This Privacy Policy describes how COTRIL S.p.A. (“COTRIL”) and other Data Controllers collect the personal data of customers who make use of the Company’s services or Customer Fidelity Programme; how they protect personal data; how they use and share personal data; and how to contact the company for enquiries regarding privacy.

The term "services" refers to web sites and applications and to the Fidelity Programme offered by COTRIL, as well as other available channels for interacting with COTRIL online, also through third parties.

These "service" include:

  • COTRIL web sites and applications, however they are accessed;
  • other forms of interaction with COTRIL, such as through third-party web sites and platforms, including sites, forums, and social media.

Privacy Policy

The Data Controller is COTRIL S.p.A, with registered offices in Via Trento 59, 20021 Bollate (MI), VAT no. 06260170961.

If you have any questions regarding privacy and your rights, you may contact COTRIL by e-mail at the address or by post at the address: COTRIL Via Trento, 59 20021 Bollate (MI).

What personal data does COTRIL collect?

Personal data supplied by the user.

COTRIL permits anyone aged 18 or over to open an account.

COTRIL collects and stores the personal data you supply when you use its services:

  • contact information: e.g. name, address, email, account login information and telephone numbers;
  • financial information: e.g. credit card information or banking information used to make purchases;
  • information on orders: details of your purchases;
  • information on communication: the dates on which you contacted us, or on which we contacted you, and the content of any emails you may have sent to COTRIL;
  • information on forums/reviews: e.g. your product reviews on COTRIL web sites or applications;
  • date and place of birth, tax code.

If you do not wish to provide us with the personal data we need in order to fulfil our legal and contractual obligations, or the data required to conclude a contract, you may be unable to make purchases from COTRIL, or to use COTRIL's services or internet sites.

Personal data obtained from third parties.

We also collect your personal data from third parties, in combination with the data collected through our own services. Note that we can only make corrections to data we have collected directly, and not to data we have obtained from external data providers:

  • information we obtain from third parties: the information obtained will be added to the existing information on customers and service users in order to improve our understanding of their interests and provide them with content and advertisements more appropriate to their tastes and preferences.

The information thus collected will be processed and combined in accordance with this Policy and with the provisions of the Regulation. In any case, we only use the data strictly required for the purposes of the data processing.


We use your personal data for the purposes listed below, with the corresponding legal basis. These legal foundations are described in the European Union General Data Protection Regulation (GDPR). The GDPR applies to online and offline data processing.

Aggregate or anonymised data cannot be used to identify a person, and information which does not permit identification of the user is therefore not considered personal information under the GDPR.

Purposes and legal basis Types of data

Supplying services and implementing functions requested by you, including creation and management of your account and card and the making of purchases

This form of data processing is necessary to permit execution of pre-contractual measures adopted in response to the data subject’s request and fulfilment of a contract with the data subject
Contact information, preferences, financial information, identifying information

Processing, fulfilling and sending orders and contacting you in relation to these orders.

This form of data processing is necessary to permit execution of pre-contractual measures adopted in response to the data subject’s request and execution of a contract with the data subject.
Contact information, information on orders, financial information

Responding to your requests, comments and questions, supplying assistance services, and managing interaction on COTRIL’s social networks

Legitimate interest – quality control, responding to the data subject’s requests, improving the user experience
Contact information, information on communications, preferences, information on orders, forums/reviews, financial information, identifying information

Enabling and improving the functioning of the web site

Legitimate interest – improving the user experience
Contact information, preferences, information on devices and technologies, information on browsing history and browser use

Customising and improving your experience using the Services; targeted marketing aimed at consolidating our clientele, and use of targeted advertising on other web sites, devices and platforms

Contact information, information on orders, information on browsing history and browser use, information on devices and technologies, preferences, demographic information or information on interests

Monitoring and analysing trends, customising and improving products, services and content

Legitimate interest - improving the customer experience and the efficiency of the business, offering custom-tailored products
Information on orders, information on devices and technologies, demographic information, contact information, information on browsing history and browser use, and user profiling use and activities.

Sending you advertising material and special offers for products and services we think you might be interested in, also using automated systems

Contact information, preferences, information on orders, information on browsing history and browser use, demographic information or information on your interests

Contacting you regarding your use of the services, such as your transactions.

Legitimate interest - improving transparency and awareness
Contact information, information on orders

Contacting you at our discretion regarding possible changes to our privacy policy

Compliance with legal obligations
Contact information, information on orders

Assessment of payment options

Fulfilment of the contract
Contact information, information on orders, financial information

Preventing fraud and other forms of abuse

Legitimate interest - protecting information on customers and enterprises, preventing defaulting on payments and financial damage
Contact information, information on orders, financial information

Application of our internal procedures, compliance with legal obligations

Compliance with legal obligations
Specifically, contact information, information on orders, financial information, information on devices and technologies, information on browsing history and browser use; potentially, all types of data

Compliance with industry standards and continuation of our business

Legitimate interest - compliance with industry standards and with our own Terms and Conditions
Specifically, contact information, information on orders, financial information, information on devices and technologies, information on browsing history and browser use; potentially, all types of data

Who may have access to my personal data?

