Privacy Policy

Last updated: March 17, 2025

Privacy Policy

GlamLuxe (VAT number 11618860966), with registered office and operational headquarters in via Cesare Beccaria n. 5 - 20122 Milan (MI) - (“GlamLuxe” or “Owner”) REA number Chamber of Commerce of Milan, Monza Brianza, Lodi MI1874968, telephone 0287366253 from Monday to Friday from 9:00 to 18:00, excluding Saturdays and Sundays as well as national holidays in Italy, email: privacy@glamluxe.it.

The Data Controller, Marco Viti (Tax Code VTIMRC65T03F205E) (hereinafter, “Data Controller”), responsible for defining and implementing the measures necessary to ensure compliance with the General Data Protection Regulation (EU Regulation 2016/679, hereinafter “GDPR”) and Legislative Decree 196/2003 and subsequent amendments (“Privacy Code”), is constantly committed to protecting the online privacy of its users.

This document has been drawn up in compliance with the information obligations established by art. 13 and 14 of EU Regulation 2016/679 ("GDPR") and Legislative Decree 196/2003 and subsequent amendments ("Privacy Code") in order to allow you to know our privacy policy and to know how your personal information is managed when you use our sites - https://www.glamluxe.it/ ("Site").

The information and personal data provided by you or otherwise acquired in the context of the use of GlamLuxe services - such as, for example, registration in the reserved area of ​​the Site, management of orders and any product returns, use of Discount Coupons via the dedicated section - ("Services"), will be processed in compliance with the provisions of the GDPR and the confidentiality obligations that inspire the activity of GlamLuxe.

In particular, this Privacy Policy aims to:

  • Inform you of your rights regarding the protection of personal data;
  • Describe the purposes and legal bases for the processing of your personal data;
  • Ensure transparency in how we collect, use, store and protect your personal data;
  • Explain to you how you can exercise your rights and how we will respond to your requests, pursuant to Articles 15-22 of the GDPR.

The processing of your Data is inspired by the principles of correctness, lawfulness, transparency, limitation of purposes and storage, minimization and accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to art. 5 of the GDPR. All processing operations are carried out in such a way as to guarantee an adequate level of protection and security, adopting the appropriate technical and organizational measures to prevent unauthorized access, accidental loss, or non-compliant processing.

Index

1. Data Controller and Data Protection Officer

The Data Controller for the processing carried out through the Site is Marco Viti, sole shareholder (hereinafter also simply “GlamLuxe” or the “Data Controller”) as defined above. For any information regarding the processing of your Data by GlamLuxe, you can write to the following address: privacy@glamluxe.it .

⬆ Back to Index

2. Purpose of the Processing

Pursuant to art. 6 of the GDPR, your personal data are processed for the following purposes:

TO.    Provide our services and respond to your requests and improve the quality of the service in compliance with the "Legitimate Interest of the Owner" (art. 6, paragraph 1, letter f)

We use your Data to be able to offer our Services, such as, for example: access to the reserved area of ​​the Site if you have previously registered or you have registered in the event of purchase of products made through a Discount Coupon; the execution of purchase orders, the delivery of products; the execution of activities related to the provision of products and services; to respond to and satisfy requests for assistance or information (including pre- and post-sales customer telephone assistance services, such as the management of any returns and complaints). The processing of this Data is optional, but any failure to provide it will make it impossible to provide you with the Services provided through the Site and to respond to your requests. The legal basis that justifies this processing is art. 6.1.b of the GDPR, i.e. the execution of a contractual obligation or pre-contractual measures adopted at your request.

B.     Comply with legal obligations to which we are subject (Article 6, paragraph 1, letter c):

We may use your Data to comply with any regulatory and tax obligations to which we are subject, which are the legal basis for this processing. For this reason, although the provision of your Data is always optional, such processing is necessary pursuant to art. 6.1.c of the GDPR.

