Privacy Policy
Last Updated: September 2024
This Privacy Policy aims at providing You, also referred to as the “Visitor” or “Data Subject”, with the detailed information on processing of Your personal data by Us, also referred to as “MÁDARA” or “Data Processor”.
We will describe:
- what type of Your personal data We process and
- what We do to process Your personal data.
We will define:
- what purposes We process Your personal data for and
- what legal grounds We rely upon to process Your personal data.
We will explain:
- what rights as a Data Subject You have and
- what You have to do to enforce Your rights.
MÁDARA encourages You to read this Privacy Policy carefully to familiarise Yourself with the way We process Your personal data, when You visit Our website, register Your individual online account with Us, subscribe to Our newsletter, communicate with Us using designated communication tools and channels, or make a purchase in Our online store at us.madaracosmetics.com, also referred to as the “Website”.
This Privacy Policy is a reader friendly explanation of Our data processing activities divided into various sections depending on the topic to make it easy for You to navigate through:
INTRODUCTION
MÁDARA values Your privacy and confidentiality of Your personal data. This is why We process Your personal data in strict compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as the “GDPR”. Our Privacy Policy is supplemented by the Cookies Policy, which specifically addresses processing of Your personal data by using automated means, such as cookies, web beacons and social plugins. This Privacy Policy also refers to Our Website Terms and Conditions, which describe terms of services We provide through Our Website.
We regularly review and update Our Privacy Policy to make sure that it follows most recent trends and highest standards in personal data protection, as well as reflects any and all changes in the applicable laws and regulations on data protection, consumer rights and e-commerce. We have indicated the date of the current version of the Privacy Policy at the top of this page for Your information. Whenever the Privacy Policy is updated, We will bring it to Your attention by displaying a corresponding notice on the Website and emailing it to You, if You allow Us to use Your e-mail address for this purpose.
PROCESSING YOUR ACCESS DATA
If You visit Our Website, the web server will automatically save a server log file, which contain Your internet protocol (IP) address, unique device identifier (UDI), hypertext transfer protocol (HTTP) response status code, operating system (OS) of Your device, date and time of Your request, name, location, and size of the requested files, also referred to as the “Access Data”. We process Your Access Data exclusively for the purpose of securing trouble-free operation of Our Website and ensuring flawless user experience of its main features. We process Access Data to safeguard Our legitimate interest aiming at a high-quality online presentation of Our brand, content and merchandise. If You give Your consent for Us to process Your Access Data for other purposes, please, read the Cookies Policy, which specifically addresses processing of Your personal data by using automated means, such as cookies, web beacons and social plugins.
Our Website is partially hosted by Cloudflare, Inc. (Townsend Street 101, San Francisco, CA 94107, USA), also referred to as “Cloudflare”, which provide Us content delivery network (CDN) solutions. Cloudflare ensures shorter loading time for the large media files and other Website content We display to You through its content delivery network of regionally distributed servers. Cloudflare is processing Your Access Data on Our behalf the same way and for the same purposes as We do, when You visit Our Website. Typically, Cloudflare processes Access Data by using servers in the vicinity of the access location. It is reasonable to expect that in most cases, when Our Website is accessed from the territory of the European Union (EU) or European Economic Area (EEA), Cloudflare will process Access Data in EU or EEA. Occasionally, it may also process Your Access Data by using servers located in countries outside EU or EEA. It is fairly possibly that the personal data protection standards in these countries do not meet GDPR requirements. In order to guarantee GDPR compliant processing of Your Access Data, We rely in Our cooperation with Cloudflare on the standard contractual clauses, which were developed by the European Commission to ensure GDPR compliant processing of the personal data outside EU and EEA.
PROCESSING YOUR PERSONAL DATA TO REGISTER AN ACCOUNT
If you register an online account with Us through Our Website, We will process Your name, surname, e-mail address, phone number (optional) and address details (optional). The registration of the online account is completely voluntary. You are not required to have an online account with Us to make a purchase in Our online store. We will process Your personal data provided as part of the registration to maintain Your online account, to ensure secure access to Your online account, and to offer You additional useful features available to the online account holders, such as writing reviews, viewing purchase history, maintaining Your wish list, receiving a discount for inviting friends over to join Our community, etc. We will process Your personal data provided as part of the registration based on Your explicit consent. You can revoke Your consent and delete Your online account at any time – to request the deletion of your account, please contact us by writing an e-mail to help@madaracosmetics.com.
PROCESSING YOUR E-MAIL ADDRESS TO DELIVER A NEWSLETTER
If you subscribe to Our newsletter, We will process Your e-mail address. The subscription to the newsletter is completely voluntary. We will use Your e-mail address to send You Our newsletter containing useful information on Our merchandise, new product releases, sales, campaigns, events and other relevant information. We will process Your e-mail address based on Your explicit consent granted to Us, when You opt to receive Our newsletter by entering Your e-mail address into the subscription form available on the Website and confirming Your consent by clicking on the subscribe button. You can also express Your consent to receive Our newsletter by ticking a box, when registering an online account with Us or by clicking on a designated link in Your online account menu and following subscription instruction. You can revoke Your consent and unsubscribe from Our newsletters at any time by clicking “unsubscribe” link available at the bottom of each newsletter. Your e-mail address will be erased from the newsletter recipient list as soon as You unsubscribe.
