top of page


"COVID-19 self-declaration" information to the interested party

1. Categories of interested parties and types of data processed.

The 'Covid-19 Self-declaration' treatment operated by NEST Beauty & Relax includes the collection of data
personal data relating to natural customers, who have been asked to fill in a self-declaration
specially prepared for the Covid-19 emergency.
The processed data requested include: Name and Surname, presence of certain symptoms or exposure to


2. Purpose of the treatment

All data is necessary for the prevention of Corona virus infection.


3. Legal basis

Implementation of the anti-contagion security protocol pursuant to the Prime Minister's Decree of 11/03/2020 and Article 9, paragraph 2
letter i of the GDPR. The consent to the processing by the person concerned is not necessary.

4. Processing methods and duration

Once signed, the 'Covid-19 self-declaration' forms are kept at the premises of the Beauty Center in
a binder closed in a room not accessible to the public, or in the "privacy and informed consent" cabinet
of the administrative office, on the first floor of the local unit in Via Cesare Battisti 20/2.
Forms are normally destroyed after 90 days from the date of signature or, at the latest, at the end of the status
of emergency .

5. Risks for the interested party 

The privacy of the interested party could be damaged in case of improper access to the processed data and to them
Disclosure: for this reason risk minimization procedures and duration have been put in place
of the treatment is limited in time.


6. Risk reduction measures

Self-declarations are always kept in a closed binder in a room not accessible to the public,
or in the "privacy and informed consent" cabinet of the accounting office, on the first floor of the local unit of
Via Cesare Battisti 20/2. The wardrobe is locked.
The data are not subject to any computer processing, nor are they disclosed or shared with third parties.
The people who work in the Center have undergone specific specific training
to privacy and the European Regulation 679/2016.


7. Data Breach

In the event that the Data Controller is stolen from the locker containing the consents and has
reason to believe that these have been disclosed (data breach) will communicate the incident to all interested parties e
will activate - if it deems it appropriate - a report to the Guarantor Authority.

8. Owner, DPO Manager

NEST Srl, with registered office in via Antonio Tolomeo Trivulzio 1, 20146, Milan; 037189596;
is the Data Controller of personal data called 'Covid-19 self-declaration'.
The Treatment does not involve any external operator, the Data Controller therefore also operates as the Manager of the
Treatment. Given the small scale and nature of the data processed, the Data Controller does not believe it should make use of a
Data Protection Officer (DPO).

Download the COVID-19 information and self-declaration

Download the anti-contagion protocol that NEST has adopted for the reopening  

bottom of page