C.     Allow you to pay with reduced VAT

We may use your Data, and in particular the Data relating to your health, to assess the existence of the requirements requested by the sector legislation, in order to allow you to benefit from the 4% VAT relief for the purchase of technical and IT aids on the Site or on the Mini-Sites.
This processing is optional, but failure to provide it will make it impossible to allow payments with reduced VAT. This processing is based on art. 6.1.b of the GDPR, i.e. on the execution of a contractual obligation or pre-contractual measures adopted at your request and, with reference to your Health Data, it is based on art. 9.2.b of the GDPR, i.e. on the need for GlamLuxe to fulfill obligations and exercise your specific rights in the field of labor law and social security and social protection.

D.    Detect anomalies in our Services

We use the Data you provide, Data collected from your browser and device, Data entered from your activities and aggregate information to prevent anomalies in the Services. For example, we may notice an anomaly in the opening of a link on our Site or use the Data to understand how to avoid a system bug.
This processing is necessary to ensure the correct provision of the Services, as well as to protect our legitimate interest in avoiding disservices pursuant to art. 6.1.f. of the GDPR.

AND.     Fraud Prevention

We may collect your Data, especially during a purchase, to protect ourselves from any fraud committed through the use of the Site and the services we offer and to allow us to protect ourselves in court. The processing for this purpose is based on art. 6.1.f of the Regulation and we believe that the relative balancing regarding the prevalence of this interest on the fundamental rights and freedoms of the interested parties has been carried out by the legislator (see Cons. 47 of the GDPR: [c] it constitutes [...] legitimate interest of the interested data controller to process personal data strictly necessary for fraud prevention purposes ).

F.     Consent of the interested party

 The consent of the interested party represents one of the legal bases for the processing of personal data, regulated by art. 6, paragraph 1, letter a of the GDPR. Unlike other purposes, which are based on contractual obligations, legal or on the legitimate interest of the owner, the processing based on consent requires an explicit, free and informed manifestation by the user. This guarantees direct control by the interested party on the use of their personal data for specific activities, such as sending commercial communications or installing non-essential cookies. The withdrawal of consent is always possible and does not compromise the legitimacy of the processing prior to the withdrawal, in compliance with art. 7 GDPR.

Specifically:

  • Subscription to the newsletter and sending of commercial communications

The processing of data for newsletter subscription and sending commercial communications is based on art. 6, paragraph 1, letter a of the GDPR, as it requires the explicit and informed consent of the interested party. This consent is collected through dedicated forms and managed in compliance with art. 7 GDPR, which regulates the conditions for a valid manifestation of consent. The user has the right to revoke this consent at any time without prejudice to the lawfulness of the processing prior to the revocation.

  • Use of non-essential cookies

The processing of non-essential cookies, such as profiling or marketing cookies, is regulated by art. 6, paragraph 1, letter a of the GDPR. In compliance with EU Regulation 2016/679 and the Guidelines of the Italian Privacy Guarantor, the installation of such cookies is subject to the explicit consent of the user, collected through a banner compliant with regulatory requirements. Consent management is also guaranteed through a revocation or modification mechanism, accessible at any time by the user.

  • Link to Cookie Policy

Both items are part of the regulatory framework that regulates consent for the processing of personal data, with particular reference to the use of non-essential cookies in line with the e-Privacy Directive (2002/58/EC) and the GDPR. The mechanisms for collecting, revoking and managing consent are mandatory to ensure transparency and control by the interested party.

For each of the purposes listed above, the processing is carried out exclusively within the limits set by the Regulation.

⬆ Back to Index

3. Object of the Treatment

We collect Data through our Site. The Data collected and the purposes for which it is processed depend on how you use our Services and how you manage the controls of the browser/device you are using.

