SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at: Cosmedi Ltd. Shearway Business Park, Shearway Road, Folkestone, KEN, CT19 4RH, United Kingdom
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 5 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 6 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at Cosmedi Ltd.
Information obligation for current and new customers:
In accordance with Article 13(1,2) of the General Data Protection Regulation of 24 April 2016 (Dz.U.UE.L.2016.119.1), hereinafter referred to as “the GDPR”, I hereby inform that:
1. The Controller of your personal data is Cosmedi Limited with the registered office in Shearway Business Park, Shearway Road, Folkestone, Kent, CT19 4RH, United Kingdom, Company Registration Number: 10740418 (hereinafter referred to as “the Controller”);
2. Your data will be processed for the following purposes:
a. provision of the services provided by the Controller under Art. 6(1)(b) of the GDPR (in order to perform the agreement);
b. sending marketing communication about the Controller’s own products and services by the Controller under Art. 6(1)(f) of the GDPR (the legitimate interest of the Controller);
c. sending commercial information by the Controller under Art. 6(1)(a) of the GDPR (consent given to the Controller by the data subject; if you gave your consent).
3. The receiver of your personal data will be third party entities which process data on behalf of the Controller under personal data processing agreements (e.g. hosting service provider) and if the consent has been given:
a. Cosmedi Limited with the registered office in Shearway Business Park, Shearway Road, Folkestone, Kent, CT19 4RH, United Kingdom
in order to send questionnaires by e-mail to check the satisfaction of customers with purchases made in the Cosmedi.co.uk store.
4. Your personal data will not be transferred to a third country/international organisation.
5. Your personal data will be stored for the period of performance of the services provided by the Controller and for the period resulting from the statute of limitations of claims, consumer rights, bookkeeping or other rights in this respect.
6. You have certain rights in connection with the Controller’s processing of your personal data:
a. you have the right to be informed what personal data concerning you are processed by the Controller and to receive a copy of such data (the right of access). The first copy of data is free of charge and the Controller may charge a fee for the subsequent copies;
b. if the data processed become outdated or incomplete (or otherwise incorrect), you have the right to request a rectification;
c. in certain situations, you may request the Controller to delete your personal data, i.e. when the data are no longer necessary for the purposes of the Controller's communication; when you withdraw your consent to the processing of the data (unless the Controller has the right to process the data on another legitimate basis); if the processing is unlawful; or if the need to delete the data arises from the legal obligation of the Controller;
d. in case when your personal data are processed by the Controller on the basis of the given consent for processing or in order to perform the agreement concluded with the Controller, you have the right to transfer your data to another Controller;
e. the Controller processes your personal data in order to, among others, conduct marketing activities relating to Controller’s products and services. “A legitimate interest of the Controller” constitutes the basis for such processing. In the case of such processing, you have the right to object. As a consequence, the Controller will stop processing your personal data for the aforementioned purpose;
f. in order to process the data for certain purposes related to the Controller’s business, the Controller has requested your consent. You may withdraw your consent at any time via an e-mail sent to the Controller. This will result in the fact that the processing, which was performed before the withdrawal of the consent, will not cease to be lawful, but after the withdrawal of your consent, the Controller will not process the data for the purposes for which the consent was given;
g. if you believe that the personal data processed are incorrect, the processing is unlawful or that the Controller no longer needs specific data or that you object to the processing, you may also request the Controller not to carry out any operations on the data, but only to store it, for a specified period of time (e.g. to verify the correctness of the data or to pursue claims).
7. You have the right to lodge a complaint with the Head of the Office for Personal Data Protection if you believe that the processing of the personal data relating to you violates the provisions of the GDPR.
8. We do not collect personal data and we do not measure the behaviour of our users in order to send individual offers. Among other things, we collect information about the account creation date and the last login date, as well as the procedure for abandoned baskets in order to provide the best possible services.
9. Your provision of your personal data constitutes a condition of concluding an agreement with the Controller. You are obliged to provide the aforementioned data and should you fail to do that, the Controller will not be able to provide the services.
In case of questions, all information can be obtained by sending an inquiry to the email address: firstname.lastname@example.org
[Re: Privacy Compliance Officer]
[Shearway Business Park, Shearway Road, Folkestone, KEN, CT19 4RH, United Kingdom]