Privacy and Data Protection Policy
This Privacy and Data Protection Policy has been developed by Regulation (EU) 2016/679 of the European Parliament and the Council on protecting individuals about the processing of personal data, on the free movement of such data, and repealing Directive 95/46/EC. It defines how your data provided in connection with the use of the website http://divotecosmetics.com (from now on referred to as the website) and when purchasing goods and services from us, through the website or by any other means, during your cooperation with us, is used and protected.
This specifically means that DIVOTE COSMETICS adheres to the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality in processing personal data.
The data controller is the company HESON d.o.o., located at Đakovština 3, Osijek, with VAT number 72777614918, registered in the Commercial Court Register in Osijek, for DIVOTE COSMETICS. All personal data (from now on referred to as “data”) are considered strictly confidential and are processed by applicable legal provisions in the field of personal data protection. HESON d.o.o. is responsible for data processing related to online sales, product delivery, and fraud prevention.
HESON d.o.o. may delegate the processing of personal data to a processor. For any information regarding processing personal data, including a list of processors, please contact info@divotecosmetics.com. The security of your personal data is our priority. Therefore, we pay appropriate attention to protecting personal data. All employees and business partners of HESON d.o.o. are responsible for adhering to the principles of personal data processing.
In this Privacy and Data Protection Policy (“Policy”), we want to inform you about which personal data we collect about you and how we use them further.
1. Personal Data and Their Processing
HESON d.o.o. will keep personal data confidential, will not distribute, publish, provide them to third parties for use, or make them available to any third party in any other way without your prior consent or contrary to GDPR rules.
1.1. Categories of Personal Data
We collect different data depending on which of our services you use. HESON d.o.o. processes personal data that you as a customer or user voluntarily and consciously provided on the DIVOTE COSMETICS website (http://divotecosmetics.com) or through contacts with employees or other authorized persons acting on behalf of HESON d.o.o., or personal data collected from different sources such as data collected from forms and surveys you fill out on the website and social media profiles, including data such as Internet Protocol (IP) address or automatically collected data using web cookies, which are necessary to achieve the purposes described in this Privacy Policy.
If you purchase from us, we collect:
- Name and contact information: name, email address, postal address, phone number
- Demographic data: gender, date of birth, country, and preferred language
- Data resulting from the terms of the contract: purchased product, customer segment, and quantity of services provided
- Login data: we do not have access to your login password.
If you receive our marketing messages, we collect:
- Name and contact information, email address, name, and phone number
- Demographic data: country and gender.
We also process the following personal data:
- Communication between DIVOTE COSMETICS and the customer
- Records of internet traffic on websites supported by DIVOTE COSMETICS.
1.2. Purposes of Personal Data Processing
Providing and improving services
To provide our services, as well as to improve them, we collect some of your data as follows:
1. Order Processing for Goods or Services Ordered through Our Website: This is necessary to fulfill the purchase contract and meet legal obligations (e.g., accounting documents).
2. Product Availability Notifications: If you request notifications about product availability, we will process your data with your consent.
3. Customer Support: We process the data necessary for contract fulfillment to provide customer service and resolve any issues with fulfilling the purchase contract.
4. Communication: The data we collect is used to communicate with you and personalize such communication. For example, we may contact you via email or other means to remind you that you have items in your online cart, help you complete your order, inform you of the current status of your request, order, or complaint, obtain additional information from you, or notify you of actions needed to maintain your account’s active status. If you purchase from us as an authorized user, we will process this data for the legitimate interest of DIVOTE COSMETICS, as described above.
5. Service Improvement: We use the data to continuously improve our services and systems, including adding new features and making informed decisions using aggregated analyses and business intelligence, all based on our legitimate interest in business freedom and the need to improve our services to succeed in the market. To ensure adequate protection of your rights and interests, we use personal data that is maximally anonymized.
6. Protection, Security, and Dispute Resolution: We may also process data based on legitimate interest, ensuring the protection and security of our systems and our clients, detecting and preventing fraud, resolving disputes, and enforcing our agreements based on legitimate interest.