Our newsletter recipient list is managed on Our behalf by the e-mail marketing automation platform service provider The Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA), which is doing business as “Mailchimp”. Mailchimp sends and manages Our advertisement campaigns across different communication channels. Mailchimp may process Your e-mail address by using servers located in countries outside EU or EEA. It is fairly possibly that the personal data protection standards in these countries do not meet GDPR requirements. In order to guarantee GDPR compliant processing of Your e-mail address, We rely in Our cooperation with Mailchimp on the standard contractual clauses, which were developed by the European Commission to ensure GDPR compliant processing of the personal data outside EU and EEA.
PROCESSING YOUR CELLULAR PHONE NUMBER TO DELIVER SMS ALERTS
If you subscribe to Our SMS alerts, We will process Your cellular phone number. The subscription to Our SMS alerts is completely voluntary. We will use Your cellular phone number to send You Our SMS alerts containing useful information on Our merchandise, new product releases, sales, campaigns, events and other relevant information. We will process Your cellular phone number based on Your explicit consent granted to Us, when You opt to receive Our SMS alerts by clicking on a designated link in Your online account menu and following subscription procedure. You can revoke Your consent and unsubscribe from Our SMS alerts at any time by following steps described at the end of each SMS alert. Your cellular phone number will be erased from the SMS alerts recipient list as soon as You unsubscribe.
PROCESSING YOUR PERSONAL DATA TO INITIATE CONTRACTUAL RELATIONS
If you place an order in Our online store, We will collect Your personal data, such as Your name, surname, e-mail address, phone number (if relevant), billing address, delivery address (if relevant), when You place Your order by filling in mandatory and optional fields of Our online order form. We will use mandatory information to initiate and establish contractual relations with You as Our customer and to fulfil Your order. We will process mandatory information based on the necessity to carry out Our obligations arising out of the purchase transaction. You can also provide additional information by filling in optional fields of Our online order form to make Your purchase experience even more convenient. We will process optional information based on Your explicit consent confirmed by You voluntarily providing optional information to Us. You can revoke Your consent and request erasure of the optional information at any time by following steps described in Your order confirmation form.
PROCESSING YOUR PERSONAL DATA TO PROCESS PAYMENT
If You make a payment for Your order in Our online store, We will collect additional personal data, such as Your bank / payment service provider account number or Your bank / payment service provider card number, its expiry date and verification value/code (CVV/CVC) (if relevant) depending on the selected method of payment. We will process aforementioned personal data based on the necessity to carry out Our obligations arising out of the purchase transaction. We will use and share Your personal data with the selected bank or payment service provider for the purpose of processing Your payment. If selected bank or payment service provider collects Your personal data itself through their integration on Our Website or their own website, Your personal data will be processed in accordance with the privacy policy of the corresponding bank or payment service provider.
PROCESSING YOUR DELIVERY ADDRESS TO DISPATCH YOUR ORDER
If you opt for the delivery of the purchased merchandise to Your delivery address, We will additionally process Your delivery address, when You place Your order in Our online store. We will process it based on the necessity to carry out Our obligations arising out of the purchase transaction. We will use and share Your name, surname, delivery address, e-mail address and/or phone number with Our selected regional partner providing Us domestic and international parcel delivery services for the purpose of fulfilling Your order. Our shipping partner may get in touch with You by e-mail or phone to notify You about the upcoming delivery and coordinate with You suitable delivery day/time.
PROCESSING YOUR PERSONAL DATA TO COMMUNICATE
If you communicate with Us by writing an e-mail to help@madaracosmetics.com or getting in touch with Us through social media networks and platforms, We may collect Your personal data provided by You as part of the communication, namely, your name, surname, e-mail address, phone number, social media profile details etc. We will process aforementioned personal data for the purpose of registering and handling Your comment, inquiry, request or complain. If You contact Us to comment or inquire, We will process Your personal data based on Your explicit consent confirmed by You voluntarily contacting Us using designated channel of communication. If You contact Us to request or complain, We will process Your personal data to safeguard Our legitimate interest aiming at guaranteeing high standards of service, ensuring high level of customer satisfaction, carrying out Our obligations arising out of the purchase transaction or safeguarding Ourselves against fraud and extortion.
PROCESSING YOUR PERSONAL DATA ON SOCIAL MEDIA PLATFORMS
We are present on various social networks and platforms, such as Facebook, YouTube, Twitter, Instagram, Pinterest, LinkedIn and Spotify, to interact with Our customers and inform them about Our merchandise, new product releases, sales, campaigns, events and provide other relevant information. If You visit Our social media channels, Your personal data may be automatically collected by the social network or platform depending on the privacy related settings of Your individual profile.
