Welcome to our website www.aminamuaddi.com (hereinafter, the “Site”). For AM ASTRA S.r.l. (hereinafter, “AM ASTRA”) your privacy and the security of your personal data are very important. That is why we collect and manage your personal data with the utmost attention, and adopt specific measures to safely store it.
1 • Who is the controller+
When you use the Site, access our services or purchase AMINA MUADDI products, AM ASTRA is the controller of the processing of your personal data. The types of personal data we collect and the purposes for which we process such data are described in detail below.
For any clarification, question, or requirement related to your privacy, or to exercise your rights under the European personal data processing legislation (the General Data Protection Regulation - EU Reg. No. 2016/679, hereinafter “GDPR”) (see point 6) you may use the contact details indicated below.
2 • What Data do we process+
As concerns the purposes of the processing indicated in point 3 below, we process various types of personal data concerning you, including:
• your identification information (such as first and last name), your contact details (such as email address and telephone number), shipping address and billing address, payment information (such as the method of payment used, cardholder, card number used). For customer care activities, the information you choose to provide in your communications is also processed;
• if you register on the Site (“Account”), we process your identification information, your email address, and your password, as well as the data needed to provide you with services that are reserved for registered users.
• your geographic location, which is used with your consent by AMINA MUADDI for any service (that you have requested and that is offered through the Site) to find the AMINA MUADDI store reseller the closest to you (“Stockists”);
• when you have provided the corresponding consent, AMINA MUADDI also processes the data relating to your preferences and interests, such as products you’ve purchased or added to your wish list, age and gender, your country, and your preferred language and currency and the newsletters you have subscribed to. AMINA MUADDI process your data to analyze your habits and preferences to offer you personalized services and communications that are in line with your interests;
3 • Why do we process your data and on what legal basis+
3.1 • Purposes related to the online sale of products
We process your personal data for the online sale of AMINA MUADDI products and the relative activities connected thereto. In particular, to:
• enter into and perform a contract for the purchase on the Site of one or more products, for payment, product shipping, any management of the right of withdrawal, return, and the legal warranty. This processing is necessary to perform a contract to which you are party (purchase and sale agreement). You must provide your personal data; otherwise you will not be able to make a purchase on the Site or manage any requests you may have regarding the right of withdrawal, return, and legal warranty, or to receive the dedicated customer service;
• customer care. Processing is necessary to perform a contract to which you are party (provision of customer care). You must provide your personal data; otherwise you will be unable to receive the customer care you requested;
• the fulfillment of the legal obligations relating to the sales activity (such as, for example, issuing and storing the invoice). This processing is necessary to fulfill a legal obligation to which we are subject. It is thus mandatory that you provide your personal data; otherwise you will be unable to make a purchase on the Site;
• register on the Site (“Account”), or use the services that are reserved for registered users (for example: Wishlist, Orders, etc.). This processing is necessary to perform a contract to which you are party (registration on the Site and the relative provision of services). It is mandatory that you provide your personal data; otherwise you will be unable to register on the Site and use the registered user services;
• prevention and suppression of fraud and abusive behaviors (including by third parties) that conflict with the current standards, the applicable contractual provisions, and the rules of correctness and good faith. The lawfulness of this processing is based on our legitimate interests to perform security activities and controls for the purpose of preventing and protecting against fraudulent activities and abusive behaviors. Upon your request, we will be able to provide you with detailed information about the aforementioned legitimate interest and the corresponding so-called balancing test we have undertaken to ensure that your rights and interests are not outweighed by our legitimate interests;
3.2 • Marketing purposes
With your consent, AMINA MUADDI uses your personal data for marketing purposes. Indeed AMINA MUADDI may send you commercial or advertising communications about its products, services, and events. The marketing activities may also include market research and surveys to determine your level of satisfaction and to conduct statistical analyses, including using aggregated anonymous data. The processing of your data for marketing purposes is based on your voluntary consent, and providing your data for such purposes is optional. Regardless of whether you have consented to such processing for marketing purposes, you will be able to purchase our products online.
With your consent, AMINA MUADDI uses the data collected online, through this or other sites, or through AMINA MUADDI accounts on social media, to collect information relating to your preferences, habits, lifestyle, as well as details about what you have purchased. The data is used to create group and/or individual profiles (“profiling”) which allow us to send you personalized communications that are in line with your interests, or to conduct market research and statistical analyses, including with aggregated anonymous data. The processing of your data is based on your voluntary consent, and providing your data is optional. Regardless of whether you have consented to such processing, you will be able to purchase our products online.
