No products in the cart.


privacy policy

Privacy Policy


The present privacy policy was drawn up based on articles 13 and 14 of the “General Data Protection Regulation” (EU) No. 679/2016 – (GDPR) and addresses exclusively the website


Legal definitions:


Personal Data (or “Data”): Personal data are any information that either directly or indirectly, also when put in relation with any other information, including a personal identification number, identifies a person or makes a person identifiable.


Usage Data: The term applies to all information automatically collected (including through third-party apps integrated to, including: IP addresses or domain names of the computers used by the User who connects to, Uniform Resource Identifier addresses (URI), the time of the request, the method used to send the request to the server, the size of the file obtained in response, the numeric code that indicates the status of the server response (success, error etc), country of origin, browser and operative system characteristics, various time stamps of the visit (i.e. Time spent on each page), details relative to the itinerary followed within the site, in particular the sequence of pages visited, parameters relative to the User’s operative system and computer environment.


User: The individual who uses the site and who, unless otherwise specified, coincides with the person concerned.


Person concerned: The individual to whom the Personal Data belong.

Processor: Individual, legal person, public administration organ or any other entity that controls personal data on behalf of the Controller, according to what is described in this privacy policy.

Data Controller (or Controller): The individual, legal person, government authority, service or any other entity that, either by itself or together with others, determines the purpose and modalities of personal data processing and the instruments used, including the safety measures involved in the functioning and usage of The Data Controller, unless otherwise specified, is “Melius S.r.l.”. The hardware or software through which the User’s Personal Data are collected and processed.


Service: The service provided by on this site is, for instance, related to e-commerce, newsletters, information services.


European Union (EU): Unless otherwise specified, every reference to the European Union contained in this document applies to all current member states of the European Union and of the European Economic Community.


Cookie: A small portion of data preserved within the User’s device. For further information, please consult our Cookie Policy.


Data Controller.

“Melius S.r.l.”, with headquarters in Gubbio (PG), Via Beniamino Ubaldi, taxpayer number and VAT number 02981720366, is the Controller of Personal Data, according to article 13 GDPR The following information is made available. Contact informatoin: Phone +39 (075) 927-7974 – Fax: +39 (075) 961-628, e-mail/certified e-mail address


Sources and types of the Data collected

Personal Data ex. Art. 4 GDPR acquired in relation to the contract relationship are collected directly from the Person Concerned.

This processing is guided by principles of fairness, legality and transparency, protecting your privacy and your rights. The processed data are updated, pertinent, complete and not exceeding the purposes listed below, for which they are collected and then processed.

Among the Personal Data collected by, either autonomously or through third parties, are: usage data, cookies, e-mail address, last name, address, country/province of residence, postal code, city, data provided while using the Service.

Personal Data can be freely provided by the User or, in the case of Data of Usage, automatically collected during the use of

Unless otherwise specified, all Data requested by are compulsory. Should the User refuse to provide this information, it may be impossible for to provide the Service. Whenever states that some Data are optional, Users are free to refrain from providing said Data, without any consequence on the availability of the Service or its operation.

Users who are not sure on which Data are compulsory are free to contact the Data Controller.

The use of Cookies or other tracking systems by or owners of third parties used by, unless otherwise specified, has the goal of providing the Service requested by the User, in addition to additional purposes described in this document and in our Cookie Policy.

Users are responsible for the Personal Data of third parties obtained, published or shared through and guarantees having the right to report them or share them, releasing the Controller from any liability for third parties.


Data Control Safety and Modalities

The Data Controller adopts the necessary safety measures to prevent access to, loss, sharing, modification, abuse of or destruction of Personal Data without authorisation. Data are controlled through computer and/or electronic and/or printed instruments, with organisational modalities and using logic strictly related to the purposes indicated and includes the following activities: collection, registration, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication through transmission, broadcasting or any other form of sharing, comparison or interconnection, limitation, deleting or destruction of data.

In addition to the Controller, in some cases, access to Data may be given to other subjects involved in the organisation of (such as administrative, sales, marketing, or legal personnel; system administrators), i.e. external subjects (such as third-party service providers, couriers, agents, call centre employees, hosting providers), in addition to authorities and surveillance and control organs, or, in any case, for example, anyone entitled to receiving said Data. Said subjects may also be nominated by the Data Controller, when necessary, Data Processors.

The updated list of Data Processors can always be requested to the Data Controller.


Legal basis of Data Processing

The Controller processes User’s Personal Data whenever one of these conditions exists:

  1. Processing is necessary to carry out a contract with the User and/or to the execution of pre-contract measures. This happens when the User signs up to and/or purchases products on, as well as for other purposes related to purchases made. User Data processing for these purposes is necessary to carry out pre-contract and contract measures adopted upon the User’s request, as well as to carry out the operations related to the shipping or picking up of products, management of requests of assistance, management of any return operations that may occur, and to comply with relative administrative, accounting or fiscal requests. Refusal to provide Data for the purposes listed above shall make it impossible to comply with pre-contract and contract measures requested by the User.
  2. Processing is necessary to comply with legal obligations to which the Controller is subject, such as those of fiscal nature. Refusal to provide said Data makes it impossible for the User to make use of some of the functions offered by
  3. Processing is necessary to carry out a task of public interest or to practice public powers owned by the Controller.
  4. Processing is necessary to pursue the legitimate interest of the Controller or of third parties. This happens when the Controller treats User Data with the purpose of (i) preventing digital fraud; (ii) sending messages to the User, such as e-mails containing invoices or notifications on payment; (iii) responding to the requests sent by the User through chatbot platforms; (iv) carry out minimum segmentation activities to send the User contents in line with his/her interests. User Data Processing is required to fulfil the Controller’s legitimate interests considered non prevalent when compared with the interests or rights and fundamental liberties of the User.

The Data thus collected can also be processed in the event of company issues (acquisition of the company or of its branches), due diligence, in the event of defending a right in court or regarding relative prodromal activities. This processing will be carried out based on the legitimate interests of the Controller in order to carry out his/her own commercial activities and to protect his/her rights.

In any case, it is always possible to request that the Controller explain the concrete legal foundation of each processing and, in particular, specify whether the processing is based on the law, included in a contract or necessary to carry out a contract.


Place of Data Processing and Transferring of Data to third countries outside the EU

The Data are processed at the legal and operative headquarters of the Controller and anywhere else where the parties involved in the processing are located, and cannot be made public.

The User’s Personal Data, therefore, may be transferred to a country different from that in which the User is located. The transferring of data outside of the European Economic Community is subject to a special regimen according to the Regulation (EU) 2016/679, and is only made to countries that ensure a suitable level of protection of personal data, according to a suitability decision of the European Community or where suitable guarantees have been adopted (including the standard contract conditions defined by the European Commission), as long as the persons involved have actionable rights and effective resource means. The User has the right to obtain information on the legal basis of the transferring of Data outside the European Union as well as on the safety measures adopted by the Controller to protect said Data, by requesting information to the Controller after contacting him/her using the contact information provided. In any case, any transferring of said Data is limited to the pursue of the goals described in the section of this Privacy Policy.


Retention period

The Data are processed and kept for the time required for the purposes for which they were collected.


  1. Personal Data collected for purposes related to the execution of a contract between the Controller and the User shall be retained until the contract in question has been fully executed, and shall be preserved until all prescription periods of the related rights defined by the law have come to an end.
  2. Personal Data collected for purposes that cannot be traced back to the Controller’s legitimate interest shall be retained until said interest is fulfilled. The User is entitled to further information on the legitimate interest pursued by the Controller by contacting him/her using the contact information provided.
  3. When the processing is based on the User’s consent, the Controller shall keep said Personal Data for five years since the last positive action that confirms his/her interest in said processing, unless this consent is revoked. In addition, the Controller may be obliged to preserve said Personal Data for a longer period, if determined by the law or by the order of an authority.

At the end of the retention period, said Personal Data shall be deleted or aggregated or made anonymous so as to prevent their tracing back to the User. After this retention period it will therefore no longer be possible to exercise one’s right to access, delete, rectify this data, neither one’s right to portability.


Purpose of the Processing of the Collected Data

User Data are collected to allow the Controller to provide the Service, i.e. to carry out the processing indicated in the section “Legal basis for data processing” and therefore to comply with the obligations of the law, to respond to executive requests or actions, to protect one’s own rights and interests (or those of Users or third parties), to identify malicious or fraudulent activities, as well as for the following purposes: visualisation of contents from external platforms, statistics, contact with the User, payment management, remarketing, interaction with support platforms, hosting, interaction with social networks and external platforms, data collection management.


User rights

Users can practice certain rights regarding the Data processed by the Controller by addressing a request of to the contact information of the latter, indicated in this document. The requests are free of charge and are sent to the Controller in the shortest time possible.

In particular, Users have the right to:

– Revoke consent at any given time. Users may revoke their consent to the processing of their own Personal Data, previously expressed, at any given time, without any harm to the legality of the processing based on consent provided before the revoke;

– Oppose the processing of their own Data. Users can oppose the processing of their own Data when this takes place on a legal basis different from consent. In particular, when Personal Data are processed to pursue a legitimate interest of the Controller, Users have the right to oppose this processing for reasons related to their particular situation. It should be noted to Users that whenever their Data are processed for purposes of direct marketing on a basis different from consent, they are entitled to opposing the processing without providing any motivation;

– Access their own Data. Users have the right to obtain information on the Data processed by the Controller, to receive a copy and confirmation that their Personal Data are being processed or not;

– Verify and request Data rectification. Users are entitled to verify whether their own Data are correct and request that they be updated or corrected.

– Obtain processing limitation. When certain conditions described in article 18 of EU Regulation 2016/679 are in place, Users may request the limitation of the processing of their own Data. In this case, the Controller must not process the Data for any purpose other than their conservation;

– Have their own Personal Data deleted or removed. When certain conditions described in article 17 of EU Regulation 2016/679 are in place, Users may request the deletion of their own Personal Data.;

– Users have the right to receive their own Data in a structured, commonly used and legible format from an automatic device and, when feasible, to obtain the transferring of these Data to another controller, without obstacles. This disposition applies when the Data are processed with automated tools and the processing is based on User consent, in a contract of which the User is part or on contract measures related to the User.

– Place a claim. Users can act legally or place a claim to the competent personal data protection control authority (in Italy: Personal Data Protection Authority), whenever they believe the processing used on their Data has violated the general Regulations on data protection. Additional information is available on the website


Defence in court

The User’s Personal Data can be used by the Controller in court or in the preparatory phases for a possible establishment of defence from violations relative to the use of or of related Services by the User or, in any case, to put into practice a right of the Controller in court. The User declares being aware that the Controller may be obliged to reveal his/her Data by order of public authorities.


System logs and maintenance

Due to necessities related to operation and maintenance, and any third-party services used by it may collect system logs, i.e. files that record the interactions and that may also contain Personal Data, such as User IP address.


Information not contained in this policy

Additional information regarding the processing of Personal Data may be requested at any given moment to the Data Processing Controller using the contact information provided.


Use of Cookies uses cookies. To know more, Users may consult the Cookie Policy.


Modifications to this privacy policy

The Data Processing Controller has the right to modify this privacy policy at any time, on We therefore request that you consult this page often and take into account the date of the last modification stated. Whenever any modifications are made that involve processing legally based on consent, the Controller must request User’s consent again, if necessary.


Details on Personal Data processing


Management of payment

Payment management services allow to process payments through bank transfer or other instruments. The data used for the payment are acquired by the payment service manager requested without being in any manner processed by

Some of these services may also allow for the scheduled sending of messages to the User, such as e-mails containing invoices or notifications regarding payment.

PayPal is a payment service provided by PayPal Inc., to allow Users to make payments online.

For further information on privacy please consult

PayPal – privacy Policy (


Hosting and back-end infrastructure

This kind of service has the goal of hosting data and file that allow to function, allow for its distribution and make available an infrastructure that is ready to use to provide specific information functionalities through the website

Some of these services work through servers that are in different geographic locations, making it hard to determine the exact place where Personal Data are stored.

The hosting platform is provided by

For further information on privacy please consult – Privacy Policy

Software Platform:

WordPress – Privacy Policy (

Woocommerce – Privacy Policy (


Interaction with external platforms

This type of service allows for interactions with support platforms managed by third parties, directly from

If a service of interaction with support platforms is installed, it is possible that, even should Users not use the service, it collects Usage Data related to the pages in which it is installed.

These platforms are managed by companies and their Controllers, different from Melius S.r.l., collect User Data so the User’s requests can be properly carried out, and act autonomously and independently from Melius S.r.l.

In fact, Melius S.r.l. has no control or direction power on the data processing operated by these third parties.

(This type of service allows for interactions with live chat platforms managed by third parties, directly from this website). This allows Users to contact the support service of this website or this website to contact the User while the User is browsing through its pages.
If a service of interaction with support platforms is installed, it is possible that, even should Users not use the service, it collects Usage Data related to the pages in which it is installed. In addition, live chat conversations may be recorded). An all-in-one platform to create and launch chats.

For further information on privacy please consult – Privacy Policy ( e Frequently Asked Questions about LiveChat, Inc’s GDPR compliance (

Youtube Data API v3: Adds YouTube functionalities to the website and is used, for instance, to embed videos to

For further information on privacy please consult

Google – Privacy Policy (

API Maps by Google: Used to implement Store Locator functions.

For further information on privacy please consult

Google – Privacy Policy (


Visualisation of contents from external platforms

This type of service makes it possible to visualise contents hosted on external platforms, directly from the pages of, and to interact with them.

If a service of this type is installed, it is possible that, even should Users not use the service, it collects Usage Data related to the pages in which it is installed.

Google Maps (Google LLC)

Google Maps is a map visualisation service managed by Google LLC that allows to embed these contents within its own pages.

For further information on privacy please consult

Google – Privacy Policy (

Video YouTube (Google LLC)

YouTube is a video content service managed by Google LLC that allows to embed these contents within its own pages.

For further information on privacy please consult

Google – Privacy Policy (


Interaction with social networks

This type of service allows for interactions with social networks or other external platforms, directly from The interactions and information acquired by are, in any case, subject to the privacy settings of the User for all different social networks. This type of service may, in any case, collect traffic data for the pages where the service is installed, even when Users are not using them. We recommend logging out of these services to make sure the data elaborated on are not traced back to the User’s profile. Failure to do this means browsing takes place with the User logged into his/her social networks; it is assumed that Users have therefore agreed to the use of cookies by this website upon login.

Any information obtained through interactions with social networks are regulated by the privacy policy of each of these networks. Please read them.

For further information on privacy please consult

Facebook – Privacy Policy– (

Instagram – Privacy Policy (



This type of service allows this website and its partners to communicate, optimise and serve ads based on the use of this site by the User. This activity is carried out by tracing Data Usage and through the use of Cookies, information transferred to partners to which the remarketing activity is collected.


Facebook Ads (Facebook pixels) (Facebook, Inc.)

The monitoring of conversions of Facebook Ads (Facebook pixels) is a statistic service provided by Facebook, Inc. that connects data from FAcebook ads network to the actions taken within Facebook pixels monitors conversions that may be attributed to Facebook adds.

For further information on privacy please consult

Facebook Privacy Policy (



The services contained in this section allow the Data Controller to monitor and analyse traffic data and have the goal of tracking User behaviour.


Google Analytics (Google LLC)

Google Analytics is a web analysis service provided by Google LLC. Google uses collected Data to trace and examine the use of, prepare reports and share them with other services stipulated by Google. Google may use Personal Data to contextualise and personalise adds within its own advertisement network.

On, Google Analytics uses a function called User ID. It allows for a more accurate tracking of Users, assigning a unique ID to each User for various sessions and devices, in such a way as to prevent Google from personally identifying an individual or from identifying a specific device in a permanent fashion. The User ID extension also makes it possible to connect Data from Google Analytics and other Data relative to the User collected by The Opt Out link provided below allows Users to deactivate tracking for the device you are using, but does not exclude other tracking activities by the Controller. To deactivate tracking activities, please contact the Controller via e-mail.

For further information on privacy please consult

Google – Privacy Policy

Opt Out link:

Facebook Analytics (Facebook Inc.)

Facebook Analytics is provided by Facebook Inc. and, like Google Analytics, is a statistics service.

For further information on privacy please consult

Facebook – Privacy Policy (


Document updated on 11/02/2021


The culture of beauty
You don't have permission to register

Reset Password