Our mission is to help you discover ethically sourced products, and to provide you with valuable, useful information about the lifestyle we believe in. To do this, we created and manage this website and online shop, and we publish information and online offers here and on other platforms and social media. We also sometimes provide you with personalised content and advertisements that we think you would be interested in, based on information we have obtained from you and other third parties. We only use information that we have a lawful basis for collecting.
This policy will help you understand what information we collect, how we use it and what your rights are. To the extent that we are bound by various regulatory requirements, some of the text below will be expressed in relatively specific language, but where possible we have tried to do our best to explain it in a simple and clear way.
Customer - Any natural person (hereinafter also referred to as "Customer", "Data Subject", "User", "You") who uses, has expressed a wish to use or is in any way connected with any of the services offered by SIA "Amber cosmetics" (hereinafter also referred to as "Responsible Person", "We").
Responsible Person - SIA "Amber cosmetics" (reg. no. 50103933211, 24.09.2015), 2 Uzānu Street, Ogre, Latvia, LV-5001.
E-mail: [email protected]
Responsible Party includes any legal entity owned by the Responsible Party and acting as a controller of the Customer's personal data.
Terms used herein such as "personal data", "processor", "processing", "profiling" or "responsible party", etc. are used in accordance with the definitions set out in Article 4 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as "GDPR").
These Principles describe at a general level how the Responsible Party processes Data. Specific details of the processing of Data may be described in contracts between the parties, other documents related to the services on the Responsible Party's website www.vegan-fox.com.
Within the scope of applicable law, the Responsible Party ensures data confidentiality and has implemented technical and organisational measures to prevent unauthorised access to Data, unlawful processing or extraction of Data, accidental loss, modification or destruction of Data.
The Responsible Party may use approved external data processors. In such cases, the Responsible Party shall take the necessary steps to ensure that these Data Processors comply with applicable laws and appropriate security measures.
Applicable legal bases
In accordance with Article 13 of the GDPR, we inform you of the legal bases for our processing of Data. The following applies to Customers from the GDPR application region, i.e. the EU and EEA (unless the legal basis is mentioned in the specific explanation):
- the legal basis for the processing of Data (including cookies) necessary for the performance of our services and contractual obligations and for responding to requests is Article 6(1)(b) of the GDPR;
- The legal basis for processing personal cookies and/or communicating with Customers in relation to our and our partners' products and services as well as our online offerings is our legitimate interests (i.e. interest in the analysis, optimisation and economic performance of our online offerings) in accordance with Article 6(1)(f) and Article 28 of the GDPR;
- the legal basis for the processing of Data necessary for the performance of our legal obligations is Article 6(1)(c) GDPR;
- Article 6(1)(d) of the GDPR serves as the legal basis in the event that the processing of the Data Subject's or another natural person's Data is necessary for reasons of substantial interest;
- the legal basis for processing necessary for the performance of a task carried out in the public interest or for the performance of an obligation imposed on the Responsible Party is Article 6(1)(e) of the GDPR;
- the lawful basis for processing carried out to protect our legitimate interests is Article 6(1)(f) GDPR;
- The processing of data for purposes other than those for which they were collected is governed by Article 6(4) of the GDPR;
- The processing of special categories of Data (pursuant to Article 9(1) GDPR) is governed by Article 9(2) GDPR.
In accordance with legal requirements and taking into account the technical feasibility, implementation costs and the types and purposes of processing, the scope, the circumstances, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risks.
Data categories and types
Data shall include any information directly or indirectly related to the Customer. Data processing means any activity performed on the Data (including collection, recording, storage, modification, access, investigation, transfer, etc.). Data may be collected from the Customer, the use of the services used by the Customer, other external sources such as public or private registers or from other third parties.
Categories of Data Subjects
Customers, visitors and users of the Online Offers (hereinafter also referred to as "Users").
Types of Data to be Processed
- identification data (e.g. name, personal identification number (ID number), date of birth)
- contact details (e.g. telephone number, address including delivery details, email address, language of communication)
- content and communication data (e.g. written records, photographs, videos, telephone communications, email, news and other forms of communication such as social media);
- usage data (e.g. websites visited, transactions made including payment details, interest in certain content, personal preferences, survey responses, participation in games and campaigns, access times);
- meta/communication data (e.g. access device information, IP address, location and time of access, other cookie data).
Purposes of the treatment
- Providing online Offerings, their functions and content (e.g. providing and managing access to products and services, enabling Customers to select and order products and services, making transactions and customer-initiated payments through local, European and international payment systems, delivering services, checking the quality of services);
- Managing Customer Relationships (e.g., fulfilling legal obligations and identity verification, responding to communication requests and contacting the Customer, providing evidence of business transactions or other collaborations, improving the Customer's service experience and developing new products and services);
- security measures (e.g. to allow and control access to and operation of digital channels, to prevent misuse of the services, to protect the interests of the Customer and/or the Responsible Party, to limit and investigate any misuse or illegal use of the services or interference);
- marketing (e.g. to offer and provide additional services, including personalised offers by the Responsible Person or carefully selected business partners, including based on the Customer's use of the Online Offering Services, the Customer's use of the Services and the Customer's use of digital channels (e.g. through Customer profiling), customer surveys, games and campaigns, market analysis and the accumulation of statistics).
The Responsible Person may also collect statistical data relating to the Client, such as typical behaviour and lifestyle habits based on demographic data. Statistical data for the creation of segments/profiles may be obtained from external sources and may be combined with internal data of the Responsible Person.
Economic analysis and market research
We may analyse the data available to us on business transactions, user profiles, contracts, enquiries, etc. to identify the most appropriate and useful solutions and to ensure economically viable business operations, to identify market trends, the preferences of our contractual partners and Customers. The results of such analyses are used exclusively by Us and are not shared with third parties, except for anonymous Data with aggregated values.
We process contractual data of our Customers, stakeholders and business partners (e.g. subject, duration, customer category), payment data (e.g. bank details, invoices, payment history), delivery data (e.g. address and delivery history) in order to provide contractual services, perform administrative tasks as well as to organise our business, financial accounting and comply with legal obligations such as archiving, customer service, marketing, advertising and market research. We disclose or transfer data to accounting service providers, consultants such as tax advisors or auditors, as well as payment service providers and transport service providers. In addition, based on our economic interests, we store information about suppliers, organisers and other business partners, for example to establish subsequent contact. This data is stored independently.
Geographical area of processing
The Data is principally processed in the European Union/European Economic Area (EU/EEA), but in some cases it is transferred to and processed in countries outside the EU/EEA. We have a legitimate right and interest in improving the Online Offering, maintaining our relationship with our Customers and protecting our Customers' data. In some cases, this can only be achieved by working with third parties, including those based outside the EU/EEA.
In the case of transfers and processing of Data outside the EU/EEA, We make every effort to ensure that the country outside the EU/EEA where the Data Recipient is located has an adequate level of data protection, has appropriate safeguards in place or the recipient is certified under the Privacy Shield (Privacy Shield: https://www.privacyshield.gov/, applies to Data Recipients located in the United States of America).
Customer account, information needed for online shop
News and other communication via email
When making purchases in the e-shop, customers must provide their email address. This e-mail address may be used to confirm the transaction and to send news, offers and other information. By signing up to receive our newsletters and/or otherwise giving permission to receive information via e-mail, the Customer confirms his/her consent to receive them and to the procedures described. We only send newsletters, emails and other electronic communications containing promotional information ("Newsletters") based on the consent of the recipient. Our Newsletters may contain information about our services, services offered by our partners and Us. Email registrations are retained to enable proof of the registration process in accordance with legal requirements.
The Customer may unsubscribe from our Newsletters at any time, i.e. refuse consent.
Newsletters are sent via Mailer Lite(https://www.mailerlite.com/legal), Klavio (https://www.klaviyo.com/privacy) and/or ManyChat(https://manychat.com/privacy.html). In order to optimise or improve their services, for example for the technical optimisation of the transmission and presentation of Newsletters or for statistical purposes, these services may only use recipients' data in pseudo-anonymous form, i.e. without directly identifying the user.
Newsletters and emails contain a "pixel tag" that is retrieved from our server or the server of our service providers when the Newsletters or emails are opened. As part of this extraction, technical information is collected, such as information about the Customer's browser and the Customer's IT system, as well as the Customer's IP address and the time of receipt. This information is used to improve services based on technical data or target groups and their reading habits. It is not possible to opt-out of "pixel tags" on an individual basis. If the Customer does not want such "pixel tags" to be used, the Customer must opt-out of receiving emails altogether.
