The current legislation on the processing of personal data, defined in accordance with the provisions contained in the EU Regulation 2016/679 of 27 April 2016, concerning the protection of individuals with regard to the processing of personal data as well as the free movement of such data (General Data Protection Regulation, hereinafter "GDPR"), contains provisions aimed at ensuring that the processing of personal data is carried out in compliance with the fundamental rights and freedoms of natural persons, with particular regard to the right of data protection.
We inform you that Avon is the Data Controller and is committed to ensuring that your personal data is protected.
2. What type of information do we collect?
Depending on how you interact with us (online, offline, over the phone, etc.), we may collect from you various types of information, as described in this section. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Data directly provided by you
This is mainly the data collected and processed when you contact us or interact with us through our website, email or phone, for example:
- information that you provide by filling in forms on our website. This includes information provided at the time of registering to use our website, subscribing to our services or requesting further services, such as your name, location, your contact details (postal address, including billing and delivery addresses, telephone and mobile numbers and e-mail address), financial details including payment details;
- if you contact us, we may keep a record of that correspondence;
- details of transactions you carry out through our website, our Customer Service/Sales teams and via email and of the fulfilment of your orders.
Other data collected
The computer systems used to operate this site acquires, during their standard operation, some personal data whose transmission is implicit in the use of Internet communication protocols, such as:
- details of your visits to our website, including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access;
- details of transactions you carry out through our website and of the fulfilment of your orders.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
These lists are not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this policy.
3. How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you
- email us;
- submit a job application;
- enter a survey; or
- give us some feedback.
- Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
- Third parties or publicly available sources. We may receive personal data about you from various third parties as set out below:
- Technical Data from the following parties:
(a) analytics providers such as Google based outside the EU; and
(b) search information providers.
4. Use of information
We may use information held about you in the following ways:
- to allow the functioning of the website and to provide feedback to your requests through the website or through Customer Service, to ensure order fulfilment, and in order to carry out our obligations arising from any contracts entered into between you and us;
- as part of our efforts to keep our site safe and secure, to help us understand more about how our website is used and to improve our website. This processing is necessary in order to administer our website and to conduct internal operations, including troubleshooting, data analysis, testing, research, statistical and surveys. It allows you to participate in interactive features of our services, when you choose to do so, to be notified about changes to our services and to ensure that content from our website is presented in the most effective manner for you.
Furthermore, this processing allows us to measure or understand the effectiveness of advertising we serve to you and others. Your personal information may be disclosed to any member of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries), and to third parties; for marketing purposes, to provide you with information, products or services that you request from us or which we feel may interest to you, and to deliver advertising relevant to you.
5. Legal basis for processing your personal data
The processing of personal data for the purposes referred to in paragraph 3 letter a), is mandatory in order to allow the functioning of the website and to provide feedback to your requests through it. In this case the processing is necessary for the purposes of complying with our duties and exercising our rights under a contract for the sale of goods and/or services to you. Failure to provide us with this data will turn into the impossibility for us to deliver the requested goods/services.
The processing of personal data for the purposes referred to in paragraph 3 letter b) is necessary on the basis of our legitimate interest to improve our products, services and your overall experience of Avon as a business, in line with your reasonable expectations as a user. After a thorough assessment, we concluded that your rights and freedoms are not overridden.
The processing of your personal data for marketing purposes, referred to in paragraph 3 letter c), is optional and subject to your consent. Failure to provide data for these purposes will make it impossible for you to receive our commercial communications. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You have the right to withdraw your consent at any time and we will cease to process data for marketing purposes after consent is withdrawn. This will not affect the lawfulness of processing based on consent before your withdrawal.
Finally, we will need to process your personal information to be able to comply with applicable legal obligations (e.g. in accordance with applicable tax laws) and, in some circumstances to follow up any enforcement activities by courts and independent authorities (for example, if we are requested to disclose your personal information to regulatory bodies or civil and/or criminal courts).
The processing of your personal data will be carried out, with or without the use of electronic tools, according to principles of fairness, lawfulness, transparency, so as to protect at any time your confidentiality and rights of the in compliance with the provisions of the GDPR.
We use “cookies” and other technologies on our website.
The terms and conditions governing our use of "cookies" and such other technologies on our website are set out in our Cookies Policy below.
By using our website, you agree to be bound by the terms of our Cookies Policy.
7. Your rights
The GDPR grants you specific rights, including to ask us for:
- the confirmation that a processing of your personal data is occurring and, in this case, to obtain access to these data (right of access);
- the correction of inaccurate personal data or the integration of incomplete personal data (right to rectification);
- the cancellation of your personal data, within the limits provided for by the GDPR (right to erasure);
- the limitation of processing of your data, to the extent provided for by the GDPR occurs (right to restriction of processing);
- to receive the personal data you provide to us in a structured, commonly used and machine readable form, and to transmit this data to another data controller (right to data portability).
Furthermore, you have the right to lodge a complaint with the Italian Data Protection Authority. Further information, including contact details, is available at www.ico.org.uk
If you would like further information please contact us by clicking the link below.
The website may, from time to time, contain links to and from the websites of other organisations. If you follow a link to any of these websites, please note that they have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
8. Disclosure of your information
We share your personal information with certain third party service providers. They only have access to the personal information they need to perform those services. Such third party service providers fall into the following categories:
- distributors who help us to deliver products to you, and maintenance services providers;
- consultants for financial services, administrative services, IT technologies, hosting services, security services and insurance claims;
- third parties that help us to provide services and responses to you.
Furthermore, in the event that we sell or buy any business or assets, we will disclose your personal data to the prospective seller or buyer of such business or assets.
We only allow our service providers to process your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to us and to you, and for no other purposes.
We may share non-personal statistical data about our website’s traffic patterns with partners or other parties. However, we do not sell or share any personal information about individual users.
To deliver products and services to you, it is sometimes necessary for us to share your data outside of the European Economic Area (“EEA”). This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws, and they are made only towards countries that ensures:
- an adequate level of protection of your data, according to an adequacy decision by the European Commission; or
- the adoption of appropriate safeguards, on condition that they assure you the enforceability of your rights and effective legal remedies.
Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers.
9. Usernames and passwords
Where you have registered on our website and have been provided with a username and password, you agree not to make available your username and/or password to anyone. If there has been a disclosure of your username and/or password, you agree to promptly notify us of such disclosure, so that Avon can take appropriate security measures and provide you with a new username and password.
10. How long do we keep your data?
Your data will be stored for a period of time not exceeding that necessary to achieve the purposes for which they are processed. We use several criteria in order to assess the most suitable data retention period. For instance, in relation to the management of the contractual relationship with you, your data will be processed and stored for the duration of the contract and subsequently for the time where a claim may be raised by you or by us. Such assessment is carried out taking into account the relevant statute of limitation period, in accordance with the applicable law. As for marketing purposes, we will not process your data after 3 years from your last consent.
11. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.