Introduction
This Privacy Policy describes how COTRIL S.p.A. (“COTRIL”) and other Data Controllers collect the personal data of customers who make use of the Company’s services or Customer Fidelity Programme; how they protect personal data; how they use and share personal data; and how to contact the company for enquiries regarding privacy.
The term "services" refers to web sites and applications and to the Fidelity Programme offered by COTRIL, as well as other available channels for interacting with COTRIL online, also through third parties.
These "service" include:
Privacy Policy
The Data Controller is COTRIL S.p.A, with registered offices in Via Trento 59, 20021 Bollate (MI), VAT no. 06260170961.
If you have any questions regarding privacy and your rights, you may contact COTRIL by e-mail at the address customercare@cotril.shop or by post at the address: COTRIL Via Trento, 59 20021 Bollate (MI).
What personal data does COTRIL collect?
Personal data supplied by the user.
COTRIL permits anyone aged 18 or over to open an account.
COTRIL collects and stores the personal data you supply when you use its services:
If you do not wish to provide us with the personal data we need in order to fulfil our legal and contractual obligations, or the data required to conclude a contract, you may be unable to make purchases from COTRIL, or to use COTRIL's services or internet sites.
Personal data obtained from third parties.
We also collect your personal data from third parties, in combination with the data collected through our own services. Note that we can only make corrections to data we have collected directly, and not to data we have obtained from external data providers:
The information thus collected will be processed and combined in accordance with this Policy and with the provisions of the Regulation. In any case, we only use the data strictly required for the purposes of the data processing.
WHY DOES COTRIL NEED MY PERSONAL DATA?
We use your personal data for the purposes listed below, with the corresponding legal basis. These legal foundations are described in the European Union General Data Protection Regulation (GDPR). The GDPR applies to online and offline data processing.
Aggregate or anonymised data cannot be used to identify a person, and information which does not permit identification of the user is therefore not considered personal information under the GDPR.
| Purposes and legal basis | Types of data |
|---|---|
Supplying services and implementing functions requested by you, including creation and management of your account and card and the making of purchases This form of data processing is necessary to permit execution of pre-contractual measures adopted in response to the data subject’s request and fulfilment of a contract with the data subject |
Contact information, preferences, financial information, identifying information |
Processing, fulfilling and sending orders and contacting you in relation to these orders. This form of data processing is necessary to permit execution of pre-contractual measures adopted in response to the data subject’s request and execution of a contract with the data subject. |
Contact information, information on orders, financial information |
Responding to your requests, comments and questions, supplying assistance services, and managing interaction on COTRIL’s social networks Legitimate interest – quality control, responding to the data subject’s requests, improving the user experience |
Contact information, information on communications, preferences, information on orders, forums/reviews, financial information, identifying information |
Enabling and improving the functioning of the web site Legitimate interest – improving the user experience |
Contact information, preferences, information on devices and technologies, information on browsing history and browser use |
Customising and improving your experience using the Services; targeted marketing aimed at consolidating our clientele, and use of targeted advertising on other web sites, devices and platforms Consent |
Contact information, information on orders, information on browsing history and browser use, information on devices and technologies, preferences, demographic information or information on interests |
Monitoring and analysing trends, customising and improving products, services and content Legitimate interest - improving the customer experience and the efficiency of the business, offering custom-tailored products |
Information on orders, information on devices and technologies, demographic information, contact information, information on browsing history and browser use, and user profiling use and activities. |
Sending you advertising material and special offers for products and services we think you might be interested in, also using automated systems Consent |
Contact information, preferences, information on orders, information on browsing history and browser use, demographic information or information on your interests |
Contacting you regarding your use of the services, such as your transactions. Legitimate interest - improving transparency and awareness |
Contact information, information on orders |
Contacting you at our discretion regarding possible changes to our privacy policy Compliance with legal obligations |
Contact information, information on orders |
Assessment of payment options Fulfilment of the contract |
Contact information, information on orders, financial information |
Preventing fraud and other forms of abuse Legitimate interest - protecting information on customers and enterprises, preventing defaulting on payments and financial damage |
Contact information, information on orders, financial information |
Application of our internal procedures, compliance with legal obligations Compliance with legal obligations |
Specifically, contact information, information on orders, financial information, information on devices and technologies, information on browsing history and browser use; potentially, all types of data |
Compliance with industry standards and continuation of our business Legitimate interest - compliance with industry standards and with our own Terms and Conditions |
Specifically, contact information, information on orders, financial information, information on devices and technologies, information on browsing history and browser use; potentially, all types of data |
Who may have access to my personal data?
