In accordance with Art.13 of EU Regulation 2016/679
(hereinafter "GDPR")

KIKO S.p.A., with registered address at 24122 Bergamo, via Giorgio e Guido Paglia n. 1/D, VAT Number 02817030162, Fiscal Code 12132110151 (the “Company”).

By “Data” it is meant your common personal information (such as name, date of birth, email address) that will be mandatory when you make a purchase and payment for products and/or services from the Company, and/or when you enroll in the loyalty program. Additionally, your phone number may be optionally requested. If you make a purchase with home delivery, you will also be asked to provide your physical delivery address. During registration and the creation of a personal account, you will be required to enter a username and password, which will serve as your authentication and access credentials for your account. Moreover, the term “Data” includes navigation data: this category encompasses the source IP address, URL address, the “agent” type (e.g., Chrome, Firefox, Safari), and access time. These pieces of information, acquired by the computer systems and software procedures in charge of the website's operation during their normal activities, are not collected to be associated with identified individuals but, through processing and associations with data held by third parties, could potentially allow user identification.

A) Website Browsing: The source IP address and other aforementioned data are used to ensure a smooth connection and navigation, to enable you to properly utilize all the website's features, and to assess the security and stability of the system. Regarding the use of cookies and similar technologies (non-essential technical cookies), please refer to the cookie policy available in the website footer. B) Contractual purposes: reservation of beauty services, purchase of products and/or services, payment, and delivery of the Company's products. C) Fulfilment of administrative/accounting obligations established by the applicable national law. D) Legal action or defense in court: to establish, exercise, and/or defend the rights of the Company in legal proceedings. E) Soft Spam Purposes: Sending communications limited to those who are already customers, with the aim of promoting and/or directly selling products or services similar to those already purchased/used by the user, using the e-mail addresses provided in such cases, without prejudice to the right to object at any time in the manner indicated at the bottom of the communication and at the contact details indicated below, for the exercise of the rights under articles 15 et seq. of the GDPR. F) KIKO Me loyalty program membership (for individuals over 18 years of age): membership in the loyalty program entails the ability to accumulate points for each purchase made until the minimum point threshold is reached for each of the three loyalty levels, with the option to request and receive the rewards as outlined in the KIKO Me Regulations. Additionally, as a result of joining the KIKO Me Program and in accordance with the program's regulations, the Company may conduct verifications and internal audit activities regarding members aimed at preventing any fraudulent, abusive, or otherwise illicit conduct in violation of the program's regulations. G) Direct marketing purposes: dispatch, via automated contact means (email, SMS, and push notifications) of advertising material, newsletters, promotional and commercial communications concerning products and/or events of the Company, as well as conducting market research and statistical analysis. Consent for direct marketing can be given by providing your email and by taking action with the "Send" button on the website in the "Newsletter" form or by selecting the checkbox to consent to direct marketing processing. H) Profiling: analysis of your preferences, purchasing habits, related behaviours and/or interests in order to send you customized commercial communications. I) Communication/transfer of personal data to third parties, in particular: companies within the Group to which the Company belongs.

  • Hexagon SpA, Hexagon Retail Espana SLU, Hexagon France SAS, Hexagon Portugal

  • Unipessoa Lda (brand Victoria’s Secret; Bath and body works);

  • L’Innominato SpA, L’Innominato Espana S.I., L’Innominato France S.A.S., L’Innominato

  • Hellas SM S.A., L’Innominato Portugal Unipessoal Lda, L’Innominato Cyprus Ltd. (brand

  • Nike; Lego; Armani AX; Saint Laurent; Garmin);

  • Platinum Srl (brand Gucci);

  • PE4 Sarl (brand MC2 Saint Barth);

  • Siren Coffee Srl (brand Starbuck’s);

  • Percassi Retail Srl;

  • Wow Italy Srl;

  • Madina Srl.