We allow our service providers to access your personal data, to the extent necessary to perform their tasks under our contracts with them. They may also work for third parties. Our suppliers are obliged to protect personal data appropriately in accordance with the law, and are appointed as external data processors for this purpose.

We may use service providers to perform a whole series of tasks, including:

  • fulfilling orders and shipping goods, processing payments and providing accounting services
  • market surveys and marketing
  • providing digital services and filing services
  • managing information, to permit real-time updating and modification of data
  • software maintenance and updating;
  • with third parties conducting analyses or data processing, profiling and retargeting operations, to help us offer you products and services appropriate to your tastes and preferences.

We also share your personal data with other parties, our employees and/or consultants appointed as external data processors. They will have access to your data and process it for a variety of purposes, such as, for example:

  • fulfilling orders and shipping goods, processing payments and providing accounting services, market surveys, marketing and providing of digital services;
  • if required or permitted under the applicable legislation, to meet legal requirements; to present, exercise, or defend ourselves in legal proceedings, or if we should believe the disclosure of the data to be necessary in good faith;
  • on the request of the competent authorities in the context of an investigation;
  • if we believe there may have been a violation of our Terms and Conditions or our internal procedures, or to protect our rights, property, lives, health or safety or that of a third party;
  • in connection with potential or actual extraordinary operations such as a merger, takeover, or sale (including winding-up, seizure, or repossession of property), leasing, or other extraordinary operations pertaining wholly or partly to COTRIL’s business, financing, sale, or transfer of a company branch in whole or in part to another company;
  • third parties conducting analyses or data processing to help us offer you products and services appropriate to your tastes and preferences;
  • for other purposes described in this Policy or at the time at which you provide your personal data.

For a complete list of Data Processors, send COTRIL a request by e-mail at the following address:

Transferring personal data outside the European Economic Area (EEA)

Suppliers of services who have access to personal data may be located in countries outside the EEA, which may not have been subjected to an adequacy decision of the European Commission. All personal data transfers by companies in the COTRIL Group or suppliers are protected by standard clauses or another appropriate legal basis for transfer guaranteeing that the personal data will be processed and transferred in the presence of appropriate guarantees. For more information on these clauses and on other mechanisms used to transfer personal data outside the EEA.

In the event of prohibition, data belonging to particular categories may not be transferred outside the EEA. Personal data providing information on race or ethnic origin, political opinions, beliefs or philosophical convictions, health, sexual orientation, trade union membership, or genetic and biometric data is subject to special protection and regulate by European Personal Data Protection Legislation as “special categories of personal data”. COTRIL will in any case process special data only if required to do so by law (as in the case of cosmetovigilance) or to assist a customer who suffers an undesired reaction following use of its products.

Links to other web sites

Our services contain links to third-party web sites or applications offering you special benefits and information. Some of these web sites and related applications are operated by parties not affiliated with COTRIL, and so their own privacy policies apply. If you visit other web sites or use other applications through the links present on COTRIL services, be sure to check the personal data protection notices appearing on these web sites and applications. COTRIL is not responsible for the privacy policy or content of web sites or applications not controlled by COTRIL.

Personal data collected automatically.

In addition to the information you supply to us, we also collect other information using automated tools such as cookies, web beacons, incorporated scripts, and other technologies:

  • information on browsing history and browser use: such as web pages, links, products and content viewed, applications used or viewed and metrics regarding the time, duration of your visits, and positions viewed before and after these visits;
  • information on devices and technologies: such as internet protocol (IP) addresses of computers and devices used, device identifiers, browser features, details of operating systems, language preferences, reference URLs, services used, transmission data (source, metrics, log), log files, audit trails, or cookie IDs;
  • demographic information and information on your interests (including information aggregated with your postal code): e.g. your age, interest in certain product categories, location, marital status, birthday, gender, tax code;
  • Data in aggregate or anonymous form cannot be used to identify a person, and so information which does not contain any identifying elements is not considered personal data under the GDPR.

Please view our Cookie Policy for information on use of cookies and the options available to you.

How long will COTRIL keep your personal data?

Personal data is kept as required for the purposes of legal, corporate and contractual obligations. If you wish to ask a question about storage of your data, contact Data is deleted, rendered anonymous or used for specific purposes and kept only as long as necessary to achieve the purposes for which it is collected, taking into account the statute of limitations for court cases. If an item of data is used for more than one purpose, it may be necessary to keep it for longer.

