PERSONAL DATA PROTECTION INFORMATION
For Stilio Digital SRL ("Stilio"), your privacy and the security of your personal data are very important. We collect and manage your personal data with the utmost care and take specific measures to keep them safe.
Below, you will find the main information about Stilio's processing of your personal data in connection with your navigation on https://stilio.md and the Stilio app, and the use of the services offered. For detailed information on how Stilio manages your personal data, please read further.
This information is provided in accordance with the provisions of Law No. 133 of July 8, 2011 on personal data protection.(referred to hereinafter as the "Law"), to the users (hereinafter: "Users") of the desktop and mobile version of the website and any mobile application related to the service (hereinafter: the "Site and Application") owned by Stilio Digital SRL, Data Controller (hereinafter: "Data Controller"), and aims to describe the methods of managing the Site and Application with regard to the processing of personal data and to allow Users of the site and application to know the purposes and methods of processing personal data by the Data Controller in case of their provision.
As specified in the Terms and Conditions of Use, the services offered by the Administrator/Operator and Partners are intended for individuals over 18 years of age. In case the Administrator becomes aware of the processing of data of minors under 18 years of age without valid consent from parents or a legal guardian, the right to unilaterally suspend the use of the service offered is reserved, as well as the right to cancel acquired data.
Please also read the "Terms and Conditions of Use" of the Stilio platform, which contains detailed information about the conditions related to our services.
PRINCIPLES APPLICABLE TO PERSONAL DATA PROCESSING
The Data Controller, under and in accordance with the Regulation, announces that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data and that such processing will be based on the principles of fairness, legality, transparency, and protection of confidentiality and fundamental rights.
User/Subscriber - any natural or legal person in full legal capacity who visits and/or interacts with the website https://stilio.md or/and the mobile application "Stilio" (found on AppleStore / Google Play Market) named "platform," including for consulting, booking, or purchasing services; establishing, modifying, or canceling appointments with the Partners registered on the STILIO platform or, as the case may be, for the purpose of becoming a Partner by concluding an electronic contract/agreement with STILIO and having a business account on the STILIO platform/potential beneficiaries of services interested in purchasing the services presented on the website;
Users who also want to book or purchase the offered services, or to receive automatic updates and information, need to register by creating their corresponding User page and becoming a "Subscriber."
The personal data necessary for user registration are:
- First Name
- Last Name
- Email Address
- Phone Number
Data related to how you use the platform, such as your behavior/preferences/habits on the website, as well as any other categories of data you provide directly in the context of making a reservation or in any other way resulting from the use of the Site.
Later, the User can become a "Partner," "Salon," or professionals (Providers) who offer their products and services for sale on the STILIO platform.
What Personal Data Do We Collect? Collection of Browsing Data
The computer systems and technical and software procedures underlying the operation of the Site and Application acquire, during normal operation, certain personal data, the transmission of which is implicit in the mechanisms and protocols of access and operation used on the Internet.
Whenever the User connects to the Site and Application and whenever the User calls or requests content, access data is stored on our systems, in the form of tabular or linear data files.
This data may be used by the Data Controller for the exclusive purpose of obtaining anonymous statistical information regarding the use of the Site and Application to identify pages preferred by Users and, therefore, to provide increasingly suitable content and to verify its correct operation. At the request of the Authority, the data could be used to ascertain liability in the event of hypothetical computer crimes against the Site and Application or its Users.
In addition, the categories of personal data that Stilio collects and processes when you browse or make reservations on https://stilio.md are as follows:
- We collect the personal data necessary to complete and execute your reservation on the STILIO platform, such as your name and surname, email address, address, phone number.
- We process personal data that you provide when contacting our Customer Service to provide the assistance requested.
For the registration of your Stilio account, we collect your name and surname, email address, password, and birthdate. If you are a registered user, we collect information about your access to the reserved area of the Site. With your explicit consent, through the analysis of your personal data, we can process information about your interests and preferences regarding our services, in order to present proposals and offers that match your tastes.
Information about profiling, search engines, and location data.
We collect information about your navigation on the STILIO platform, such as the pages/screens you visit and how you interact with a single page/screen, and save this information on our servers. Only with your consent, the Data Controller will be able to personalize your experience as a registered user using this information, analyzed and through automated processes such as profiling, to offer you advances and offers according to your tastes and to send you personalized commercial communications according to your interests. These communications will take place exclusively in the manner you have chosen.
When using the STILIO platform with the location detection function active, the Site and Application may collect and process information about the current location of the User. This data is processed in a format that allows the personal identification of the registered User and is used to enable the sending of personalized promotional communications based on the places registered by the location service. This user location information is not shared with third parties, and the mentioned services can be activated or deactivated by the User at any time by accessing the settings of their device. Location data, used to offer registered Users promotional communications targeted to their areas of interest, will be retained for a period not exceeding 12 months from the last geolocation performed.
APP Version of the Site
In addition to the data mentioned in the "What Personal Data Do We Collect? Collection of Browsing Data" paragraph, when using the App version of our Site, Stilio may, with your express consent:
- Collect personal data in the context of marketing activities, to send push notifications to your device.
- Collect information automatically, such as data related to your traffic and stay in the application or your IP address, to improve our product and service offering.
