Our mission is to help you discover great ethically produced products as well as provide valuable, insightful information about life-style we personally believe in. To do that, we developed and operate this website and online shop as well as publish information and Online Offering on this and other channels, social networks and platforms. From time to time we also show you personalized content and ads we think you’ll be interested in based on information we collect from you and third parties. We only use information where we have a proper legal basis for doing so.
This policy will help you understand what information we collect, how we use it and what rights you have. As we’re bound by regulatory requirements, some of the text below is expressed in quite legal and specific language, however, where possible we have tried our best to explain it in a simple and clear way.
Client – Any natural person (hereinafter also “Client”, “Data Subject”, “user”, “you”) who uses, has used or has expressed a wish to use or is in other way related to any of the services provided by SIA “Amber cosmetics” (hereinafter referred to as “Responsible Person”, “we”).
Responsible Person – SIA “Amber cosmetics” (reg. nr. 50103933211, 24.09.2015), Uzānu street 2, Ogre, Latvia, LV-5001
Responsible Person includes any legal entity or branch belonging to the Responsible Person who is acting as a controller of personal data of Client.
With regard to the terms used, such as “personal data”, “processor”, “processing”, “profiling” or “responsible person” and other, we refer to the definitions in Article 4 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as “GDPR”).
These Principles describe how Responsible Person processes Data on a general level. Specific details on the processing of Data might be also described in agreements, other service-related documents and information on Responsible Person’s website www.vegan-fox.com.
Responsible Person ensures, within the framework of applicable laws, the confidentiality of Data and has implemented appropriate technical and organisational measures to safeguard Data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction.
Responsible Person may use authorised processors for processing Data. In such cases, Responsible Person takes needed steps to ensure that such data processors process Data in compliance with applicable laws and requires adequate security measures.
Applicable legal bases
In accordance with Art. 13 of GDPR we inform you about the legal basis of our Data processing. For Clients from the area of application of the GDPR, i.e. the EU and the EEA, the following applies, if the legal basis is not mentioned in the specific explanation:
– the legal basis for the processing (including cookies) for the fulfilment of our services and the implementation of contractual measures as well as the answering of inquiries is Art. 6 para. 1 lit. b of GDPR;
– the legal bases for processing of the personal cookies and/or contacting Clients regarding our and our partners products and services as well as Online Offering is our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of our Online Offering) pursuant to Art. 6 Para. 1 lit. f. of GDPR and/or Art. 28 of GDPR;
– the legal basis for the processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c of GDPR;
– Art. 6 para. 1 lit. d of GDPR serves as the legal basis in the event that vital interests of the Data Subject or another natural person necessitate the processing of Data;
– the legal basis for the processing necessary to perform a task which is in the public interest or in the exercise of official authority entrusted to the Responsible Person is Art. 6 para. 1 lit. e of GDPR;
– the legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f of GDPR.
– the processing of Data for purposes other than those for which they were collected is governed by the provisions of Art. 6 (4) of GDPR;
– the processing of special categories of Data (pursuant to Art. 9 (1) GDPR) is governed by the provisions of Art. 9 (2) of GDPR.
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, extent, circumstances and purposes of the processing, as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
Categories and Types of Data
Data means any information directly or indirectly related to the Client. Processing is any operation carried out with Data (incl. collection, recording, storing, alteration, grant of access to, making enquiries, transfer, etc.). Data may be collected from the Client, from the Client’s use of the services and from external sources such as public and private registers or other third parties.
Categories of Data Subjects
Clients, Visitors and users of the Online Offering (hereinafter referred to collectively as “users”).
Types of Data processed
– identification data (e.g., name and surname, personal identification code, date of birth);
– contact data (e.g., telephone number, address including delivery details, e-mail address, language of communication).
– content and communication data (e.g., text entries, photographs, videos, communication via telephone, e-mail, messages and other communication mechanisms such as social media);
– usage data (e.g., websites visited, executed transactions including payment data, interest in content, personal settings, survey responses, participation in games and campaigns, access times);
– meta/communication data (e.g., device information, IP addresses, location and time of access, cookie data).
Purpose of processing
– provision of the Online Offering, its functions and contents (e.g., provide and administrate access to products and services in general, enable Clients to select and order products and services, execute transactions and payments initiated by Client including via domestic, European and international payment systems, execute delivery services, examine the quality of services);
– manage Client relations (e.g., comply with legal obligations and verification of identity, answering contact requests and communicating with Client, provide proof of a commercial transaction or of other communication, improve the Client’s user experience of services and to develop new products and services);
– security measures (e.g., to authorize and control access to and functioning of digital channels, prevent misuse of services, protect interest of the Client and/or Responsible Person, limit and investigate any misuse or unlawful use or disturbance of services);
– range measurement/Marketing (e.g., offer and provide additional services including personalized offers of Responsible Person or carefully selected cooperation partners including based on Online Offering services the Client uses, on how the Client uses the services, and on how the Client navigates in digital channels (e.g., perform Clients “profiling”), perform Client surveys, organize games and campaigns, market analyses and statistics).
Responsible Person may also collect statistical data regarding the Client, such as typical behavior and lifestyle patterns based on demographic household data. Statistical data for creating segments/profiles can be collected from external sources and may be combined with Responsible Person internal data.
Economic analyses and market research
In order to identify the most suitable and appropriate solutions as well as to run our business economically, to be able to recognize market trends, wishes of our contractual partners and Clients, we may analyze the data available to us on business transactions, profiles of users, contracts, enquiries, etc. The analyses serve us alone and are not disclosed externally unless they are anonymous analyses with summarized values.
We process contract data (e.g., subject matter of contract, duration, Client category), payment data (e.g., bank details, billing, payment history), delivery data (e.g., address and delivery history) of our Clients, interested parties and business partners for the purpose of providing contractual services, execute administrative tasks as well as the organization of our business, financial accounting and compliance with legal obligations, such as archiving service and customer care, marketing, advertising and market research. We disclose or transmit data to the financial administration, consultants, such as tax consultants or auditors, as well as other fee offices, payment and shipping service providers. Furthermore, based on our business interests, we store information on suppliers, organisers and other business partners, e.g. for the purpose of establishing contact later. This data is stored permanently.
Geographical area of Processing
As a general rule the Data is processed within the European Union/European Economic Area (EU/EEA), however, in some cases transferred and processed to countries outside the EU/EEA. We have a legitimate interest in improving our Online Offering, maintain our relationship as well as protect our Clients. In some cases this is achievable only through cooperation with third parties including those registered outside EU/EEA.
In case of transfer and processing of Data outside the EU/EEA we do our best to ensure that the country outside of the EU/EEA where the recipient of Data is located has adequate level of data protection, there are appropriate safeguards in place or recipient is certified under the Privacy Shield (https://www.privacyshield.gov/, applies to recipients located in the United States).
Client account, necessary information for the online shop
Newsletter and other communication through email
Client is required to register his/her e-mail as a part of check-out process. This e-mail address can be used both for sending purchase conformations as well as for sending newsletters, offers and other information to Client. By subscribing to our newsletter and/or agreeing to receive e-mail communication through other forms, Client declares his/her agreement with the receipt of it and the described procedures. We send newsletters, emails and other electronic notifications containing advertising information (hereinafter referred to as “newsletter”) only with the consent or legal permission of the recipient. Our newsletters can contain information about our services, our partner offers and us. The e-mail registration is logged in order to be able to prove the registration process according to the legal requirements.
Client can cancel the receipt of our newsletter at any time, i.e. revoke consent.
The newsletters are sent by the mail service Mailer Lite (https://www.mailerlite.com/legal), Klavio (https://www.klaviyo.com/privacy) and/or ManyChat (https://manychat.com/privacy.html). Those services can only use the recipient’s data in pseudonymous form, i.e. without allocation to a Client, to optimize or improve its own services, e.g. for technical optimization of dispatch and the presentation of the newsletter or for statistical purposes.
The newsletters and emails contain a “pixel tag”, which is retrieved from our or our service providers server when the newsletter or email is opened. Within the scope of this retrieval, technical information such as information about the browser and Clients system, as well as Clients IP address and time of retrieval are collected. This information is used to technically improve the services on the basis of technical data or target groups and their reading behavior. A separate cancellation of “pixel tag” is not possible. If Client is not comfortable in “pixel tag” usage by us, the entire e-mail receiving must be cancelled.
Surveys, Sweepstakes and Contests
We process Data of participants in surveys, competitions, contests and sweepstakes only in compliance with the relevant data protection regulations and only for the purpose of providing, conducting and processing those events. We might use external service providers for conducting such events. Participants’ Data will only be transmitted to other parties if this is necessary for the execution of the surveys, sweepstakes and competitions (e.g. for the purpose of sending prizes) or if a participant has consented to the transmission. If contributions of participants are published (e.g. in the context of a vote or presentation of the competition or competition contributions, or the winner or reporting on the competition), the names of participants may also be published. If such events take place within an online platform or within a social network (e.g. Facebook or Instagram), the usage and data protection provisions of the respective platforms shall also apply.