According to the European regulation on the protection of personal data, legal entities cannot be considered interested parties and therefore the European regulation does not apply. However, if in the context of the collection of company data personal data relating to a natural person are entered, this will be considered interested parties pursuant to the aforementioned regulation. What does “processing personal data” mean? It means performing any type of operation on information that allows you to be identified, such as, in this case, your name and surname or your e-mail address. The operations can be of various types and consist, for example, of: collection, registration, storage, modification, consultation, use, cancellation or destruction. By reading this information you will know which of your personal data will be processed by GlamLuxe and why. Personal data (“Data”) is all information relating to you, through which you can be identified or identifiable.

The category of processed data includes, for example:

  • name, date of birth, email address, postal address, landline and/or mobile telephone number for contact purposes, information, updates relating to orders or promotional communications, subject to consent.
  • information relating to your PC, tablet or smartphone (such as the IP address, which is a numeric label that uniquely identifies a device – host – connected to an information network that uses the Internet Protocol (IP) as the network protocol, or the IMEI code, which is the numeric code that uniquely identifies your smartphone).

The Data Controller may carry out processing activities directly or through parties external to its organization, defined as Data Processors. These Processors process your Data based on the instructions of the Data Controller, and exclusively for the purposes established by the latter. Data Processors may be, for example, the parties that provide the technological infrastructure of the Site. To be specific:

  • Newsletter (via email and/or SMS): If you sign up for the newsletter, you will provide us with your email address and, with your consent, your telephone number to receive updates via SMS or WhatsApp."
  • Contact us : If you fill out the contact form we will ask you to indicate your name and surname and email address.
  • Purchase: If you make a purchase, we will ask for your personal details, contact information (including phone number, if necessary for shipping updates), and shipping address.
  • Registration : we will ask for personal data and contact information. You can also decide to register on the site during the finalization of the purchase and in this case we will use the data you provide us when filling out the purchase form or you can also decide to register via social media and in this case your data will be provided to us by Google or Facebook.
  • Abandoned Cart : We will process your email address and, if provided, your phone number to remind you of products left in your cart via email or SMS.
  • Product Availability Notification : We will process your email address and/or phone number to notify you of the availability of a product via email or SMS.
  • Reviews: We will use your email address and/or phone number, if provided, to ask you to provide us with reviews of your purchases.

 In any case, the IP address and navigation logs will be processed.

Details on using email, SMS and WhatsApp

As part of the processing of your personal data, GlamLuxe uses your contact details (email address, telephone number) for the following purposes:

E-mail:
The email address you provide us will be used to:

  • Sending order updates, such as order confirmations, shipping status, and notifications of any problems.
  • Promotional communications with your consent, to send you personalized offers, promotions, and news about our products and services.
  • Abandoned Cart Reminders: We will remind you to complete the purchase of products left in your cart with a frequency limited to one abandoned cart notification.
  • Post-purchase review requests to gather your opinion on the products purchased.

You can unsubscribe from promotional communications by clicking the unsubscribe link in each email or by updating your preferences in your personal account.

SMS:
If you provide us with your telephone number, we will use it exclusively for:

  • Sending order updates, such as shipping confirmation and delivery notifications.
  • Limited and targeted promotional communications, with your consent, to send you exclusive offers. The frequency of communications will be limited to a maximum of 2-3 SMS per month.
  • Abandoned Cart Reminders: We will send you a notification to remind you to complete your purchase, limited to one notification per session.

You can revoke your consent to receive SMS communications by replying with "STOP" to the messages received or by clicking on the cancellation link present in each message.

WhatsApp:
If you choose to provide us with your phone number, we may use it to:

  • Provide you with updates regarding orders you have placed.
  • Provide you with support and respond to specific questions, concerns, or requests for assistance.

You can stop communicating on WhatsApp at any time by deleting our contact from your address book or by sending an explicit request for cancellation.

Data Processing and Security:
All information provided will be processed in compliance with current regulations, in particular the GDPR. Contact details will be used exclusively for the purposes indicated above and will not be shared with unauthorized third parties. The frequency of communications will be limited and your data will be stored securely for the period necessary to pursue the indicated purposes.

