Politics of Confidentiality
The European Union Law relative to personal data protection, “General Data Protection Regulation” (hereinafter referred to as “GDPR”) entered in force on 25th of May 2016 but became effective with 25th of May 2018.
The protection of your personal data is important to us and, therefore, we pay close attention to the protection of visitors’ private life accessing the Beauty Leaders website, in accordance with the (EU) Regulations 2016/679 of the European Parliament and Council from the 27th of April 2016 with reference to the natural entities’ protection relative to personal data processing and the free circulation of such data (hereinafter referred to as “GDPR”).
Data protection is high priority for us. Accessing / Using our Website is sometimes possible without providing personal data; however, if personal data processing is necessary and there is no legal framework for such processing, we request the consent of the person in question.
By means of such data protection politics, we would like to inform the large audience with reference to the nature and purpose of personal data we collect, use, and process. Moreover, the people in question are informed with reference to their rights via the data protections statement herein.
As data operator (see the definition above), we implemented numerous technical and organisational measures to ensure the most accurate personal data protection processed via this website. However, the Internet-based data transmission may have security breaches, implying the potential failure to ensure absolute protection.
Operator’s Name and Address
The Operator, in accordance with the General Data Protection Regulations (GDPR) and other laws relative to data protection applicable in the member states of the European Union, and other dispositions regarding data protection, has the following contact data:
BEAUTY LEADERS – is the brand name of ARTIXIA S.R.L, Romanian legal entity, having the registered office in Oradea, 7B Franz Schubert Street, with the Trade Register Registration Number J2024029449000, Tax Identification Number 50670325.
Because we are always willing to learn your opinions and to provide you with any additional information relative to your data processing, we kindly encourage to contact us at the email address contact@beauty-leaders.com
Definitions
The data protection statement herein is based on the terms used by the European lawmaker with reference to the adoption of General Data Protection Regulations (GDPR). Our statement regarding data protection must be legible and easily comprehensible for the large audience, our clients, and business partners. In order to ensure this, we would like to explain the terminology used.
In the data protection statement herein, we use the following terms:
a) Personal Data
Personal data include any information relative to a natural entity identified or identifiable (“entity in question”). The identifiable natural entity represents an entity which may be identified directly or indirectly, particularly by referring to an online identifier or one or more physical, genetic, mental, economic, cultural, or social specific factors of the same natural entity.
b) Data Subject
The entity in question represents any identified or identifiable natural entity whose personal data are processed by the data operator in charge.
c) Processing
It involves the processing, storage, adaptation, or modification, recovery, consulting, usage, disclosure through transmission, dissemination, or disposal in another way, aligning, or combination, restriction, elimination, or destruction.
d) Processing Restriction
Processing restriction implies marking personal data stored in order to have their processing limited in the future.
e) Profiling
Profiling represents any automatic personal data processing form which includes the use of personal data for the evaluation of a natural entity’s personal aspects, particularly to analyse or predict details relative to the natural entity’s performance at one’s workplace, economic situation, health, personal preferences, interests, reliability, behaviour, location, or moves.
f) Pseudonymisation
Pseudonymisation represents the personal data processing so that personal data may not be allocated to a certain data subject without using additional information provided that such additional information are stored separately, being the object of technical and organisational measures in order to ensure that personal data are not attributed to an identified or identifiable natural entity.
g) Processing Operator in charge
Processing operator in charge represents the natural or legal entity, public authority, the agency or another organism which, solely or alongside others, determines the scopes and means of personal data processing; if the scope and means of such processing are determined by the legislation of the Union or the member state, the operator or the specific nomination criteria may be provided by the legislation of the Union or the member state.
h) Processor
The processor represents the natural or legal entity, a public authority, an agency, or another organism which processes personal data on operator’s behalf.
i) Addressee
The Beneficiary represents a natural or legal entity, a public authority, an agency, or another organism being disclosed personal data to, regardless of being a third party or not. However, public authorities may receive personal data within a certain inquiry in accordance with the legislation of the European Union or member states which are not considered addressees; the processing of such data by the respective public authorities must comply with the applicable norms relative to data protection in compliance with the processing scopes.
j) Third Party
A third party represents a natural or legal entity, a public authority, an agency, or another organism rather than the entity in questions, an operator, processor, and people who, under the direct authority of the operator or processor, are authorised to process personal data.
k) Consent
The consent of the entity in question represents any specific, informed, and non-ambiguous indication relative to the wishes of the person in question who, by means of a statement or clear affirmative action, accepts his or her personal data processing.
