The Company Notino Italia s.r.l., ID: 11630700018, Based in Italy, Piazza Solferino, 20, Turin, 10121 (hereinafter “Notino” or “we”), the administrator of the www.notino.ie e-shop, declares that all personal data (hereinafter “data”) is considered strictly confidential and is treated in accordance with the applicable legal provisions in the field of personal data protection.
1. What personal data do we process?
If you use the services of our e-shop or establishments (i.e. stores and distribution points), we process various types of data about you.
1.1. If you make a purchase
The most common information you provide to us is information obtained through the form for ordering goods or other services on our website. This is mainly data that is necessary for the conclusion and performance of a Purchase Agreement.
This data is needed to process your order, and can be divided into:
- identification data, i.e. first name and surname, and in the case of a purchase in the name of a company, the company identification number and tax identification number;
- contact details, which include email address, postal address, billing address, telephone number, bank details and payment details.
- data generated on the basis of the duration of the agreement, specifically the products purchased, the volume of services provided and the customer segment.
1.2. If you register
If you wish to use the benefits of a customer account, you must first register on our website or enter into an agreement with us in what is called the MyNotino Club. The customer account is secured by a password of your choice, to which we do not have access, and in the event of its loss we will be unable to send it to you on request or generate a new password.
Within your account, you have unlimited access to your personal data, as well as to its possible modification. In the account, you can view the history of your completed orders, products purchased and unfinished orders. Through the customer account, you also have the option to save your payment card information and manage the sending of the newsletter and what is called the wishlist, in which you can save your favourite products.
The customer account includes the MyNotino Club, in which we offer you a number of benefits. You can find more information in the relevant Business Terms and Conditions of the MyNotino Club. If you do not wish to open a customer account to make a purchase, you can make a purchase in our e-shop without registration. You may terminate the MyNotino Club Agreement in accordance with the applicable Business Terms and Conditions.
If you are a member of the MyNotino Club, we process the following data:
- identification data, i.e. first name and surname, and in the case of a purchase in the name of a company, the company identification number and tax identification number;
- contact details, which include email address, postal address, billing address, telephone number, bank details and payment details;
- demographic data derived from you
1.3. If you have subscribed to newsletters
You can receive newsletters from us regarding products similar to those you have purchased from us. You can always unsubscribe from these newsletters via the “unsubscribe” link in the footer of each email containing such messages. If you have a customer account, you can also unsubscribe in your account. Cancellation of newsletter subscription is free.
If you have subscribed to such newsletters, we process the following data:
- identification data, in particular first name;
- contact details, thanks to which we can communicate with you, specifically your email address and, if you are a member of the MyNotino Club, also telephone number;
- demographic data derived from your settings and behaviour on the website, which include gender and preferred language.
1.4. If you visit our website or create content there
When you visit our website, we collect various types of information about you during your visit, such as your IP address, browser settings, preferred language and websites visited, including the time of the visit. We also monitor your movements on the website, i.e. which links you click on, so that we can customise the displayed content and offer you products and content that you will appreciate.
When you visit our website, we store and subsequently read cookies in the Internet browser and device you use; we address cookies in a separate Cookies Policy.
However, in addition to cookies, we also process information about your behaviour on the website, your IP address and data provided by your browser, specifically the resolution, the operating system of your device, including its version, and language settings.
We can also connect you to social networks, including automatically logging in to your account on the given social network. For that connection, we use what are called social plugins on our website, specifically in connection with blog posts, namely sharing buttons, with which you can share the relevant content on your profile. Once connected, you may see personalised offers and targeted ads linking to our website on social networks and other websites.
To involve you even more in the world of beauty, we allow you to be active on our website and create content such as reviews of purchased products that identify their benefits and comments on our blog posts. You do not need a customer account to create such content. These posts may include the first name and surname you entered in the form. You are responsible for the content and activity posted on our website, so we urge you not to share personal information that you do not wish to be publicly available publicly through the content. Please see our Posting Policy before you post any content. Posting on our site means you agree to the terms of the Posting Policy.
Our website may contain links to other websites that we believe are sensible and could contain useful information. We would therefore like to note that such websites may be owned and operated by other companies and organisations that process data in accordance with their own privacy policies. Our company has no control over that processing and is not responsible for any information, materials, products or services contained on or accessible through those websites.
