Privacy Policy
Last Updated: January 1, 2023
Give Back Beauty LLC with registered office in 8 The Green Suite # 4220, Dover, DE 19901, United States of America, e-mail privacy@givebackbeauty.com (hereinafter, “GBB,” “we,” “us,” or “our”) respect your concerns about privacy. This Online Privacy Notice describes the types of personal information we obtain on this website how we use the information, with whom we share it and the rights and choices available to users of our Site regarding our use of the information. GBB (hereinafter, for provisions pertaining to the GDPR and CCPA the “Controller”) is committed to the protection of your personal information that is about you and which identifies you. This Privacy Policy (hereinafter, “Privacy Policy”) is provided in accordance with Regulation (EU)/2016/679 (hereinafter, “GDPR”) and California Consumer Privacy Act (hereinafter, “CCPA”) concerns the processing of personal data performed by GBB.
This Privacy Policy explains how GBB collects and uses personal information about you as part of our business activities, including information we collect when you access or use our websites, mobile sites, mobile applications, and other digital services and products controlled by GBB that link to this Privacy Policy (collectively, our “Digital Services”). This Privacy Policy describes what personal information we collect, how we use such personal information, who we may disclose it to and your rights and choices in relation to your personal information. This Privacy Policy does not apply to third-party websites linked from our Digital Services.
***
1. Identity and contact of the Controller
Give Back Beauty is a company established in the U.S., therefore Give Back Beauty appointed Give Back Beauty S.r.l., with registered office in Corso Italia 13, 20122, Milano (MI), Italy, VAT 10129060967, as a representative within the EU territory (“Representative”), pursuant to Article 27 GDPR.
2. Identity and contact of DPO
The Controller has not appointed a Data Protection Office.
3. Information We Collect and persona data’s categories
For purposes of this Privacy Policy, “personal information” or “personal data” means information that identifies you or that could reasonably be used to identify you. While some of the information GBB collects is required for business engagement purposes, other information is voluntarily given by the individual. The types of personal information that GBB may collect include, but is not limited to, the following:
- Contact information such as your name, address, phone number, or email address;
- Registration information such as your username and password, date of birth, and gender
- Account login credentials, such as usernames and passwords, password hints and similar security information;
- Other account registration and profile information, such as photo and video;
- Payment information (such as banking information, payment card number, expiration date, delivery address, and billing address)
- Information about the electronic device you use to access our Digital Services
- Details of products and services you have purchased from us or inquiries you have made
- Preference information, such as communications you receive from us
- Any other information relating to you (or other individuals) which you provide to us directly or indirectly through access and use of our Digital Services, by email or by phone, surveys or questionnaires, completing forms or contacting customer service
We may use or disclose the personal data we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in order for us to prepare a tax return, we will use that data prepare the return and submit it to the applicable taxing Authorities;
- To provide you with information, products or services that you request;
- To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, with your consent;
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- As described to you when collecting your personal information or as otherwise set forth in the GDPR or CCPA.
In any case, we don't sell and disclose your personal data; for further information see our “Do not sell My Personal Information”.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
GBB has not disclosed personal information for a business purpose in the preceding 12 (twelve) months.
We collect this information:
- Directly from you when you provide it to us;
- Automatically as you navigate through our Digital Services;
- From third parties, for example, our business partners.
Information You Voluntarily Provide To Us
You do not have to register for a service or program to receive much of the information available through our Digital Services. However, some of our content is available only to registered or identified users and will require you to set up a profile or provide specific information about yourself in order to provide you the service. When you sign up to be a registered user, we may collect information such as your name, email, password, date of birth, gender, and contact preference information.
We also collect information that you provide to us when you purchase a product, sign up or request to receive marketing products and information, contact GBB customer service via email, phone, mail, or otherwise, or respond to GBB questionnaires or surveys. This information may include personal information, such as your name and email address, or other contact information, and your payment information, or other information related to your business or your concerns regarding our products.
Information Collected Automatically
When you use our Digital Services, we also may collect certain usage and device information automatically as described below.
IP Address. We may record the Internet Protocol (“IP”) address of your computer or other electronic device when you access our Digital Services. An IP address identifies the electronic device you use to access the Digital Services, which allows us to maintain communication with your computer as you navigate through our Digital Services and to customize content.
Cookies and Other Tracking Technologies. We also collect information about your use of our website through tracking technologies such as cookies and web beacons. A “cookie” is a unique numeric code that is transferred to your computer to track your interests and preferences and to recognize you as a return visitor. A “web beacon” is a transparent graphic image placed on a website, e-mail or advertisement that enables the monitoring of things such as user activity and site traffic. These technologies help remember your preferences and allow us to bring you the content and features that are likely to be of greatest interest to you on the basis of “clickstream” data that shows your previous activities on our website.
