Cookie Policy

Last Updated: January 1, 2023

Give Back Beauty LLC with registered office in 8 The Green Suite # 4220, Dover, DE 19901, United States of America, e-mail privacy@givebackbeauty.com. (hereinafter,  “GBB,” “we,” “us,” or “our”) respect your concerns about privacy. This Online Privacy Notice describes the types of personal information we obtain on this website how we use the information, with whom we share it and the rights and choices available to users of our Website regarding our use of the information. GBB (hereinafter, for provisions pertaining to the GDPR and CCPA the “Controller”) is committed to the protection of your personal information that is about you and which identifies you. This Online Privacy Notice (hereinafter, “Cookie Policy”) is provided in accordance with Regulation (EU)/2016/679 (hereinafter, “GDPR”) and California Consumer Privacy Act (hereinafter, “CCPA”) concerns the processing of personal data performed by GBB.

This Privacy Policy explains how GBB collects and uses personal information about you as part of our business activities, including information we collect when you access or use our website (“Website”), mobile sites, mobile applications, and other digital services and products controlled by GBB that link to this Privacy Policy (collectively, our “Digital Services”). This Privacy Policy describes what personal information we collect, how we use such personal information, who we may disclose it to and your rights and choices in relation to your personal information.  This Privacy Policy does not apply to third-party websites linked from our Digital Services.

1. Identity and contact details of the Data Controller

The Data Controller is Give Back Beauty LLC. Give Back Beauty LLC is a company established in the U.S., therefore Give Back Beauty LLC has appointed Give Back Beauty S.r.l., with registered office in Corso Italia 13, 20122, Milano (MI), Italy, VAT 10129060967 as a representative (“Representative”), pursuant to Article 27 GDPR. 

2. Contact details of the data protection officer

The Data Controller has not appointed a Data Protection Officer (“DPO”), pursuant to Article 37 GDPR. 

3. Processing methods

Cookies 

Cookies are small text strings that the Website You visit sends to your browser, which stores them in order to transmit them to the Website when You visit it again. 

Cookies allow us to collect information about your browsing experience.

Cookies may be permanently stored on your computer and have a variable duration (persistent cookies), or they may not be permanently stored on your device and be automatically deleted when You close your browser (session cookies). 

Cookies may be installed by the site You are visiting or may be installed by other websites that provide various services to that site (third party cookies).

3.1 Technical cookies (Essential)

Cookies in this category allow the Website to function properly. 

Cookie 

Website link 

Purpose 

Type 

_orig_referrer

https://www.shopify.com/legal/cookies

Used to track landing pages 

Session 

cart_currency

https://www.shopify.com/legal/cookies

Set after a checkout is completed to ensure that new carts are in the same currency as the last checkout. 

Permanent (14 days)

secure_customer_sig

https://www.shopify.com/legal/cookies

Used to identify a user after they sign into a shop as a customer so they do not need to log in again. 

Permanent (1 year)

localization

florencebymillsbeauty.com 

Used to store the user's IPGeolocation information.

Permanent (14 days) 

 

3.2 Statistical cookies

The Website also uses statistical cookies created directly by the Data Controller, or provided by third parties.  

With the statistical cookies created directly by the Data Controller, Give Back Beauty will carry out statistical analyses on various domains, websites or apps that can be traced back to Give Back Beauty, and will carry out its own statistical processing, without such analyses being aimed at making commercial decisions. 

With third-party statistical cookies, means have been taken to reduce their identifying power, for example by masking significant portions of the IP addresses processed. In case of use of third-party statistical cookies, the third party has contractually committed to the Data Controller to use them exclusively for the provision of the service, to store them separately and not to “enrich” or “cross-reference” them with other information they have.

