This information notice is provided to users who submit a registration request at, pursuant to article 13 of European Regulation (EU) 2016/679 regarding personal data protection (GDPR).

By providing users with login details (e-mail address and password), registration on the website allows you to access a reserved area, through which you can then use the online services offered by the Data Controller (online store and booking appointments in the boutique). 

The website registration process entails the mandatory provision of your personal and contact details. Failure to provide these details, in whole or in part, will make it impossible to complete the aforementioned procedure. 

Data controller

The Data Controller (hereinafter the “Controller") is the company Ciro Paone Spa, with headquarters at Via San Pasquale a Chiaia, 83, Naples, Italy.

Type of data processed

Personal, identifying (name and surname of natural persons, etc.) and contact (e-mail address, telephone number) information is voluntarily provided by you using the form on the website.

Purpose and legal basis for processing

Purpose for carrying out the service requested: your personal data, collected after completing the registration form, is collected and processed solely in order to activate the service requested and to allow you to create a personal account to use our services. As such, the legal basis for the data processing is to carry out the service which you have requested [article 6, para. 1, letter b) of the GDPR]. The provision of this data is optional yet necessary in order to complete the registration.

Marketing purposes (optional): subject to your prior express and freely-given consent, which is granted by placing the flag in the corresponding box on the contact form, your personal data will be used to send sales and/or promotional information, to send advertising material and/or conduct direct selling or sales communications about Ciro Paone S.p.A. services and other activities, or to carry out market research using automated contact methods (for example, e-mail and SMS). Therefore, the legal basis for such processing is your consent [article 6, para. 1, letter a) of the GDPR]. This consent may be withdrawn at any time by writing to

Processing methods

Your personal data will be processed using electronic instruments, including automated means, in compliance with the principles of lawfulness, necessity and relevance, while implementing safeguards aimed at identifying suitable security measures at all stages of processing, with regard to the specific processing purposes. The Controller does not carry out any processing that entails automated decision-making processes on the data of users who interact with this website in order to use this service.

Data storage period

For the purposes of managing your account, the Controller will keep your personal data for the time required to carry out the purposes indicated in the present information notice or, in the case of deactivating the service (deleting your account), until such a time as you exercise this aforementioned right. In any case, the data provided for the marketing purposes described above will not be kept for longer than 24 months.

Communication and dissemination of data

Your personal data will be processed by the staff of the company Ciro Paone S.p.A, who have been duly trained for this purpose and authorised for data processing.

Always in keeping with the limits that are strictly necessary in order to pursue the aforementioned purposes, your personal data may be communicated to third parties (for example, companies specialising in website management, development and maintenance and companies specialising in electronic communication services management etc.) operating in accordance with the Controller's directives and who, to this end, are designated as data processors via specific agreements (known as Data Processing Agreements or DPAs) established pursuant to article 28 of the GDPR.

Lastly, your personal data may be communicated to parties who are legitimately entitled to access it due to legal provisions, regulations or community legislation.

Further information concerning the names of individual third-party companies can be obtained by writing to .

Your personal data will not be disseminated, in other words it will not be disclosed to unspecified parties.

Transfer of data

Personal data will be managed and stored on the servers of the Controller and of a third-party company assigned to manage the e-commerce platform which has been duly appointed as the Data Processor, located inside the European Union, and therefore in compliance with the provisions of articles 45 et seq. of the GDPR. The servers are currently located in the European Union as well as in Canada, a country which is deemed "adequate" under the GDPR by the European Commission (2002/2/EC: Commission Decision of 20 December 2001, pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act). In any event, it remains understood that were it to become necessary to carry out further transfers outside of the EU, such transfers would always occur in compliance with articles 45 et seq. of the GDPR, by signing agreements that guarantee an adequate level of protection and/or implementing the standard contractual clauses provided by the European Commission, where necessary.

Rights of interested parties

As an interested party, you may - at any time - gain access to your personal data, have your data rectified or cancelled, or limit processing in the instances provided by law, or object to the use of your data in the presence of a legitimate interest of the Controller or exercise your right to data portability, in permitted cases, as well as obtain an updated list of the Data Processors. 

We would also like to remind you that in the event you receive no response or an incomplete response from the Controller the Controller regarding the aforementioned requests, you will be entitled to submit a complaint to the Italian Data Protection Authority or the competent Judicial Authority, using the methods provided for in current national legislation.

Methods for exercising your rights

Requests regarding exercising the aforementioned rights should be sent to