With your consent, AMINA MUADDI shares your personal data with companies in the Amina Muaddi group, and others operating in the beauty, lifestyle, food, or sports sector. These companies will process your data for their own marketing purposes, i.e. to send you promotions, commercial or advertising communications about their products, services, events, including market research and surveys to determine your level of satisfaction and to conduct statistical analyses, including with anonymous data, organized in aggregate form. Such processing of your data is based on your voluntary consent; providing your data is optional. Regardless of whether you have consented to such processing, you will be able to purchase our products online.
To send you marketing communications or personalized offers, methods such as email, newsletters, operator-assisted telephone calls, SMS, MMS, chat, instant messaging, social networks and traditional mail are used, including invitations to organized events from AMINA MUADDI or in which AMINA MUADDI participates. You may unsubscribe from marketing communications in the corresponding section of your personal account or by clicking the respective link, which appears at the bottom of every commercial communication.
3.3 • Other purposes
We may also process your personal data for:
• managing requests to exercise personal data protection rights (further information in point 6). This processing is necessary to fulfill a legal obligation to which we are subject;
4 • Who will process your Data+
Duly informed personnel (employees and associates) of AMINA MUADDI, as well as third parties (service providers and/or business partners) who were appropriately selected by us and offer a suitable guarantee of compliance with personal data processing rules, may have access to your personal data. These third parties may conduct their activities as “data processors” (thus under our direct responsibility). For example, we may use the following categories of third party service providers who are our data processors: Internet providers, companies specialized in IT and electronic services, customer care service companies, companies that perform marketing activities, companies specialized in market research and data processing. Some third party service providers act as “independent data controllers” (for example, we may use third party couriers and shippers, bank operators, independent professionals, or consulting, legal or tax assistance firms, on this basis).
Your personal data may also be disclosed to third parties, including in the following cases:
(i) when disclosure is required by the applicable laws and regulations for legitimate third party recipients of communications, such as public entities and authorities that process your data as independent controllers for the respective institutional purposes;
(ii) in case of extraordinary operations (for example mergers, acquisitions, disposal of business, etc.);
You may request an updated list of the parties to whom we disclose your data by contacting us using the contact details indicated below.
Some of the parties indicated above (including various entities constituting AMINA MUADDI) may also be established outside the European Union (EU) or the European Economic Area (EEA), in countries that do not guaranty an adequate level of protection of personal data according to the standards established by the GDPR. AMINA MUADDI has adopted the necessary precautions to ensure a lawful transfer of data (in particular, through the use of the Standard Contractual Clauses approved by the European Commission). You may request information about the transfer of your personal data abroad at any time by contacting us using the contact details indicated below.
5 • How long do we retain your Data+
We retain your personal data for a limited period of time, which is strictly related to the purpose for which it was collected, and in conformity with the applicable legal or regulatory obligations. At the end of the established retention period, your personal data will be deleted, or in any case irreversibly anonymized, unless AMINA MUADDI is required to retain the data for an additional period of time to comply with legal or regulatory obligations, or to exercise or defend a right in a judicial proceeding.
The retention period differs according to the purpose of the processing, in particular:
• for the online sale of products and the relative activities connected thereto (point 3.1), your personal data will be retained for the entire duration of the contractual relationship and for 10 (ten) years after the termination thereof, except for registration on the Site (“Account”) and the use of confidential services for registered users (for example: Wishlist, Orders, etc.), in relation to which your personal data will be retained until you request the deletion of your account;
• when AMINA MUADDI processes your data for personalized marketing or profiling purposes, your data is retained for a period of 7 (seven) years from the time you provide your consent for the aforementioned purposes, following an evaluation of the impact on data protection conducted by AMINA MUADDI, with the participation of its Data Protection Officer;
• for general marketing activities, your data is retained by AMINA MUADDI until deletion is requested, consent revoked, or processing opposed; AMINA MUADDI furthermore wishes to protect your data and ensure that you wish to continue to receive its communications. Therefore, it deletes your data when 4 (four) years have elapsed since your last interaction with the AMINA MUADDI sphere, for example through purchases made at AMINA MUADDI stores or the Site, participation in AMINA MUADDI events or newsletters;
• to comply with legal obligations relating to personal data processing matters (point 3.4), your personal data will be processed by each controller, as concerns their specific area of authority, for the period needed to manage your request to exercise the rights recognized under the GDPR or to meet the legal obligation to which the data controller is subject. The data necessary to demonstrate compliance with the legal obligations to which the controller is subject shall be retained for 10 (ten) years;
• in case of a legal or administrative dispute, your data shall be retained for the time needed for AMINA MUADDI or a third party to seek legal protection of a right, or within the limits imposed by the legal or administrative authority.