We allow our service providers to access your personal data, to the extent necessary to perform their tasks under our contracts with them. They may also work for third parties. Our suppliers are obliged to protect personal data appropriately in accordance with the law, and are appointed as external data processors for this purpose.
We may use service providers to perform a whole series of tasks, including:
We also share your personal data with other parties, our employees and/or consultants appointed as external data processors. They will have access to your data and process it for a variety of purposes, such as, for example:
For a complete list of Data Processors, send COTRIL a request by e-mail at the following address: customercare@cotril.shop
Transferring personal data outside the European Economic Area (EEA)
Suppliers of services who have access to personal data may be located in countries outside the EEA, which may not have been subjected to an adequacy decision of the European Commission. All personal data transfers by companies in the COTRIL Group or suppliers are protected by standard clauses or another appropriate legal basis for transfer guaranteeing that the personal data will be processed and transferred in the presence of appropriate guarantees. For more information on these clauses and on other mechanisms used to transfer personal data outside the EEA.
In the event of prohibition, data belonging to particular categories may not be transferred outside the EEA. Personal data providing information on race or ethnic origin, political opinions, beliefs or philosophical convictions, health, sexual orientation, trade union membership, or genetic and biometric data is subject to special protection and regulate by European Personal Data Protection Legislation as “special categories of personal data”. COTRIL will in any case process special data only if required to do so by law (as in the case of cosmetovigilance) or to assist a customer who suffers an undesired reaction following use of its products.
Links to other web sites
Our services contain links to third-party web sites or applications offering you special benefits and information. Some of these web sites and related applications are operated by parties not affiliated with COTRIL, and so their own privacy policies apply. If you visit other web sites or use other applications through the links present on COTRIL services, be sure to check the personal data protection notices appearing on these web sites and applications. COTRIL is not responsible for the privacy policy or content of web sites or applications not controlled by COTRIL.
Personal data collected automatically.
In addition to the information you supply to us, we also collect other information using automated tools such as cookies, web beacons, incorporated scripts, and other technologies:
Please view our Cookie Policy for information on use of cookies and the options available to you.
How long will COTRIL keep your personal data?
Personal data is kept as required for the purposes of legal, corporate and contractual obligations. If you wish to ask a question about storage of your data, contact customercare@cotril.shop Data is deleted, rendered anonymous or used for specific purposes and kept only as long as necessary to achieve the purposes for which it is collected, taking into account the statute of limitations for court cases. If an item of data is used for more than one purpose, it may be necessary to keep it for longer.
Data on your account, including your name (and surname), address (street address, town, province or state, postal code), e-mail and customer code will be kept and reviewed annually to prevent fraud and provide additional guarantees. Storage of this data shall be checked annually to determine whether it is still necessary. The criteria include storage and exposure risk, on the basis of legal requirements, for the time periods applicable to limitation of civil and criminal fraud, financial and security risk, guarantee periods, and customer status.
System logs take into consideration the type of data in the system, as required by the applicable legislation.
How does COTRIL store your personal data?
COTRIL adopts security measures aimed at protecting your personal data against loss, improper use, unauthorised access and disclosure, alteration or destruction, taking into account the nature of the data and the risks involved in data processing.
Changes to the Privacy Policy
We attempt to ensure that data collection and processing is always carried out in an appropriate way. We will inform you of any changes to this data processing notice that could affect your rights or the purposes for which we collect and process your personal data.
This notice may be reviewed following adoption of Italian legislation implementing the GDPR and therefore identification of the applicable procedures by the Personal Data Protection Authority.
