Through its online-shop, www.negacosmetics.com (“Site”), Maneks plus d.o.o.(“Nega”, “Nega Cosmetics” or “we”) will process certain personal data. We value the privacy of our customers and users (“Users” or “you”) and are committed to protecting your personal data. We observe all legally required measures in processing and protecting personal data, as required by the “General Data Protection Regulation” (“GDPR”).
We point out that we do not intend to collect personal data from Users younger than 16 years old, unless they have permission from parents or guardians. As we cannot verify if a User is older than 16 years old, we strongly advise parents to be involved in their children’s online activities.
Table of Contents
- About us
- Personal data we collect
- How we use your personal data
- Failure to provide personal data
- Legal grounds for processing
- How we share your personal data and to whom
- How long we store your personal data
- Security of your personal data
- Your legal rights
1. About us
- Nega Cosmetics, Maneks plus d.o.o.
- Volčji potok 38,
- 1235 Radomlje
If you have a complaint about the processing of your personal data by us, we will do our utmost best to resolve it with you. You have the right to lodge a complaint with the competent supervisory authority at any time.
2. Personal data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. In order to provide our services, we may collect, use store and transfer personal information about you.
By accessing our Site, purchasing products, signing up for our newsletter, taking part in a competition, contacting us or otherwise using any services, you are providing certain data to us. This data could include personal data such as:
- First name and last name;
- Email address;
- Telephone number;
- ZIP/Postal Code;
- Street name + number;
- Country; and
- Payment details.
3. How we use your Personal Data
We only retain and use your personal data when the law allows us to. We collect and use your personal data for the following purposes:
Registering you as a new customer and fulfilling your order We will use your personal data when fulfilling your order.
If it is necessary for proper handling, we may provide your data to third parties. (See the section entitled, “6. How we share your data and to whom” below).
Contacting you for matters relating to your order
We will use your personal data in order to contact you with matters relating to your order.
Managing our relationship with you
To enable you to take part in a contest, prize draw or similar events
We will use your personal data to make it possible to take part in a contest, prize draw or similar
To inform you on our products, services, promotions and events
We have a newsletter to inform those interested in our products and/or services. The newsletter is event-based, meaning that it will be sent when certain events occur (such as a new product being launched). Your email address will be added to the list of subscribers only with your explicit consent. The newsletter is aimed at driving engagement and may include information about new products, promotions and events. Each newsletter contains a link through which it is possible to unsubscribe from our newsletter. Further, we may also use direct marketing to contact our existing customers regarding our products and/or services, including promotions and events connected therewith. Each message will contain a link through which it is possible to unsubscribe.
Handling questions you send us by e-mail
If you send us an email with a question, we will use your personal data to fully answer and correctly handle your email.
Research and development
We are always looking for ways to improve our Site. We may use information on how Users use our Site and may collectively analysis User’s behaviour.
Ensuring legal compliance
We may use your personal data in order to comply with our legal obligations, or where it is necessary to protect our legal rights and interests (for example the recovery of debts due to us).
4. Failure to provide personal data
Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide the requested data, we may not be able to perform the agreement we have or are trying to enter in with you (e.g. to provide you products you would like to order). If this is the case, we may need to cancel the order you placed with us, but we will notify you if this is the case.
5. Legal grounds for processing
We rely on the following legal grounds for processing your personal information.
- Performance of an agreement with you. We need your personal information to be able to register you as a new customer, to fulfil your order on the Site, to contact you for matters relating to your order, to inform you on certain promotions and events, to handle questions you send us by e-mail and to manage our relationship with you.
- Explicit consent from you. We will ask explicit consent for subscription to the newsletter.
- Necessary for our legitimate interests. We need your personal information for research and development, for direct marketing purposes, and to protect our legal rights and interests.
6. How we share your personal data and to whom
For the purposes as described under 3., we may need to provide your personal data to third parties.
In order to fulfil your order, we will need to provide your personal data to partners which are involved in the execution of the agreement, such as payment providers and transportation companies. Further, we may need to provide personal data to third parties which help us with the Site, for example hosting providers, e-mail services, etc.
In exceptional circumstances, such as in the event of suspicion of fraud or misuse of the Site, we may hand over personal data to the appropriate authorities in order to comply with any applicable law, to enforce agreements policies, and/or or to protect our Users or the public from harm or illegal activities.
In all cases in which we share personal data with any third party, we strictly limit the use of such personal data to the purposes and legal grounds described above.
7. How long we store your personal data
We will retain your personal data no longer than strictly necessary to achieve the purposes for which your personal data is collected, including for the purpose of satisfying any legal, accounting or reporting requirements.
In order to determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes in other manners, and the applicable legal requirements. The tax authority requires us to keep certain basic information (e.g. transaction data) in our administration for seven (7) years for tax purposes. More information can be found by contacting the tax authority directly.
8. Security of your personal data
We have security measures in place to reduce the likelihood of misuse, loss and unwanted disclosure of, and unauthorized access to, personal data.
Access to your personal data is not available to unauthorized employees of Maneks plus d.o.o..
Our employees and business partners will only process your personal data on our instructions and are subject to a duty of confidentiality.
We have procedures in place to deal with personal data breaches and will notify you and the applicable regulator of such breach where we are legally required to do so.
9. Your privacy rights
You have the following rights with regard to the processing of your personal data by us:
- the right to request whether we process your personal data and, if this is the case, to inspect your personal data;
- the right to rectification of your personal data if they are incorrect or incomplete;
- the right to have your personal data deleted (‘right to be forgotten’);
- the right to object to the processing of your personal data or to limit the processing of your personal data;
- the right to withdraw consent for the processing of your personal data at any time, if the processing is based on your consent;
- the right to receipt or transfer of your personal data by or to a third party designated by you in a structured, customary and machine-readable form (‘right to data portability’);
If you wish to exercise any of the rights above, please contact us via firstname.lastname@example.org or via the address mentioned in the ‘About Nega’ section.
Please be aware that in order to prevent fraud and misuse, we may need to request specific information from you to help us confirm your identity. We may also contact you to ask you for further information in relation to your request. If you wish to inspect personal data linked to a cookie, please make sure to include a copy of the relevant cookie. You will find the cookie in your browser settings.
Within a month after receipt of your request, we will inform you whether we can comply with your request. This period may be extended by two months in specific cases, for example when a complex request is made. We will inform you of such an extension within one month of receipt of your request. Based on privacy legislation we can refuse your request under certain circumstances. If we do so, we will explain the reasons for the refusal. If you object to the processing of your personal data for direct marketing purposes, we will always respect this request.