Information on the processing of personal data

Interested parties are hereby informed (hereinafter referred to as “data subjects” pursuant to Article 4 paragraph 1 of the GDPR) that the request message sent to the Data Controller may entail the processing of personal data, in compliance with the following general principles:

  • all data are processed in a lawful, fair and transparent way for the data subject, in compliance with the general principles set forth by Article 5 of the GDPR;
  • specific security measures are taken to prevent the loss, unlawful or unfair use of or unauthorised access to data;
  • the Data Controller is the undersigned Company:
  • the Controller who can be contacted in order to exercise all the rights provided for by articles 15-21 of the GDPR (right of access, rectification, erasure, limitation, portability, objection) as well as to withdraw a previously given consent or lodge a complaint with a data protection supervisory authority;
  • The Data Controller has not appointed a Data Protection Officer as he does not process any data included in the description of art. 37 GDPR 2016.


The Data Controller processes personal identification data entered in the form "Request for information", "Become a COSMED distributor", "Find nearest COSMED office", "Work with us" (eg name, surname, telephone number, e-mail) in order to send the message, and no other type of data collected by the interested parties themselves.


The data is processed for:

  • manage the requests provided through the message sent by the interested parties;
  • carry out information and promotional activities regarding the products of the Data Controller.
  • registration of personal identification data entered in the online contact form in the database.

A non-provision of said data will prevent to respond to requests received from interested parties; otherwise it is optional to receive informative messages regarding the activity of the Data Controller.



Personal data are processed by means of the operations indicated in Article 4 no. 2) GDPR, more specifically: collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, denial, disclosure, erasure and destruction of data. Personal data are processed both by paper and by electronic and/or automatic means. The Controller shall process personal data for the amount of time required to fulfil the purposes for which they have been collected and the related legal obligations.


Data are processed by internal individuals, who are duly entitled and instructed to the processing in compliance with Article 29 of the GDPR. The scope of disclosure of personal data may also be requested, obtaining precise indications as to whether there are external individuals acting in the capacity of autonomous Processors or Controllers (consultants, specialists, bank institutions, carriers, etc.). The data could be spread or transferred to countries outside the EU only if necessary, for the provision of the service.


At any time, the data subject may exercise the right to:

  • ask for confirmation of the existence or otherwise of their personal data;
  • obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated, and, where possible, the period of time for which the data will be stored;
  • obtain the rectification or erasure of the data;
  • obtain the restriction of the processing;
  • obtain the portability of the data, i.e. receive them from one data controller, in a commonly used, structured format that can be read by an automatic device, and transmit them to another data controller without impediment;
  • object to the processing at any time, including in the case of processing for direct marketing purposes;
  • object to an automated decision-making process relating to individuals, including profiling;
  • file a claim with the Italian Data Protection Supervisor.