FUNDAMENTAL RIGHTS
As a data subject, you are entitled to exercise the rights identified in article 15 et seq. of the GDPR. These rights include the opportunity to find out how we use your personal data and the opportunity to access the data, modify it, or delete it. This section provides more information and explains how you can exercise your rights. Moreover, if you have any remaining questions, you may send an informal enquiry to the e-mail address customercare@cotril.shop
The right to be informed
You have the right to be informed of how COTRIL uses your personal data. Consult the section entitled 'Why does COTRIL need my personal data?'
Right to access and correction
You have the right to find out what personal data we have collected about you and how we manage and update the data.
You may access and manage most of your data through your COTRIL account.
You may also manage your preferences for receiving marketing communications at any time through your account settings, where permitted, or by clicking on the "Unsubscribe" link at the foot of all our e-mails. Your profile will be updated with your new preferences. You will receive periodic communications regarding your account and orders.
You may change your preferences for viewing customised advertisements on COTRIL platforms. These advertisements may make use of your browsing history on COTRIL to show you advertisements more appropriate for your tastes and preferences. Your personal data, such as name, address, etc., will not be used for online tracking tools, but we may use our cookies to enable this kind of advertising. If you do not want to view customised advertisements on COTRIL web sites, you will still be able to view advertisements on other web sites or applications: they will not, however, be customised.
You can control which tracking and data collection systems are used when you use the COTRIL web site and apps. Data collection for analysis and customisation, targeted advertising and affiliation programmes are enabled by default in order to provide you with a quality user experience. You may, however, change these preferences to ensure that you have the greatest possible control over how your data is collected and used while browsing our web site or using our app.
You are entitled to request a copy of the personal data in our possession. If you wish to do so, send a request to customercare@cotril.shop. We will contact you and ask you a few questions to confirm your details before providing you with any information.
Right to be forgotten
You have the right to request erasure or removal of your personal data if there is no need for us to continue processing it.
Erasure also requires deletion of your account/card by COTRIL. This means that, in this case, we will deactivate your account/card and delete all information associated with it. In any case, we may keep copies of your data on file if required by the regulations for the company’s lawful purposes, such as prevention of fraud or spamming. Storage of this information will be assessed annually to confirm that the purposes for which it is stored still apply.
If you have shared your data on COTRIL’s social channel, the data may remain visible even after you close your account.
Moreover, if you continue to browse the COTRIL web site or use COTRIL apps, but do not want your data to be tracked, you must update your Cookie preferences.
Right to limitation of processing
If you exercise your right to limitation, certain functions you enjoy when using our services may be reduced. This may result in a less high-performing web customer experience and compromise our ability to show you your favourite products.
If you wish to change your marketing preferences, email preferences, and/or other preferences concerning privacy, send an email to customercare@cotril.shop.
By exercising your right to limitation, you may contest the lawfulness of our data processing or the amount of time for which we keep your data.
Right to data portability
You are entitled to obtain portability of the personal data you provide to COTRIL for your own purposes, through a number of different services. We are required to provide you with a copy of all the data you have supplied on the basis of a contract, in a form readable on an ordinary computer.
Right to object to processing
You may object to processing of your personal data. Specifically, if we process your data with your consent, this consent may be revoked at any time.
Rights regarding automated decision-making and profiling processes
If COTRIL makes decisions without human intervention, you might want to contest a decision that has been made. However, COTRIL does not perform fully automated data processing producing legal effects on the users involved, with the exceptions permitted by law (for example, when processing is necessary to permit the execution of a contract, or for prevention of fraud).
Compliants
If you wish to file a complaint regarding the processing of your personal data, or you are not satisfied with the results of the investigation or of the procedures for filing claims or complaints against COTRIL, you may contact your local data processing authority. COTRIL collaborates with the law enforcement officers and judicial authorities and follows the instructions of the competent European authorities. If you have any questions regarding privacy policy or use of your data which are not adequately answered here, you may contact COTRIL by email at customercare@cotril.shop, by telephone at 023834321, or by post at: COTRIL, Via Trento, 59 20021 Bollate (MI).
