GDPR and Cookie Policy Extended Information
We use cookies to make our site easier and more intuitive. The data collected through cookies is used to make your experience more enjoyable and more efficient in the future.


What are cookies?
Cookies are small text files sent from the site to the terminal of the interested party (usually to the browser), where they are stored and then retransmitted to the site the next time the same user visits the site. A cookie cannot retrieve any other data from your hard drive, transmit computer viruses or acquire email addresses. Each cookie is unique to your web browser. Some of the functions of cookies may be delegated to other technologies. In this document, the term ‘cookie’ is used to refer to both cookies proper and all similar technologies.


Cookie type
Cookies may be first or third parties, where “first part” means the cookies that bring the site as a domain, while “third parties” means the cookies that are related to external domains.
Third parties cookies are necessarily installed by an external parties, always referred to as a “third parties”, that is not managed by the site. These parties may also install first part cookies, saving their own cookies on the site domain.
Another type of cookie is the so-called “Flash Cookies” (Local Shared Objects), used within Adobe Flash Player to deliver certain content, such as video clips or animations, in order to remember your settings and preferences. Flash cookies are stored on your device, but they are managed through a different interface than the one provided by your browser.


Nature of cookies
Regarding the nature of cookies, there are several types of cookies:


Technical Cookies
Technical cookies are used solely for the purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary to the provider of an information society service explicitly requested by the subscriber or user to provide that service” (see article 122, paragraph 1, of the Code).

They are not used for any further purpose and are normally installed directly by the owner or operator of the website. They can be divided into:
• browsing or session cookies, which guarantee the normal browsing and use of the website (allowing, for example, to make a purchase or authenticate to access reserved areas); they are in fact necessary for the proper functioning of the website;
• analytics cookies, similar to technical cookies when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site itself, in order to improve the performance of the site;
• functionality cookies, which allow the user to navigate according to a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided to the same. The installation of such cookies does not require the prior consent of users (more information in the section Managing cookies below).


Profile cookies
Profiling cookies are used to create user profiles and to send advertising messages in line with the preferences expressed by the user when surfing the web.
The use of profiling cookies requires the consent of the person concerned. According to the measure (more information in the paragraph Cookie handling below) the user can authorize or deny consent to the installation of cookies through the options provided in the section “Cookie handling”.
In the case of third parties cookies, the site has no direct control over individual cookies and cannot control them (it cannot install them directly or delete them). You can still manage these cookies through your browser settings (follow the instructions below), or through the sites listed in the “Managing Cookies” section.
The User is therefore invited to check on the site of the third parties indicated in the table below.


Cookies installed on this site
The list of cookies (grouped logically at the level of functionality or provider) present on this site. Third parties cookies are linked to the privacy policy of their external provider, where you can find a detailed description of the individual cookies and how they are processed.


List of technical cookies on the website


System cookies
The site uses cookies to ensure the user a better browsing experience; such cookies are essential for the proper use of the site. You may disable these cookies from your browser by following the instructions in the dedicated paragraph, but you will compromise your experience on the site and we will not be able to respond to malfunctions.


Facebook uses cookies to provide you with like and sharing features on its showcase. For more information, please consult the page


Twitter uses cookies to provide you with sharing functionality on its showcase.
For more information, please consult the pages: and


Google+ uses cookies to provide you with sharing functionality on its showcase.
For more information, please consult the page


Cookies duration
Cookies have a duration dictated by the expiration date (or a specific action such as closing your browser) set at the time of installation.
Cookies can be:
– Session cookies: are used to store temporary information, to link actions taken during a specific session, and are removed from the computer when the browser is closed;
– persistent cookies: these are used to store information, such as your login name and password, so that you do not have to type them in again each time you visit a specific site. These remain stored on your computer even after you close the browser.


How to disable/delete cookies by browser configuration


1. Run the Chrome Browser
2. Click on the menu in the browser toolbar next to the url entry window for navigation
3. Select Settings
4. Click Show Advanced Settings
5. In the “Privacy” section click on the “Content settings”button.
6. In the “Cookies” section, you can change the following cookie settings:
• Allow data to be saved locally
• Change the local data only until the browser is closed.
• Prevent sites from setting cookies
• Block third party cookies and site data
• Manage exceptions for some internet sites
• Delete one or all cookies
For more information visit the dedicated page.
Mozilla Firefox
1. Run the Mozilla Firefox Browser
2. Click on the menu in the browser toolbar next to the url entry window for navigation
3. Select Options
4. Select the Privacy panel
5. Click Show Advanced Settings
6. In the “Privacy” section click on the “Content settings”button.
7. In the “Tracking” section you can change the following cookie settings:
• Ask sites not to do any tracking
• Communicates to the sites the willingness to be tracked
• Do not communicate any preferences regarding the tracking of personal data
8. From section “History” you can:
• By enabling “Use custom settings” select to accept third parties cookies (always, from the most visited sites or ever) and to keep them for a certain period (until their expiration, closure of Firefox or to ask each time)
• Remove individual stored cookies.
For more information visit the dedicated page.


Internet Explorer
1. Run the Internet Explorer Browser
2. Click on the Toolsbutton and choose Internet Options.
3. Click on the Privacy tab and, in the Settings section, modify the slider according to the desired action for cookies:
• Block all cookies
• Allow all cookies
• Select the sites from which you want to get cookies: Move your cursor to an intermediate location so that you don’t block or allow all cookies, then click on Sites, enter a website in the Website Address box and then click Block or Allow.
For more information visit the dedicated page.


Safari 6
1. Running the Safari Browser
2. Click on Safari, select Preferences and press Privacy
3. In the Block Cookies section, specify how Safari should accept cookies from websites.
4. To see which sites have stored cookies click on Details
For more information visit the page.


IOS safari (mobile devices)
1. Run the iOS Safari Browser
2. Tap on Settingsand then Safari 3. Tap on Cookie Lock and choose from the various options: “Never”, “Third parties and advertisers” or “Always”.
4. To delete all cookies stored by Safari, tap Settings, then Safari, and then Delete Cookies and Data.
For more information visit the dedicated page.


1. Run the Opera Browser
2. Click on Preferences then on Advanced and then on Cookies
3. Select one of the following options:
• Accept all cookies
• Accept cookies only from the site you visit: third parties cookies and those that are sent by a domain other than the one you are visiting will be rejected
• Never accept cookies: All cookies will never be saved. For more information visit the dedicated page.



REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).


Some of the main articles relating to the GDPR are set out below:


The processing of personal data should be at the service of man. The right to protection of personal data is not an absolute prerogative, but must be seen in the light of its social function and must be balanced with other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all the fundamental rights and observes the freedoms and principles recognised by the Charter and reflected in the Treaties, notably respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and to a fair trial and cultural, religious and linguistic diversity.


art (6)
The speed of technological change and globalisation present new challenges for the protection of personal data. The scope for sharing and collecting personal data has increased significantly. Current technology allows both private companies and public authorities to use personal data, as never before, in the performance of their activities. Increasingly, individuals are making personal information about themselves available to the public worldwide. Technology has transformed the economy and social relations and should further facilitate the free movement of personal data within the Union and their transfer to third countries and international organisations, while ensuring a high level of protection of personal data.


art (17)
The interested part has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller has the obligation to delete without undue delay personal data, if there is one of the following reasons: personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws the consent on which the processing is based and if there is no other legal basis for the processing; the data subject objects to the processing and there are no overriding legitimate grounds for carrying out the processing; the personal data were processed unlawfully; the personal data must be deleted in order to comply with a legal obligation under Union law or law of the Member State to which the data controller is subject; the personal data were collected in relation to the provision of Information Society services”.


In particular, art. 17 is very important as it is also defined right of oblivion, the right to erase data of a natural person, extended and regulated with reference to the digital society.
The new GDPR also adds the right of objection of the data subject, provided that there is no overriding legitimate interest of the data subject (Article 21(1)) or that the objection is based on Article 21(2), i.e. the data are processed for direct marketing purposes.
There is also the right to erasure in cases explicitly provided for by the laws of the Member States, pursuant to Article 6(1), or in the case of data processed on the basis of Article 9(2)(a), which concerns data once known as ‘sensitive’ data which require consent which the data subject who gave them at the time and who is now revoking.
Erasure is due where data are processed unlawfully, or on the basis of the need to comply with a legal obligation under Union law or the law of a Member State (Article 17(1)(e)).
The provision also specifies that erasure is mandatory where the data have been collected on the basis of Article 8(1), that is to say, in respect of services offered by the information society to persons under 16 years of age (or the age which each Member State may set, provided that it is not less than 13 years of age) without the consent of the person having parental responsibility.
In this case, Article 17(2) requires the data controller not only to delete the data (provided, of course, that he considers the request legitimate as far as he is concerned).
This obligation exists at the time when the user requests the deletion of his personal data from the database on which the site is based and third parties.

art (20)
Although this Regulation also applies, inter alia, to the activities of courts and other judicial authorities, Union or Member State law could specify the processing operations and procedures in relation to the processing of personal data by courts and other judicial authorities. The competence of the supervisory authorities should not cover the processing of personal data by the courts in the performance of their judicial tasks, in order to safeguard the independence of the judiciary in the performance of its judicial tasks, including its decision-making process. It should be possible to entrust the supervision of such data processing to specific bodies within the judicial system of the Member State, which should in particular ensure compliance with the rules of this Regulation, increase the awareness of the judiciary of its obligations under this Regulation and examine complaints in relation to such data processing operations.


art (22)
Any processing of personal data in the course of the activities of an establishment of a controller or a controller in the territory of the Union should comply with this Regulation, regardless of whether such processing takes place within the Union. Establishment involves the actual and effective performance of activities within the framework of a stable organisation. In this respect, the legal form taken, whether a branch or a subsidiary with legal personality, is not decisive.


art (30)
Individuals may be associated with online identifiers produced by the devices, applications, tools and protocols used, such as IP addresses, with temporary cookies or other identifiers, such as radio frequency identification tags. These identifiers may leave traces which, in particular when combined with unique identifiers and other information received from servers, can be used to create profiles of natural persons and identify them.


As per “EU Regulation 2016/679”, the GDPR regulates data breach, expressly providing for an obligation of notification and communication on the part of the owner, in the event of violations of personal data that may compromise the freedoms and rights of the persons concerned. Not to be confused with Directive 95/46/EC, which, on the contrary, does not provide for any general obligation of notification. Currently, our legal system also provides for a piecemeal notification obligation. In implementation of European legislation on electronic communications, the Privacy Code introduced a specific obligation to notify data breaches exclusively for providers of publicly available electronic communications services. In other sectors (biometric data, health dossiers and public administrations), the obligation has been prescribed through specific provisions of the Privacy Guarantor. The new Regulation, on the other hand, attributes to the notification an essential function of protection of the interested parties and extends this obligation to the generality of the data controllers.


Let’s see Art. (33) what it explains about data breach:


1. In case of a personal data breach, the controller shall notify the personal data breach to the competent supervisory authority pursuant to Article 55 without undue delay and, where possible, within 72 hours from the time of becoming aware of it, unless the personal data breach is unlikely to present a risk to the rights and freedoms of individuals. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by the reasons for the delay.
2. The controller shall inform the controller of the processing without undue delay after having become aware of the breach.
3. The notification referred to in paragraph 1 shall at least:
a) describe the nature of the personal data breach including, where possible, the categories and approximate number of data subjects involved as well as the categories and approximate number of records of the personal data involved;
b) Give the name and contact details of the data protection officer or other contact point where you can obtain more information;
c) describe the likely consequences of the personal data breach;
d) describe the measures taken or proposed to be taken by the data controller to remedy the personal data breach and also, where applicable, to mitigate its possible adverse effects.
4. Where and to the extent that information cannot be provided at the same time, information may be provided at later stages without undue delay.
5. The data controller shall document any personal data breaches, including the circumstances surrounding them, their consequences and the measures taken to remedy them. Such documentation shall enable the supervisory authority to verify compliance with this Article.


The main role of the Data Protection Officer (DPO) is to guarantee that his or her organisation processes the personal data of its staff, customers, suppliers or any other person (also referred to as data subjects) in accordance with the applicable data protection rules. In the EU institutions and bodies, the Data Protection Regulation (Regulation (EC) 45/2001) requires the appointment of a Data Protection Officer.
In addition, Regulation (EU) 2016/679 obliges certain organisations in EU countries to appoint a DPO. It will apply from 25 May 2018.


Let us look in detail at Rule 39 of the Rules of Procedure:
– inform and advise the data controller and the data controller on the obligations deriving from Regulation 679/2016 or other internal or European legislation on data protection;
– to monitor compliance with the Regulation by the data controller and the data controller in all its parts, including the allocation of responsibilities, the
awareness raising and training of staff involved in the processing;
– provide opinions on impact assessment on request and monitor their implementation;
– cooperate with the supervisory authority, inter alia, by acting as a contact point for issues related to processing, carrying out consultations of all kinds, with particular regard and attention to possible prior consultation activities.


Treatment hairpiece
Pickee Srl with headquarters in Via Alessandro Cruto 8, 00146 Roma RM. VAT code 14082801003.


DPO (Data Protection Officer)
Roberto Dotto
Tel. +39 393 499 5981


As per the user’s right, to request the cancellation of data from the site (art 17), provided at the time of acceptance of cookies and regulations provided by the GDPR, send aamail, with the object REQUEST DATA CANCELLATION, to the following e-mail address:


This page is visible, through links at the bottom of all pages of the Site in accordance with the GDPR and article 122, paragraph two, of Legislative Decree 196/2003 and following the simplified procedures for information and consent to the use of cookies published in the Official Gazette No. 126 of June 3, 2014 and its register of measures No. 229 of May 8, 2014.