Clients’ rights as a Data Subject
Client (Data Subject) has rights regarding his/her Data processing that is classified as Data under GDPR. Such rights are:
- require his/her Data to be corrected if it is inadequate, incomplete or incorrect;
- object to Processing of his/her Data, if the use of Data is based on a legitimate interest, including profiling for direct marketing purposes (such as receiving marketing offers or participating in surveys);
- require the erasure of his/her Data, for example, that is being processed based on the consent, if he/she has withdrawn the consent. Such right does not apply if Data requested to be erased is being processed also based on other legal grounds such as agreement or obligations based on applicable law;
- receive his/her Data that is provided by him/herself and is being processed based on consent or in order to perform an agreement in written or commonly used electronical format and were feasible transmit such data to another service provider (data portability);
- withdraw his/her consent to process his/her Data;
- not to be subject to fully automated decision-making, including profiling, if such decision-making has legal effects or similarly significantly affects the Client. This right does not apply if the decision-making is necessary in order to enter into or to perform an agreement with the Client, if the decision-making is permitted under applicable law or if the Client has provided his/her explicit consent;
- lodge complaints pertaining to the use of Data to the Data Protection Authority at www.dvi.gov.lv if he/she considers that Processing of his/her Data infringes his/her rights and interests under applicable law.
Other Recipients of Personal data
We only disclose, transfer or otherwise grant access to the Data to other persons and companies (contract processors, jointly responsible persons or third parties) within the scope of delivery and payment services or within the scope of the statutory permits and obligations, and also if this is done on the basis of our legitimate interests (e.g., to legal and tax advisors, financial institutions, freight companies and authorities when using agents, web hosts). In addition, we use external service providers to contact Clients regarding our and/or our partners products and services as well as Online Offering.
As a base of technical solution for our home page and online shop we use WordPress (https://wordpress.org/about/privacy/) and WooCommerce (https://automattic.com/privacy/) including additional plugins provided by third parties in accordance with their terms and conditions, privacy policies and practices.
The hosting services used by us serve the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services which we use for the purpose of operating Online Offering. We, and/or our Hosting provider “tet” (https://www.tet.lv/par-tet/par-mums/dokumenti/privatuma-politika), collects data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Payment Service Providers
We use external payment service providers to carry out payment transactions. For payment transactions, the terms and conditions and the data protection notice of the respective payment service providers apply.
List of payment service providers we use (however, not limited to):
- Visa (https://www.visa.co.uk/legal/privacy-policy.html)
- Mastercard (https://www.mastercard.co.uk/en-gb/about-mastercard/what-we-do/privacy.html)
- Stripe (https://stripe.com/gb/privacy/)
- Trustly (https://trustly.com/_/legal/?privacypolicy=en)
- PayPal (https://www.paypal.com/lv/webapps/mpp/ua/privacy-full)
The data processed by the payment service providers include data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sum and recipient details. The information is required to complete the transactions.
Delivery/shipping service providers
We use external shipping service providers to carry out shipping of goods to Clients. For shipping transactions, the terms and conditions and the data protection notices of the respective shipping service providers apply.
List of shipping service providers we use (however, not limited to):
- Omniva (https://www.omniva.ee/public/files/failid/info-kliendiandmete-tootlemise-pohimotted-est-en.pdf)
- TNT (https://www.tnt.com/corporate/en/site/home/help/privacypolicy.html)
- UPS (https://www.ups.com/lv/en/help-center/legal-terms-conditions/privacy-notice.page?)
Dropbox and One Drive
Google Analytics, Google AdSense, Google AdWords and Conversion Measurement, Google Tag Manager
We use Google Analytics to display ads placed by Google and its partners within our advertising to Clients who have shown an interest in our services and/or Online Offering or who have specific characteristics (e.g. interests in specific topics or products determined on the basis of the websites visited) that we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”).
We use Google AdSense with personalized and non-personalized ads to display advertisements on our website and to pay us for their display or other use. For these purposes, usage data might be processed. This includes, but is not limited to the click on an advertisement and the IP address of the user, past searches, activities, site visits, app usage, demographics, and location information. Non-personalized ads are not based on previous user behaviour. Targeting uses contextual information, including rough (e.g., local) geographic targeting based on current location, content on the current website or app, and current keywords. Google’s data protection declaration: https://policies.google.com/technologies/ads, settings for the display of advertising by Google: https://adssettings.google.com/authenticated.
