PRIVACY POLICY

PRIVACY POLICY

I hereby announce to the company Bloom Cosmetics s.r.o., with registered office Bernolákova 7897/11, Bratislava - Administrative

District Staré Mesto 811 07, Slovak Republic, registered in the Commercial Register kept

by the District Court Bratislava I, section: Sro., REg. File No.: 140128/B, Company Registration Number: 51 228 637, Tax Registration Number: 2120644295, VAT Registration Number: SK2120644295 (hereinafter referred to as “we”) in the operation of the Online Shop www.bloomrobbins.sk we process personal data.

 

Below in this document we are trying to provide you with all the necessary information about processing of your personal data in accordance with Regulation No. 2016/679 on the protection of physical persons in the processing of personal data and on the free movement of such data (hereinafter referred to as GDPR”). If you still have any questions or would like to exercise your rights, contact us, for example by email at hello@bloomrobbins.sk.

 

Processed personal data, purpose, legal basis and duration of their processing

Creating and managing a user account

 

Category of persons: Customers Purpose of the processing of personal data: Creating and managing a user account Legal basis and processed personal data: The legal basis is your consent, which you give by registration. Identification data (name, surname), registration data (email). After registration you have the option, for example, to include selected goods to the so-called wishlist and subsequently We will send you an email notifying you that the goods included in the wishlist are sold for discounted price or available again. You can change this wishlist at any time. Processing time: Until you cancel your account. In the event that you do not use the account for a long time, we may send you an email stating that if you do not log in to your account within a certain period of time after receiving it, We will cancel your account.

 

Resolving an issue within the ordering process

 

Category of persons: Customers

Purpose of processing of personal data: Resolving an issue within the ordering process

Legal basis and processed personal data: In case that you start filling out your personal data during the ordering process and for whatever reason this process fails and you will not

be able to complete the order, for example in the event of a technical problem, we will send

you email if you fill in your email address with your saved cart and completed data. You will be able to complete your purchase within 1 day. The legal basis is primarily our legitimate interest in eliminating the problem and completing the order, in conjunction with the secondary objective, namely the execution of measures before the conclusion of the contract. Processing time: 30 days from the date of non-completion of the ordering process.

 

Concluding and performing contracts with customers

Category of persons: Customers

Purpose of processing of personal data: Concluding and performing contracts with customers

Legal basis and processed personal data: The legal basis is the necessity for the performance

of the contract. Identification data (first name, surname), contact details (delivery address and permanent address of residence, e-mail, phone), accounting details (billing address, card number, bank account number), order history, user account data, data related to any

complaints (product identification, product defects, solutions).

Provision of personal data is a contractual requirement and your duty, without them it is not

possible to conclude a contract and deliver the goods or provide the service.

Processing time: For the duration of the contractual relationship and the warranty period, which is in most cases 2 years.

 

Enforcement of claims after termination of the contract

Category of persons: Customers

Purpose of processing of personal data: Enforcement of claims after termination of the contract.

Legal basis and processed personal data: The legal basis is our legitimate

interest in the right to recover any liabilities and other claims which may

arise as well as to have the ability to demonstrate that our obligations under the contract have been properly fulfilled.

Identification data (first name, surname), contact details (delivery address and permanent address of residence, e-mail, phone), accounting details (billing address, card number, bank account number), order history, user account data, data related to any

complaints (product identification, product defects, solutions).

Processing time: For a period of 5 years after the termination of the contractual relationship, in the case of a judicial proceedings throughout the procedure.

Fulfilment of obligations arising from accounting and tax regulations

Category of persons: Customers

Purpose of processing of personal data: Fulfilment of obligations arising from the regulations related

to bookkeeping and taxation

Legal basis and processed personal data: The legal basis is the performance of the statutory obligation imposed on us by accounting and taxation legislation.

Identification data (first name, surname), contact details (delivery address and address of permanent residence, e-mail, telephone), accounting data (bank account number and other information on tax documents), copies of contracts.

Processing time: 10 years from the end of the year in which the performance of the contract occurred.

Direct marketing

Category of persons: Customers











Purpose of processing of personal data: Direct marketing

Legal basis and processed personal data: In case of direct marketing via SMS or e-mail, the legal basis is your consent, which you express in our Online Shop and then clicking on the link in the confirmation email.

Identification (first name, surname) and contact details (delivery address and permanent address of residence, e-mail, telephone).

Processing time: Minimum 4 years and a maximum of 5 years after the withdrawal of consent or filing objections, respectively.

 

Rating

Category of persons: Customers

Purpose of processing of personal data: Rating

Legal basis and processed personal data: The legal basis is your consent.

Identification data (name, surname), registration data (email). We will publish the rating without your personal data, i.e. anonymized (name, initial surname and country only).

After the purchase, we can ask you for rating by sending you an email. Legal

basis for sending this email is our legitimate interest in improving our products,

However, you have the option to express your disagreement with sending this email during the purchase.

Processing time: Until anonymization that occurs within 30 days of your

rating or references.

Internal analyses, development and improvement of our e-commerce and quality of services, planning.

Category of persons:

Purpose of processing of personal data: Internal analysis, development and improvement of our Online Shop and quality of service, planning.

Legal basis and processed personal data: The legal basis is our legitimate interest.

Your personal data that we hold on the basis of a different purpose or legal basis.

Processing time: For the period during which we process them on the basis of another purpose or legal basis. After this time only in an anonymized form, when it will no longer be personal data.

