Last update: 13/12/2021

Version: 1.0

This page describes the website management procedures for processing personal data belonging to the users who access it.

This disclosure is provided pursuant to Art. 13 of Regulation (EU) 679/2016 (hereinafter, the "Regulation") to those who interact with the web services of Cosmetica Italia (hereinafter also the "Company"), accessible electronically at the address: This disclosure refers only to our company's website, not to other websites that may be accessed by the user via links present on the site.

The disclosure is based on Recommendation no. 2/2001 that the European authorities for the protection of personal data, gathered into the group established by Art. 29 of Directive 95/46/EC adopted on 17 May 2001 to establish the minimum requirements for collecting personal data online, and particularly as regards the manner, timing and nature of the information that data controllers must provide users when they connect to web pages, regardless of the purpose of the connection.

Site terms and conditions of use

The site responds to the purpose of presenting to its recipients, which may be companies, employees of companies, organisations, entities or individuals, (hereinafter, for the sake of brevity, "users") the services and plan of events related to the Milano Beauty Week initiative (hereinafter, also "MBW").

The site also facilitates user subscription to the informative newsletter of this initiative. Some contents of the site are confidential and accessible through the use of authentication credentials (username and password). Any use of such contents without valid possession of these credentials constitutes illegal use, and as such may be prosecuted in appropriate legal forums.

Intellectual Property

All rights to the content (such as texts, images, site architecture) are reserved in accordance with applicable legislation. The content of site pages cannot be copied, reproduced, transferred, uploaded, published or distributed in any way, in whole or in part, without the prior written consent of the Company, without prejudice to the possibility of its storage on one's own device or printing extracts from pages of this site for personal use only.

Any form of link to this site by third parties must not damage the image and activities of the Company. Deep linking, or the non-transparent use of parts of this site on third party sites, is prohibited.

Unless explicitly authorised in writing, any failure to comply with these provisions will be prosecuted in the competent civil and criminal courts.

Liability disclaimer

Cosmetica Italia cannot in any way be held responsible for damage of any kind caused directly or indirectly by accessing the site, or by the inability or impossibility of its access.

Cosmetica Italia reserves the right to modify the content of the site and this page at any time, without notice.

The indication of links to external websites does not imply any type of approval or sharing of responsibility on behalf of the Company as relates to the completeness and correctness of the information contained in such sites.

Data controller

The Data Controller of the processing activities of personal data collected while browsing the site is Cosmetica Italia - Associazione Nazionale Imprese Cosmetiche, with registered office in Milan, Via Accademia, 33 (hereinafter, the "Data Controller"). For the purposes described below, the Company may make use of the services of external companies, specifically appointed as Data Processors pursuant to Art. 28 of the GDPR.

Specific processing activities (newsletter subscription, submission of the application for participation), carried out in a joint processing regime with other subjects, present detailed information upon the collection of personal data, and also indicate other Data Controllers.

Type of data processed, processing purpose and legal bases

Browsing data

The IT systems and the software procedures for the functioning of this website acquire, during normal exercise, various personal data, the transmission of which is implicit when using Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could allow users to be identified through the processing and association with data held by third parties, carried out only after an explicit request by the judicial authority. This category includes IP addresses or the domain names of computers used by users who connect with the site, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment. These data, which are deleted immediately after their processing, unless express consent is requested for profiling purposes in the manner indicated in the following paragraph "Data collection points", is used by Cosmetica Italia for the sole purpose of obtaining anonymous statistical information on use of the site and to verify its correct functioning. These data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site. In all other cases, data on web contacts currently do not remain for more than seven days.

Data provided voluntarily by the user

The Company may collect personal data provided voluntarily by the user. Collection can take place, for example, when the user subscribes to the newsletter, decides to submit an application for their company or requests information.

If the user provides us with personal data of third parties, the user must ensure that the communication of the data to the Company and our subsequent processing for the purposes specified in this Privacy Policy or detailed disclosure take place in compliance with applicable legislation and therefore, for example, before providing us with personal data of third parties, the user must inform them and obtain their consent to processing, if required by the aforementioned legislation.