Changing Contact Preferences:
You can change your contact preferences at any time by accessing your personal account in the Communication Preferences section or by contacting us directly through the channels indicated in the Privacy Policy.

 ⬆ Back to Index

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Data whose transmission is implicit in the use of Internet communication protocols and without which navigation is precluded. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of Data includes IP addresses or domain names of computers used by users who connect to the Site, URI (Uniform Resource Identifier) ​​addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. This Data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuses. The Data may be used to ascertain responsibility in the event of hypothetical computer crimes against the site or third parties: except for this eventuality, at present the Data on web contacts do not persist for more than 365 days.

5. Data provided by you, Data of third parties and Data provided by third parties

During the provision of the Services, you may provide us with Data such as your name, surname, email address and telephone number or that of third parties.
When using the “Discount Coupons” sales and shipping service on the Site, the Data of third parties provided by you to GlamLuxe may be processed. In such cases, you act as an independent Data Controller, assuming all legal obligations and responsibilities. In this sense, you grant the broadest indemnity with respect to any dispute, claim, request for compensation for damage from processing, etc. that may be received by GlamLuxe from third parties whose Data have been processed through the use of the functions of the Site in violation of the applicable rules on the protection of personal data. In any case, if you provide or otherwise process Data of third parties in the use of the Site, you guarantee from now - assuming all related liability - that this particular hypothesis of processing is based on an appropriate legal basis pursuant to art. 6 of the Regulation which legitimises the processing of the information and personal data in question.
In the event of the release of such data by third parties, GlamLuxe undertakes to process them to provide the requested Service and in particular, in the case of the "Discount Coupons" section, in order to allow the management of the purchase and the relative delivery of the products chosen by you.
Likewise, this Privacy Policy, which is also drafted pursuant to art. 14 of the Regulation, also describes how your Data will be processed if the latter have been provided by third parties in the context of the activities described above. In these cases, the source from which your Data originates is the one described in this paragraph (for example, a person you know who gave you a product purchased via a Discount Coupon). We inform you that you can at any time request information on the origin of your Data and/or request its cancellation by writing to privacy@glamluxe.it .

6. If you ask to pay with reduced VAT

If you request to benefit from the tax breaks provided for by Legislative Decree 669/1996 converted into Law 28 February 1997 n. 30 (Urgent provisions on tax, financial and accounting matters to complete the public finance maneuver for the year 1997) with reference to the purchase of products on the Site, you may provide Data pursuant to art. 9 of the Regulation and, in particular, data relating to your health in order to allow GlamLuxe to assess the existence of the requirements requested by the reference legislation in order to benefit from the 4% VAT tax break. The processing of such Data is based on art. 9.2.b of the GDPR, i.e. it is aimed at fulfilling obligations and exercising your specific rights in the field of labor law and social security and social protection, as described in this information.

7. Cookies

The Site uses cookies and similar technologies to ensure the correct functioning of its features, improve the browsing experience and provide personalized services to users. Cookies are small text files that the Site sends to the user's device, where they are stored before being retransmitted to the site on the next visit. These can be divided into different categories based on their purpose and duration.

In compliance with the General Data Protection Regulation (GDPR) and the ePrivacy Directive (2002/58/EC) , the processing of data through cookies is regulated by the following articles:

  • Art. 6, paragraph 1, letter a of the GDPR : the explicit consent of the user is required for the installation of non-essential cookies.
  • Art. 6, paragraph 1, letter b of the GDPR : technical cookies necessary for the provision of services requested by the user do not require consent.
  • Guidelines of the Italian Privacy Guarantor : specifically regulate the methods of acquiring consent for cookies, with particular attention to transparency and accessibility of information.