7. Marketing Offers: We send you marketing notifications about products similar to those you have already purchased. You can always opt out of these marketing notifications by following the unsubscribe link in each email. If you unsubscribe from marketing notifications, we will no longer use your email contacts for that purpose. We will start sending you marketing notifications again only if you re-subscribe. Marketing offers you see may be selected based on additional information we have received about you over time, based on contact data, demographic data, preferences, and data on the use of our products and websites (cookies, IP address, click data provided by your browser, displayed marketing offers, and information about visited products). We do not perform automated data processing that would have legal effects on you. Whether or not you are subscribed to our newsletter, DIVOTE COSMETICS may use data about your past purchases to send personalized product recommendations that may be relevant to you. These recommendations are based on an analysis of your purchase history to offer products that suit your preferences and needs. The legal basis for sending these recommendations is our legitimate interest in providing relevant information about our products. If you do not wish to receive personalized product recommendations, you can request to unsubscribe from these messages at any time by finding the option to unsubscribe at the end of each product recommendation email, or you can contact us at: info@divotecosmetics.com.
8. Cookie Processing from the Website Managed by DIVOTE COSMETICS: If your web browser includes cookies, we process records of actions from the cookie files published on the website to ensure the best performance of the website and for the online advertising purposes of DIVOTE COSMETICS.
9. Social Media Plugins: For legitimate interest, under Article 6(1)(f) of the Regulation, for additional promotion of our products, we place plugins for connecting to the social networks Facebook and Instagram on our websites. The data controller for personal data protection is the provider of the respective social network. Social media plugins are activated using a double-click method.
Our website uses a plugin for the Facebook social network, which Facebook Inc offers. The Facebook plugin is marked with the Facebook logo or the “Like” or “Share” plugin. More information about Facebook plugins is available here. When you activate such a plugin (the first click), your browser directly connects with Facebook’s servers.
The plugin content is sent directly to your browser and integrated into our website. Through such integration, Facebook collects information that your browser has accessed a specific page of our website, even if you do not have your own Facebook profile or are not logged into your Facebook profile at the time. This data (including your IP address) is sent directly from your browser to Facebook’s servers, which may also be located in the USA, and stored there. If you are logged into your Facebook profile while visiting our website, Facebook can directly link your visit to our website to your Facebook profile.
The data is also published on your Facebook profile and shown to your friends. If you want to avoid Facebook linking data about your visit to our website directly to your Facebook profile, you must log out of Facebook before visiting our website. You can find out about the purposes and scope of data collection and further processing and use of data by Facebook, as well as your rights in this regard and possible settings to protect your privacy, in Facebook’s Data Use Policy. You can automatically turn off Facebook plugins in your browser using appropriate add-ons to block Facebook.
Our website uses a plugin for the social network Instagram, offered by Instagram Inc. from the USA. The Instagram Feed plugin is a WordPress plugin that allows displaying photos posted on your Instagram profile on the website. When you activate such a plugin (the first click), your browser directly connects with Instagram’s servers. The plugin content is sent directly to your browser and integrated into our website. Through such integration, Instagram collects information that your browser has accessed a specific page of our website. This data (including your IP address) is sent directly from your browser to Instagram’s servers, which may also be in the USA, and stored there.
You can find out about the purposes and scope of data collection and further processing and use of data by Instagram, as well as your rights in this regard and possible settings to protect your privacy, in Instagram’s Privacy Policy. You can automatically turn off Instagram plugins in your browser using appropriate add-ons to block Instagram.
10. Logs: When you visit our websites or use our mobile applications, specific data about your usage is automatically sent from the browser you use on your device to the server of our website or application and temporarily stored in so-called log files. These are the following data that are automatically sent, stored, and deleted without our influence: the IP address of your device with which you connect to our websites or mobile applications via the Internet, the date and time of connection, the name and URL of the file you access, the URL of the website or application through which you connected to us, information about the browser you use, and possibly information about the type of operating system on your device. The IP address indicates the location of your device (e.g., computer, tablet, mobile phone, etc.) on the Internet, and the URL is the link to specific content on the Internet. Based on the data above, it is not possible to determine your identity.