Cookie 

Website link 

Purpose 

Type 

_ga

https://developers.google.com/analytics/devguides/collection/gtagjs/cookie-usage#gtagjs_google_analytics_4_-_cookie_usage 

Used to distinguish users 

Persistent (2 years)

_ga_<container-id>

https://developers.google.com/analytics/devguides/collection/gtagjs/cookie-usage#gtagjs_google_analytics_4_-_cookie_usage 

Used to persist session state

Persistent (2 years)


_landing_page

https://www.shopify.com/legal/cookies 

Used to track landing pages 

Session

_s

https://www.shopify.com/legal/cookies 

Shopify analytics 

Session

_shopify_s

https://www.shopify.com/legal/cookies

Shopify analytics

Permanent (30 minutes)

_shopify_sa_t

https://www.shopify.com/legal/cookies

Shopify analytics

Permanent (30 minutes)

_shopify_y

https://www.shopify.com/legal/cookies

Shopify analytics

Permanent (one year)

_shopify_sa_p

https://www.shopify.com/legal/cookies

Shopify analytics

Permanent (30 minutes)

_y

https://www.shopify.com/legal/cookies 

Shopify analytics

Permanent (one year)

_kla_id

https://www.klaviyo.com/marketing-resources/data-privacy 

Used to collect information on the visitor’s behaviour to optimize the site.

Permanent (2 years)

 

Navigation data and environmental variables

The Website automatically acquires some Personal Data relating to your navigation.  This category of data includes, for example:

  • the IP addresses of the computer You are using;
  • the number of accesses;
  • the pages used;
  • the date and time of access;
  • the URL where the browser was before viewing the Website;
  • the type of browsing browser
  • the operating system used.

3.3 Marketing cookies 

Marketing cookies are non-technical cookies that allow the Data Controller to carry out marketing activities. Give Back Beauty uses the listed marketing cookies.  

Cookie 

Website link 

Purpose 

Type 

__attentive_cco

https://www.attentive.com/cookie-notice

Used for targeting, optimization, reporting and attribution of text message marketing

Persistent (one year)

__attentive_id

https://www.attentive.com/cookie-notice

Used for targeting, optimization, reporting and attribution of text message marketing

Session

_attn

https://www.attentive.com/cookie-notice

Used to view the visitor ld and some page view and session details

Session

 

3.4 Profiling cookies

Profiling cookies are non-technical cookies that allow the Data Controller to provide You with services tailored to your needs. Give Back Beauty uses the listed profiling cookies.   

Cookie 

Website link

Purpose 

Type 

_scid 

https://www.snapchat.com/it-IT 

Used to help identify a visitor. 

Persistent (one year).

octane%2Fshopify%2Fuid

Octane 

Used to track and identify users who use the routine or take actions on pop-ups.

1 year 

   

4. Delete and disable cookies 

You can configure your browser to prevent the processing of cookies, or delete them immediately after browsing. Below, We list how to disable and delete cookies with the main browsers:

Delete/deactivate cookies with Firefox

http://support.mozilla.com/it/kb/Eliminare%20i%20cookie

Delete/deactivate cookies with EDGE

https://support.microsoft.com/it-it/microsoft-edge/eliminare-i-cookie-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09 

Delete/deactivate cookies with Chrome

http://support.google.com/chrome/bin/answer.py?hl=it&answer=95647


5. Information You Voluntarily Provide to Us 

You have the right and the freedom to provide data by sending electronic mail to the addresses indicated on the Website, which the Data Controller may acquire for the purposes indicated from time to time. In addition to the email address necessary to respond to You, any other Personal Data contained in the relevant communication will be processed. The Personal Data collected in this way will be stored and processed exclusively for the purpose of keeping correspondence, without using it for any other purpose.

    6. Purpose, legal basis of the processing, optional consent and consequences of lack of consent
    • Personal data processed while browsing the website: The provision of Personal Data is a contractual obligation, without which the website could not be made available in full working order.
    • Personal data processed with technical cookies: The provision of Personal Data is a contractual obligation, without which the website could not be made available in full working order.
    • Personal data processed with statistical cookies: The communication of Personal Data is purely optional. If You do not communicate your data, Give Back Beauty will not be able to carry out statistical analyses. The legal basis for processing is your consent, expressed in accordance with paragraph 3.2. of the Cookie Policy.
    • Personal data processed with marketing cookies: The communication of Personal Data is purely optional. If You do not communicate your data, it will be impossible for the Data Controller to carry out marketing activities. The legal basis for processing is your consent, expressed in accordance with the current legislation and the Cookie Policy. 
    • Personal data processed with profiling cookies: The communication of Personal Data is purely optional. If You do not communicate your data, it will be impossible for the Data Controller to provide You with personalized services through profiling. The legal basis for processing is your consent, expressed in accordance with the current legislation and the Cookie Policy.
    • Personal data provided voluntarily via email or form: The communication of Personal Data is purely optional. If You fail to provide the data, the Data Controller will not be able to respond to your requests. The legal basis for the processing is the legitimate interest of the Data Controller, as Data Controller, to respond to requests. 

