Privacy Policy
Effective Date: April 10, 2026 — Last Updated: April 10, 2026
MY.ORGANICS S.r.l. ("MY.ORGANICS," "we," "us," or "our") operates this Cosmetovigilance Adverse Event Reporting form at aem.myorganics.it. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you submit an adverse event report through this website.
This policy is designed to comply with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other state privacy laws.
1. Information We Collect
When you submit a cosmetovigilance report, we collect the following categories of personal information:
| Category | Examples | Purpose |
|---|---|---|
| Identifiers | Name, email address, phone number, postal address | Contact you for follow-up regarding your report |
| Demographic Data | Age, date of birth, sex, race, ethnicity | Assess adverse event risk factors |
| Health & Inference Data | Skin type, skin reactivity, symptoms, allergies, medical history, adverse reactions, laboratory data | Product safety evaluation, adverse event assessment, and regulatory reporting |
| Product Usage Data | Product name, batch number, EAN, dates of use, area of application | Identify the product involved and assess the event |
| Commercial Information | Retailer name and address where the product was purchased | Trace product distribution for safety investigations |
| Visual Evidence | Photographs uploaded as supporting documentation | Substantiate the adverse event report |
Sensitive Data Notice: Some of the information we collect, including health-related data and racial/ethnic origin, may be considered "sensitive personal information" under applicable U.S. state privacy laws. We collect this data solely for the purpose of product safety and regulatory compliance. We do not use sensitive data for profiling, advertising, or any purpose unrelated to cosmetovigilance.
2. How We Use Your Information
We use the personal information collected through this form exclusively for the following business purposes:
- Product Safety & Cosmetovigilance: Evaluating adverse events related to our cosmetic products, identifying potential safety issues, and taking corrective action when necessary.
- Regulatory Compliance: Fulfilling our obligations under U.S. cosmetic safety regulations, including mandatory adverse event reporting to the U.S. Food and Drug Administration (FDA) pursuant to the Modernization of Cosmetics Regulation Act (MoCRA).
- EU Regulatory Compliance: Complying with European Union Regulation (EC) No. 1223/2009 on cosmetic products, which requires cosmetovigilance reporting to the competent authority.
- Follow-Up Communication: Contacting you if additional information is needed to properly assess your report.
- Internal Quality Improvement: Analyzing reported events to improve the safety and quality of our products.
3. International Data Transfer
Your data will be transferred to and processed in Italy (European Union).
MY.ORGANICS S.r.l. is an Italian company headquartered in the European Union. When you submit an adverse event report, your personal information is transmitted to our regulatory team in Italy. The European Union maintains comprehensive data protection laws under the General Data Protection Regulation (GDPR), which provides robust safeguards for your personal data.
By submitting this form, you acknowledge and consent to this international transfer. We implement appropriate safeguards to protect your data during and after transfer, including encrypted transmission (SSL/TLS) and secure storage systems.
4. Data Sharing & Disclosure
We may share your personal information only in the following limited circumstances:
- Regulatory Authorities: We may disclose adverse event data to the U.S. FDA, EU competent authorities, or other regulatory bodies as required by law.
- Service Providers: We use a secure email service provider to transmit your report internally. Service providers are contractually bound to process your data only for our specified purposes.
- Legal Obligations: We may disclose your data when required by law, regulation, subpoena, or court order.
5. We Do Not Sell or Share Your Personal Information
MY.ORGANICS does not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising or marketing purposes.
As defined under the CCPA/CPRA, we do not engage in the "sale" or "sharing" of personal information. The data collected through this cosmetovigilance form is used exclusively for product safety and regulatory compliance purposes.
Because we do not sell or share your personal information, there is no need to opt out. However, if you wish to formally exercise your right, you may contact us at the address below, and we will confirm that no sale or sharing of your data has occurred.
6. Your Privacy Rights
Depending on your state of residence, you may have the following rights under applicable U.S. privacy laws (including CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut CTDPA, and others):
Right to Know
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we have shared your data.
Right to Delete
You have the right to request that we delete the personal information we have collected from you, subject to certain legal exceptions (for example, we may retain data required for regulatory compliance).
Right to Correct
You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing
As stated above, we do not sell or share your personal information. This right is therefore satisfied by default.
Right to Limit Use of Sensitive Data
You have the right to limit our use of sensitive personal information to purposes that are necessary to provide the service. Our use of sensitive data is already limited to cosmetovigilance and regulatory compliance.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. Exercising these rights will not affect any products or services we provide to you.
How to Exercise Your Rights: Submit your request by emailing regulatory@myorganics.it with the subject line "Privacy Rights Request." We will verify your identity and respond within 45 days (or as required by applicable law).
7. Data Retention
We retain adverse event reports and associated personal data for a minimum period required by applicable cosmetic safety regulations:
- EU Regulation: At least 10 years from the date the last batch of the cosmetic product was placed on the market (per EC Regulation 1223/2009).
- U.S. MoCRA Requirements: As required by FDA regulations for cosmetic adverse event records.
After the mandatory retention period, your data will be securely deleted or anonymized.
8. Cookies & Tracking Technologies
This website uses minimal cookies necessary for basic site functionality:
- Cookie Notice Preference: A localStorage entry to remember that you acknowledged our cookie notice. This is stored locally on your device and is not transmitted to our servers.
We do not use analytics cookies, advertising trackers, or third-party tracking technologies on this form. We do not engage in cross-site tracking or behavioral advertising.
9. Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- SSL/TLS encryption for all data in transit
- SMTP over SSL (port 465) for email transmission
- Access controls limiting data access to authorized regulatory personnel
- Secure server infrastructure within the European Union
10. Children's Privacy
This form is not directed to children under the age of 16. If a parent or guardian needs to submit an adverse event report on behalf of a minor, the parent or guardian should complete the form. We do not knowingly collect personal information from children under 16 without verified parental consent.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: