1. Data Controller
The Data Controller of personal data is Tuttestetica S.r.l., with registered office at Via d’Azeglio 19, 40123 Bologna (BO), email: info@tuttestetica.com
2. Types of Data Collected
The website collects the following types of data:
Browsing data: information collected automatically while using the site, such as IP addresses, browser type, operating system, visited pages, and access times.
Data voluntarily provided by the user: personal information provided through the contact form, such as name, surname, email address, and other data voluntarily entered in the message.
3. Purpose and Legal Basis of Processing
Personal data is processed for the following purposes:
To respond to user requests: data provided through the contact form is used solely to respond to the submitted requests.
To ensure proper functioning of the website: browsing data is used to ensure the technical functioning of the site and for statistical purposes in aggregated form.
The legal basis for processing is:
Execution of pre-contractual measures: to respond to user requests (Art. 6, par. 1, letter b of the GDPR).
Legitimate interest of the Controller: to ensure the security and functionality of the site (Art. 6, par. 1, letter f of the GDPR).
4. Data Processing Methods
Data is processed using electronic and/or manual tools, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the data.
5. Data Retention
Personal data is stored for the time strictly necessary to achieve the purposes for which it was collected and, in any case, no longer than the terms provided by applicable law.
6. Data Disclosure and Access
Personal data will not be disclosed. It may be communicated to third parties who provide services to the Controller (e.g., IT service providers), who will act as Data Processors pursuant to Art. 28 of the GDPR.
7. Data Transfer Abroad
Personal data is not transferred outside the European Union. Should such transfer become necessary in the future, the Controller will ensure that it is carried out in accordance with applicable legal provisions, adopting the safeguards provided by Articles 44 and following of the GDPR.
8. Data Subject Rights
The user has the right to:
Access their personal data.
Request rectification or erasure of the data.
Restrict or object to data processing.
Request data portability.
Lodge a complaint with the Data Protection Authority.
9. Changes to the Privacy Policy
This Privacy Policy may be subject to changes. Any updates will be published on this page. Users are encouraged to periodically review this section to stay informed about any changes.
10. Effective Date
This Privacy Policy is effective as of May 22, 2025.