At PUELLA, cosmetics, Tina Sklepič, sp, we value your privacy, so we always carefully protect your information.
Our activities are in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the flow of such data) (General Data Protection Regulation or GDPR) and Council of Europe conventions (ETS No. 108, ETS no. 181, ETS No. 185, ETS No. 189)) and national legislation of the Republic of Slovenia (Personal Data Protection Act (ZVOP-1, Ur. L. RS, No. 94/07), Electronic Commerce on the Market Act (ZEPT , Ur. L. RS, No. 96/09 and 19/15) etc.).
As we are aware that your privacy and familiarity with the processes of processing your personal data means a lot to you, we also invite you to read more about individual segments of personal data protection in the guidelines of the Information Commissioner, who acts as a competent state body personal data protection framework.
Personal data is information that identifies you as an individual: your name, surname, e-mail or ordinary address, etc.
For business purposes, Puella collects the following user data:
- name and surname,
- address and place of residence,
- email address,
- contact telephone number,
and other information you enter on the relevant forms on the website.
By registering and / or placing an order on the website, you expressly agree that Puella may obtain personal data (name and surname, address of residence, e-mail address and any other information provided to the provider for the purpose of fulfilling the contract – orders are voluntarily provided by the buyer) , except for the purposes of negotiating a contract or for fulfilling a contract – an order (as specified in Article 10 of the current Personal Data Protection Act), also used for the purposes of direct marketing through all advertising channels used by the provider (notification by phone and SMS , print media, unaddressed and addressed direct mail, e-mail, etc.), and for the purposes of direct marketing-related statistical and market analysis, marketing profiling and segmentation. In this way, we will make sure that you are properly informed about our current offers at all times, and at the same time you will be informed only about the product offers that best suit your wishes.
As a customer, you must also explicitly give your consent for direct marketing via Puella e-mail when registering and / or placing an order on the website marked “Subscribe to e-news”. Otherwise, the buyer will not receive direct marketing via e-mail, nor will he be duly informed about the provider’s online campaigns.
To revoke the consent for direct marketing via e-mail, arrange:
- by sending a return e-mail in response to a specific e-mail received by the provider each time direct marketing is carried out, and / or;
- by filling in the online form, the link to which is stated in each e-mail received by the provider when performing direct marketing.
You will be notified of the possibility to revoke your consent to carry out direct marketing by e-mail accordingly.
The provider will take into account your request for cancellation and consistently arrange the withdrawal of consent for the purpose of direct marketing through the respective or all advertising channels within 15 days at the latest and will notify you in writing or in another agreed manner within the next five days. You do not suffer any costs in doing so. The provider also guarantees you all other rights in accordance with the applicable legislation, which is defined below.
The provider does not collect or process your personal data, except when you allow it or. agree to it, ie. when ordering products or services, when you subscribe to receive e-news, participate in a prize draw, etc., or when there is a legal basis for the collection of personal data or the provider has a legitimate interest in processing.
The provider collects and processes your personal data on the following legal bases:
- law and contractual relations,
- the consent of the individual,
- legitimate interest.
Processing on the basis of law and contractual relations
In the event that the provision of personal data is a contractual obligation, an obligation necessary for the conclusion and performance of a contract with a provider, or a legal obligation, you must provide personal data; in the event that you do not provide personal data, you cannot enter into a contract with the provider, nor can the provider perform services or supply products under the contract, as it does not have the necessary data to perform the contract.
Conclusion and implementation of the contract concluded with the provider, including the provider’s fulfillment of your orders (supply of products and provision of services), communication with you, verification of your payments and fulfillment of other obligations of the provider and / or your obligations. point (f) of Article 6 (1) of the GDPR).
Direct notification of customers about special offers, discounts and other content via e-mail or SMS
In the company PUELLA, kozmetična djelatnost, Tina Sklepič, sp, on the basis of the ZEKom-1 Act (Electronic Communications Act of the Republic of Slovenia, which is implemented on the basis of the European Directive 2002/58 / EC), we inform our customers about our products, services and contents. The customer may at any time request the termination of such communication and processing of personal data. The customer can terminate such communication at any time via the unsubscribe link in the received messages, or by a written request to the e-mail address firstname.lastname@example.org.
Processing on the basis of a legitimate interest
The provider may also process data on the basis of a legitimate interest pursued by the provider, except when such interests are outweighed by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. In the case of a legitimate interest, the provider always makes an assessment in accordance with the General Data Protection Regulation.
General statistical processing of data on customers and their orders and potential customers (contacts) for the purposes of internal analysis of sales, repurchases, aggregate customer behavior, advertising optimization and business optimization
At Puella, we perform general statistical processing of data on customers and their orders and potential customers (contacts), on the basis of which we perform internal analyzes of sales, repurchases and aggregate customer behavior, and monitor and optimize our business efficiency and optimize our advertising, eg:
- we monitor sales through our sales channels (internet),
- we monitor how many customers make repeat purchases, how quickly and in what value,
- we monitor general sales statistics, such as the average value of the cart, the number of products on order and the like,
- we monitor responses to e-mails, SMS messages, telephone calls and various advertising messages (online ads) and on this basis we optimize our advertising (we decide what, where, to whom and how to advertise).
This type of statistical monitoring enables us to optimize business and advertising in general, and on this basis also to offer users affordable products and services.
Access to your past orders and other information to PUELLA, kozmetična djelatnost, Tina Sklepič, sp
Upon your call to PUELLA, cosmetic activity, Tina Sklepič, sp (or our outgoing call to you) or in case of your visit (if and when you identify yourself), our sales and support consultants have access to your recorded personal data and history purchases, allowing them to offer you better service and more personalized offers.
If you do not want this, you can stop this type of data processing at any time or with a written request to the email address email@example.com.
Processing of data on uncollected distance orders in order to prevent fraud:
At Puella, based on our legitimate interest, we process data on distance orders sent and not received, in order to determine whether and which customers disproportionately order products with payment on delivery and then do not accept these products, resulting in business damage that we want to prevent it.
Once we identify such customers, we prevent them from ordering products in the online store with payment upon receipt, but they are still allowed to order products with other payment methods.
Automatic email communication with the user based on his or. its start of the online buying process
As part of basic personalized communication (via email, SMS, phone calls, mail, browser notifications, website information, social networks), we try to present you with relevant offers, discounts and other content that may be of interest to you based on your past interactions. with us
We use the following information for this:
- demographic data (gender, age, address),
- history of your purchases (purchased products, time of purchase, number of purchases),
- easily address behavior on Puella websites (viewing individual products or content that may trigger the sending of customized messages), without using this information to create user profiles,
- your responses (opening a message, clicking on a link, purchasing) to the various messages we send you.
We do not use any semi-automatic or automatic profiling, but only select the appropriate sets of recipients for individual messages. In doing so, we never focus on individual data, but perform aggregate processing of larger groups.
Based on this information, it may then depend on which messages you receive from us:
- which products and contents we will present to you so that they will be of maximum interest to you,
- what offers you will receive,
- how often we will send you messages and through which communication channels.
The customer can terminate such communication at any time via the unsubscribe link in the received messages, or by a written request to the email address firstname.lastname@example.org.
Using the Facebook advertising tool Facebook Custom Audiences
Puella also uses the Facebook Custom Audiences service based on its legitimate interest in online advertising, either as part of the implementation of basic personalized communication based on its legitimate interest or as part of the consent obtained to communicate with personalized offers. and content based on the user profile.
This service works as follows:
- we upload your email address, which we obtained from you during your purchase or your voluntary entry, to Facebook,
- facebook compares your email address with your user base and finds out if you are a Facebook user
- if you are not a Facebook user, then nothing happens to your email address and Facebook does not perform any activities with it,
- however, if you are a Facebook user, Facebook will add you to the newly created list of customized audiences, which will only and explicitly allow us to show customized ads to this group of users on Facebook,
- based on this, we can show you more targeted and personalized ads on Facebook and, above all, additional discounts.
Processing based on your consent
The provider also collects and processes (uses) your personal data for the following purposes, when you give your consent:
- ensuring that you access and use your online account with the provider and the provider’s online store and for technical reasons of administration on the provider’s website,
- ensuring that you can access the specific information available to you on the provider’s website and on your online account / profile provided by the provider,
- prepare and send personalized e-newsletters, if you have subscribed to it,
- sending commercial offers and other content via e-mail, SMS messages, regular mail or telephone calls and social networks (Facebook, Instagram) when there is no other basis for this and you have agreed to it,
- any other purposes for which you specifically agree to cooperate with the provider.
CONTRACTUAL PROCESSING OF PERSONAL DATA
The contractual processors with which the provider cooperates are:
- Accounting Service; law firms and other legal advice providers,
- data processing and analytics providers,
- IT system maintainers,
- e-mail providers,
- payment system providers,
- providers of customer relationship management systems,
- online advertising solution providers.
- The provider will not pass on your personal data to unauthorized third parties.
Contractual processors may only process personal data within the framework of the controller’s instructions and may not use personal data to pursue any of their own interests.
The controller and users do not export personal data to third countries.
