Privacy policy

PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

For Wycon s.p.a., the privacy and security of your personal data are very important, which is why we collect and manage them with the utmost care and adopt specific measures to keep them safe.
Below you will find the main information about Wycon s.p.a.'s processing of your personal data in relation to your browsing on the website www.wyconcosmetics.com and the use of the services offered. 

This privacy notice is provided by Wycon Spa (VAT No. 02317910186) based in Milan, Piazza IV novembre n.4, as Data Controller pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”), in order to provide the user with complete, clear and transparent information about the methods of processing personal data, the purposes pursued and the rights exercisable by the data subject.

1. Data Controller

The Data Controller is Wycon spa (VAT No. 02317910186) based in Milan, Piazza IV novembre n.4, which determines the purposes and means of processing the collected personal data.

The Data Controller ensures that all processing is carried out in compliance with the principles set out in art. 5 GDPR, including lawfulness, fairness, transparency, minimization and storage limitation.

2. Categories of personal data processed

The categories of personal data that Wycon s.p.a. collects and processes when you browse, use web services, or purchase products on www.wyconcosmetics.com, are as follows:

- personal data, such as first name, last name, gender, age/date of birth; 

- contact information, such as address, email, phone number; 

- payment method data, billing data if applicable, shipping address for products;

- connection, geolocation, and browsing data, such as IP address, cookies, and similar technologies; 

- additional information necessary for the performance of the requested services;

- No special categories of personal data will be processed.

The Company collects and uses different types of personal data (common) depending on the specific purposes pursued.

Providing the requested data may be mandatory or optional. 

Failure to provide data marked as mandatory makes it impossible for the Data Controller to execute the contract or provide the available services. Providing additional data will be optional.

Wycon s.p.a. neither processes nor stores banking data (e.g., IBAN) or credit card information.

Transactions are handled by third-party providers, capable of guaranteeing the highest security standards, acting as independent data controllers.

3. Purposes of processing and legal bases (Art. 6 GDPR)

The processing of personal data takes place for:

a) conclude and execute the purchase contract for products offered on the website (payment, invoicing, product shipping, and any return management); 

b) administrative-accounting purposes as fulfillment of legal obligations;

c) ensure identification and provision of services offered to registered users;

d) provide a  customer care service via email or phone;

e) management of participation in the loyalty program WYCON FAN;

f) only with your explicit consent, we will send commercial and promotional communications to the email address or phone number provided following the purchase of one of our products;

g) only with your explicit consent, we will use the data you provided online to access individual services (to make purchases or data provided following enrollment in the loyalty program) to process them and allow us to develop products and services tailored to your preferences and interests, and thus send you advertising communications as close as possible to your tastes, also through automated systems that, however, do not produce legal effects or other significant effects for the data subject;

h) carry out checks and security activities aimed at preventing and protecting against fraudulent activities, counterfeiting, and abusive behaviors (including by third parties) that conflict with current regulations, contractual provisions applicable to the Site and related services, and rules of fairness and good faith;

i) create statistical reports and behavioral models in order to examine – in aggregated and pseudonymized form – the economic effectiveness of the commercial initiatives undertaken by Wycon s.p.a.

4. Processing Methods (Art. 32 GDPR)

The Data Controller uses electronic and paper tools and adopts appropriate technical and organizational measures to protect personal data from unauthorized access, accidental loss, disclosure, or alteration.

However, although the Company applies adequate administrative, technical, and physical measures to safeguard the data in its possession from loss, theft, unauthorized use, disclosure, and alteration, it cannot guarantee the exclusion of all possible IT risks. 

Data is processed exclusively by parties who have been given specific and detailed instructions, and by service providers under a specific written data processing agreement, who act as independent Data Processors.

While using the features offered by our website, we use cookies and other technologies to collect data on your usage and better target promotions. To learn more, please review our Cookie Policy.

 

5. Communication of personal data.

Your personal data will be processed by Wycon s.p.a. and its specifically trained and authorized personnel.

 Data may also be communicated exclusively to authorized parties or appointed Data Processors, such as:

- legal, tax, and accounting consultants;

- IT service providers and cloud computing companies;

- shippers;

- companies affiliated with Wycon s.p.a.;

- public authorities in cases provided by law;

No further use incompatible with the purposes indicated above is foreseen.

The list of persons appointed as Data Processors can be requested by writing to the address   privacy@wyconcosmetics.com.