J) Collection and presentation of individual user’s reviews and their public presentation: your data as well as name, email address, browser generated information, location data, IP addresses, information about recent purchases, order number in addition to photos and videos of the products purchased may collect in order to ask you by an e-mail to leave a review of your purchase and to publish it

Website Browsing: Legitimate interest of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring personal data protection do not outweigh them, taking into account the data subject's reasonable expectations and the activities strictly necessary for the operation of the website and navigation itself. Article 6, paragraph 1, letter f) of the GDPR. For non-essential technical cookies and similar technologies, the processing is based on consent to the processing of personal data as per Article 6, paragraph 1, letter a) of the GDPR. Please refer to the cookie policy available in the website footer. Contractual purposes: Execution of a contract (or pre-contractual measures). Art. 6, par. 1, letter b) GDPR. Fulfilment of administrative/accounting obligations: Fulfilment of a legal obligation Art. 6, par. 1, letter c) GDPR. Legal action or defense in court: Legitimate interest of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring personal data protection do not outweigh them. Article 6, paragraph 1, letter f) of the GDPR. Soft Spam Purposes: Legittimo interesse del Titolare del trattamento o di terzi, a condizione che non prevalgano gli interessi o i diritti e le libertà fondamentali dell'interessato che richiedono la protezione dei dati personali (C47-C50) Art. 6, par. 1 lettera. f) GDPR. KIKO Me loyalty program membership (for individuals over 18 years of age): Consent of the data subject. Article 6, paragraph 1, letter a) of the GDPR. Direct marketing purposes: Consent (optional and revocable at any time), given by subjects who are at least 18 years old. Art. 6, par. 1, letter a) GDPR. Profiling: Consent (optional and revocable at any time), given by subjects who are at least 18 years old. Art. 6, par. 1, letter a GDPR. Communication/transfer of personal data to third parties: Consent (optional and revocable at any time), given by subjects who are at least 18 years old. Art. 6, par. 1, letter a GDPR.

Collection and presentation of individual user’s reviews and their public presentation: Legitimate interest of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring personal data protection do not outweigh them. Article 6, paragraph 1, letter f) of the GDPR.

Purpose A): Navigation data is stored for a period of 6 months and then automatically deleted for security reasons (e.g., for anti-fraud protection).Please refer to the cookie policy available in the footer of the website. Purposes B) and C): For the duration of the contract and, after validity, for an ordinary period of 10 years. Purpose D): In the case of a legal dispute, for the entire duration of it, until the expiration of the terms for the filing of appeals. Purpose E): 36 months starting from the last purchase made or until objection to processing, whichever is earlier. It will always be possible to object to processing by direct link within each communication. Purpose F): The data is retained for 36 months from the last purchase made and, in any case, until consent is revoked. To unsubscribe from the KIKO Me loyalty program, you can contact Customer Service at the following email addresses: customercare-ar@kikocosmetics.com. You can also contact the Company using the methods specified for exercising your rights in Section 8 of this notice Purpose G): 36 months from the last "enabling interaction" of the data subject with the Company and in any case until consent is withdrawn. An enabling interaction is exclusively defined as the purchase of a KIKO product or service by the data subject. Purpose H): Your purchases will be examined to analyze your preferences, habits, related behaviors, and send you personalized communications with a historical depth not exceeding 36 months. Purpose I): For the time that is strictly necessary to transfer your personal data to third parties or until consent withdrawal if this is antecedent.

Purpose J): 36 months from the collection and publication of your review. It will always be possible to object to processing by direct link within each communication or by writing an email at dpo.kiko@kikocosmetics.com.

The provision of data for purposes A), D), and E) and J) is requested by the Data Controller based on its legitimate interest, but you can always object to the processing as indicated in this notice. In particular, for purpose E) soft spam related, you can always object to the sending of such communications in each communication. For purposes B) and C), providing data is mandatory. Refusal to provide data will therefore not allow you to complete the purchase of products and/or use the Company's services. The provision of data for purposes F), G), H), and I) is optional. Refusing to provide the data will not affect your ability to browse the website and purchase the Company's products and/or services. However, it will prevent you from enrolling in the KIKO Me loyalty program to accumulate points with each purchase and enjoy the rewards for each loyalty program level, receiving automated communications, newsletters about the Company's events and promotions, receiving personalized communications from the Company based on your purchasing habits, preferences, and related behaviors, and sharing data with other companies within the Percassi Group for promotional and commercial purposes.