PERSONAL DATA STORAGE
The provider will keep your personal data only as long as it is necessary to achieve the purpose for which the personal data was collected and further processed. Those personal data that the provider processes on the basis of the law are kept by the provider for the period prescribed by law. The personal data processed by the provider for the purpose of concluding a contractual relationship with an individual shall be kept by the provider for the period necessary for the performance of the contract and for 5 years after its termination, except in cases where there is a dispute between you and the provider. ; in such a case, the provider shall keep the data for 5 years after the court or arbitration decision or settlement has become final or, if there has been no litigation, for 5 years from the date of the amicable settlement of the dispute.
Those personal data that the provider processes on the basis of the personal consent of the individual or a legitimate interest, the provider keeps permanently, until the revocation of this consent by the individual or. interruption requests. The provider deletes such data before cancellation only when the purpose of personal data processing has already been achieved or if so provided by law.
At the end of the retention period, the controller effectively and permanently deletes personal data so that it can no longer be linked to a specific individual.
FREEDOM OF CHOICE
The information you provide about yourself is controlled by you. If you choose not to provide your information to the provider, then you will not be able to access certain sites or functions on the website. Individuals who want to unsubscribe from the e-news, let us know at the e-mail address email@example.com. If your personal data changes (postal code, e-mail address, physical address, telephone number), please inform us about the changes at the e-mail address firstname.lastname@example.org.
The provider strongly recommends that all parents and guardians teach their children and carers how to handle personal data safely and responsibly online. Minors should not transfer any personal information to the Website without the permission of their parents or guardians. The provider will never knowingly collect personal data from persons who would be aware that they are minors.
INDIVIDUAL RIGHTS REGARDING DATA PROCESSING
You have a number of rights in connection with your personal information. These include the right of access, review, deletion and restrictions on processing, transfer, objection and appeal.
- Right to revoke consent: If, as an individual, you have consented to the processing of your personal data (for one or more specific purposes), you have the right to revoke that consent at any time, without prejudice to the lawfulness of the data processing carried out until its revocation. Consent can be revoked by a written statement sent to email@example.com. Revocation of consent to the processing of personal data does not have any negative consequences or sanctions for the individual. However, after revoking the consent to the processing of personal data, the controller may no longer be able to provide an individual with one or more of its services in the case of services that cannot be provided without personal data.
- Right of access to personal data: as an individual you have the right to obtain confirmation from the provider (personal data controller) whether personal data are processed in relation to you and, where applicable, access to personal data and certain information (on the purposes of processing, types of personal data, on users, on retention periods or criteria for determining periods, on the existence of the right to rectify or delete data, the right to restrict and object to processing and the right to appeal to the supervisory authority, the source of data if the existence of automated decision-making, including profiling, the reasons for it and the importance and consequences of such processing for you, and other information in accordance with Article 15 of the GDPR).
- Right to correct personal data: As an individual, you have the right to have the provider correct inaccurate personal data about you without undue delay. As an individual, you have the right to supplement incomplete data, including the submission of a supplementary statement, taking into account the purposes of the processing.
- Right to delete personal data: as an individual you have the right to have the provider delete personal data concerning you without undue delay, and the provider must delete data without undue delay when there is one of the following reasons: the data is no longer needed for the purposes for which were collected or. otherwise processed; if you revoke the consent and there is no other legal basis for the processing; if you object to the processing and there are no overriding legitimate reasons for the processing; the data were processed illegally; the data must be deleted in order to fulfill legal obligations under EU law or the law of the Member State applicable to the provider; data were collected in relation to information society service offers.
- As an individual, however, in certain cases described in 3. paragraph of Article 17 of the GDPR, you do not have the right to delete data.
- Right to limit processing: as an individual, you have the right to have the provider restrict processing when there is one of the following cases: if you dispute the accuracy of the data for a period that allows the provider to verify the accuracy of the data; the processing is illegal and you oppose the deletion of the data and instead request a restriction on their use; the data provider no longer needs it for processing purposes, but you need it to enforce, enforce and defend legal claims; you have lodged an objection to the processing until it is verified that the legitimate reasons of the provider outweigh your reasons.
- Right to data portability: as an individual, you have the right to receive personal data concerning you that you have provided to the provider in a structured, commonly used and machine-readable form, and you have the right to pass this data on to another controller without you the provider to whom the personal data have been provided has been hindered in doing so, namely when: the processing is based on consent or on a contract and the processing is carried out by automated means. As an individual, in exercising this right of portability, you have the right to transfer personal data directly from one controller (provider) to another, where technically feasible.