Cookie
Our Website uses cookies. They represent text files stored in an information system via an Internet browser.
Many Internet websites and servers use cookies. Many cookie modules contain a cookie ID.
A cookie ID represents a sole identifier of the cookie. It is composed on a series of characters by means of which the Internet pages and servers may by allocated to the Internet browser where the cookie was stored. It allows the Internet websites and servers used to differentiate the individual browser of the person in question from other Internet browsers, which include other cookies. A certain Internet browser may be acknowledged and identified using the sole cookie ID.
By using cookies, we may provide the users of this website with more easily-to-use services, which would not be possible without setting on such cookies.
Via a cookie, the information and offers mentioned on our website may be optimised depending on the user. Cookies allow us, as previously mentioned, to acknowledge the users of our website. The purpose of such acknowledgment is to ease the traffic of our users on our website. For instance, the website user accepting the cookies modules must not introduce the access data every time the website is accessed, because such data are processed by the website, and the cookie is stored in the user’s information system. Another example represents the cookie of a shopping cart within an online shop. The online shop remembers the items placed by the client in one’s virtual shopping cart via cookie modules.
The person in question may, at any moment, to set off the cookies via our website by means of a setting corresponding to the Internet browser used and, therefore, to permanently refuse setting on the cookies. Moreover, the already set cookies may be deleted at any moment via the Internet browser or other software programs. Such operation is possible in all popular Internet browsers. Should the person in question deactivate setting the cookies in one’s Internet browser, not all the functionalities of our website may be fully used.
Data Collection and General Information
Our website collects a series of data and general information when a data subject or an automatic system requests the website. Such data and general information are stored in the server journal files.
Our company collects data during the organisation of contests relative to your participation in the competitions organised by Beauty Leaders and its partners (the sponsors of such contests) in order to grant the prizes to the winners; therefore, in the capacity of participant to such contents, you fully express your agreement that, if winning a prize, the sponsors should receive your personal data for the delivery of such prizes; the winners’ data shall also become public, including their full name, and the locality of residence.
The collected data may refer to: the types of browser and versions used, the operation system used by the access system, the website an access system reaches our website (the so-called referred), the access date and time to the Internet website, the Internet protocol address (IP address), the Internet provider of the access system, surname / first name, residence, email address, telephone number, locality, detailed information about users, including the name, birthdate, gender, ID card number, history of participations, including information relative to the courses and services booked with reference to your courses, the information provided regarding your and your programs and courses assistants’ participation preferences, the notifications transmitted or directed to us via letters, emails, chat services, calls, and social networks, the location, including the real-time geographical location of your computer or device through GPS, and your IP address, alongside of WI-FI hotspot and GSM locations for location-based functionalities, and localisation services settings for devices, computers, and any other similar data and information which may be used during cyber-attacks against our website.
We may also process your personal data in one or more situations mentioned below:
- to comply with a legal liability (for example, accounting);
- you consented with the use of your personal data (for example, for commercial purposes);
- to protect your vital interests or another person’s (for example, for emergency situations)
- it represents a legitimate interest as a marketing agency (for example, for management purposes).
When using such data and general information, we do not draw a conclusion regarding the entity in question. Such information is rather necessary to: (1) properly provide the content of our website, (2) optimise the content of our website, and its publicity; (3) ensure the long-term viability of our information technology systems, and (4) provide the authorities the information necessary for the criminal prosecution in case of a cyberattack. Therefore, we statistically analyse the anonymously collected data and information in order to increase the security of data and our company’s data, and to ensure an optimal level of personal data processed. The anonymous data of server journal files are separately stored from the personal data provided by a data subject.
We never store data including: Client’s / User’s / Purchaser’s payment card data, being accessible exclusively to the authorisation institution of the Transaction or another entity authorised to provide card identification data storage services, whose entity the Client / User / Purchaser shall be informed about, prior to data introduction.