1.5. If you contact us on the customer line or social networks
If you decide to contact our customer support via telephone or email, we mainly process records of telephone calls that are monitored, as well as records of email communication.
1.6. If you set alerts to watch for availability
In the case of unavailable goods that you are interested in, we offer you the option of setting up availability monitoring. When the product is re-stocked, we will inform you by a message sent to the email address you provided, which we will process for this reason.
1.7. If you give us a rating on rating portals
After delivery of the goods, you may receive a request for their rating and evaluation of your satisfaction through a selected rating portal. We appreciate any feedback but it is up to you to decide whether to give us a rating. If you do, we process and pass on the following data to the relevant partners:
- contact details, namely the email address used to send the rating request;
- data arising from the agreement, specifically purchased products.
1.8. If you participate in a consumer competition
If you enter a competition, we process the following personal data:
- identification data, which is your first name and surname;
- contact details, specifically your profile on the social network or email address, and in the event of your winning also your address, postal address, billing address and telephone number for the purpose of sending the winnings.
1.9. If you participate in user testing or other organised events
If you participate in the user testing programme we offer, we may process the following information:
- identification data, which is your first name and surname;
- contact details, namely your email address and telephone number;
- camera recording, i.e. capturing your likeness.
We also organise various events for you, within which we can process the following data:
- identification data, which is your first name and surname, or company identification number and tax identification number;
- contact details, namely your email address and telephone number.
For each event, we will inform you about the specific personal data that is processed.
2. For what purpose do we process personal data?
2.1. Purchases of goods and services
We most often process your personal data in order to fulfil a Purchase Agreement, so that we can successfully process your order sent via our website, mobile application or customer line and deliver the goods to you. The email address and telephone number are used to send an order confirmation, deliver a confirmation of receipt of payment, or send an electronic invoice, as well as to keep you informed about the status of your order and any other individual communication regarding the order.
2.2. Customer account
If you are a registered customer, we process your personal data for the purpose of fulfilling a MyNotino Club Agreement, i.e. maintaining your customer account, within which we offer you a number of benefits.
2.3. Marketing offers
2.4. Customising and creating content, ensuring better website traffic
We want to customise the content and recommend goods you are interested in. For this reason, we use the personal data we collect to personalise the content and offers on our website. The marketing offers you see may be selected on the basis of additional information we have obtained about you over time on the basis of contact and demographic information and favourites, as well as other information related to the use of our website. However, we do not perform fully automated processing that would have legal effects for you.
We process information about your behaviour on our website, which allows us to obtain information on the basis of which we can constantly improve our website for you to make it as user-friendly as possible. We may also process your personal data to generate various statistics, such as tracking traffic or measuring the effectiveness of advertising, as well as to test new functionalities of our website or mobile application. Information about your behaviour on the website is important, among other things, for any prevention of attacks on our website. You will not be identifiable from any personal data that we use.
You can also create certain content on our website. If you decide to write a review (please make sure that you have read our Posting Policy of the products you have purchased, we will process your personal data in order to process and display that review. If you join the discussion of our blog articles and leave us a comment, we will process your personal data in order to process and display that comment.
2.5. Customer support and communication
We are constantly striving to improve the services provided by our customer service, and in order to be able to respond to your requests as quickly as possible and provide that service, we need your personal data to successfully process your requests or eliminate potential problems in fulfilling a Purchase Agreement or MyNotino Club Agreement. If you contact us by phone, we will record your call with us after prior notice so that we can continue to improve our services.
We also use the personal data we have collected for the purpose of communication with you and its individual adaptation. For example, we may contact you by phone, email, mobile application or otherwise to remind you that you have items in your shopping cart or to help you complete your order. Furthermore, we may contact you to inform you of the current status of your request, order or complaint, or to obtain additional information from you. We may also notify you that you need to take the necessary action to keep your customer account active.
2.6. Notification of the availability of products
If you set the availability monitoring function for unavailable products, we will inform you at the moment of re-stocking the product by a message sent to the email address you provided.
2.7. Satisfaction assessment on rating portals
In connection with a purchase, you may also receive a request for its rating through a selected rating portal. In that case, the purpose of processing is to determine your satisfaction.