6 • What are your Rights+
You may contact AMINA MUADDI at any time, using the contact details specified below, to exercise your rights pursuant to the GDPR, and particular:
• to obtain confirmation of whether or not your personal data is being processed and, if it is, to obtain access to or a copy of such personal data (”right of access”);
• correction of your personal data, i.e. to obtain the correction, modification, or updating of any data that is inaccurate or no longer correct, as well as to supplement incomplete personal data, including by providing a supplementary declaration (“right of rectification”);
• to revoke your consent (“right to revoke consent”): you may revoke the consent you have given to process your personal data at any time, including in relation to any activity whatsoever with a marketing purpose, including profiling. To that end, we remind you that marketing activities are considered to be the sending of commercial and advertising communications, the completion of market research and surveys to determine level of satisfaction, and the personalization of commercial offers based on your interests. Once your request has been received, we will cease the processing of your personal data that was based on such consent, while different instances of processing, or processing based on other requirements, will continue to be performed in full compliance with the current provisions;
• to request the deletion of your personal data when such data, in particular, (i) is no longer necessary for the purposes for which it was collected or processed, or (ii) was unlawfully processed, or (iii) must be deleted to perform a legal obligation, or, lastly, (iv) you have opposed such processing (see below “right to object”) and there is no prevailing legitimate reason that would allow us to nevertheless proceed with the processing (“right to erasure” or “right to be forgotten”);
• to obtain a limitation on the processing of your personal data, i.e. that we retain such data, but without being able to use it, save for any requests or exceptions prescribed by law. This right may only be exercised when, in particular (i) you object to the accuracy of the personal data, for the period needed for the controller to verify the accuracy of such personal data, or (ii) the processing of data is unlawful and you ask us to limit its use, instead of deleting it, or (iii) even though the controller no longer needs it for processing purposes, you require the personal data to assess, exercise, or defend a right in a legal proceeding, or (iv) you have opposed its processing (see below “right to object”), while awaiting a verification as to any legitimate grounds of the controller that prevail over those of the data subject (right to restriction);
• to request your data or transfer it to a party other than the controller (“right to data portability”). You may ask to receive the data we process based on your consent or based on a contract entered with you, in a form that is structured, commonly used, and readable on an automatic device. If you so desire, where technically possible, we may, upon your request, transfer your data directly to a third party you indicate;
• submit a claim to one of the competent supervisory authorities on compliance with the personal data protection standards, if you believe that your data was unlawfully processed (“right to submit a claim”). In Italy, a claim may be filed with the Personal Data Protection Authority [Garante per la Protezione dei Dati Personali] (http://www.garanteprivacy.it/).
Furthermore, as a data subject, you also have the “right to object”, i.e.:
• object at any time, for reasons related to your specific situation, to the processing of your personal data for the purpose of a legitimate interest of the controller or for marketing purposes, including profiling. We shall refrain from further processing your personal data, unless we can demonstrate that there are compelling, legitimate reasons to proceed with the processing that prevail over the interests, rights, and freedoms of the data subject, or to assess, exercise, or defend a right in judicial proceedings.
To ensure full respect of the rights described above, and that our users’ data is not unlawfully accessed or violated by third parties, prior to accepting a request from you to exercise one of the rights indicated, we may ask you for certain information to confirm your identity or clarify the request made.
8 • Data Security+
We adopt specific technical and organizational security measures to safeguard the confidentiality of Site users’ personal data, which are aimed at preventing the unlawful or fraudulent use of their personal data.
We remind you to take suitable precautions when using the Site, such as, for example, keeping your access credentials strictly private, and changing them periodically.
9 • Contact details of the data controller and the data protection officer+
When you interact with the Site, use our services or purchase our products Amina Muaddi (along with its affiliated entities worldwide) is responsible for the processing of your personal data, as described herein. AM ASTRA S.r.l., with registered offices in Via Cosimo del Fante 6, 20122 Milan, Italy, VAT number 116118290966, registered in the REA number MI-2614813. You can contact us at any time using the following email address: firstname.lastname@example.org
Our Data Protection Officer may be contacted at the following email address: WIP
Alternatively, for any clarification, question, or requirement related to your privacy, or to exercise your rights recognized under the GDPR (see point 6) you may contact us by sending a request to our Customer Care, selecting “Privacy”, or by calling us at …….. If you so wish, you may also contact us and our Data Protection Officer (DPO) directly; to do so, you may use the contact details noted above.