Therefore, this is not personal data, except in exceptional cases when the IP address can be considered personal data. Processing this type of data, especially the IP address of your device, is necessary for the legitimate interests of HESON d.o.o. or third parties in terms of Article 6(1)(f) of the Regulation. We collect and process the aforementioned personal data for the following purposes: to enable faster connection to the websites of our network, to improve your user experience, to assess the security and stability of our systems, and for other administrative purposes. Our legitimate interests consist of providing you with a better user experience when you visit our websites or use our mobile applications.
1.3. Transfer of Personal Data to Third Parties
Your data may be transferred to third parties only if necessary for fulfilling the purchase contract, based on legitimate interest, or if you have previously given consent:
a) Subsidiaries and contractors to comply with the purchase contract, as well as for internal processes and procedures
b) Financial institutions, payment service providers for payment processing, and banks to fulfill the purchase contract
c) Logistics companies for the delivery of goods you ordered, as well as for handling complaints, including contract termination
d) Our partners, for implementing the loyalty system in which you participate
e) Other partners who provide additional data processing services
f) Third parties, such as legal or financial representatives
g) Public authorities (e.g., police)
h) Third parties (customer surveys).
2. User Account and Purchase without Registration
When creating a personal account, we create a password-protected user account for you. Within the user account, you get direct access to your data, including the ability to edit them, and you can view your completed and pending orders. You can also manage your personal data and newsletter subscription through your user account. If you do not wish to open a user account to make a purchase, you can shop without registration. You have the right to terminate the contract under relevant terms and conditions.
3. Personal Data Security and Retention Period
3.1. Personal Data Security
Your data is transmitted to us in encrypted form. We use the HTTPS (HyperText Transfer Protocol Secure) encryption system. We secure our websites and other systems with technical and organizational measures to protect your data from unauthorized persons’ loss, destruction, access, alteration, or dissemination. We implement appropriate technical, physical, and managerial measures to protect data from security risks such as accidental, unauthorized, illegal, or otherwise undesirable access, destruction, loss, or disclosure and ensure a level of security appropriate to data processing risks.
Your data is stored on a protected internal server infrastructure with no external access. Only persons authorized for its maintenance have access to the server infrastructure, and only our authorized employees or contracted partners with limited processing rights have access to personal data per the rules in this Privacy Policy in the online store. Your data, including especially data needed for payment processing, is transmitted using the standard SSL (Secure Socket Layer) security protocol. SSL is a secure and proven standard used in online banking. We require our processes to comply with GDPR.
Access to your account is possible only after entering your password. In this context, we remind you not to disclose your access data to third parties and always close the web browser window when you complete your activity on the user account, especially if you use a computer with other users. DIVOTE COSMETICS is not responsible for the misuse of used passwords unless DIVOTE COSMETICS directly contributes to such a state.
3.2. Retention Period
We collect and retain personal data:
- This is for the time needed to ensure all rights and obligations from the purchase contract are met.
- This is for one year after the expiration of the warranty period to ensure the resolution of any disputes.
- For the period, DIVOTE COSMETICS is obligated to retain as a trustee according to generally binding legal regulations (e.g., invoices issued by DIVOTE COSMETICS are archived according to the law for ten years, consent for product availability notifications is valid until the information is sent but no longer than one year or until revocation, and consent for marketing offers is valid for four years or until revocation).
In other cases, the processing period depends on the purpose of processing or is determined by legal acts in personal data protection.
4. Data Subject Rights
Who Has Access to Your Data and To Whom It Is Disclosed?
Your data may be disclosed or made accessible to competent authorities by legal obligations, some of our business partners, for example, marketing agencies we engage for organizing certain promotional activities, or IT service providers who maintain our information and communication networks and systems, business banks, or card service providers in connection with the execution of the purchase.
We have concluded agreements with such partners to ensure appropriate technical and organizational measures to protect your data, the obligation to process them solely according to our instructions, the responsibility to maintain their confidentiality, and the prohibition of using your data for any purposes other than those specified in the relevant agreement. Suppose you access our websites from another region by using our websites. In that case, you expressly consent to the transfer and processing of your data in the Republic of Croatia according to Croatian regulations governing your data protection.