Handling suggestions, inquiries and questions

Category of persons: Anyone

Purpose of processing of personal data: Handling suggestions, inquiries and questions

Legal basis and processed personal data: The legal basis is our legitimate interest,

as well as your consent.













Identification data (first name, surname), contact details (address, e-mail, phone), IP address and cookies, question asked via form, email, chat, via

social media or by phone.

Processing time: Until resolving the issue, but not more than 30 days after resolving, or longer if you give us your consent to do so.

Regular sending of business and marketing notifications by email

Category of persons: Newsletter subscribers

Purpose of processing of personal data: Regular sending of commercial and marketing

notifications by email Legal basis and processed personal data: The legal basis is your consent, which you give by registering for the newsletter on our Online Shop and then clicking on the link in the confirmation email.

 

E-mail.

Processing time: Until the withdrawal of consent.

Arrangement and evaluation of a competition

Category of persons: Contestants

Purpose of processing of personal data: Arrangement and evaluation of a competition

Legal basis and processed personal data: The primary legal basis is consent

of a contestant expresses by his/her participation in the contest. Provision of personal information is a condition of participation in the contest, without which the participation is not possible.

The secondary legal basis is also performance of the contract, i.e. performance of our rights and obligations arising from the rules of the contest, and after fulfilling also our legitimate interests to inform about the result of the contest by publishing the profile of the winner in the comments to the post about the contest and the ability to demonstrate that our responsibilities have been properly fulfilled. Participation in the contest, as well as granting consent to the processing of personal data for this purpose, are voluntary and consent can be withdrawn at any time. By withdrawal of consent will be terminated processing of personal data and participation in the contest. 

 

With whom we share your personal data

In limited cases, we disclose your personal data to other entities (recipients), in

majority of cases, to our service suppliers. There may be the following cases:

Provision to third parties, where permitted or required by law, for example, disclosure to state authorities in accordance with the law, in case of sale of our business or, in case of our legal protection, through a legal representative. Providing to our suppliers (so-called intermediaries) who provide us various contract-based services within which the processing of your personal data takes place. These include companies securing or providing ERP system (enterprise software for managing and coordinating internal resources), payment gateway, marketing, emailing, e-commerce platform, web chat, reviews, IT development and IT support, fulfillment (storage, transport), management and delivery of packages, accounting services, applications linking and cookies (see the Cookies section below).






We only cooperate with service providers who deliver reasonable guarantees

of security and which we contractually undertake to process your personal data only in accordance with our instructions and maintain the confidentiality of your personal data.

Automated individual decision-making including profiling

We do not make decision-making, which is based solely on automated processing,

including profiling, and which has legal effects concerning you or significantly affect you in a similar way.

 

Personal data of children under 16 years

Our Online Shop is not designed for children under 16 years of age. Children under 16

may only use our Online Shop if there is a legal consent to do so

given by a representative, especially a parent.

Transmission of personal data outside the EU/EEC

Within the European Union/European Economic Area, there is free movement of personal

data.

If we transfer personal data to third countries, we will do so in accordance with the GDPR.

For example, countries that the European Commission has decided to guarantee an adequate level of protection of personal data or the supplier of the service we use is committed to comply with standard contractual clauses adopted by the European Commission, or may be a combination of both cases.

Currently, we plan to transfer personal data only to the US if the service provider is part

of the Privacy Shield Framework and at the same time we have a contract with it, which contains standard contractual clauses.

 

Cookies 

We use cookies in our Online Shop. Details on how we

use it can be found in this section www.bloomrobbins.sk/cookies

 

Your rights 

Under the GDPR, you have multiple rights. Namely, the right to access and rectify personal data, right to deletion, restriction of processing, object to processing, right to data portability, the right to withdraw your consent to the processing of personal data and the right to file a complaint to the supervisory authority.

 

Right of access

You have the right to obtain confirmation from us whether your personal data is being processed and, if that is the case, you have the right to obtain access to this data. Upon request, we will provide you with all information regarding the processing of your personal data.

 

Right to rectification

You have the right to correct your incorrect personal data and complete it if it is incomplete.

 

Right to erasure (right to „be forgotten”)

We delete your personal data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent on the basis of which we have carried out the processing. However, this right does not apply

absolutely. There are cases where we need to retain personal data, for example for the accounting purposes.

 

Right to restriction of processing of personal data

You have the right to restrict processing if (i) you have challenged the accuracy of personal data during a period enabling us to verify the accuracy of the personal data, (ii) the processing is illegal and you object to the erasure of personal data and instead you require to limit ita use; (iii) no longer we do not need personal data for processing purposes, but

you need it for the establishment, exercise or defence of legal claims; (iv)

you object to the processing, until verifying whether legitimate grounds on our part

outweigh your legitimate reasons.

 

Right to object to processing

You have the right to object at any time to the processing of your personal data

exercised (i) on a legal basis of necessity for the purposes of our legitimate interests

or exercised by a third party, (ii) for profiling purposes, and (iii) for direct marketing

purposes.

 

Right to data portability

You have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without preventing you from doing so, if the processing of personal data is based on your consent or on the contract and at the same time the processing is carried out by automated means.

 

Right to withdraw consent

If the processing is based on your consent, you have the right to cancel your consent at any

time. Withdrawal of consent does not affect the lawfulness of processing based on consent

granted prior to its cancellation.

 

Right to lodge a complaint

If you believe that the processing of your personal data is contrary to the GDPR, you have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic with its registered office at Hraničná 12, 820 07 Bratislava 27, e-mail:

statny.dozor@pdp.gov.sk.