A. Types of cookies used

  • Technical cookies (Art. 6, paragraph 1, letter b of the GDPR): necessary for the functioning of the Site and include:
    • Session cookies: allow navigation and use of the Site.
    • Authentication cookies : essential for access to restricted areas.
    • Preference cookies: store your language preferences and other settings.
  • Analysis/statistical cookies (Art. 6, paragraph 1, letter f of the GDPR): used to collect aggregate information on the use of the Site, in order to improve its functioning. These cookies are anonymized and do not allow the identification of the user.
  • Profiling and marketing cookies (Art. 6, paragraph 1, letter a of the GDPR): used to personalize advertising content based on the user's interests. They require the user's explicit consent, which can be revoked at any time.
  • Third-party cookies : they can be sent by external suppliers to offer additional features or customizations (e.g. social media or advanced analytics). These parties operate as independent data controllers, in compliance with Art. 4, paragraph 7 of the GDPR .

B. Cookie management

Users can manage cookie preferences through:

  • The information banner that appears on the first visit, compliant with the requirements of the Guidelines of the Italian Privacy Guarantor .
  • The dedicated "Manage Consent" section, available at any time and compliant with articles 7 and 12 of the GDPR .
  • Browser settings, to block or delete cookies already installed. Please note that disabling technical cookies could compromise navigation and some features of the Site.

C. Duration and conservation

Cookies are stored for a variable period of time:

  • Session cookies : deleted when the browser is closed.
  • Persistent cookies : stored for a maximum period of 12 months, unless otherwise specified.

Additional Information

For further details on the cookies used, the third parties involved and how to manage consent, we invite you to consult our Cookie Policy [add link], drawn up in compliance with Art. 13 of the GDPR .

8. Who we share your Data with

We share your Data with the following categories of subjects (“Recipients”):

Persons authorised by us: these are our employees and collaborators who have signed a confidentiality agreement and specific rules for the processing of your Data (pursuant to art. 29 of the GDPR and art. 2-quaterdecies of the Italian Privacy Code);

Our Data Processors: these are the external parties to whom we entrust some processing operations. For example, this category includes suppliers for the security of our systems, consultants, accountants, technological platforms for data hosting, etc. These parties are formally designated and operate under the instructions of the Data Controller, in accordance with art. 28 of the GDPR;

Subjects who act as independent data controllers: these recipients process your data for autonomous purposes and not under the direction of the Data Controller, in accordance with art. 4, paragraph 7, of the GDPR;

System administrators: these are our employees or those of our Data Processors who are responsible for managing our IT systems and who therefore have the power to access, modify, suspend and limit the processing of your Data. These individuals have been previously selected, adequately trained and their activities are tracked by systems that cannot be modified by them, as provided for in the provisions of the Italian Supervisory Authority and in compliance with art. 32 of the GDPR;

Law enforcement agencies or any other body or authority whose measures are mandatory for us: this occurs for example when we must comply with a judicial order, a law or when it is necessary to defend ourselves in court. This sharing occurs in accordance with art. 6, paragraph 1, letter c, of the GDPR.

Payment service providers: your data may be shared with payment processing entities (e.g. PayPal, Stripe), in accordance with art. 6, paragraph 1, letter b, of the GDPR, to ensure the correct management of your orders;

Couriers and shipping agents: the data necessary for delivery (e.g. name, address, telephone number) are shared with companies responsible for logistics and shipping, in compliance with the contractual obligations set out in art. 6, paragraph 1, letter b, of the GDPR;

Legal and tax advisors: data may be shared with external advisors (e.g. lawyers, accountants) to ensure regulatory and tax compliance, pursuant to art. 6, paragraph 1, letter c, of the GDPR;

Providers of specific technological services: companies that provide tools or platforms for managing newsletters, web traffic analysis or Customer Relationship Management (CRM), designated as Data Processors pursuant to art. 28 of the GDPR;

Marketing and advertising companies: subject to your consent, the data may be shared with companies that manage promotional activities, in compliance with art. 6, paragraph 1, letter a, of the GDPR;

Insurance companies: in the case of products covered by guarantees or insurance policies, the data may be shared with insurance companies for purposes related to the execution of the contract, pursuant to art. 6, paragraph 1, letter b, of the GDPR.