Exceptionally, data collected through various social media cookies and other third parties from the United States (USA) may be transferred to their servers located in the USA. In such a case, the transfer of personal data will be carried out either under the European-American Privacy Shield system or based on agreements with the recipients of your data in such countries, compliant with the Standard Contractual Clauses for the transfer of personal data approved by the European Commission, to ensure a level of protection for your data in line with the requirements of European data protection law.
Your Rights Regarding Our Processing of Your Data
Your rights regarding our processing of your data include:
1. Right to access your data, i.e., the right to obtain confirmation whether personal data concerning you is being processed, and if such personal data is being processed, you have the right to access your data. This includes the right to request detailed information, especially about the purpose of processing, the type/categories of personal data being processed, including insight into your data, the recipients or categories of recipients, and the anticipated period for which the personal data will be stored (access to personal data may be restricted in cases prescribed by Union or national law, or when such restriction respects the essence of fundamental rights and freedoms of others) – to exercise your right, contact the data controller in writing.
2. Right to rectification, i.e., the right to correct or complete inaccurate personal data concerning you without undue delay, by providing an additional statement – to do this, send your request to the data controller in writing.
3. Right to erasure of personal data (“right to be forgotten”) concerning you, especially in cases where:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed
- You withdraw, in whole or in part, the consent you gave for the processing of your data for the specified purposes, and there is no other legal basis for their processing
- You object to the processing of your data, and there is no overriding legitimate interest in their processing
- The personal data has been unlawfully processed
- The personal data must be erased to comply with a legal obligation under applicable law.
4. Right to restriction of processing in the following cases:
- If you contest the accuracy of your data for a period of time, we will be able to verify the accuracy of the personal data
- If the processing is unlawful, and you oppose the erasure of your data and request the restriction of its use instead
- If we no longer need the personal data for the processing, but you require it for the establishment, exercise, or defense of your legal claims
- If you have objected to the processing of personal data necessary for our legitimate interests or the interests of a third party pending the verification of whether our legitimate grounds override those of your objection.
5. Right to object to the processing of your data based on legitimate interest or for direct marketing purposes, which includes profiling to the extent related to such direct marketing. If we process your personal data, you may request free information about the processing of your personal data at any time. If you believe we are processing personal data contrary to the protection of your personal data and the legal provisions of the privacy policy, you may request clarification. You may request that we rectify, complete, delete, or block your data.
To exercise your rights, contact info@divotecosmetics.com or the Office for Personal Data Protection at https://ec.europa.eu/. You may withdraw your consent to process personal data at any time. If you withdraw your consent to process personal data, your data will be deleted; however, this does not apply to personal data that DIVOTE COSMETICS needs to fulfill legal obligations (e.g., processing an already submitted order) or to protect its legitimate interests. Personal data will also be destroyed if the personal data is not necessary for the intended purpose or if storing your data is not permissible for other legal reasons.
Minors
HESON d.o.o. advises all parents and guardians to teach their children how to use their data safely and responsibly on the Internet. Minors should only provide personal data on the HESON d.o.o. website with the permission of their parents or guardians. HESON d.o.o. will never intentionally collect data from minors, use it in any way, or disclose it to third parties without permission unless required by law.
HESON d.o.o. requires that minors do not purchase or engage in any other legal transactions regarding our products and services without the consent of a parent or legal guardian and do not wish to receive personal information directly from minors. However, it is sometimes impossible to determine the age of individuals who participate in such transactions or provide personal data. If a minor (according to applicable law) nevertheless provides us with personal data without the consent of a parent or legal guardian, we ask parents or guardians to notify us so that we can remove this information.
Cookies
Our site uses cookies to make our offer relevant, engaging, and tailored to users. Cookies are small text files stored on your computer, smartphone, or other devices and used in your browser. We use cookies for purposes such as:
- Ensuring the correct functionality of the shopping cart so that you can complete your order as simply as possible,
- Remembering your login details so you do not have to enter them multiple times,
- Best adapting our website to your needs by tracking traffic, your site movements, and the features you use.
For more information about cookies, please refer to our Cookie Policy.
Changes to the Privacy Policy
HESON d.o.o. may amend this Privacy Policy at any time by publishing the amended text on the website. The changes to the Privacy Policy come into effect upon publication on the DIVOTE COSMETICS website.