emoticon gift package -25% ON AGE REVERSE CREAM AND EYE CREAM emoticon gift package

emoticon smile with stars in the eyes MINI ICONS: DISCOVER NOW THE BEST SELLING SERUMS IN TRAVEL SIZE emoticon smile with stars in the eyes

emoticon gift package SUBSCRIBE TO MY LOVERS AND GET 15% DISCOUNT NOW! emoticon gift package

emoticon van DELIVERY IN 5 WORKING DAYS IN EUROPE emoticon van

Contact Us
Store Locator
  • My Account
  • My Wish List ()
  • Sign In
  • Compare
  • Create an Account
Toggle Nav
Menu
Icon Contact UsContact Us
Icon Find a StoreFind a Store
Account
Settings

Privacy Policy

 

Privacy Policy - Medspa s.r.l.

Data Controller

The Data Controller is Medspa s.r.l., represented by the legal representative, located at Corso Sempione n. 17, Milan
Phone: 081/19569101, Email: privacy@medspa.it, PEC: medspa.srl@pec.it

DPO Contact Information

The Data Protection Officer (DPO) can be contacted at: dpo@medspa.it

Purpose of Processing

Web Service Provision

Data and information are collected to ensure the correct functioning and use of the Data Controller’s website (operational data, statistical data, security information, etc.).
Data collection occurs automatically when the website pages are accessed.
Data will be retained for a maximum of 24 months.
Legal basis: Legitimate interest of the Data Controller

Online Purchases

Data is collected to process and complete product purchase transactions.
Purchases made through the Medspa s.r.l. web pages are protected by appropriate security systems (e.g., HTTPS Protocol).
Payment management services allow the Data Controller to process payments via credit card, bank transfer, or other methods (e.g., Paypal, Scalapay, Klarna, Doofinder, CDN systems, etc.).
Payment data is collected directly by the payment service provider without being processed by the Data Controller, except for the transaction outcome.
Some of these services may also involve the sending of messages to the User, such as invoices or payment notifications.
Users are advised to review the relevant privacy policies available on the service provider’s web pages.
Providing data is necessary to receive the requested service.
Data will be retained for 10 years in compliance with tax and contractual documentation retention laws.
Legal basis: Compliance with contractual obligations

Receiving Information and Consultation Requests

Data (name, surname, phone number, email, photo, preferences, residence) will be collected to handle contact, interaction, or product consultation requests, voluntarily submitted through web forms.
An external application (e.g., WhatsApp) may be used to manage requests. In such cases, the application provider may process the data as an independent Data Controller.
Medspa s.r.l. will inform users of external applications before sharing data.
Providing data is optional.
Data will be retained for as long as necessary to manage the request.
Legal basis: Execution of contractual and pre-contractual activities at the request of the data subject

Appointment Booking

Data is processed to request and manage an appointment with our consultants.
Only contact data is processed.
Providing data is optional.
Data will be retained for as long as necessary to manage the request.
Legal basis: Execution of contractual and pre-contractual activities at the request of the data subject

Participation in Data Controller’s Initiatives (e.g., prize competitions and/or points collection)

Your data will be processed to manage your participation in prize competitions and/or points collection organized by the Data Controller.
Providing data is optional, but refusal will prevent participation.
Data will be retained for the duration necessary to manage the event. Data necessary for legal compliance will be retained for 10 years.
Legal basis: Execution of contractual and pre-contractual activities at the request of the data subject and compliance with legal obligations

Creation of a Miamo Lovers Account

Users can join the "Miamo Lovers" community by creating a personal account through the website.
The community has a commercial purpose, allowing access to promotions, discounts, and personalized offers.
Creating a "Miamo Lovers" account is optional and intended to manage the contractual relationship and enhance the customer experience.
The subscription requires consent to the Data Controller’s marketing activities to access community-specific offers.
Data will be retained until the account is deleted. Afterward, only data necessary for legal compliance will be kept.
Legal basis: Compliance with contractual obligations and consent

Skin Test

Data will be collected via a dedicated web page to perform a skin evaluation and provide a report on potential issues and suggested solutions.
Sensitive data related to health may be collected during the test, intended for diagnosis and treatment (art. 9, paragraph 2, letter h).
Providing data is optional.
If the process is completed without requesting the final report, data will be immediately deleted.
If the report is requested, data will be retained for 36 months for periodic user comparison.
Legal basis: Pre-contractual activities at the request of the data subject

Customer Experience

The Data Controller may contact the customer via email or phone to collect feedback on service quality.
These processing activities aim to improve products and services offered.
Providing data is optional.
Data will be retained for 36 months and then archived anonymously for statistical and quality control purposes.
Legal basis: Legitimate interest of the Data Controller

Marketing Activities

A) Direct Marketing:
The Data Controller may send advertising messages via email, WhatsApp, SMS, messaging apps, postal service, social networks, and newsletters, upon consent.
Data will be retained until consent withdrawal.
Legal basis: Consent

B) Third-Party Marketing:
Data may be shared with companies within the Limitless Holding S.p.A. group for independent marketing activities.
Legal basis: Consent

C) Soft Spam:
The Data Controller may send promotional emails for products or services similar to those previously purchased.
Opposition to processing can be communicated via email to privacy@medspa.it
Legal basis: Legitimate interest under Article 130(4) of Legislative Decree 196/03

Data Subject Rights

Under Articles 15-22 of the GDPR, data subjects have the right to:

  • Access and obtain copies of their data

  • Rectification

  • Deletion

  • Restriction of processing

  • Object

  • Data portability

  • Withdrawal of consent

  • Not be subject to automated decision-making

To exercise these rights, contact: privacy@medspa.it
In case of data breach, a complaint can be submitted to the Data Controller or the Data Protection Authority.