How Do We Use the Collected Personal Data? Purpose, Legal Basis for Processing, and Optional Nature of Provision
The personal data collected by the Data Controller through the use of the Site and Application will be processed, with the consent of the interested parties, for the purposes described below:
- To provide users of the website and application with a booking service for personal care and hairdressing treatments, including sending notification emails and SMS messages;
- Manage correspondence and service communications with users and partners;
- Allow Partners to use the "STILIO" application and all applications developed by the Owner and offered to Professionals for the management of their business;
- Determine the degree of satisfaction of Users with the quality of the services provided, allowing them to issue evaluative reviews on the quality of the service used;
- Allow Users to manage their User Profile;
- Conduct market analysis, economic/statistical surveys (by analyzing data on the User's preferences for the Owner's products.
METHOD OF TREATMENT AND RETENTION OF PERSONAL DATA
The Data Controller ensures that personal data are processed in full compliance with Law No. 133, in paper and/or electronic format, also through the use of automated procedures. The processing can also be carried out through automated tools designed to store, manage, and transmit data.
The collected and processed data will be protected with physical and logical methods to minimize the risks of unauthorized access, dissemination, loss, and destruction of data. The processing will not last longer than necessary to fulfill the purposes for which they were collected.
The interested party will have the right at any time and quickly and easily revoke the consent for processing and request the cancellation of their personal data by sending a communication to the Data Controller at the following address: [email protected]. Upon the User's cancellation request, all personal data will be deleted without prejudice to subsequent storage required by regulatory obligations.
The Data Controller reports that the User who has requested cancellation from the Site and Application may receive subsequent communications from the Data Controller in a limited way after this request, due to the time required by the Data Controller's systems to process the unsubscribe and cancellation procedure. In any case, the Data Controller ensures that within a maximum of ten days from the cancellation request, the User will no longer receive any further communications, and their data will be canceled unless there are other regulatory obligations.
In cases where a cancellation request is not received by the Data Controller, personal data will be retained for a period not exceeding 2 (two) years from the last access to the Site and/or Application by the User. Data collected when purchasing services or goods from https://stilio.md or from Stilio's APPs will be processed until all administrative and accounting formalities are completed; therefore, they will be retained for a maximum period of 10 (ten) years under fiscal conditions, in accordance with local legislation (ten years) from the date of the last purchase made on the https://stilio.md website and in the case of the receipt issued in the salon through the Stilio cash systems.
Who Will Process Your Data? Recipients of Personal Data
Your personal data will be processed by personnel appropriately trained by Stilio as Data Controller. Furthermore, for organizational and functional needs related to the provision of services on https://stilio.md , your data may be processed by our providers. The latter have been evaluated and selected by Stilio for their reliability and proven competence and process your data as Data Processors on behalf of Stilio.
The personal data collected may be processed by subjects or categories of subjects acting as data processors. Furthermore, for certain services, the data may be disclosed to companies that collaborate or use the services of the Data Controller (e.g., Professionals who own salons or beauty centers, Partners) solely for the purpose of providing the services requested by the User. In these cases, the Partners are autonomous owners; therefore, the Owner is not responsible for the processing of data by them. Likewise, the Data Controller is not responsible for the content and compliance with personal data protection legislation by sites that are not administered by the Data Controller.
In particular, the data provided by the User may be shared by the Data Controller with the following third parties exclusively to provide the services requested by the User or to comply with other regulatory obligations:
- Professionals who provide hairdressing and personal care services, with the intention of allowing the User to book the requested treatment with the chosen professional;
- Service companies used by the Data Controller to manage, in its own name, User data for purposes such as sending SMS messages and notifications regarding the services offered by the Data Controller and verifying the correctness of the email address provided during registration;
In addition to the scenarios mentioned above, personal data will be communicated only to subjects, entities, and authorities to whom communication is obligatory under legal or regulatory provisions.
RIGHTS OF THE INTERESTED PARTY
The User, as an interested party, has the right to exercise specific rights regarding their personal data. In particular, the interested party has the right to obtain:
- Confirmation of whether or not personal data concerning them exists, even if not yet registered, in a concise, transparent, intelligible, and easily accessible form, with simple and clear language;
- The origin of personal data;
- The purposes and methods of processing;
- The legitimate interests pursued by the Data Controller or by third parties;
- Any recipients or any categories of recipients of personal data;
- The retention period of personal data;
- The logic applied, as well as the importance and intended consequences of this processing for the data subject, in the case of processing carried out using electronic tools within an automatic collection and/or profiling process;
- The identification details of the Data Controller, Managers, any designated Representatives, and the Data Protection Officer (DPO);
- The subjects and categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as representatives designated by the state, directors, or agents;
- The right to lodge a complaint with a supervisory authority;
- Updating, rectification, or, when interested, integration of data;
- Cancellation, transformation into anonymous form, or blocking of data processed unlawfully, including data that need not be kept for the purposes for which the data were collected or subsequently processed;
- Limitation of processing;
- The portability of personal data concerning them to another Data Controller;
DATA CONTROLLER AND RESPONSIBLE FOR PERSONAL DATA PROTECTION
To exercise the rights mentioned above, the interested party can contact the Data Controller and/or the Data Protection Officer at any time for any communications regarding the processing of Personal Data or to know the updated list of any designated Data Processors by the Company, by sending a communication to the contact persons listed below:
Stilio Digital SRL [email protected]
WHO IS RESPONSIBLE FOR PERSONAL DATA PROTECTION?
Stilio has appointed a Data Protection Officer.
If you wish, for any requests regarding the protection of your personal data and the exercise of your rights, you can contact [email protected]
This information may be subject to changes. To keep the User updated, the Data Controller invites them to visit this page periodically. Moreover, in the event that such changes have an impact on User data (e.g., if the Data Controller intends to process the User's personal data for purposes other than those previously communicated in this Information), the Data Controller will inform the User before the changes take effect, by publishing them prominently on your website and application.