2.8. Consumer competitions
If you decide to take part in a competition organised by us, we will process your personal data in order to run the competition, and in the event of your winning to make a public announcement and contact you.
2.9. User testing and organising events
If you participate in the user testing programme we offer, we process your personal data in order to test new or existing functionalities of our systems.
If you participate in an event that we organise, we process your personal data in order to plan, arrange and evaluate the event.
2.10. Improving services
We use your personal data to continuously improve our services and systems, including the addition of new functionalities. We also process personal data in order to make informed decisions using comprehensive analyses and business intelligence, based on our legitimate interest that stems from the freedom of business and the need to improve the services we provide in order to succeed among the competition. However, in order to ensure sufficient protection of your rights and interests, we use personal data which is as anonymous as possible for this purpose.
2.11. Protection, security and dispute resolution
We may also process your personal data to ensure the protection and security of our customers and systems, to exercise our rights and make legal claims, to detect and prevent fraud, to resolve disputes or to enforce our agreements. We may also process personal data for the purposes of any audits carried out by public authorities.
3. On what legal bases do we process personal data?
We process personal data to a different extent and for different purposes, as detailed in Articles 1 and 2 above:
- without your consent, on the basis of the performance of an agreement, the fulfilment of a legal obligation or our legitimate interests;
- based on your consent
The types of processing that we may perform without your consent depend on the intended purpose of the processing and also the position in which you act towards us – whether you are just a visitor to our website, buy from us or register. However, your personal data may also be processed if you are the addressee of goods or services that are ordered or if you communicate with us.
3.1. Performance of a Purchase Agreement and a MyNotino Club Agreement
If you make a purchase or place an order, a Purchase Agreement is drafted, which is concluded by the acceptance of the draft by us in the form of sending the ordered goods. However, in order to successfully fulfil that Purchase Agreement or any other agreement regarding goods or services, we need a large part of your personal data entered via the order form. The specific data that we process in this case is set out in Article 1(1) and (5).
If you register with us, we process your data on the basis of fulfilling the MyNotino Club Agreement, so that we can maintain your customer account. The Agreement on which our processing is based is established by creating your customer account. In the event of cancellation of the account, i.e. termination of the MyNotino Club Agreement in accordance with the relevant Business Terms and Conditions, we will stop processing personal data for this purpose. The specific data we process in this case is set out in Article 1(2).
3.2. Fulfilment of legal obligations
We must also fulfil certain obligations set out in the applicable legislation. If we process your personal data on the basis of the fulfilment of those obligations, we do not need to obtain your consent for such processing. On this legal basis, we specifically process your identification data and contact details and details of your orders. The specific data we process in this case is set out in Article 1(1).
For the purpose of sending commercial communications via email, we may process your personal data with your consent. We process your data on the basis of your consent if we do not process it on the basis of a legitimate interest or as a result of the performance of a MyNotino Club Agreement. You can revoke your consent at any time and unsubscribe from commercial communications. The specific data we process in this case is set out in Article 1(3).
We ask for your consent even if you plan to publish a review of the purchased goods, post a comment on the blog or set up availability monitoring, or if you participate in user testing or other events. In these cases, it is, of course, also possible to revoke the consent at any time. The specific data we process in this case is set out in Article 1(4), (7) and (10).
3.4. Legitimate interest
We also process your personal data on the basis of a legitimate interest, so that we can improve and adapt the services provided, find out whether an order has been processed to your satisfaction and promote the products and services offered more effectively. This is, in particular, the data referred to in Article 1(4) and (5).
On the basis of a legitimate interest consisting of direct marketing, we may also send you commercial communications regarding products similar to those you have purchased from us. However, this is only on condition that you do not object to such processing. If you are a registered customer, we send you commercial messages based on the performance of the MyNotino Club Agreement. The specific data we process in this case is set out in Article 1(3).
Our legitimate interest also includes the protection of legal claims, internal records and checking the proper provision of our services. In this case, we process all categories of personal data listed in Article 1.
Our legitimate interest also includes sending requests for rating a purchase made through a selected rating portal or evaluation of consumer competitions organised by us. The specific data we process in this case is set out in Article 1(8) and (9).
