchased. The legal basis is legitimate interest.

In addition, with your consent, your personal data may be processed for the following purposes:

1. marketing, i.e. to contact you and/or to send you (by post, telephone, e-mail, social network, MMS or SMS messages and other forms of electronic communication) information and promotional communications, including of a commercial nature, advertising material, catalogues and invitations to events, relating to the products and services of Officina Profumo Farmaceutica di Santa Maria Novella S.p.A.;
2. profiling, i.e. to send you information and promotional communications, including of a commercial nature, advertising material, catalogues and invitations to events, relating to the products and services of Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. according to your interests and preferences.

The legal basis for the processing is the consent of the data subject. The provision of data is optional. Finally, we would like to point out that, with your consent, we may store the data from online purchases relating to the payment method you have indicated in order to facilitate subsequent purchases.

4.    Social Networks

From the Site, it is possible to connect to Facebook, Google, Twitter, LinkedIn and Amazon. By using the social network connection features on the Site, the Data Controller can access the information in your social network profile that you share (according to the settings selected in your profile) and use it in accordance with the privacy policy of the social network and this Privacy Policy.

5.    Protection of Minors

The protection of minors online is a fundamental element of Officina Profumo Farmaceutica di Santa Maria Novella corporate policy. Therefore, we don’t accept registrations or orders from persons who are under the legal age and will not knowingly collect and process the personal data of such persons. By purchasing on the Site or registering by accessing the application by scanning the QR code, you declare that you are of legal age according to the legislation of your country of residence.

6.     Third-party advertisers and links to other websites

The Site may include advertisements from parties other than Officina Profumo Farmaceutica di Santa Maria Novella (hereinafter the "Third Parties") and links to other websites and/or applications. If you access these websites and/or applications, Third Parties may collect information about you when you interact with their content, advertising and services under the terms and conditions described in the respective websites/applications.

7.     Processing methods and retention times

The Data Controllers have adopted specific security measures to prevent loss, unlawful or incorrect use of and unauthorised access to data. Personal data are stored for the time strictly necessary to achieve the purposes for which they were collected. For more detailed information, please write to the following e-mail address privacy@smnovella.com.

8.     Disclosure of Data

To comply with specific legal obligations or for reasons that are strictly related to furthering the relationship with Officina Profumo Farmaceutica di Santa Maria Novella, in relation to the purposes indicated above, your personal data collected during the provision of the service may be disclosed to the following recipients: external consultants in legal, tax and commercial matters, banking institutions, judicial authorities, public bodies and institutions as well as other third parties, in their capacity as Data Processors or independent data controllers, if this is strictly necessary for the proper management of the contractual relationship.

9.     Transfer of Data outside the European Economic Area (EEA) or United Kingdom

The personal data acquired may also be handled or stored in archives or on servers located in Canada and in the United States that are owned by third-party companies appointed as Data Processors pursuant to Article 28 of the GDPR and UK GDPR and in accordance with and within the limits provided for by the applicable legislation, particularly Articles 44 et seq. of the GDPR and UK GDPR. Regarding the transfer of personal data to Canada, the legal basis for the transfer is Decision 2002/2/EC, which declared the adequacy of the protection provided by the Canadian law on the safeguarding and protection of personal data. For the transfer of data to the United States, the legal basis for the transfer is the signing of contractual clauses pursuant to Article 46 paragraph 3 letter a) of the GDPR and UK GDPR. Furthermore, the Data may be transferred abroad, within and/or outside the European Union and United Kingdom, to external companies/companies of the SMN Group, for the pursuit of the purposes indicated above, in accordance with and within the limits provided for by the applicable legislation, particularly Articles 44 et seq. of the GDPR and UK GDPR.   For more detailed information, please write to the following e-mail address privacy@smnovella.com.  

10.  Rights of the data subjects

As provided for in Article 13 of the GDPR and UK GDPR, the User may at any time:

1. a) request from the Data Controllers access to and rectification or erasure of personal data or restriction of processing concerning the User;
2. b) object to the processing of personal data;
3. c) exercise the right to data portability;
4. d) withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
5. e) lodge a complaint with a supervisory authority.

The rights described above in letters a), b), c) and d) may be exercised by submitting a request to the Data Controllers at the following addresses without following any specific formalities: You can contact Farmacia Limited at the following addresses:

- Via e-mail: privacy@smnovella.com 

- By post: Farmacia Limited, 107 Walton Street - London, SW3 2HP – England.

  You can contact Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. at the following addresses:

- via e-mail: privacy@smnovella.com

- by post: Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. Via della Scala 16, 50123 - Florence, Italy.

You can also rectify your personal data, exercise your right to data portability, request access to your data and exercise your right to be forgotten using this link: https://eu.smnovella.com/pages/gdpr-compliance.

To stop receiving communications or to change your contact preferences, please write to privacy@smnovella.com providing your full name, the e-mail address at which you wish to be contacted and a copy of your identification document, so that your request can be handled correctly. In addition, to unsubscribe from the newsletter service, click on the "unsubscribe" link at the bottom of each communication you receive, at any time.  

11.   Complaints

If you wish to complain to us about the way in which we have handled your personal data, please contact us on   United Kingdom contact (complaints under the UK GDPR)

- Via e-mail: privacy@smnovella.com 

- By post: Santa Maria Novella UK Limited, 107 Walton Street - London, SW3 2HP – England.

- via e-mail: privacy@smnovella.com

- by post: Officina Profumo Farmaceutica di Santa Maria Novella S.p.A. Via della Scala 16, 50123 - Florence, Italy.   If you do not feel we have handled your complaint satisfactorily, the right to lodge a complaint with a supervisory authority under 10(e) can be made to:

UK GDPR supervisory authority:

• Information Commissioners Office on 0303 123 1113 or by completing the form at https://ico.org.uk/make-a-complaint/

  GDPR supervisory authority

• The Garante per la protezione dei dati personali on protocollo@gpdp.it or +39 06.696771

12.  Amendments

We reserve the right to amend the Privacy Policy at any time, including due to changes in applicable legislation, by updating this page. We therefore invite you to periodically check the Privacy Policy for updates. This Privacy Policy (Rev. 3) was issued, and is effective from 31st of May 2022.