For more information on Cookies, please see our Cookie Policy.
Mobile Tracking. Our Digital Services are available as mobile applications or mobile sites that you can use on your mobile device. If you use a mobile device to access and use our Digital Services, we may collect the following mobile-specific information in addition to the other information described above: device or advertising ID, device type, hardware type, media access control (“MAC”) address, international mobile equipment identity (“IMEI”), the version of your mobile operating system, the platform used to access or download our Digital Services (e.g., Apple, Google, Amazon, Windows), location information and usage information about your device and your use of the Digital Services.
Information We Obtain From Third Parties
To provide you with our products and services, we may also collect information (including personal information) from third parties, including from your organization and representatives, public sources, our related companies, and other parties.
When you submit an application for employment with us, we may also collect from third parties personal information about you, such as your education, employment, and other background information.
4. Purposes and legal basis of the processing, consent and consequences of the lack of consent
Personal data will be processed for the following purposes:
- For contractual purposes and, in particular, to allow the purchase of goods within the E-commerce. For instance, if you choose to purchase a product or receive our services, we use the information that you provide through our Digital Services to manage your orders and invoices, to process payments, to respond to your questions, provide you the service you request and offer an optical customer experience. In this, case the obligation to fulfill the contractual purposes constitutes the legal basis. The communication of the data constitutes an obligation; in the lack of such data, it will not be possible to proceed perform the contract.
- For direct marketing communications, newsletters, advertising material, market research, by means of traditional contact systems and automated computer systems, CRM, databases, including commercial or promotional communications by email, messaging systems, SMS, or telephone communications. In this case, your express consent constitutes the legal basis. The communication of data, therefore, is entirely optional and does not constitute a contractual obligation for you. In the absence of such data, it will not be possible to send newsletters. You may opt-out of receiving marketing communications from GBB at any time by using the opt-out options specified in our marketing communications or by contacting us as described in Section 17 below.
- To determine your habits and preferences through profiling, to provide you with a personalized service. For instance, the personal information that you provide may be used to create customized offers, information, or services tailored to your interests and preferences. Also, we may use your IP address and the data that we obtain automatically through the use of cookies or similar tracking technologies to make our Digital Services easier to use and navigate as well as to personalize the content provided on our Digital Services by anticipating the information and services that may be of interest to you. The legal basis is your consent, expressed in accordance with the Privacy Policy. In relation to the personal data processed, the disclosure of personal data is not a contractual obligation. You have the option to provide personal data. If you fail to provide such data, the Controller will not be able to provide you with a personalized service.
- For purposes related to relevant legal obligations where processing is carried out for the purposes referred to in point a). In this case, the legal basis is the legal obligation of the Controller to process such personal data in accordance with applicable national legislation; in the absence of such data, it will not be possible to proceed with the conclusion of the contract.
The consent to the processing of personal data may be expressed by clicking a specific flagbox.
6. Methods of processing data, logics and safeguards
- In relation to personal data processed and stored for the purposes under Section 4(a) of the Privacy Policy (contractual purposes) and Section 4(d) (legal obligation), data processing will be carried out through automated decision-making logics and use of CRM software that will enable better management of fulfillment of the contractual obligations;
- In relation to personal data processed for the purposes under Section 4(b) of the Privacy Policy (marketing purposes), data processing will be carried out by means of traditional contact systems and automated computer systems, with the aim of offering direct marketing communications.
- In relation to personal data processed for the purposes of Section 4(c) (profiling), the Processing will take place by means of CRM software that allows to define tastes and preferences to offer you personalized services and communications. For further details, see the next section of the Privacy Policy.
If you consent to the Processing of your personal data to benefit from personalized services through profiling, your personal data may be subject to an automated decision-making process, with a specific algorithm that will decide which communications are best suited to your profile or which may be of most interest to you. The Processing carried out in this way has, as expected consequences, by way of example, the sending of highly profiled commercial communications, the sending of discounts, the sending of invitations to events deemed of interest, etc.
In accordance with Article 22 GDPR, you have the right to:
- obtain human intervention in the decision-making process by the Controller;
- express your opinion;
- obtain an explanation of the decision reached by the Controller.
- challenge the decision itself.
8. Source from which personal data originate
Only personal data provided in compliance with this Privacy Policy will be processed. In relation to the processing of personal data for the purposes of providing highly targeted services through profiling, such data may be correlated for deriving further profiled information. Data collected from public sources will be not processed.
9. Recipients or categories of recipients of your personal data
We only share your personal information with third parties as described below. We do not sell personal information to third parties.