The data may be processed by external entities acting as independent data controllers under Articles 4 and 24 of the GDPR, including but not limited to authorities and supervisory and control bodies, as well as, in general, public or private entities authorized to request data, consulting companies and/or professional firms and/or professionals, such as legal, tax, and insurance companies, and social media channels. The data may also be processed on behalf of the Company by external entities designated as data processors appointed in accordance with Article 28 of the GDPR, to whom appropriate operational instructions are provided regarding the correct processing of your personal data. These entities essentially fall into the following categories, for example: companies providing email delivery services, companies offering website maintenance and development services, social media channels, companies providing support for market research studies, companies providing post-sale customer support and assistance, shipping and transportation companies, companies providing postal and other marketing activities, and Percassi Group companies for the provision of intragroup services and the management of purchases made at the stores of each company within the Group. Your data may be processed by employees of the Company's business units responsible for pursuing the aforementioned purposes, who have been expressly authorized to process the data and have received appropriate operational instructions in accordance with Article 29 of the GDPR.

Considering that the activities of the Company are performed at a global level, personal data could be transferred to countries inside or outside the European Union, therefore to companies (including affiliates of KIKO S.p.A.), as well as to social networks such as Instagram, Facebook, Twitter, YouTube, and TikTok, (social channels). Depending on the circumstances, these social channels may act as autonomous data controllers or data processors for the performance of the processing activities described in this notice regarding your use of our products and/or services. It is understood, in any case, that the transfer of personal data to countries located outside the European Union (including the USA) will be carried out in accordance with Articles 44 and following of the GDPR, implementing safeguard measures aimed at ensuring an adequate level of data protection during the transfer of your personal data, including:

  • Adequacy decisions adopted by the European Commission concerning third countries that ensure an adequate level of protection.

  • Data transfer agreements that incorporate the European Commission's Standard Contractual Clauses, which our service providers operating in the United States adhere to.

  • Additional measures required by applicable regulations and/or competent authorities' orders.

For more information about the purposes and methods of data processing by social networks, we invite you to review their privacy policies:

In addition, if you are registered there is a recognition through email address and password with an “Identity provider” service provided by Google. For the transfer and processing of your IP address and email address by Google please we invite you to review its privacy policy:

Google: https://policies.google.com/privacy?hl=en-US

By contacting the company and the DPO at the address dpo.kiko@kikocosmetics.com , you have the right to obtain the access to your personal data (article 15), request their rectification (article 16), their erasure in the case provided by the law (article 17) or restriction of their processing (article 18). Furthermore, pursuant to article 20 GDPR, with reference to the purposes of processing based on the contract or consent which are performed via automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another controller without hindrance from the Company if technically feasibile. Pursuant to article 20 GDPR, you have the right to object at any time to the processing of your data based on legitimate interests. You have the right to withdraw your consent for marketing and/or profiling purposes and/or the communication/transfer of data to third parties at any time by entering into your account on the Website (Section “Privacy Settings”), by entering on the App (by clicking “Preferences – Personal Data”), or by writing an email at dpo.kiko@kikocosmetics.com. Moreover, you have the right to withdraw your consent for your enrollment in the KIKO Me loyalty program at any time by contacting Customer Service at the following email addresses: customercare-ar@kikocosmetics.com (ME) or customercare-enme@kikocosmetics.com (English), or by writing to the email address dpo.kiko@kikocosmetics.com. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal in any way. Finally, you have the right to lodge a complaint with the competent supervisory authority in the member state where you reside, work, or otherwise habitually stay, or where the alleged infringement has occurred.

The Data Controller reserves the right to amend/update the present information notice at any time. For this purpose, you will find here below the date of the last update. Last update: November 6, 2023

Easy returns in 30 days
Free shipping From 45€
be rewarded for your loyalty
Secure payments