We encourage You to read privacy policy of each social media provider linked below for Your convenience to familiarise Yourself with the way it processes Your personal data:
Facebook: https://www.facebook.com/about/privacy/
YouTube: https://policies.google.com/privacy?hl=en
Twitter: https://twitter.com/en/privacy
Instagram: https://help.instagram.com/519522125107875
Pinterest: https://about.pinterest.com/en/privacy-policy
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Spotify: https://www.spotify.com/us/legal/privacy-policy/
We also encourage to read Our Cookies Policy, which specifically addresses processing of Your personal data by using automated means, such as cookies, web beacons and social plugins.
KEEPING YOUR PERSONAL DATA SECURE
MÁDARA undertakes various organisational, technical and technological measures to ensure security, integrity and confidentiality of Your Personal Data, while being processed by Us or designated third parties. Despite all reasonable efforts, We have to emphasise that neither internet transmission of any data, browsing of any website or using any online account is completely secure.
TRANSFERRING YOUR PERSONAL DATA TO THIRD COUNTRIES
MÁDARA cooperates with various service providers, for instance, Cloudflare, Inc. (Townsend Street 101, San Francisco, CA 94107, USA), The Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA), which use servers in countries outside EU or EEA. Typically, Our service providers process Your personal data by using servers in the vicinity of the access location. It is reasonable to expect that in most cases, when Our Website is accessed from the territory of the European Union (EU) or European Economic Area (EEA), Our service providers will process Your personal data in EU or EEA. Occasionally, it may also process Your personal data by using servers located in countries outside EU or EEA. It is fairly possibly that the personal data protection standards in these countries do not meet GDPR requirements. In order to guarantee GDPR compliant processing of Your personal data, We rely in Our cooperation with service providers on the standard contractual clauses, which were developed by the European Commission to ensure GDPR compliant processing of the personal data outside EU and EEA.
EXPLAINING YOUR RIGHTS AS A DATA SUBJECT
If We process Your personal data, You have following rights as a Data Subject in regards to the processing activities concerning Your personal data:
- You have a right to be informed in a clear, transparent and understandable manner about Your personal data being collected, used, consulted or otherwise processed by Us.
- You have a right to request a copy of Your personal data, which has been processed by Us , and receive a confirmation on whether Your personal data has been processed. If positive, You have a right to receive a copy of Your personal data, as well as other relevant information, in particular (i) the purpose(s) for processing Your personal data; (ii) categories of Your personal data being processed; (iii) any recipient(s) of Your personal data, including recipients in third countries and information on the appropriate safeguards in case of transfer of Your personal data to third countries; (iv) duration of Your personal data processing (retention period); (v) source of Your personal data, if it has not been provided by You; (vi) existence of the automated decision-making based on the results of Your personal data processing, including profiling and meaningful information on how decisions are made, the significance and consequences of the processing activities; as well as (vii) information on other rights of the Data Subject described below.
- You have a right to request Us to rectify or complete Your personal data without undue delay, if Your personal data is inaccurate or incomplete. You can also rectify, modify or complete Your personal data Yourself by updating Your personal data information through Your online account, if applicable.
- You have a right to request erasure of Your personal data without undue delay, if Your personal data is (i) no longer necessary in relation to the purposes for which it has been collected, (ii) has been unlawfully processed; (iii) has to be erased in order to comply with a legal obligation; (iv) has been collected in relation to the offer of information society services (e.g. social media) to a child, as well as if You withdraw Your consent to the processing of Your personal data and there is no other lawful basis for its processing or You object (i) to the processing of Your personal data and there is no overriding legitimate grounds for continuing its processing; or (ii) to the processing and your personal data are being processed for direct marketing purposes.
- You have a right to restrict Our use of Your personal data, if You (i) contest accuracy of Your personal data; (ii) the use of Your personal data is unlawful, but You do not want Us to erase it; (iii) We no longer need Your personal data for the purposes We collected in for, but You require it for the establishment, exercise or defence of Your legal interests; or (iv) You have objected against Us processing Your personal data based on Our legitimate interest, while verification of whether Our compelling interests prevail is pending.
- You have a right to object to processing of Your personal data when this processing is carried out in connection with Our legitimate interest. After exercising Your right of objection, We will stop processing Your personal data further, unless We can prove compelling reasons worthy of protection for the processing, which outweigh Your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
- You have a right to obtain Your personal data from Us in a structured, commonly used and machine-readable format that makes it easier to reuse Your personal data in another context, and to transmit Your personal data to another data controller of Your choose without hindrance or undue delay.
- You have a right to lodge a complaint with State Data Inspectorate (Blaumana street 11/13-15, Riga, LV-1011, Latvia phone: +371 67 223 131, e-mail: info@dvi.gov.lv) against Us processing Your personal data, if You consider that We are processing You personal data in violation of the applicable laws and regulations.
CONTACT INFORMATION
In case You are willing to enquire and receive additional information or explanation regarding processing of Your personal data, please, do not hesitate to contact Us:
MÁDARA Cosmetics AS,
Registration number: 40003844254;
Registered office address: 6 Eliza Street, Beacon, NY 12508, USA
E-mail: help@madaracosmetics.com
MÁDARA will process Your enquiry, request or complain as soon as possible, but in any case, not later than it is reasonable expected or prescribed by the applicable laws and regulations.