4. To whom do we transfer personal data?
In most cases, we process your personal data for our own purposes as a controller, which means that we determine the above-mentioned purposes for the collection of your personal data, the means of processing and the proper execution.
We transfer your personal data to our partners only if it is necessary within the performance of a Purchase Agreement, e.g. to ensure payment or transport, as part of the performance of a MyNotino Club Agreement, on the basis of a legitimate interest, or if you have given your consent to the transfer in advance.
We also transfer your personal data to our processors, who, of course, comply with the statutory conditions for personal data protection. These processors process personal data according to our instructions and your rights are not affected by this processing. With your consent, we may also transfer your personal data to social networks or marketing tool operators to display targeted advertising on other websites.
4.1. Categories of recipients
We may transfer your personal data to the following entities:
- companies and processors of the Notino Group on the basis of the fulfilment of a Purchase Agreement or a MyNotino Club Agreement for the performance of internal processes and procedures;
- payment service companies for the purpose of processing payments based on your order, i.e. fulfilling a Purchase Agreement;
- carriers for the purpose of delivering the products or services you have ordered and resolving complaints, including withdrawal from a Purchase Agreement;
- suppliers of goods or service centres in connection with a complaint related to goods or services ordered by you;
- partners who distribute commercial communications, who are bound by a duty of confidentiality and may not use your personal data for any other purpose;
- operators of marketing tools who help us personalise offers and content;
- social networks if you communicate with us through them or share content with us through social plugins;
- providers of tools for customer service communication with you or external call centres;
- partners conducting customer satisfaction surveys;
- technology vendors and cloud service providers;
- legal or financial representatives or courts for the purpose of the processing of tax documents, recovery of debts or for other reasons ensuing from the fulfilment of our statutory obligations;
- public authorities in the case of enforcement of our rights (e.g. the police).
If third parties use your personal data in the course of their own legitimate interests, we are not responsible for such processing. Such possible processing is governed exclusively by the privacy policies of the relevant companies and persons.
4.2. Data transfers outside the EU
When transferring your personal data to our processors, in some cases we may also transfer personal data to third countries that are not part of the European Union and that do not ensure an adequate level of personal data protection. However, such transfer will only be performed by us if our processor undertakes to comply with the standard contractual clauses issued by the European Commission, which are available here.
5. For how long do we process personal data and how is it secured?
5.1. Duration of processing
We primarily process your personal data for the duration of our contractual relationship, i.e. the duration of a Purchase Agreement or a MyNotino Club Agreement. We are obliged to process the personal data that is necessary for the performance of all our obligations, whether these are obligations arising from the Agreement concluded between us or from generally binding legal regulations, for the period specified by the legal regulations or in accordance with them. For example, in the case of accounting documents issued by us, we as a controller are obliged to keep information about you for at least ten years from the date of issue.
We primarily process personal data for the duration of the contractual relationship, i.e. the duration of a Purchase Agreement or a MyNotino Club Agreement. In addition, we also process personal data for the period strictly necessary to be able to properly fulfil all our obligations arising from the concluded Agreement and generally binding legal regulations. For example, in the case of accounting documents issued by us, we are obliged to keep information about you for at least ten years.
As part of the fulfilment of your requests and the provision of quality customer service, we process your personal data as of the conclusion of our contractual relationship, including one year from the end of the warranty period of goods purchased for the purpose of the resolution of potential disputes.
If you communicate with us through our customer service, we store personal data from the communication for a period of two years, including the recordings of calls that are monitored.
If you give us consent to the sending of commercial communications, this consent is valid for a period of four years or until revoked. If you give us your consent to notify you of the availability of goods you are monitoring, this consent is valid until the time of sending the information about availability, but no longer than for one year, or until it is revoked. The consent given by sending your review of goods is valid for six years or until revoked. If you create content within our blog posts, the consent given by submitting your comment to such a post is valid for two years or until revoked. If you decide to participate in user testing or another event organised by us and give us your consent, we process your personal data, including any camera or other audiovisual recordings, for a period of one year or until the consent is revoked.
If you participate in a competition organised by us, we process your personal data for a period of one year.
In other cases, the duration of the processing of your personal data ensues from the purpose of processing or is determined by binding legal regulations in the field of personal data protection. Your personal data is automatically erased after the set processing periods expire.