The following may be recipients of the personal data:
- The communication companies that provide commercial communication activities on behalf of the Controller, which are responsible for the processing, if consent has been given for marketing purposes;
- Companies belonging to the information society, such as those providing web hosting services;
- Companies performing statistic and market inquiries, if consent has been given for marketing purposes;
- Companies that perform account services;
- Partner companies of the Controller;
- Companies offering shipping services of the products acquired by means of the Controller’s E-commerce;
- All persons to whom the right of access to such data is recognized under regulatory measures.
Third Party Sites and Social Media Plug-ins
This Privacy Policy does not apply to third-party websites that do not link to this Privacy Policy, or to third-party websites to which our Digital Services may link.
Our Digital Services may use social media plug-ins (e.g., the Facebook “Like” button, “Share to Twitter” button) to enable you to easily share information with others. When you visit our Digital Services, the operator of the social plug-in can place a cookie on your computer or other electronic device that enables that operator to recognize individuals who have previously visited our Digital Services. If you are logged into the social media website (e.g., Facebook, Twitter) while browsing on our Digital Services, the social media plug-in allows that social media website to receive information that you have visited our Digital Services. The social media plug-in also allows the social media website to share information about your activities on our Digital Services with other users of their social media website. These sharing settings are managed by the social media website and governed by its privacy policy.
10. Categories of personal data
The Controller will process only personal data from you. There will be no handling of special categories of personal data under Article 9 of the GDPR.
11. Transfer of personal data
The Controller may intend to transfer personal data to a third country or an international organization, such as:
- Communication agencies conducting activities on behalf of the Controller;
- Companies offering information society services, including, in particular, those offering hosting services;
- Service providers of the communication company.
The transfer of personal data to the aforesaid subjects is subject to an adequacy decision made by the European Commission after deciding that the third country or one or more specified sectors within that third country, or the international organization in question, ensures an adequate level of protection of personal data and your rights. However, if the Controller deems it appropriate to proceed with the transfer of personal data despite the lack of any adequacy decisions, the Controller reserves the right to conclude separate agreements with those subjects, requiring them to adopt adequate technical and organizational security measures to safeguard the transferred personal data, with particular regard to the protection of rights and freedoms of the concerned subjects. Your personal data may be transferred to the United States of America.
To obtain a copy of the transferred personal data or to be informed on where personal data have been transferred to, you shall send the Controller a written request to the following addresses: 8 The Green Suite # 4220, Dover, DE 19901, United States of America or email address: privacy@givebackbeauty.com.
12. Data Security
GBB maintains reasonable technical, administrative and physical controls to secure any personal information collected through our Digital Services. However, there is always some risk that an unauthorized third party could intercept an Internet transmission, or that someone will find a way to thwart our security systems. We urge you to exercise caution when transmitting personal information over the Internet, especially your financial-related information. GBB cannot guarantee that unauthorized third parties will not gain access to your personal information; therefore, when submitting personal information through our Digital Services, you must weigh both the benefits and the risks.
13. Children’s Privacy
GBB does not knowingly collect or use any personal information directly from children through our Digital Services (GBB defines “children” as minors younger than 18). We do not knowingly allow children to order our products, to communicate with us, or to use any of our online services. If you are a parent and become aware that your child has provided us with information, please contact us using one of the methods specified below, and we will work with you to address this issue.
14. Personal data retention period
- Personal data processed and stored for the purposes under Section 4(a) are processed for no longer than 10 years starting from the termination of the contractual effects, in case of conclusion of the contract, unless otherwise required by law;
- Personal data processed and stored for the purposes under Section 4(b) (marketing purposes) are processed and stored until when you request the erasure and/or revoke consent;
- Personal Data processed for the purposes set forth in Section 4(c) (preference determination purposes) are processed and stored by Company for a period not exceeding 12 months from collection.
- Personal data processed and stored for the purposes under point Section 4(d) (fulfilment of legal obligations) are processed and stored for a period no longer than 10 years following the termination of the contractual effects, in case of conclusion of the contract, as well as for a period no longer than 10 years following the termination of the negotiations, unless otherwise required by law.
The Controller reserves the right, in any case, to request you to renew his/her consent to the processing and/or to verify the consents already expressed.
15. Data subjects’ rights (EU Residents)
15.1 Right to object
- You have the right to object to the processing of personal data concerning your pursuant to Article 6, sub-section 1, letter (e) or (f) of the GDPR, at any time and on grounds relating to your particular situation. The Controller shall refrain from any further processing of your personal data unless the Controller proves that there are compelling legitimate grounds for the processing which take precedence over your interests, rights and freedoms or for the establishment, exercise or defence of a right in court.