Data on your account, including your name (and surname), address (street address, town, province or state, postal code), e-mail and customer code will be kept and reviewed annually to prevent fraud and provide additional guarantees. Storage of this data shall be checked annually to determine whether it is still necessary. The criteria include storage and exposure risk, on the basis of legal requirements, for the time periods applicable to limitation of civil and criminal fraud, financial and security risk, guarantee periods, and customer status.

System logs take into consideration the type of data in the system, as required by the applicable legislation.

How does COTRIL store your personal data?

COTRIL adopts security measures aimed at protecting your personal data against loss, improper use, unauthorised access and disclosure, alteration or destruction, taking into account the nature of the data and the risks involved in data processing.

Changes to the Privacy Policy

We attempt to ensure that data collection and processing is always carried out in an appropriate way. We will inform you of any changes to this data processing notice that could affect your rights or the purposes for which we collect and process your personal data.

This notice may be reviewed following adoption of Italian legislation implementing the GDPR and therefore identification of the applicable procedures by the Personal Data Protection Authority.


As a data subject, you are entitled to exercise the rights identified in article 15 et seq. of the GDPR. These rights include the opportunity to find out how we use your personal data and the opportunity to access the data, modify it, or delete it. This section provides more information and explains how you can exercise your rights. Moreover, if you have any remaining questions, you may send an informal enquiry to the e-mail address

The right to be informed

You have the right to be informed of how COTRIL uses your personal data. Consult the section entitled 'Why does COTRIL need my personal data?'

Right to access and correction

You have the right to find out what personal data we have collected about you and how we manage and update the data.

You may access and manage most of your data through your COTRIL account.

You may also manage your preferences for receiving marketing communications at any time through your account settings, where permitted, or by clicking on the "Unsubscribe" link at the foot of all our e-mails. Your profile will be updated with your new preferences. You will receive periodic communications regarding your account and orders.

You may change your preferences for viewing customised advertisements on COTRIL platforms. These advertisements may make use of your browsing history on COTRIL to show you advertisements more appropriate for your tastes and preferences. Your personal data, such as name, address, etc., will not be used for online tracking tools, but we may use our cookies to enable this kind of advertising. If you do not want to view customised advertisements on COTRIL web sites, you will still be able to view advertisements on other web sites or applications: they will not, however, be customised.

You can control which tracking and data collection systems are used when you use the COTRIL web site and apps. Data collection for analysis and customisation, targeted advertising and affiliation programmes are enabled by default in order to provide you with a quality user experience. You may, however, change these preferences to ensure that you have the greatest possible control over how your data is collected and used while browsing our web site or using our app.

You are entitled to request a copy of the personal data in our possession. If you wish to do so, send a request to We will contact you and ask you a few questions to confirm your details before providing you with any information.

Right to be forgotten

You have the right to request erasure or removal of your personal data if there is no need for us to continue processing it.

Erasure also requires deletion of your account/card by COTRIL. This means that, in this case, we will deactivate your account/card and delete all information associated with it. In any case, we may keep copies of your data on file if required by the regulations for the company’s lawful purposes, such as prevention of fraud or spamming. Storage of this information will be assessed annually to confirm that the purposes for which it is stored still apply.

If you have shared your data on COTRIL’s social channel, the data may remain visible even after you close your account.

Moreover, if you continue to browse the COTRIL web site or use COTRIL apps, but do not want your data to be tracked, you must update your Cookie preferences.

Right to limitation of processing

If you exercise your right to limitation, certain functions you enjoy when using our services may be reduced. This may result in a less high-performing web customer experience and compromise our ability to show you your favourite products.

If you wish to change your marketing preferences, email preferences, and/or other preferences concerning privacy, send an email to

By exercising your right to limitation, you may contest the lawfulness of our data processing or the amount of time for which we keep your data.

Right to data portability

You are entitled to obtain portability of the personal data you provide to COTRIL for your own purposes, through a number of different services. We are required to provide you with a copy of all the data you have supplied on the basis of a contract, in a form readable on an ordinary computer.

Right to object to processing

You may object to processing of your personal data. Specifically, if we process your data with your consent, this consent may be revoked at any time.

Rights regarding automated decision-making and profiling processes

If COTRIL makes decisions without human intervention, you might want to contest a decision that has been made. However, COTRIL does not perform fully automated data processing producing legal effects on the users involved, with the exceptions permitted by law (for example, when processing is necessary to permit the execution of a contract, or for prevention of fraud).


If you wish to file a complaint regarding the processing of your personal data, or you are not satisfied with the results of the investigation or of the procedures for filing claims or complaints against COTRIL, you may contact your local data processing authority. COTRIL collaborates with the law enforcement officers and judicial authorities and follows the instructions of the competent European authorities. If you have any questions regarding privacy policy or use of your data which are not adequately answered here, you may contact COTRIL by email at, by telephone at 023834321, or by post at: COTRIL, Via Trento, 59 20021 Bollate (MI).