Privacy & cookie policy

Articles 13 et seq. General Data Protection Regulation No. 2016/679 (“GDPR”)


www.fanola/it


Introduction Dear user, when you access and browse this website (hereinafter the 'Site'), some of your personal data are collected, stored and managed (technically 'processed') through the device you are using, also through the analysis and storage of your IP address, browsing data, "cookies" and other online identifiers such as "pixels".


In light of these processing activities, in compliance with applicable regulations that provide for obligations of protection, confidentiality and security of your data, Pettenon Cosmetics S.p.A. SB sets out below the purposes and means of processing in its capacity as Data Controller.


Data Controller The processing of personal data carried out following access to and interaction with the Site will be performed, in its capacity as Data Controller, by Pettenon Cosmetics S.p.A. SB, with registered office in San Martino di Lupari (PD), Via del Palù, 7d, VAT no. and Tax Code 04937500280.


Pettenon Cosmetics S.p.A. SB can be contacted at the following details:


by sending an email to privacy@pettenon.it by phone at +39 049 99888 by ordinary mail at the registered office address indicated above.


Pettenon Cosmetics S.p.A. SB has appointed a Data Protection Officer (“DPO”) who can be contacted by sending an email to dpo@pettenon.it.


Categories of processed data


The categories of processed data are as follows:


  • information relating to the user’s browsing activity on the Site, including so-called online identifiers and data relating to the devices used;
  • personal identification and contact data freely provided by the user on the Site, such as: first name, last name, email address, phone number;
  • personal data acquired from third parties or sources, in relation to specific initiatives or purposes promoted by the Data Controller;
  • additional personal data, specifically identified, in the event of implementation of new features or services.

Purposes, legal bases and data retention periods


In the table below, the Data Controller sets out the specific purposes for which personal data are processed, together with the relevant legal basis and the maximum retention period, where it is possible to indicate it precisely (otherwise, the retention criterion is indicated based on the technological tool used).


PurposeLegal basisRetention period
Provision of Site browsing functionalities, its pages and content such as product catalogs6 (1) (b), for the performance of pre-contractual measuresfor the duration of the user’s stay on the Site, up to a maximum of 24 months.
Responding to contact requests or information requests sent by the user6 (1) (f), for the pursuit of the Data Controller’s legitimate interest in maintaining relationships with Site usersfor a maximum of 10 years from the interaction with the user.
Management of unsolicited contacts from Site users, through submission of CVs and/or other communications6 (1) (b), for the performance of pre-contractual measuresfor a maximum period of 12 months from the end of the selection process, unless further retention is required or consent is provided by the user.
Analysis of usage statistics and improvement of Site functionalities through technologies involving data processing under Dir. 2002/58/EC6 (1) (a), based on user consentuntil the expiration of the longest stored online identifier, unless deletion or anonymization is requested.
Analysis of usage statistics and improvement of Site functionalities where Dir. 2002/58/EC does not apply due to technical operation6 (1) (f), for the pursuit of the Data Controller’s legitimate interest in improving products and servicesonly for the time necessary to fully anonymize the collected data.
Re-contacting the user following events or occasions where contact data were collected6 (1) (a), based on consent or alternatively 6 (1) (f), legitimate interest in maintaining contact with interested usersuntil withdrawal of consent or up to 3 months from data collection in case of legitimate interest, unless the user objects.
Newsletter subscription and management of marketing communications6 (1) (a), based on user consentuntil withdrawal of consent and no later than 2 months thereafter for technical purposes.
Profiling activities to analyze user preferences and habits6 (1) (a), based on user consentuntil withdrawal of consent and no later than 2 months thereafter for technical purposes.
**Additional information on data processing**

If the user wishes to obtain more information regarding the balance between the Data Controller’s legitimate interests and the fundamental rights and freedoms of the data subject, they may contact the Data Controller using the details provided, with the right to receive a response as soon as possible and within the time limits provided by law.


In the event of disputes with the user or third parties, or checks by competent Authorities, retention may be extended until the expiry of the applicable limitation period.


Data will not be disclosed in any way, except with the user’s explicit and prior consent and within the limits of the law.


Consequences of failure to provide data


Providing personal data marked as mandatory on the Site is necessary to pursue the related purposes: failure to provide such data makes it impossible to carry out the relevant processing.


Providing other personal data is optional: failure to provide such data may result in partial or total inability to access certain Site functions. For marketing and profiling purposes, as well as for non-technical “online identifiers”, consent is optional: there is no legal or contractual obligation to provide such data or to consent to processing.


Automated decision-making processes


No personal data processing is carried out through automated decision-making processes pursuant to applicable law, in particular Article 22(1) and (4) of the GDPR.


In any case, any automated processing will not produce legal effects concerning the user or significantly affect them, unless specific informed consent is obtained and always within legal limits.


Categories of recipients of personal data


Within the limits of the purposes indicated above, personal data may be processed or disclosed to:


  • employees and/or collaborators of the Data Controller;
  • third parties appointed as Data Processors (including service providers), including their employees and collaborators;
  • judicial, administrative and/or public security authorities, in compliance with legal provisions.

The full list of Data Processors and third parties can be requested from the Data Controller at any time.


Transfer of personal data outside the European Economic Area


Personal data may be transferred to countries outside the European Economic Area for technical reasons, to entities located in countries deemed “adequate” by the European Commission, including participants in the “EU-US Data Privacy Framework”, or to entities that have signed Standard Contractual Clauses approved by the European Commission.


Rights of the data subject


The data subject may exercise the rights provided by Regulation (EU) 2016/679 at any time. In particular, the data subject has the right:


  • to access their personal data;
  • to obtain rectification or erasure or restriction of processing;
  • to object to processing where permitted;
  • to obtain data portability where applicable;
  • to withdraw consent, without affecting prior lawful processing;
  • to lodge a complaint with the supervisory authority (in Italy: www.gpdp.it).

These rights may be exercised by contacting the Data Controller, in particular via the email address indicated above.



What cookies and other tools used by the Site are


Cookies are small text files sent by the Site to users’ devices and then retransmitted to the Site during subsequent visits; they may have different characteristics and be used for various purposes, both by the Data Controller and third parties.


The Site uses different types of cookies in compliance with the Italian Data Protection Authority’s Guidelines of June 10, 2021.


Cookies may be “first-party” or “third-party”.


Some cookies are “technical” and do not require consent. These include session and persistent cookies.


The Site also uses “profiling” cookies, subject to user consent, to personalize and improve user experience.


Additional “online identifiers” may also be used for analysis and monitoring, some of which do not store data on the user’s device and comply with the Digital Markets Act.


How to manage cookie settings


Consent can be revoked via the Site’s cookie banner or preference tools.


Further information: http://www.youronlinechoices.com/uk/your-ad-choices
http://www.allaboutcookies.org/manage-cookies/index.html


Cookies can also be disabled via browser settings, although this may affect Site functionality.


Browser instructions:


  • Apple Safari
  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox

Last update: October 27, 2025

Pettenon CosmeticsVisit the Group’s website to learn more about our history and the values that guide usDiscover More

PETTENON COSMETICS SPA S.B. Having its registered office at Via del Palù 7/D 35018 - San Martino di Lupari (PD - Italy) Fiscal Code, VAT n. and Padua Business Registry no. 04937500280 R.E.A. PD 430007 Fully paid up share capital € 7.500.000,00 Company subject to management and coordination by AGF88 Holding S.r.l.

Follow us
© 2026 Fanola - All rights reserved
Terms of usePrivacy & cookie policy