This section describes the way personal data of the User(s) is handled by the website.

The information leaflet is provided in accordance with section 13 of Italian Legislative decree no. 196/2003, also known as the Italian Personal Data Protection Code, and section 13 of EU Regulation 679/2016 (GDPR – General Data Protection Regulation), for all visitors to the Website and users of Skinlabo S.r.l. website services accessible via the Website.


The data controller responsible for handling your personal data is Skinlabo S.r.l., Via Varallo 22/A,10153 Torino (TO) – Italia, VAT no. 11541460017, (hereafter “Skinlabo” or “Data Controller”), e-mail



The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. 

This information is not associated with identified Data Subjects; however, its very nature means it could allow users to be identified.

This category of data includes (i) IP addresses or domain names of the computers used by users connecting to the site, (ii) the addresses in the Uniform Resource Identifier (URI) of the requested resources, (iii) the time of the request, (iv) the method used in submitting the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (good order, error, etc.) and (vii) other parameters related to the operating system and the computer environment of the user. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.


For information regarding the use of cookies and data handling, please read the specific policy leaflet at this link


The Data Collector handles personal data, identification and non-sensitive details (name, surname, email address, residential address, city, delivery details, telephone number) hereafter referred to as “Personal Data”.

The User accepts full responsibility for third party data published or shared via the Website, and declares the right to communicate or share them. The User declares him/herself to be an adult (over 18), releasing the Data Controller of any responsibility. 

Personal data treatment concerns all the processing activities of data collected (also by the use of cookies) as stated in section 2.2, on the website for the purpose of requesting information, registration for the Newsletter or Mailing List, consultation/modification of one’s own profile and online purchasing.


The User’s Personal data is processed by the Data Controller in order to:

  • fulfil legal requirements according to section 6.1, point f) of the GDPR, and ensure security of the website and information, i.e. the website’s ability to safeguard against unforeseen events or illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted, and the security of related services offered or accessed therein;
  • to fulfil precontractual and contractual requisites following requests for information, sale of products on, purchases made in-store/online (e.g. fiscal and accounting obligations);
  • solely with express consent in accordance with sections 23 and 130 of Italian Privacy Law and section 7 of the GDPR for marketing purposes:
    1. sending of newsletters and commercial/promotional communications, informative and/or advertising content related to Skinlabo products or services, as well as statistical analysis and market research strictly related to services offered by the portal
    2. sending of commercial offers related to services and products supplied by third parties, unrelated to the products and services supplied by the Skinlabo website;
  • to exercise the rights of the Data Controller, e.g. the right to defence in legal claims;
  • solely with express consent in accordance with sections 23 and 130 of Italian Privacy Law and section 7 of the GDPR for profiling purposes involving analysis of purchasing habits or choices by Skinlabo customers and dealing mainly with:                                                                                  a) information regarding date and time of viewing by User of email messages which may contain commercial/marketing information regarding the website as well as the User’s response to said emails and information pages reached by clicking on links within said messages.                                                                                                       b) customer data acquired during purchasing of products from the website, including the tracking of type and frequency of purchases made;
  • in compliance with legal requirements as laid down by Italian law, European law and/or other authorities.


 Apart from what is laid down expressly in the section on Navigation Data, which is necessary to allow correct functioning of the website, and cookies (as explained in the cookie policy section), the release of personal data is optional. Users are free to supply their own personal data when requesting information. However, the lack (or partial supply) of data in mandatory fields of the forms will make it impossible to supply the products and services offered on


Personal Data are processed and stored by automated means for the time necessary to fulfil the purposes for which they are collected.

 It should be noted that the User’s personal data are processed both in paper form and/or by telematic means, also with the use of electronic means by the Data Controller or other parties charged with this task (data entry companies hired to provide this service, management of online purchase orders, management of order payments), which are always identified and/or nominated, trained and fully aware of restrictions laid down by law as well as security measures designed to guarantee the Customer’s privacy and avoid risk of loss, damage, unauthorised access, non-consensual processing or processing for purposes not stated above.


Your data may be shared with service providers expressly tasked with performing certain duties regarding the activity of the Data Controller and/or, generally operating as autonomous data controllers and/or responsible for the processing as well as communication and/or dissemination of data requested in accordance with the law, police authorities, legal authorities, information and security services, or other public authorities for purposes of defence and national security or prevention, checking or prevention of criminal offences. The data may not be disseminated to other parties.


Personal data are managed and stored on servers within the European Union. However, if the Data Controller hold it necessary, the servers may be moved within Italy and (or in the EU region and/or outside of the EU). In said event, the Data Controller guarantees that the transfer of data outside of the EU will take place in accordance with current law, establishing if necessary agreements that guarantee an adequate level of safeguarding and/or adopting the standard contractual clauses laid down by the European Commission.


In accordance with section 7 of the Italian Privacy Law and sections 15 and subsequent of the GDPR, the User has the right to obtain:

  1. confirmation of the existence (or lack of) Personal Data that affect him/her, even if not yet registered, their communication in intelligible form and access to same;
  2. a copy of his/her Personal Data;
  3. the correction of any incorrect Personal Data;
  4. the removal of his/her Personal Data;
  5. restrictions on processing of his/her Personal Data;
  6. in a structured form for common use and readable by automatic means, the Personal Data supplied or uploaded by the User;
  7. indication of:
  • the origin of the Personal Data details;
  • the categories of Personal Data processed;
  • the purposes and method of processing;
  • the logic applied in the event of processing carried out by electronic means;
  • identification details of the Data Controller and any other processor;
  • the storage period dates of the Personal Data or other useful information for determining said period:
  • subjects or categories of subjects to whom the Personal Data may be communicated or who may come into contact with them as designated authorities in that country;
  • the updating, correction or, where requested, the addition of new data;
  • the rendering anonymous or total blocking of data processed in violation of the law, including data storage which is not necessary according to the purposes for which it was collected or subsequently processed;
  • The User also has the right to contest, totally or in part:
  • for legal reasons, the processing of Personal Data even if pertinent to the purposes of collection;
  • the processing of Personal Data intended for the sending of advertising material or direct marketing content, or for market research analysis or commercial communications.

To exercise the above rights, Users may send a message by email to the Data Controller, as stated in section 1, with the subject reference “Privacy”. We inform you that if you believe your rights have been violated by the Data Controller and/or third parties, you have the right to lodge a complaint with the Guarantor for the Protection of Personal Data and/or other competent authority as stated by the GDPR.


The User’s Personal Data will be processed by the Data Controller strictly for the time necessary to achieve the purposes for which it was collected as stated in section 3, after which it will be stored solely according to current Data Protection law, for administrative purposes and/or the enforcement or defence of one’s rights. In particular, for marketing purposes, the User’s Personal Data will be stored by the Data Controller for a maximum period of two years; the Data will be stored for profiling activity for no more than one year.


This document represents the Privacy Policy of the website which may be modified and/or updated at any time. Should the Data Controller intend to process the Personal Data of users for purposes other than those stated in section 3, he/she will supply the User (before proceeding to said processing) with adequate information regarding the different purposes, and carry out said processing in accordance with current law.


Finally, we inform you that should you believe your rights to have been violated by the Data Controller, you have the right to lodge a complaint with the Guarantor for the Protection of Personal Data and/or any other competent authority as stated by the Regulations published on

This Privacy Policy was published on 23/05/2018. Any updates will be published on this page.