Rights of the person in question
a) Confirmation right
Every person in question is entitled by the European lawmaker in order to obtain from the operator a confirmation regarding that one’s personal data are or not processed. If subject data is willing to use this confirmation right, he or she may contact any operator’s employee at any time.
b) Access right
Every person in question is entitled by the European lawmaker in order to obtain from the operator free of charge information regarding one’s personal data stored at any moment and a copy of such information. Moreover, the European directives and regulations ensure the access to the people in question to the information below:
– the scopes of processing, categories of personal data in question, addressees, or categories of addressees whose personal data were or shall be disclosed, particularly addressees within third countries or international organisations, when possible, the period provided according to which the personal data shall be stored or, if not possible, the criteria used to determine such period;
-the existence of the right to request the rectification or elimination of personal data to the operator or the restriction of personal data processing with reference to the person in question, or to refuse such processing, the existence of the right to file a complaint to a surveillance authority, if the personal data are not collected from the person in question, any information available with reference to their source, the existence of an automated decisional process, mentioned within article 22 paragraphs (1) and (4) within GDPR and, at least in such cases, important information relative to the logic involved, equipment, and potential consequences of such processing for the person in question.
Furthermore, the person in question is entitled to obtain information relative to the personal data transfer to a third country or an international organisation. In such situation, the person in question is entitled to be informed with reference to the proper guarantees relative to such transfer.
If a data subject is willing to supersede such access right, he or she is entitled, at any point, to contact any operator’s employee.
c.) The Rectification Right
Any person in question is entitled by the European lawmaker to obtain from the operator, without unjustified delays, the rectification of one’s inaccurate personal data. Considering the purposes of the processing, the person in question is entitled to fill in incomplete personal data, including via the provision of an additional statement.
If a data subject is willing to supersede such access right, he or she is entitled, at any point, to contact any operator’s employee.
d.) The Elimination Right (The Right to be Forgotten)
Any person in question is entitled by the European lawmaker to have his or her personal data eliminated by the operator, without any unjustified explanations and the operator must delete personal data at once if one of the reasons below are applicable, if the processing is not necessary:
Personal data are not necessary anymore in relation to the purposes of their initial collection or processing. The person in question revokes his or her consent referring to such processing in conformity with article 6 paragraph (1) letter (a) within GDPR or point (a) within article 9 paragraph (2) within GDPR, and if there is no other legal basis for processing. The person in question refuses the processing according to article 21 paragraph (1) within GDPR and there are no legal compulsory bases relative to such processing, or the person in question is the object of the processing according to article 21 paragraph (2) within GDPR. Personal data were processed illegally. Personal data must be eliminated to comply with a legal liability mentioned in the law of the Union or another member state where the controller is the subject. Personal data were collected with reference to the offer of services provided by the informational company specified within article (8) paragraph (1) within GDPR.
Should any of the above-mentioned bases become applicable and a data subject requests the elimination of the personal data stored by our company, he or she is entitled to contact at any moment an operator’s employee. The latter must ensure the removal request is immediately complied with.
If the operator made public the personal data and is obligated, in conformity with article 17 1st paragraph, to delete such personal data, the operator, considering the technology available and the implementation costs, adopts reasonable measures, including technical measures, whereas the personal data operators ensure the person in question demanded the elimination of such connections by these operators, their copy and replication of such personal data if the processing is not necessary. An employee shall refer to all measures necessary for individual situations.
e) The right to restrict the processing
Each entity in question is entitled by the European lawmaker to obtain from the operator the processing restriction if one of the following becomes applicable:
The exactness of the personal data is appealed by the person in question for a period which allows the operator its verification. The processing is illegal and the person in question refuses the deletion of personal data and requests limitation. On the contrary, the operator fails to need personal data for processing, but such details are requested by the person in question to set up, implement or protect legal requirements. The entity in question formulated complaints regarding the processing according to article 21 1st paragraph within GDPR, to check if the legal motifs of the operator are overlap the entity’s.