- If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data carried out for such purposes, including profiling to the extent that it is related to such direct marketing.
- If you object on the processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. It is specified that your right to object on the processing of his/her personal data for the aforesaid purposes may be exercised even partially, i.e. by opposing, for example, only on sending promotional communications by automated and/or digital means, or on sending paper communications and/or receiving telephone communications.
- Where personal data are processed for scientific or historical research or statistical purposes in accordance with Article 89, paragraph 1 of the GDPR, you have the right to object on the processing of his/her personal data for reasons related to his/her particular situation, unless such processing is necessary for the performance of a task in the public interest.
15.2 Other rights
The Controller also wishes to inform You of the existence of the following rights:
- Right to access: You have the right to obtain from the Controller confirmation as to whether or not Your personal data are being processed and, if so, to obtain access to the personal data and specific information, in accordance with article 15 of the GDPR;
- Right to rectification: You have the right to obtain from the Controller the rectification of inaccurate personal data without undue delay. Taking into account the processing purposes, you have the right to obtain supplementing of incomplete personal data, including by providing a supplementary statement, in accordance with art. 16 of the GDPR;
- Right to erasure of data, including the right to revoke consent: You have the right to obtain from the Controller the erasure of the personal data without undue delay or to revoke consent. The Controller has the obligation to erase Your personal data without undue delay, if the reasons set out in art. 17 of the GDPR exist. With regard to the right to revocation, You also have the right to revoke consent at any time, without prejudice to the lawfulness of the processing based on the consent given prior to revocation;
- Right to restriction of processing: You have the right to obtain from the Controller the restriction of processing when the conditions set out in art. 18 of the GDPR exist;
- Right to data portability: You have the right to receive Your personal data provided to the Controller in a structured format, commonly used and readable by automatic devices. You have the right to send such data to another controller without any impediment by the Controller in the cases and at the conditions specified in art.20 of the GDPR;
- Contractor’s right to object on commercial communications: You, as a contractor, have the right to object at any time, free of charge, on the receipt of commercial communications.
- Right to lodge a complaint with the Supervisory Authority: you have the right to lodge a complaint the the Supervisory Authority for the Protection of personal data, if you consider that the processing of your personal data infringes the GDPR or data protection dispositions, in accordance with art. 77 GDPR.
The same rights are guaranteed by us to citizens not resident in the European Union territory, where technically possible.
16. Data subjects’ rights (Non-EU Residents)
If you are not an EU resident, with respect to personal information that we may have collected about you, you may:
- Ask us to erase or delete all or some of your personal data;
- Ask us for a copy of your personal data, including in machine readable form;
- Ask us to change, update, or fix your data if it is inaccurate; and
- Ask us to stop using all of some of your personal data (where we have no legal right to keep using it) or to limit our use of it.
In any case, you have the right to request that we disclose certain personal data to you. Once we receive and confirm your verifiable request, we will disclose to you:
- The categories of personal data we collected about you;
- The categories of sources for the personal information we collected;
- Our business or commercial purpose for collecting or selling that personal information;
- The categories of third parties with whom we share that personal information;
- Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- A copy of the specific pieces of personal information we collected about you, for data portability purposes;
- If we sold or disclosed your personal information for a business purpose;
- Sales, identifying the personal information categories that each category of recipient purchased.
You may contact us using the contact information in Section 17 below, and we will consider your request in accordance with applicable laws.
17. How to Contact Us with Privacy ConcernsThe applications to exercise the rights indicated in this Privacy Policy must be addressed directly to the Controller at the e-mail address: privacy@givebackbeauty.com
Alternatively, You can exercise said rights by sending a registered letter with recorded delivery to in 8 The Green Suite # 4220, Dover, DE 19901, United States of America.
You may lodge a complaint with the Local Supervisory Authority for the Protection of personal data according to the provided instructions in the official website.
In any case, if you would like to lodge a complaint against us, you may contact your local authority.
18. Accessibility of Privacy PolicyThe Privacy Policy is accessible on our website and at the Controller. If so expressly requested, the information can also be provided orally, as long as the identity of the applicant is proven, by means of a phone call request to the addresses of the Controller.
We reserve the right to change the terms of this Privacy Policy at any time. Any changes to this Privacy Policy will be reflected on our website with a new effective date. GBB encourages you to review this Privacy Policy regularly for any changes. Your continued use of our Digital Services after we post changes is deemed to be acceptance of those changes.
19. Non-DiscriminationWe will not discriminate against you for exercising any of your GDPR and CCPA rights. Unless permitted by the GDPR and CCPA, we will not:
- Deny you goods or services or provide you a different level or quality;
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services;
- Charge you different prices for goods or services, including through granting discounts or other benefits.