Privacy policy

 

Last modified on: 21/11/2024

 

 

At MAKEUP, we value your privacy. We attach great importance to the protection and transparent processing of your personal data.

 

This Privacy Policy defines the rules for the processing of personal data received through the online store https://makeup.jp/en/  (“Online Store”).

 

La Makeup Sp. z o.o. is the owner of the Online Store and the controller of the personal data collected within the Online Store (“we”, “Company”), with headquarters in Warsaw (02-672), st. Domaniewska 37, loc. 17.6, KRS: 0000587427, NIP: 5252636585, REGON: 363029583.

 

Personal data collected by the Company through the Online Store are processed in accordance with:

-        the GDPR, also known as Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of individuals with respect to the processing of personal data, the free movement of such data, and on repealing Directive 95/46/EC, as well as

-        the APPI, also known as Act on the Protection of Personal Information Act No. 57 of May 30, 2003,

-        The Anti-Spam Law, also know as Act on Regulation of Transmission of Specified Electronic Mail No. 26 of April 17, 2002,

-        and Act on Specified Commercial Transactions No. 57 of June 4, 1976.

 

We developed this Privacy Policy to inform you (“you” or “Customer”) how your personal data may be processed. We tried to write this Privacy Policy in clear and plain language for your better understanding. By doing so, we hope you will get all the needed details to be assured your personal data is safe with us.

 

The Privacy Policy defines:

       what personal data we collect and process;

       what are the purposes of such processing;

       what rights the Customer has concerning such data;

       whether the data is transferred to third parties;

       what measures we take to protect personal data;

 

as well as other details of personal data processing.

 

This Privacy Policy is an integral part of our Online Store Rules (the “Rules”). Please make sure you read them carefully. In case of any discrepancies between the Rules and the Privacy Policy, the Privacy Policy shall prevail.

 

 

1. What is Personal Data?

 

Personal data is any information relating to you that alone or in combination with other pieces of information allows the person who collects and processes such information to identify you as an individual. In general, these could be your name, an identification number, email address etc. Personal data could also include such technical information as MAC addresses, IMEI, IP addresses, both static and dynamic, browser, and system information.

 

Personal data processing means any action with it, for example, collection, recording, organising, structuring, storage, use, disclosure by any means, and so on.

 

Other terms used in this Privacy Policy have the same meaning as in our Rules and the GDPR.

2. What Data Do We Collect?

 

The categories of personal data are divided into separate subsections based on the specific services that you consume. Please be aware that we do not purposely collect and process any of your sensitive information in the sense of GDPR and APPI (like your health information, data about your religious beliefs, racial or ethnic origin etc.).

 

We collect information about individual consumers, individuals conducting their own business or professional activities, and individuals representing legal entities or similar organizational units.

 

We will collect the personal data such as the following in a lawful and fair manner, in particular:

● personal data provided by you

● personal data relating to the use of our Online Store

● In addition to the above, personal data lawfully collected by us, including cases of collecting information from third parties.

 

If you do not provide certain types of information which need to be registered for using our Online Store, you may not be able to use all or a part of our services.

 

We ask you not to provide us with excessive personal data, including the personal data of any third parties or sensitive data.

 

Type of personal data

Description

Account data

When you create an account in the Online Store, we collect and process the data you voluntarily provide to us:

      email address;

      address details;

      zip code and city;

      country (state);

      street and house number/apartment number;

      first and last name;

      telephone number;

      date of birth;

      password.

 

You provide us with your personal data voluntarily, in connection with the concluded Sales Agreements or to receive Services via the Online Store, as provided in our Rules. However, you should be aware that failure to provide the data specified in the forms when creating the account prevents registration.

Data related to orders in the Online Store

When placing an order in the Online Store, you provide the following data:

      email address;

      address details:

      zip code and city;

      country (state);

      street with house / flat number;

      first and last name;

      telephone number.

 

After you have made an order, we collect information regarding products or services you have purchased, returned, exchanged, or considered, as well as your preference, namely:

      order number;

      date of the order;

      cost of purchased goods in the order;

      the list of your purchased goods;

      delivery date.

 

When scrolling through our Online Store, you may add new items to your wishlist, and we will store them for you.

Data related to your requests, comments or claims

 

There are special forms on our Online Store that allow you to contact us.

 

By sending us your request, you provide us with the following data:

      your first name;

      your email;

      subject message;

      the message itself;

      the attached file such as photographs, images, videos, if applicable.

 

Otherwise, you may also send us your request by email. In such a case, we may collect and process only your email and data indicated in such email.