If any of the previously mentioned conditions is fulfilled and the entity in question requests the restriction of personal data processing, it may contact any operator’s employee at any time. The employee shall restrict the processing.
f.) Right to data portability
Every entity in question is entitled by the European lawmaker to receive his or her personal data delivered to the operator, in a structured, commonly used, and legible form. This is entitled to provide such data to another operator without any restriction caused by the operator who had previously received such personal data as long as the processing is performed based on the agreement mentioned within article 6 1st paragraph letter (a) within GDPR or article 9 2nd paragraph letter (a) within GDPR of a contract according to the article 6 1st paragraph letter (b) within GDPR, whereas the processing is performed automatically, without being necessary in order to fulfil a personal interest task or to exercise the public authority ensured the operator.
Furthermore, for the exercise of one’s right to transfer the data according to article 20 1st paragraph within GDPR, the entity in question is entitled to provide personal data from an operator to another if it is feasible technically and it does not negatively affect others’ rights and liberties.
In order to affirm the right to data portability, the entity in question is entitled to contact any employee at any moment.
g) Right to complaint
Every entity is entitled according to the European lawmaker to have his or her personal data processed at any moment, given one’s particular situation, in conformity with letters (e) or (f) within article 6 1st paragraph within GDPR. Such issue is applicable according to the profiling based on such dispositions.
We shall not process personal data given a complaint, except the case where conclusive legal grounds are provable regarding the processing exceeding the interests, rights, and liberties of the entity in question or with reference to the settlement, exercise or protection of legal requirements.
Should we process personal data for direct marketing purposes, the entity in question is entitled to refuse at any moment the personal data processing if connected to this type of marketing. Such procedure is applicable to profiling if connected to this type of direct marketing. Should the entity in question complains about the direct marketing processing, we shall not process the personal data for such purposes.
Moreover, the entity in question is entitled, according to legal grounds related to one’s particular situation, to refuse the processing of his or her personal data for scientific or historical research or statistical purposes in conformity with article 89 1st paragraph within GDPR, except for the situation when such processing is necessary in order to meet a public interest task.
In order to perform complaints, the entity in question may contact any employee. Furthermore, the entity is entitled to perform complain automatically by using technical specification using informatic means and without being detrimental to Directive 2002/58/EC.
h.) Automation of individual decisional-making process, including profiling
Each entity in question is entitled by the European lawmaker not to represent the object of an exclusively automated resolution, including profiling, enforcing legal effects regarding or significantly affecting it as long as such resolution (1) is not necessary for the conclusion or execution of a contract between the entity in question and a data operator or (2) is not authorised by the legislation of the Union or the member state the operator is submitted to and which also includes the adoption of proper measures meant to protect the rights, liberties, and legal interests of the entity in question or (3) is not based on the explicit agreement of the specific subject.
If the resolution (1) is necessary for the conclusion or execution of a contract between the entity in question and a data operator or (2) is based on the explicit agreement of the entity in question, we shall implement corresponding measures in order to protect the rights, liberties, and legal interests of the subject, at least the right to be provided human intervention from the operator, in order to express one’s viewpoint and challenge the resolution.
If the entity in question is willing to exercise one’s rights with reference to the automatic individual decision making, he or she is entitled to contact any employee.
i.) Right to withdraw the consent related to data protection
Every entity in question is entitled by the European lawmaker to withdraw his or her consent related to the personal data processing at any moment.
If the entity in question is willing to withdraw his or her consent related to data protection, he or she may contact any employee at any moment.
Legal grounds for processing
Article 6 (1) lit. within GDPR represents the legal basis for processing operations related to the consent for a specific type of processing. If personal data processing is necessary to execute a contract the entity in question is an integral part of, as for example the processing operations necessary for the provision of goods or another service, the processing is performed according to article 6 1st paragraph letter b within GDPR. The same is applicable for enquiries regarding our products or services. Our company submits to a legal liability afferent to personal data processing, including the fulfilment of tax liabilities, according to which the processing is performed in conformity with article 6 (1) letter c within GDPR. In rare situations, personal data processing may be necessary in order to protect the vital interests of the entity in question or another natural person. For example, it includes the situations when a visitor was injured within our company and the name, age, health insurance details, or other vital information should be provided to a doctor, hospital, or another third party. Thus, the processing shall be performed in conformity with article 6 (1) letter d within GDPR. Lastly, processing operations may be performed in conformity with article 6 (1) letter f within GDPR. Such legal basis is used for the processing operations uncovered by any of the above-mentioned legal grounds if such processing is necessary for the legal interests of our company or a third party, except the situation when such interests are waived by the fundamental interests, rights or liberties of the entity in question, which needs personal data protection. Such processing operations are particularly permitted because they were specifically mentioned by the European lawmaker. It considered a legal interest may be provided if the entity in question is the operator’s client (disposition 47 within sentence 2 GDPR).