- Right to object to processing: As an individual, you have the right, on grounds relating to your specific situation, to object at any time to the processing of personal data necessary to perform tasks in the public interest or exercise public authority conferred on the provider (point (e) Article 6 (1) of the GDPR) or is necessary for legitimate interests pursued by the provider or a third party (point (f) Article 6 (1) of the GDPR), including profiling based on those treatments; the provider ceases to process personal data unless it proves compelling legitimate reasons for the processing overriding your interests, rights and freedoms, or for asserting, enforcing or defending legal claims. Where personal data are processed for marketing purposes, the individual has the right to object at any time to the processing of data relating to him for the purposes of such marketing, including the creation of profiles in so far as it relates to such direct marketing; where an individual objects to the processing for the purposes of direct marketing, the data shall no longer be processed for those purposes. Where data are processed for scientific or historical research purposes or for statistical purposes, the individual has the right to object to the processing of data relating to him for reasons related to his particular situation, unless the processing is necessary for the performance of the task carried out. for reasons of public interest.
- Right to lodge a complaint with the supervisory authority: without prejudice to any other (administrative or other) remedy, you as an individual have the right to lodge a complaint with the supervisory authority, in particular in your country of residence, place of work or which is alleged to have been breached (in Slovenia it is the Information Commissioner), if you believe that the processing of personal data in relation to you violates the regulations on personal data protection.
Without prejudice to any other (administrative or extrajudicial) remedy, you as an individual have the right to an effective remedy, against a legally binding decision of the supervisory authority in relation to it, as well as in the event that the supervisory authority does not consider your complaint or does not inform the situation or the decision on the appeal within three months. Proceedings against the supervisory authority shall be subject to the jurisdiction of the courts of the Member State in which the supervisory authority is established.
An individual may address all requests concerning the exercise of rights in relation to personal data to the controller, in writing, at firstname.lastname@example.org.
For the purposes of reliable identification in the case of exercising rights in relation to personal data, the controller may request additional data from the individual, and may refuse to act only if he proves that he cannot reliably identify the individual. The controller must respond to a request from an individual exercising his or her rights in relation to personal data without undue delay and at the latest within one month of receiving the request.
In the event of a breach of personal data protection, the provider is obliged to inform the competent supervisory authority, except when it is probable that the breach did not endanger the rights and freedoms of individuals. Where there is a suspicion that a criminal offense has been committed, the tenderer is obliged to inform the police and / or the competent prosecutor’s office about the violation. In the event of a violation that may cause a great risk to the rights and freedoms of individuals, the provider is obliged to immediately or where this is not possible, without undue delay, inform the data subject. The notice to the individual must be made in understandable and clear language.
If you have any comments or suggestions, please send them by post or by email sent to email@example.com. Alternatively you may call us on +386 40 567 084 (local rates apply). This line is open to receive calls on Monday to Friday between 10:00 – 16:00 (CET).
DATA PROTECTION EXPLAINED
We will only keep your information for as long as we are either required to by law or as is relevant for the purposes for which it was collected.
You can visit the Site and browse without having to provide personal details. During your visit to the Site you remain anonymous and at no time can we identify you unless you have an account on the Site and log on with your user name and password.
THE INFORMATION WE COLLECT
In order to provide you with the full range of services, we collect personal information from you when you shop on the Site. We use this information to make your shopping experience as easy and enjoyable as possible.
We collect, store and process your data for processing your purchase on the Site and any possible later claims, and to provide you with our services. We will collect your:
- Email address
- Billing address
- Delivery address (if different)
- Telephone or mobile number
USE OF YOUR PERSONAL INFORMATION
You must only provide to us or the Site information which is accurate and not misleading and you must keep it up to date and inform us of changes.
WE WILL USE YOUR PERSONAL INFORMATION LISTED ABOVE TO:
- Contact you in relation to the order you have placed on the website.
- Administer your account with us.
- Provide services to you in the way of sending goods to your address.
- Send you information we think you may find useful or which you have requested from us, including information about our products and services. Subject to obtaining your consent we may contact you by email with details of other products and services. If you prefer not to receive any marketing communications from us, you can opt out at any time.
- We will use your IP address to identify the location of users, the number of visits from different countries and also to block disruptive use; to analyze and improve the services offered on Flawless Lashes Limited. eg to provide you with the most user-friendly navigation experience.
Where PUELLA, cosmetic activity, Tina Sklepič, sp proposes using your personal information for any other uses we will ensure that you are notified. You will also be given the opportunity to withhold or withdraw your consent to use your information other than as listed above.
We will never pass on your details to third parties for marketing purposes but we may pass your data on to a third party only to:
- Make delivery of the product to you (for example to our courier or supplier).
- Make a payment transaction with merchant bank or or Paypal
We provide them only with the information they need to perform their function. We use the latest secure server technology to ensure your information is protected to the highest standards. We use encryption to secureguard your credit card information and only accept orders from web browsers that allow communication through Secure Socket Layer (SSL) technology – this means you cannot inadvertently place an order through an unsecured connection.
This policy was last modified on 30/10/2019.