      You can express your consent to the processing of Personal Data with non-technical cookies by clicking on a specific box presented within a banner.

      7. Automated decision-making and profiling   

      If You consent to processing through profiling cookies to benefit from personalized services, your Personal Data may be subject to an automated decision-making process, with a specific algorithm that will decide which communications are best suited to your profile or which might be of interest to You. The expected consequences of this processing are the sending of highly profiled commercial communications, sending discounts, sending invitations to events deemed to be of interest.   

       In accordance with Article 22 GDPR, You have the right to:   

      • obtain human intervention in the decision-making process by the Data Controller; 
      • express your opinion;   
      • obtain an explanation of the decision reached by the Data Controller;
      • challenge the decision itself.

      8. Source and categories of Personal Data 

      The Data Controller will only process Personal Data provided by You in accordance with the Cookie Policy, collected through the Website or by sending You an email. The Data Controller will not process data from publicly available sources. The Data Controller will not process special Personal Data as referred to in Article 9 of the GDPR.

      9. Recipients and possible categories of recipients of Personal Data

      Recipients of Personal Data may include:

      • communications companies that carry out commercial communication and profiling activities on behalf of the Data Controller, where consent has been given, and which have the status of data processors;
      • companies offering information society services, including, in particular, those offering hosting services;
      • marketing, advertising and analytics providers, if consent has been given;
      • audit firms;
      • partner companies of the Data Controller; 
      • technical and operational service providers and business partners; 
      • potential purchasers within the context of a business transaction. 

      10. Data Transfer 

      The Data Controller intends to transfer your Personal Data to entities established in a country outside of the European Union or to an international organization. Such entities could be represented, without limitation, by:

      • communications companies that carry out commercial communication and profiling activities on behalf of the Data Controller, where consent has been given, and which have the status of data processors;
      • companies offering information society services, including, in particular, those offering hosting services;
      • communication, marketing, advertising and analytics providers, acting on behalf of the Data Controller;
      • audit firms;
      • partner companies of the Data Controller; 
      • technical and operational service providers and business partners; 
      • potential purchasers within the context of a business transaction.  

      The transfer of Personal Data to such entities, if established in a third country, or to an international organization, is carried out in the presence of an adequacy decision by the European Commission, which has verified that the third country, the territory or one or more specific sectors within the third country, or the international organization in question ensure an adequate level of protection of your rights. In the absence of such decisions, if deemed appropriate, (completare) reserves the right to enter into specific and separate agreements obliging such entities to adopt adequate security measures, including organizational measures, aimed at providing appropriate safeguards with respect to your rights. 

      Google Inc., in particular, is contractually bound to ensure adequate protection of the rights of the data subject. The data may thus be transferred to the following countries: United States of America. 

      To obtain a copy of this data or the place where it has been made available, simply send your request to the Data Controller at the addresses shown above.

      11. Data retention period
      • The Data Controller will keep your Personal Data processed by means of technical cookies in order to allow You to use the Website correctly for a period not exceeding 12 (twelve) months from the date of individual collection, in accordance with the provisions of point 2.1 of the Cookie Policy;
      • The Data Controller will keep your Personal Data processed to provide personalized services through statistical, marketing and profiling cookies for a period not exceeding 12 (twelve) months from the date of individual collection, in accordance with the provisions of points 3.2., 3.3. and 3.4 of the Cookie Policy;
      • The Data Controller will keep your Personal Data provided voluntarily via e-mail or form and processed to respond to your requests for a period of time strictly necessary for achieving this purpose and, in any case, for no longer than 12 (twelve) months from the date of individual collection.

      The Data Controller reserves the right, in any case, to ask You to renew your consent to the processing and / or to verify the consents You have already expressed.

      12. Data Subject’s rights: right to object 

      As a Data Subject, You have the right to object at any time, on grounds relating to your particular situation, to the processing of Personal Data relating to You pursuant to Article 6(1)(e) or (f) of the GDPR, including profiling on the basis of those provisions.

      The Data Controller refrains from further processing your Personal Data, unless the Data Controller itself demonstrates the existence of compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

      If Personal Data is processed for direct marketing purposes, You have the right to object at any time to the processing of Personal Data about You carried out for such purposes, including profiling insofar as it is related to such direct marketing.

      If You object to the processing for direct marketing purposes, your Personal Data shall no longer be processed for such purposes.

      You may object to the processing of your Personal Data for direct marketing purposes even in part, for example by objecting only to the sending of promotional communications carried out by automated and/or digital means, or to the sending of paper communications and/or the receipt of telephone communications.

      If your Personal Data is processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, You have the right, on grounds relating to your particular situation, to object to the processing of Personal Data concerning You, unless the processing is necessary for the performance of a task carried out in the public interest.

      13. Data subject’s rights: other rights 

      The Data Controller would also like to inform You of the existence of the following rights:

      • Right of access: You have the right to obtain confirmation from the Data Controller that Personal Data concerning You is or is not being processed. If so, You have the right to access your Personal Data and specific information, in accordance with Article 15 of the GDPR;
      • Right of rectification: You have the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning You without undue delay. Taking into account the purposes of the processing, You have the right to obtain the integration of incomplete Personal Data, including by providing a supplementary declaration, in accordance with Article 16 of the GDPR;
      • Right to erasure: You have the right to obtain from the Data Controller the erasure of Personal Data concerning You without undue delay. The Data Controller is obliged to delete your Personal Data without undue delay, if there are grounds listed in Article 17 of the GDPR;
      • Right to restriction of processing: You have the right to obtain from the Data Controller the restriction of processing, if the grounds listed in Article 18 of the GDPR exist;
      • Right to data portability: You have the right to receive in a structured, commonly used and machine-readable format, Personal Data concerning You provided to the Data Controller, as well as the right to transmit such data to another data controller without hindrance by the Data Controller , in the cases and under the conditions specified by Article 20 of the GDPR;
      • Right to obtain human intervention, express your opinion, obtain an explanation of the decision reached by the Data Controller and challenge the decision reached by means of automated decision-making processing: You have the right to  obtain human intervention in the decision-making process by the Data Controller, express your opinion, obtain an explanation of the decision reached by the Data Controller and challenge the decision itself in accordance with Article 22 GDPR;
      • Right to object to commercial communications: You have the right to object at any time, free of charge, to receiving commercial communications from the Data Controller; 
      • Right to lodge a complaint with the Data Protection Authority: You have the right to lodge a complaint with the Data Protection Authority, to complain about a violation of the rules on the protection of Personal Data, in accordance with Article 77 of the GDPR. 

      14. How to exercise your rights

      You may exercise the rights indicated in the Cookie Policy by addressing your requests directly to the Data Controller at the e-mail address privacy@givebackbeauty.com or by sending the relative communication by registered mail with return receipt to the address 8 The Green Suite # 4220, Dover, DE 19901, United States of America. 

      You may lodge a complaint with Your competent Data Protection Authority, in accordance with the terms of their official websites. 

      15. Accessibility 

      The Privacy Policy can be accessed online and at office of the Data Controller. If You specifically request it, the Data Controller may provide the information to You orally, subject to proof of identity, with a telephone request directed to the Data Controller. 

      16. Changes

      The Data Controller may modify the Cookie Policy, also in order to comply with national and/or European Union legislation or technological innovations. Any new versions of the Cookie Policy will be posted on the Website. We encourage You to periodically check the Cookie Policy. Any changes will be communicated to You through a pop-up on the Website or by other means and/or computer tools. If the Data Controller substantially modifies the Cookie Policy, providing for new processing purposes and / or categories of Personal Data processed or changing the third parties, the Data Controller itself will inform You, requesting the necessary consents, through a special banner. If it is impossible for the Data Controller to check the storage of cookies on your device on the occasion of your next visit to the Website, for example in case of deletion of cookies installed, the Data Controller will inform You and ask for your consent through a banner. If at least 6 (six) months have elapsed since the banner was previously displayed on the Website, the Data Controller will inform You by means of a banner asking for your consent.