6. Data transfer to third countries (arts. 44–49 GDPR).

The collected data will be processed within the European Union. Should the data need to be transferred outside the European Union for network or technical reasons, the Data Controller will ensure the adoption of adequate safeguards, including:

- adequacy decisions by the European Commission;

- Standard Contractual Clauses (SCC);

- additional technical and organizational measures.

7. Data retention periods (art. 5, par. 1, lett. e, GDPR)

The data collected will be stored by the Data Controller, in a form that allows identification of the data subject, for a limited period of time, which varies depending on the type of activity involving the processing of your personal data. After this period expires, your data will be permanently deleted or irreversibly anonymized. This is without prejudice to cases where retention for a longer period is required for potential disputes, requests from competent authorities, or under applicable law.

Specifically:

a) data collected to conclude and execute purchase contracts for goods on the website: until completion of administrative-accounting formalities. Billing data will be kept for ten years from the invoice date;

b) registered user data: data will be kept until you request deletion of your profile;

c) payment data: until payment certification and completion of related administrative-accounting formalities following the expiration of the withdrawal right and the terms applied for payment disputes;

d) data collected for joining the WYCON FAN program: these data are kept until the subscription to the loyalty service is canceled;

e) data used for commercial communication activities towards users who purchase products on the website: these data are kept until the activity ceases or you specifically revoke consent;

f) email address provided to receive our newsletter (communications about news and commercial promotions): until consent is revoked;

h) data used for commercial communications, market research, and satisfaction surveys, as well as for personalizing commercial communications: until consent is revoked;

i) data used to personalize the Site and show personalized commercial offers: until you request cessation of the activity and in any case within 12 (twelve) months from the last interaction of any kind with Wycon s.p.a.

8. Data subject rights (arts. 15–22 GDPR)

You can exercise your rights at any time regarding the specific processing of your personal data by Wycon s.p.a., in particular:

• Right of access (art. 15) – to obtain confirmation of processing, a copy of the data, and information on logic, purposes, and categories processed;

• Right to rectification (art. 16) – to obtain correction or updating of inaccurate or incomplete data;

• Right to erasure (art. 17) – to request deletion of data when legal conditions apply;

• Right to restriction (art. 18) – to obtain suspension of processing in specific circumstances;

• Right to data portability (art. 20) – to receive data in a structured format and transfer it to another controller;

• Right to object (art. 21) – to oppose processing based on legitimate interest;

• Right not to be subject to automated decisions (art. 22) – except with explicit consent or contractual necessity.

Pursuant to art. 19 of the GDPR, the data controller will inform each recipient to whom personal data has been disclosed of any corrections, deletions, or restrictions of processing carried out under arts. 16-17-18 GDPR, unless this proves impossible or involves a disproportionate effort.

To ensure that our users' data is not violated or misused by unauthorized parties, before accepting your request to exercise any of the rights listed, we will ask you for some information to verify your identity.

9. Minors

The services on this site are intended for individuals aged 18 or older.

Wycon s.p.a. does not request, collect, use, or freely disclose personal data provided by individuals under 18 years of age. If Wycon s.p.a. becomes aware that it has collected data from a minor, it will delete it. If you are under 18, please do not register or proceed with purchasing a product online.

10. Additional rights (arts. 12–14 GDPR)

You will also have the right to:

- receive clear and transparent information about the processing;

- be informed in case of personal data breaches (data breach) that may pose high risks;

- obtain a copy of the documentation related to the processing and agreements with the Data Processors.

11. How to exercise your rights

If you wish to report incorrect processing of the data provided or to exercise the rights listed above, the data subject may:

- send a registered letter with return receipt to the registered office of Wycon spa in Milan, Piazza IV novembre no.4;

- send an email to the D.P.O. (Data Protection Officer) appointed by Wycon spa at privacy@wyconcosmetics.com.

The Data Controller will respond without undue delay, in any case within 30 days.

You can revoke your consent to the processing of optional data at any time by contacting the D.P.O. (Data Protection Officer) appointed by Wycon spa by sending an email to  privacy@wyconcosmetics.com or, alternatively, send a registered letter with return receipt to the registered office of Wycon spa in Milan, Piazza IV novembre no.4, attention to the D.P.O. (Data Protection Officer).

If the data subject believes their rights have been violated, they have the right to file a complaint with the Data Protection Authority, following the procedures indicated by the Authority at the following web address http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 or by sending a written communication to the Data Protection Authority, Piazza Montecitorio n.121, 00186 Rome.

12.  Updates to this privacy notice

The Data Controller may update this privacy notice to comply with regulatory or organizational changes. Each updated version will be made available through appropriate means.