Data recipients

Third-party service providers. We share the personal data of users with third party service providers which will act as data processors appointed pursuant to Art. 28 of the GDPR, in order to make use of the site possible and/or receive services through the site itself. By way of example, these third parties may include professionals, also in associated form, who provide technical, commercial or administrative consultancy services to the Company for the pursuit of its business and the purposes described in this Privacy Policy, companies involved in the management or maintenance of the computer infrastructure on which the site is based, and suppliers of support services.

Third parties in compliance with a legal obligation or to protect the rights of the Company.  The communication of the personal data of users may take place vis-a-vis institutions, the police or judicial, administrative, regulatory or public security authorities, in the context of legal or administrative proceedings, or in order to fulfil a legal obligation or protect our rights, also in court.

Data of minors

The Company does not collect or intentionally retain the personal data of individuals under the age of 18, nor does it intentionally allow such minors to use the Website.

Users under the age of 18 are asked not to register for the services on the Website or provide personal data.


The website uses cookies. As clarified by the Privacy Authority in the FAQ of December 2012, available at, cookies are "small text files" comprised of letters and numbers "that sites visited by the user send to the user's terminal (usually to the browser), where they are stored and then retransmitted to the same sites the next time the user visits them". Cookies are used to streamline the analysis of web traffic or signal when a specific site (or part of it) is visited. They serve to distinguish visitors from one another in order to provide personalised content, and help administrators to improve the site and browsing experience of users themselves.

Other information stored on the user's device cannot be accessed by the Company through cookies, even in locations where the cookies are downloaded. Cookies cannot load codes of any kind, or carry viruses or malware. They are not harmful to the user's computer or device.

This site also uses its own and third-party profiling cookies. User consent is required for the use of profiling cookies.

The aforementioned cookies can be temporary (when they are automatically deleted at the end of the session), permanent (when they remain stored on the user's hard disk, unless the user deletes them), first party (when they are set and managed directly by the site operator) and third party (when they are managed by a domain different from the one visited by the user).

All of the information on cookies installed through this site, as well as indications on how to manage your cookie preferences is provided in the site's Cookie Policy.

Processing place and methods

Personal data are processed in paper format and/or with automated tools. Specific security measures are taken to prevent the loss, illicit or improper use of data and their unauthorised access.

Transfer of data abroad. No transfers of personal data will be carried out outside of the European Economic Area in the pursuit of the aforementioned purposes. Internet communications such as emails or webmails may transit through different countries before being delivered to recipients. The Company cannot be held responsible for any unauthorised access or loss of personal information outside of its own control.

Storage periods

We retain the personal data of users only for the time strictly necessary in order to provide services or to achieve the purposes for which the data was collected, or to comply with legal obligations. After this period, the personal data will be deleted or rendered anonymous.

In the event that we have collected personal data based on the user's consent and no longer have any other valid legal grounds to continue with its processing, if the user subsequently revokes his/her consent, we will delete the personal data covered by such revocation.

Data security

The Company adopts security measures in order to safeguard the confidentiality of users' personal data. Nevertheless, due to the nature of the Internet, continuous technological evolution and other factors beyond our control, the security of data transmission over the Internet cannot be fully guaranteed and, therefore, we cannot ensure or guarantee the security of the data and of the information that the user transmits to us and the user recognises and accepts that such transmission is at his/her own risk. Users are recommended to take appropriate precautions when using the site, such as keeping their login credentials strictly confidential, periodically changing their password, and updating their system.

Rights of data subjects

Users have the right to access, rectify or delete the data stored by the company that concerns them, the right to object to, or restrict, certain types of processing (including the right to revoke their consent to processing activities previously given), as well as to receive personal data concerning them in a structured and commonly used format readable by an automatic device (right of data portability). Finally, users have the right to file a complaint with the competent Supervisory Authority. Exercise of the above rights is at no cost to the user but, should we consider exercise of the privacy rights by the user manifestly unfounded or excessive, we may reserve the right to charge such user a reasonable contribution for expenses to process the request. To exercise their privacy rights or request any information or clarification regarding this Privacy Policy, users can contact the Privacy Authority at: