Privacy policy


Art. 13 GDPR


Pursuant to Article 13 of the European Regulation (EU) 2016/679 (hereinafter “GDPR”), The data controller must inform the data subject, i.e. the one who is the holder of the data that will be processed, about the activity that will be conducted on his personal data, in compliance with legal obligations and principles related thereto.


Who processes your data?


Data controller is HCI association – Helvetic association for cosmetic ingredients


Via Arch. R. Tami 2 – p.o. box 18 – 6924 Sorengo (TI) – Switzerland

No formally appointed DPO



What data we process? 


Your personal information

  1. last name and first name, phone, email, Company where you work;
  2. IP address (see cookie policy);



How do we process and protect your data?


Your personal data may be processed by means of both paper and computer files (including portable devices) and processed in the manner strictly necessary for the purposes intended.

Technical (e.g.: protection of the computer systems where your data is contained; SSL certificates that guarantee that the site is protected and that the flow of data circulating on the site is encrypted) and organizational security measures (e.g.: access to paper or digital archives containing your data only to personnel in charge of processing) are implemented.


For what purposes?


We process your data in order to:

1) If you voluntarily and explicitly send e-mails to the addresses indicated in the different access channels of the site and if you fill in the “form” specifically designed for this purpose, we will acquire your e-mail address and other data necessary to answer your requests and/or provide the service you request.

2) In case of your join with HCI, your personal data will be processed with your consent to carry out the services you requested, for the achievement of the purposes included in our charter, and in relation to any contractual requirements and the consequent fulfillment of legal and fiscal obligations. Your data will be processed for the entire duration of the relationship and also subsequently to comply with legal obligations and for administrative and commercial purposes;

3) In case of consent to receive newsletters, your data (email) will be used in order to proceed with the sending of various updates.

NB: The conferment of data is to respond to your requests. A refusal to give them prevents us from providing our services.


Who do we communicate them to?


Your personal data can be “communicated” by us, with such term meaning the giving of knowledge to one or more determined subjects, in the following terms:

  1. a) to authorized subjects within our structure, and in particular to the employees of our administrative offices;
  2. b) to subjects who can access the data by virtue of regulations or provisions of law, always within the limits provided for by these;
  3. d) to our consultants, within the limits necessary to carry out their duties with the duty of confidentiality and security;
  4. e) to other subjects inside or outside the association who are required to know them in their capacity as organizers of institutional activities sponsored by us relating to courses, meetings, conferences, and any other event to which you request to participate.


.. On what legal basis?


The processing of the data you provide is based, pursuant to Article 6 of the GDPR:

  1. a) for the purposes referred to in point 1 (see above under “for what purposes”) the legal basis that legitimizes us to process your personal data is your consent;
  2. b) for the purposes referred to in point 2, should you become a member of HCI, the legal basis that legitimizes the processing of your data by us is the legal obligation (see art. 6 GDPR), as we must comply with administrative and tax obligations imposed by the legislature;
  3. c) for the purposes referred to in paragraph 3, the legal basis that legitimizes the processing of your data by us is your consent to marketing, freely given through the appropriate flag in the dedicated section of the site.


How long are they stored for?


For the duration of the relationship between you and the association and up to 10 years thereafter (in compliance with legal obligations);

In the case of subscription to the newsletter service, the processing may be interrupted by revoking your consent previously given.

What are your rights?


Art. 13 lett. D) GDPR

You have the right to contact the data protection authority in your country to lodge a complaint against the processing of your personal data by HCI.

Art. 7 co. 3 GDPR

You may revoke your consent to the processing of your data when such processing is based on consent. Revocation of consent does not affect the lawfulness of processing based on consent prior to revocation.

Art. 15 GDPR

You have the right to access the personal data we hold about you (subject to certain restrictions).

We may charge a reasonable fee taking into account the administrative costs of providing the information

Art. 17 GDPR

Some cases, you have the right to delete your personal data or request its deletion. Note that this is not an absolute right, as we may have legal or legitimate reasons to retain your personal data.

Art. 20 GDPR

You have the right to move, copy or transfer data from our database to another. This applies only to data that you have provided, when the processing is based on the performance of a contract or consent and the processing is carried out by automated means

Art. 16 GDPR

You have the right to correct your personal data if it is incorrect or outdated and/or complete it if it is incomplete.

Art. 21 GDPR

You may object at any time to the processing of your data (if your right overrides the legitimate interest of the Controller) when such processing is based on the legitimate interest of the Controller.

Art. 13 – 14 GDPR

You have the right to receive clear, transparent, understandable and easily accessible information about how we process your data and about your rights

Art. 18 GDPR

You have the right to request the restriction of our processing of your data. This right means that the processing of your data will be restricted, so we may store it, but not use or process it further.



Send an email to  expressing your wish to exercise your right, briefly explaining the reasons behind your request.  If your request is accepted, we will send you a pre-filled form (which you will have to complete with your data) that you will return together with an identity document.