Routine deletion and blocking of personal data
The data administrator processes and stores personal data of the entity in question exclusively for the period necessary to meet the storage purpose or, if such situation is allowed by the European lawmaker or other lawmakers within the laws or regulations applicable to the operator.
If the storage purpose is not applicable or the storage period agreed by the European lawmaker or another competent one ends, personal data are usually blocked or deleted in conformity with legal requirements.
Legal interests complied with by the operator or a third party
If the personal data processing is based on article 6 1st paragraph letter f GDPR, our legal interest is to perform our business for the wellbeing of all our employees and shareholders.
Period of personal data storage
BEAUTYLEADERS may store the processed data for different periods of time, considered reasonable, in conformity with the previously specified purposes. We store your data exclusively in order to meet your needs or to comply with our responsibilities according to the law.
In order to know for how long your data may be stored, we use the following criteria:
- When you purchase products and services, we store your personal data for the duration of our contractual relationship;
- If you participate in a promotional offer, we store your personal data for the duration of such offer;
- If you contact us for a question, we store your personal data for the duration of your question processing, but not longer than 5 years from your last correspondence;
- If you create an account, we store your personal data until you request their deletion or following a period of inactivity (no active interaction with our brands) mentioned in conformity with local regulations and guidelines.
Therefore, we hereby mention that the data processed according to this purpose will be deleted 5 years following your last interaction with the user of the account (for example, login in your account);
- If you agreed with our marketing procedure, we store your personal data until you unsubscribe or request to delete them or following a period of inactivity (no active interaction with our brands), defined in conformity with local regulation and guidelines. Therefore, we hereby mention that your data stored in our database for direct marketing purposes are deleted from such database 5 years after our last interaction with you;
- If the cookies are stored on computer, we shall keep them as long as necessary in order to serve their purposes (for example, during a session for a shopping cart cookies or for those afferent to the session IDs) and for a period defined in conformity with local regulations and guidelines. Therefore, we hereby mention that the data processed via cookies used to provide online behavioural advertising, to customise our services and to permit the distribution of our content on social networks (sharing buttons for website display) shall be stored for a period of maximum 5 years since their collection, according to your consent.
PROCESSING SECURITY
BEAUTY LEADERS adopted technical and organisational data processing measures, updated in conformity with GDPR requirements, in order to protect your personal data against any unauthorised access actions, inadequate use or sharing, unauthorised modification, destruction, or accidental loss. All BEAUTY LEADERS employees and collaborators, and any third parties acting on behalf of BEAUTY LEADERS are bound to comply with the confidentiality of your information and GDPR requirements, according to the provision of the Policy herein.
We observe strict security procedures afferent to the storage and disclosure of your personal data, in order to protect them against loss, destruction, or accidental deterioration. Your data are SSL (Secure Socket Layer) protected. SSL represents the personal data and information encryption method for their safe transfer via the Internet.
All registration details are transmitted via an SSL connection by means of the dedicated network infrastructure (Multiprotocol Label Switching-MPLS) and they are stored in conformity with the Data Security Standards.
It is likely for us to disclose your information to trustworthy third parties for the purposes mentioned in the Confidentiality Policy herein. We hereby request all third parties to ensure proper security technical and operational measures, in order to protect your personal data in conformity with the Irish and EU legislation regarding data protection norms.
Our website may contain, at a certain point, access links towards other websites whose data processing policies may differ from ours.