Competitions and Surveys
Customer's rights as a Data Subject
The Customer (Data Subject) has rights in relation to the processing of his/her Data classified as Data under the GDPR. These rights are:
- request that his/her Data be corrected if it is incomplete or incorrect;
- object to the processing of his/her data where the use of the Data is based on legitimate interests, including profiling, for direct marketing purposes (e.g. to receive marketing offers or participate in surveys);
- request the erasure of his/her data, such as those processed on the basis of consent, if he/she has withdrawn his/her consent. This right does not apply where the potentially erasable data are also processed on the basis of other legal grounds, such as agreements or obligations based on applicable law;
- to receive his/her own data, which he/she provides and which is processed on the basis of consent or the conclusion of a written or electronic contract and which could have been transferred to another service provider (data portability);
- withdraw his/her consent to the processing of his/her data;
- not to be subject to fully automated decision-making, including profiling, where such decision-making has legal consequences or may have a significant impact on the Customer. This right does not apply if the decision-making is necessary for entering into or performance of a contract with the Customer, if the decision-making is permitted under applicable law, or if the Customer has given his or her explicit consent;
- lodge a complaint with the Data Protection Authority about the use of data on www.dvi.gov.lv if he/she considers that the processing of his/her data infringes his/her rights and interests under applicable law.
Other Recipients of Data
We only disclose, transfer or otherwise grant access to Data to other persons and companies (contract processors, jointly liable persons or third parties) in the context of delivery and payment services or in the context of statutory authorisations and obligations, and where this is based on our legitimate interests (e.g. legal and tax advisors, financial institutions, freight companies and authorities, website hosts). We also use external service providers to communicate with Customers about our and/or our partners' products and services and the Online Offering.
As the technical basis for the website and online shop, we use WordPress (https://wordpress.org/about/privacy/) and WooCommerce (https://automattic.com/privacy/), including additional plugins provided by third parties in accordance with their terms and conditions, privacy policies and professional practices.
Website and online shop maintenance
The technical maintenance services we use are for the following functions: infrastructure and platform maintenance, computer processing services, data storage space and database services, email transmission and processing, security services and technical maintenance services necessary for the operation of the Online Offering.
We and/or our maintenance service provider "tet" (https://www.tet.lv/par-tet/par-mums/dokumenti/privatuma-politika) collect data for each access to the server hosting this service (so-called server log files). The access data includes: the name of the accessed site, the file, the date and time of the access, the amount of data transferred, a success or error message, the browser type and version, the user's operating system, the reference URL (previously visited page), the IP address and the requesting party.
Payment service providers
We use external payment service providers to carry out payment transactions. Payment transactions are subject to the terms and conditions of these payment service providers as well as the data protection rules of the respective payment service providers.
A list of the payment service providers we use (but are not limited to):
- Visa (https://www.visa.co.uk/legal/privacy-policy.html)
- Mastercard (https://www.mastercard.co.uk/en-gb/about-mastercard/what-we-do/privacy.html)
- Stripe (https://stripe.com/gb/privacy/)
- PayPal (https://www.paypal.com/lv/webapps/mpp/ua/privacy-full)
The data processed by payment service providers includes data such as name and address, banking data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract details, amount and payee details. The information is necessary to complete transactions.
Supply/transport service providers
We use external transport providers to ship goods to Customers. The terms and conditions of these service providers, as well as the data protection rules of the respective shipping service providers, apply to the shipping transactions.
A list of (but not limited to) the delivery/transport providers we use:
- Omniva (https://www.omniva.ee/public/files/failid/info-kliendiandmete-tootlemise-pohimotted-est-en.pdf)
- TNT (https://www.tnt.com/corporate/en/site/home/help/privacypolicy.html)
- UPS (https://www.ups.com/lv/en/help-center/legal-terms-conditions/privacy-notice.page?)
Dropbox and One Drive
Google Analytics, Google AdSense, Google AdWords, Google Tag Manager
We use Google Analytics to serve ads that Google and its partners place on our advertising services to users who have expressed an interest in our services and/or Online Offering or who have specific characteristics (such as interests in certain topics or products that are identified based on the websites they visit) that we pass on to Google ("remarketing" or "Google Analytics audiences").