9. Transfers of your Data abroad

In the event that some of your Data is shared with Recipients located outside the European Economic Area, GlamLuxe will ensure that the processing of your Data by these Recipients will be in compliance with the GDPR. Transfers may be based on an adequacy decision pursuant to art. 45 of the GDPR, on the “ Standard Contractual Clauses ” approved by the European Commission pursuant to art. 46, paragraph 2, letter c of the GDPR, or on another appropriate legal basis provided for by the Regulation.

For transfers to countries that do not guarantee an adequate level of protection, as provided for by art. 49, paragraph 1, letter b of the GDPR, the processing will be limited to the data strictly necessary for the execution of a contract between the interested party and GlamLuxe, for example for the delivery of purchased products. In these cases, GlamLuxe undertakes to ensure that the transfers are carried out with adequate security measures to protect your data.

10. How long do we retain your data?

Your Data processed to provide our services and respond to your requests, as well as to allow you to pay with reduced VAT, will be retained for the time strictly necessary to achieve those same purposes and in accordance with the terms established by law . In any case, since these are treatments carried out for the provision of Services, GlamLuxe will process such Data for the time permitted by Italian law to protect its interests arising from contractual obligations (art. 2946 cc). GlamLuxe reserves the right to retain your Data for the period of time provided for and permitted by Italian law to protect its interests in the event of civil liability or compensation actions (art. 2947, paragraphs 1 and 3, cc). The Data processed to fulfill legal obligations to which we are subject will be retained until the time established by the specific obligation or applicable law.

  • For the purpose of Fraud Prevention your Data is processed for a period of one year.
  • For the purpose of Detecting anomalies in our Services, your Data will be retained for a period of one year.

Specifically, we can summarize:

  • Tax and accounting data : 10 years (art. 2220 of the Italian Civil Code and art. 6, paragraph 1, letter c of the GDPR).
  • Marketing data: 24 months, unless consent is revoked (art. 6, paragraph 1, letter a of the GDPR).
  • Browsing data : 365 days (art. 6, paragraph 1, letter f of the GDPR).
  • Abandoned cart data: 6 months.
  • Data for tax relief (VAT at 4%) : Retained for the time necessary to fulfill tax obligations.
  • Automatic deletion: At the end of the retention period, the data will be deleted or anonymized through automated processes guaranteed by certified external suppliers.

11. What are your rights?

Pursuant to articles 15 and following of the Regulation, you have the right to ask GlamLuxe, at any time, for access to your Data, the correction or deletion of the same or to oppose their processing, you have the right to request the limitation of the processing in the cases provided for by art. 18 of the Regulation, as well as to obtain in a structured format, commonly used and readable by automatic device the data concerning you, in the cases provided for by art. 20 of the Regulation.

Requests must be sent in writing to the addresses indicated in the "Contacts" section of this information. In any case, you always have the right to lodge a complaint with the competent Supervisory Authority (Guarantor for the Protection of Personal Data), pursuant to art. 77 of the Regulation, if you believe that the processing of your Data is contrary to the legislation in force. The response times provided for by the Regulation to which we are subject are 1 month from your request (extendable to a further two months in the case of particular complexity). You can exercise any of the rights listed above by writing to privacy@glamluxe.it.

12. Changes to the information

This Privacy Policy is effective from 01/31/2025. GlamLuxe reserves the right to update the content of this information, in part or completely, also due to changes in the applicable legislation. If the changes concern substantial changes in the treatments or have a significant impact on customers, GlamLuxe will notify you appropriately. GlamLuxe therefore invites you to regularly visit this section of the Site, where you can always find the most recent and updated version of the Privacy Policy, in order to be updated on the data collected and on the use that GlamLuxe makes of it.

13. Contacts

To exercise the above rights or for any other request you can write to the Data Controller: Via Cesare Beccaria n. 5 - 20122 Milano (MI) or by e-mail to privacy@glamluxe.it