The personal data we have collected about you and which we process is transmitted to us in an already encrypted form, using the SSL (secure socket layer) encryption system for this transmission. This system ensures that your personal data is safe when your browser communicates with our server. We secure our website and other systems with which we work with appropriate technical and organisational measures against the loss and destruction of your personal data, against access of unauthorised persons to your personal data and against the modification or dissemination of your data.
We are continuously improving this security, and we also require our processors to prove the compliance of the systems they use with the GDPR.
If you register, access to your customer account is possible only after entering the password you have chosen. We do not have access to your password because we store it in an encrypted form that is not decryptable, even for us.
Among other things, we would like to appeal to you that it is essential that you do not disclose your login details to third parties. We recommend that you log out when you are finished with your customer account, especially if you share the device with other users. We do not take responsibility for any misuse of your password unless we cause such a situation directly.
6. What are your rights and how can you exercise them?
Just as we have our rights and obligations when processing your personal data, you also have certain rights that you can exercise. These rights include:
6.1. Right of access
You have the right to request free information about the processing of your personal data – what data we process about you, for what purpose and for how long, where we collect your data and to whom we transfer it. As part of the right of access, you can also ask us to send you a structured, machine-readable format of the processed data. We will be happy to generate a copy for you after proper verification of your identity; just send your request to the email address of the Data Protection Officer (hereinafter the “DPO”), firstname.lastname@example.org.
6.2. Right to be informed
You have the right that any processing of personal data should be lawful, fair, and transparent. It should be clear and transparent to you that personal data concerning you is collected, used, consulted or otherwise processed, and to what extent the personal data are, or will be, processed.
6.3. Right of rectification
If you find that the processed personal data is incorrect or incomplete, you have the right to request its rectification. We will be happy to correct or supplement your data without undue delay. Just send your request to the email address of the DPO, email@example.com.
6.4. Right of erasure
In some cases, you can exercise the right to erasure of the personal data about you that we process. We will erase or anonymise your personal data without undue delay. However, this does not apply to the personal data that we need to fulfil our statutory obligations and the retention of which is required by law (e.g. processing of an already-placed order) or for the protection of our legitimate interests. Personal data will also be destroyed if it is no longer needed for the specified purpose or if the storage of your personal data is inadmissible for other reasons stipulated by law. You can request the DPO to erase your personal data via the email address firstname.lastname@example.org.
6.5. Right to restrict processing
In some cases, you may also exercise the right to restrict the processing of personal data that we process about you. You may request that the personal data indicated by you is not subject to further processing for a limited period of time. You can ask the DPO to restrict the processing of personal data via the email address email@example.com.
6.6. Right to portability
You have the right to obtain from us all personal data provided by you, which we process on the basis of your consent. We will provide you with that personal data in a structured and machine-readable format. We will be happy to generate data for you in this format; just send your request to the email address of the DPO, firstname.lastname@example.org.
6.7 Right to not be subject to automated processing
You have the right to not be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you.
6.8. Right to object to processing
You have the right to object to the processing of personal data that takes place on the basis of our legitimate interest. If it is processing for marketing purposes, we will stop processing the personal data without undue delay. However, in other cases, we will do so on the basis of a reassessment of our legitimate interests and your rights and reasons. You can object to the processing by sending a request to the email address of the DPO, email@example.com.
6.9. Right to lodge a complaint
The exercise of the rights and procedures set out above in no way restricts your right to lodge a complaint with the competent supervisory authority. You may exercise this right, in particular, if you believe that we process your personal data without authorisation or in violation of generally binding legal regulations. The entity for handling customer complaints is the Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.
7. Contact us
If you have any questions, comments or requests regarding this Policy and the processing of your personal data, you can contact the Data Protection Officer via the email address firstname.lastname@example.org at any time. Your request will be processed without undue delay, within 30 days at the latest. In exceptional cases, especially given the complexity of your request, we may extend this time limit by an additional two months. However, we will inform you of any such possible extension and its justification.
Alternatively, you can contact us at the address or customer line listed in the footer of this Policy.
Contact details: Notino Italia s.r.l.
Piazza Solferino 20
Customer service: +353 8180 02648 or email@example.com
8. Effective date