SUBSCRIBE TO MY LOVERS AND GET 15% DISCOUNT NOW!
DELIVERY IN 5 WORKING DAYS IN EUROPE
The Data Controller is Medspa s.r.l., represented by the legal representative, located at Corso Sempione n. 17, Milan
Phone: 081/19569101, Email: privacy@medspa.it, PEC: medspa.srl@pec.it
The Data Protection Officer (DPO) can be contacted at: dpo@medspa.it
Web Service Provision
Data and information are collected to ensure the correct functioning and use of the Data Controller’s website (operational data, statistical data, security information, etc.).
Data collection occurs automatically when the website pages are accessed.
Data will be retained for a maximum of 24 months.
Legal basis: Legitimate interest of the Data Controller
Data is collected to process and complete product purchase transactions.
Purchases made through the Medspa s.r.l. web pages are protected by appropriate security systems (e.g., HTTPS Protocol).
Payment management services allow the Data Controller to process payments via credit card, bank transfer, or other methods (e.g., Paypal, Scalapay, Klarna, Doofinder, CDN systems, etc.).
Payment data is collected directly by the payment service provider without being processed by the Data Controller, except for the transaction outcome.
Some of these services may also involve the sending of messages to the User, such as invoices or payment notifications.
Users are advised to review the relevant privacy policies available on the service provider’s web pages.
Providing data is necessary to receive the requested service.
Data will be retained for 10 years in compliance with tax and contractual documentation retention laws.
Legal basis: Compliance with contractual obligations
Data (name, surname, phone number, email, photo, preferences, residence) will be collected to handle contact, interaction, or product consultation requests, voluntarily submitted through web forms.
An external application (e.g., WhatsApp) may be used to manage requests. In such cases, the application provider may process the data as an independent Data Controller.
Medspa s.r.l. will inform users of external applications before sharing data.
Providing data is optional.
Data will be retained for as long as necessary to manage the request.
Legal basis: Execution of contractual and pre-contractual activities at the request of the data subject
Data is processed to request and manage an appointment with our consultants.
Only contact data is processed.
Providing data is optional.
Data will be retained for as long as necessary to manage the request.
Legal basis: Execution of contractual and pre-contractual activities at the request of the data subject
Your data will be processed to manage your participation in prize competitions and/or points collection organized by the Data Controller.
Providing data is optional, but refusal will prevent participation.
Data will be retained for the duration necessary to manage the event. Data necessary for legal compliance will be retained for 10 years.
Legal basis: Execution of contractual and pre-contractual activities at the request of the data subject and compliance with legal obligations
Users can join the "Miamo Lovers" community by creating a personal account through the website.
The community has a commercial purpose, allowing access to promotions, discounts, and personalized offers.
Creating a "Miamo Lovers" account is optional and intended to manage the contractual relationship and enhance the customer experience.
The subscription requires consent to the Data Controller’s marketing activities to access community-specific offers.
Data will be retained until the account is deleted. Afterward, only data necessary for legal compliance will be kept.
Legal basis: Compliance with contractual obligations and consent
Data will be collected via a dedicated web page to perform a skin evaluation and provide a report on potential issues and suggested solutions.
Sensitive data related to health may be collected during the test, intended for diagnosis and treatment (art. 9, paragraph 2, letter h).
Providing data is optional.
If the process is completed without requesting the final report, data will be immediately deleted.
If the report is requested, data will be retained for 36 months for periodic user comparison.
Legal basis: Pre-contractual activities at the request of the data subject
The Data Controller may contact the customer via email or phone to collect feedback on service quality.
These processing activities aim to improve products and services offered.
Providing data is optional.
Data will be retained for 36 months and then archived anonymously for statistical and quality control purposes.
Legal basis: Legitimate interest of the Data Controller
A) Direct Marketing:
The Data Controller may send advertising messages via email, WhatsApp, SMS, messaging apps, postal service, social networks, and newsletters, upon consent.
Data will be retained until consent withdrawal.
Legal basis: Consent
B) Third-Party Marketing:
Data may be shared with companies within the Limitless Holding S.p.A. group for independent marketing activities.
Legal basis: Consent
C) Soft Spam:
The Data Controller may send promotional emails for products or services similar to those previously purchased.
Opposition to processing can be communicated via email to privacy@medspa.it
Legal basis: Legitimate interest under Article 130(4) of Legislative Decree 196/03
Under Articles 15-22 of the GDPR, data subjects have the right to:
Access and obtain copies of their data
Rectification
Deletion
Restriction of processing
Object
Data portability
Withdrawal of consent
Not be subject to automated decision-making
To exercise these rights, contact: privacy@medspa.it
In case of data breach, a complaint can be submitted to the Data Controller or the Data Protection Authority.