We use the Google AdWords online marketing method to place ads on the Google advertising network (e.g., in search results, videos, websites, etc.) so that they are displayed to users who have an alleged interest in the ads (referred to as “remarketing”) and Conversion Measurement for measuring and analysing results. For these purposes, when our and other websites on which the Google Advertising Network is active are called up, a Google code is executed directly by Google and so-called (re)marketing tags (code, also referred to as “pixel tag”) are integrated into the website. Furthermore, we receive an individual “conversion cookie”. User information is processed pseudonymously within the Google Advertising Network.
Google Tag Manager is a solution with which we can manage so-called website tags via an interface. The Tag Manager itself does not process any Clients data.
Facebook Pixel, Custom Audiences and Facebook Conversion
Within our Online Offering, the so-called “Facebook pixel” of the social network Facebook is used. With the help of the Facebook pixel, Facebook is able to determine the visitors of our Online Offering as a target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to those Facebook users who have shown an interest in our Online Offering or who have certain features (e.g., interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). Facebook’s data usage policy: https://www.facebook.com/policy. Facebook is certified under the Privacy Shield. Clients may object to the Facebook pixel collection and use of data to display Facebook ads here: https://www.facebook.com/settings?tab=ads.
Online presences in social media
We maintain online presences within social networks and platforms in order to be able to communicate with Clients, interested parties and users active there and to inform them about our services and offers. In some cases, Data may be processed outside the EU/EEA. This can result in risks for users, as it could, for example, make it more difficult to enforce the rights of users. In some cases user profiles can be created on the basis of user behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For a detailed description of the respective processing operations and the opt-out options, we refer to the following linked information of the providers. Requests for information and the assertion of user rights most effectively can be solved directly with the providers.
List of social network service providers we use (however, not limited to):
– Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Privacy Statement: https://policies.google.com/privacy;
– Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA). Privacy Statement: https://help.instagram.com/519522125107875;
– Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). Privacy Statement: https://twitter.com/en/privacy;
– Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA). Privacy Statement: https://policy.pinterest.com/en-gb/privacy-policy;
– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland). Privacy Statement https://www.linkedin.com/legal/privacy-policy;
– Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany). Privacy Statement: https://soundcloud.com/pages/privacy.
Integration of third-party services and content
Within the scope of our Online Offer we may use content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). Third party providers may also use so-called pixel tags for statistical or marketing purposes. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online services, as well as may be linked to such information from other sources.
List of service providers we use (however, not limited to):
We may use both – temporary and permanent cookies.
- log in (cookies allows for Client to log in and out of www.vegan-fox.com);
- security (cookies are just one, still an important way we protect Clients from security risks. For example, we use them to detect when someone might be trying to hack Clients’ account);
Client agrees to cookies usage by clicking on “Agree” when corresponding information/request appears and/or by continuing usage of www.vegan-fox.com
Client options to limit usage of cookies
If Client does not wish for cookies to be stored on computer, Client can deactivate the corresponding option in system settings of his/her browser. Stored cookies can be deleted in system settings of the browser. These options vary from browser to browser, so browser settings should be checked for more information. Note: Cookies that the Client deactivates are only for the device he/she is currently using. If Client deletes browser data and visits our website again, new cookies might be activated.
The exclusion of cookies can lead to functional restrictions of Online Offering.
Retention periods of Data
Data will be processed no longer than necessary. The retention period may be based on agreements with the Client, the legitimate interest of Responsible Person or applicable law (such as laws related to bookkeeping, anti-money laundering, statute of limitations, civil law, etc.).
How to contact us
Clients may contact Responsible Person with any enquiries, withdrawal of consents, requests to exercise data subject rights and complaints regarding the use of Data. Contact details of Responsible Person are available on website www.vegan-fox.com. When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details are used to process the contact enquiry. The user data can be stored in a customer relationship management or comparable inquiry system.
Validity, changes and updates
Responsible Person is entitled to unilaterally amend the Principles at any time, in compliance with the applicable law, by notifying the Client of any amendments via website, by post, via e-mails or in another manner (for example through mass media), not later than one month prior to the amendments entering into force. We ask you to inform yourself regularly about the content of our Privacy Principles. We will adapt the Principles as soon as the changes to the data processing carried out by us make this necessary.
© SIA “Amber cosmetics” 2019.
Effective date 1 December 2019