We use Google AdSense with personalised and non-personalised ads to place ads on our site and pay us for their placement or other use. Usage Data may be processed for these purposes. This data includes, but is not limited to, ad click-through and user IP address, previous searches, site visits, app usage, demographic information and location information. Non-personalised advertisements are not based on users' past behaviour. Contextual information is used for targeting, including approximate (e.g. local) targeting based on location, current website or app content and current keywords. Google's data protection policy: https://policies.google.com/technologies/ads, settings for displaying Google ads: https://adssettings.google.com/authenticated.
We use Google AdWords online marketing to place ads on Google's advertising network (e.g. search results, videos, websites, etc.), to show them to Customers who are interested in these ads (called "remarketing") and to measure and analyse the results of conversion measurement. For these purposes, when our and other websites running Google AdWords are called up, Google performs the integration of so-called remarketing tags (a code also called a "pixel tag") on the website. In addition, we receive an individual "cookie". User information is processed in a pseudo-anonymised form within the Google AdWords network.
Google Tag Manager is a solution that allows us to manage what we call site tags through an interface. Google Tag Manager itself does not process any personal data.
Our Online Offer uses the so-called "Facebook Pixel" provided by the social network Facebook. With the help of the Facebook Pixel, Facebook is able to identify visitors to our Online Offering and create target groups for displaying advertisements ("Facebook Ads"). We use the Facebook Pixel to show Facebook Ads only to Facebook users who have expressed an interest in our Online Offering or who have a certain set of characteristics (e.g. interests in certain topics or products, which are determined on the basis of the websites visited) that we transfer to Facebook (so-called "custom audiences"). Facebook's data use policy is available here: https://www.facebook.com/policy. Facebook is certified under the Privacy Shield. You can prohibit Facebook Pixel from collecting and using Data to place Facebook ads here: https://www.facebook.com/settings?tab=ads.
Online presence on social media
We use social networks and platforms to communicate with our Customers, stakeholders and users who are active on these platforms and to inform them about our services and offers. In certain cases, Data may be processed outside the EU/EEA. This may pose risks to users, for example by making it more difficult to enforce user rights. In some cases, user profiles may be created based on user behaviour and resulting user interests. Usage profiles can in turn be used, for example, to place advertisements on and off platforms. For a detailed description of the relevant processing activities and opt-out options, please use the information below about the relevant service providers. Requests for information and user rights protection issues are best dealt with directly by contacting the relevant service provider.
A list of the social media providers we use (but are not limited to):
Integration of third-party services and content
As part of our Online Offering, we may use third party content or service offerings to integrate their content and services, such as videos or fonts (collectively, "Content"). Third party service providers may also use so-called "pixel tags" for statistical or marketing purposes. Pseudo-anonymous information may be stored in cookies on the user's device and may include technical information about the browser and operating system, references to web pages, visit times and other information about the use of our Online Services and may be linked to this type of information from other sources.
A list of the service providers we use (but are not limited to):
We may use both temporary and permanent cookies.
- for logging in (cookies allow the Customer to log in and out of novegan-fox.com);
- security (cookies are just one, but very important, way in which we protect our Customers from security risks. For example, we use them to identify someone who might try to hack into a Customer's profile);
If the Customer does not want cookies to be stored on his/her computer, the Customer can deactivate this feature in the system settings of his/her browser. Stored cookies can be deleted in the system settings of the browser. These settings may vary from browser to browser, so we recommend that the Client consult the settings of the specific browser he/she is using. Note: Cookies that are deactivated by the Customer are linked to the specific device that the Customer is using at that time. If the Customer deletes the browser data and visits our website again, new cookies may be activated.
Disabling cookies may lead to limitations in the functionality of the Online Offer.
Data retention periods
The data will be processed for no longer than necessary. The retention period may be based on agreements with the Customer, the legitimate interests of the Responsible Party or applicable laws (such as laws related to accounting, money laundering, statute of limitations, civil law, etc.).
How to contact us
Customers may contact the Responsible Person about any issues, including withdrawal of consent, requests to exercise Data Subject rights and complaints about the use of Data. The contact details of the Responsible Person are available at www.vegan-fox.com under the Contact Ussection. When you contact us (such as via a contact form, email or social media), the User Information is used to process the contact information. User data may be stored in a Customer Relationship Management software or other comparable reference system.
Validity, changes and updates
© SIA "Amber cosmetics" 2019.
Date of entry into force 01.12.2019