We kindly ask you to consider and consult the personal data protection policies of other websites because BEAUTY LEADERS cannot own responsibility related to the information collected by such third parties, such as Facebook, Instagram etc. We hereby declare that the personal data provision is partly requested by law (for example, Tax Regulations) or it may arise from contractual dispositions (for example, details related to the contractual partner). Lack of personal data would represent the failure of concluding a contract with the entity in question. Prior to the personal data provision by the entity in question, the latter must contact any employee.
Registration on our website
The entity in question is given the opportunity of registering on the operator’s website with the personal data indication. The input mask used for registration determines the type of personal data transmitted to the operator. Personal data introduced by the entity in question are collected and exclusively stored for internal use by the operator and own purposes. The operator may request the transfer to one or multiple processors using the same personal data for the internal use allocated to the operator.
By registering on the operator’s website, the IP address allocated by the ISP (Internet services provider) is also stored and used by the date of the data subject and registration time. Such data storage is based on the fact that this represents the sole modality of preventing the abusive use of our services and, if necessary, to make possible the investigation of potential crimes as long as the storage of such data is necessary to assure the operator. Such data are not transmitted to third parties unless there is a legal obligation of providing the data or the transfer is performed in order to comply with criminal prosecution.
The registration of the entity in question, by voluntarily providing the personal data, allows the operator to ensure the content or services provided by the entity in question, which may be offered exclusively to the registered users due to the nature of the situation itself. Registered entities are free to change their personal data mentioned during their registration at any moment or to completely eliminate them from the operator’s data storage. The data operator must provide at any moment, upon request, to any data subject information relative to the entity’s stored personal data.
Furthermore, the data operator must correct or delete the personal data upon the entity’s request or indication as long as there are no legal storage obligations. The entire operator’s personnel are available in this purpose for the entity’s benefit as contact people.
Newsletter Subscription
On our website, the users are given the opportunity to subscribe to the company’s newsletter. The input mask used accordingly determines the type of personal data transmitted and the newsletter coordination moment by the operator.
We regularly notify our clients and business partners via an informative newsletter regarding our offers and competitions. Such newsletter may be received by the entity in question if the latter has a valid email address and registered one’s request of receiving such newsletters. A confirmation email shall be sent to the email address registered by the entity in question for the first time regarding the delivery of informative newsletters for legal purposes. Such confirmation email is used in order to demonstrate if the email address owner as entity in question is authorised to receive the informative newsletter.
When registering the informative newsletter, we also store the IP address of the system allocated by the ISP (Internet Services Provider) and used by the entity in question during one’s registration, alongside with the date and registration time. The collection of such data is necessary in order to (potentially) comprehend the subsequent inappropriate email usage of a subject and, therefore, it legally protects the operator.
The personal data collected as part of a newsletter registration shall be exclusively used to send our newsletter. Moreover, the subscribers to the informative newsletter shall be notified via email as long as it is necessary for the proper news service functioning and specific registration since it might be possible for informative newsletters offer or the technical circumstances change. No personal data collected by the newsletter service transfer to third parties shall be performed. The subscription to our newsletter may be cancelled by the entity in question at any moment. The agreement regarding the personal data storage, ensured by the entity in question regarding the informative newsletter provision, may be revoked at any moment. There is a specific connection introduced in any informative newsletter for the agreement revocation. Also, you may unsubscribe from the informative newsletter at any moment using the operator’s website or by communicating with the operator.
Contact Possibility Via Our Website
Our website includes information permitting a rapid electronic contact with our company and the direct communication via the contact page. If a data subject contacts the operator via email or a contact form, the personal data transmitted by the entity in question are automatically stored. Such personal data are voluntarily transmitted by the data subject to the data operator and are stored to be processed or contact the entity in question.
If you consider our personal data processing does not comply with the applicable legislation regarding data protection, you may forward your complaint to:
The National Supervisory Authority for the Processing of Personal Data
28-30 G-ral. Gheorghe Magheru Boulevard, Sector 1, postal code 010336, Bucharest, Romania www.dataprotection.ro
or
if you have questions or concerns regarding our processing and usage of your personal data, or you want to exercise any of your rights, we kindly ask you to contact us using the address contact@beauty-leaders.com
We respectfully thank you.