 

By requesting the call back, you provide us with the following data:

      your first name;

      your phone number;

      the message itself.

Please, pay attention that we may collect recordings of your voice within your communications with our representative (such as when we record customer service calls for quality assurance).

 

You may also communicate with us by asking us questions or leaving your comments, responses, product reviews, testimonials, and other content. In this case, you provide us with the following data:

      your first name;

      your email;

      your rating related to the relevant item;

      the message itself;

      the attached file such as photographs, images, and videos, if applicable.

Newsletters

 

When you subscribe to the newsletter, we collect and further process your email address. We could send some marketing communication in the context of our Goods and Services to your email addresses. In any case, you can choose to stop receiving our emails at any time. If you want to cease this type of communication, tap on the “Unsubscribe” link you may find in each of our emails.

Automated collection (cookies and similar technologies)

Using cookies and similar technologies, we may collect the following personal data:

      device identifier, internet protocol (IP) address,

      cookies, beacons, pixel tags, mobile ad identifier, or similar unique identifiers, as well as

      browsing or search history and information regarding your interactions with our Online Store, emails, or advertisements.

 

Please find more details about how and what cookies we use in our Cookies Policy.

Financial information

Please pay attention that we do not collect your payment credentials (bank credentials, cards numbers and dates of issuance etc.).

 

Such information may be collected exclusively by third-party payment providers with the respective licenses and security measures with regard to your payment credentials, as it is prescribed in our Rules. We receive from the third-party providers only Transaction ID and Receipts with the information on conducted transaction, date and time, and services bought, just to make sure that the transaction relates to you.

 

 

 

 

3. Lawful Basis and Purposes of Processing Your Data

 

a.    Lawful basis

 

To comply with our GDPR obligation, below we also describe the lawful basis we rely on when processing your personal data:

 

Type of data

Lawful Basis

 

Account data

Necessity to perform the contract, namely to provide access to the account in order to place orders and make purchases

Data related to orders in the Online Store

Necessity to conclude and perform the Sales Agreement

Data related to your requests, comments or claims

Necessity to perform the contract, for example to provide you with the answers to your requests

Newsletters

 

Your consent to receive the news about our goods and services. This provision applies when you did not enter into the Sales Agreement with us before, or when such newsletters concern products different from those you have previously purchased in our Online Store.

 

We also may send you newsletters that promote our products, which are similar to those you have purchased in our Online Store before, relying on legitimate interest, to keep you informed of all new products you may be interested in, based on your previous purchasing experience in our Online Store.

Automated collection (cookies and similar technologies)

Your consent for the use of cookies. The only exception is for the group which is strictly necessary for the mere functioning of the Online Store. The data collected with the use of such a group of cookies is processed since this is necessary to perform the contract, namely to ensure the proper functioning of the Online Store.

Financial information

Necessity to conclude and perform the Sales Agreement

 

We may also process some of your data on the basis of our legitimate interest:

 

       The legitimate interest is the legal basis for the processing when we store your personal data after you delete your account. In such cases, the legitimate interest consists in avoiding risks of the loss of the data within our systems in case you want to restore your account. 

 

       In order to determine, investigate and enforce claims, to prevent or investigate possible wrongdoing, some personal data you provide may be processed as part of using the functionality in the Online Store, such as: name, surname, data on the use of the Online Store, if the claims result from the manner in which you use the Online Store, other data necessary to prove the existence of the claim, including the extent of the damage suffered. The legitimate interest lies in the establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.

 

       In order to pursue our legitimate interest of ensuring the security of data, we also make backups of your personal data collected through the Online Store.

 

b.   Purposes of processing

 

Type of data

Purpose of processing

 

Account data

      to provide access to the Customer’s Account in order to place orders and make purchases;

      to create, manage and technically maintain such Customer’s Account;

      to quickly verify the identity of your person when making new orders, and give you the opportunity to use the Online Store;

      to also send you transactional communications via email, including responding to your questions and requests and sending you our offers, propositions, recommendations or technical notices.

Data related to orders in the Online Store

 

      to place an order in the Online Store;

      to ensure the order is properly performed;

      to send your order in the Online Store to the correct place of your stay;

      to provide you with receipts and order updates;

      to send you notifications related to your purchases, returns, exchanges;

Data related to your requests, comments or claims

 

      to provide you with the answers to your requests, inquiries, issues, or feedback, and to provide customer service;

      and to provide a forum for discussion, asking questions, posting photos and reviews, and sharing experiences.

Newsletters

 

      to send you the news about our goods and services, our offers, propositions, or recommendations;

      to keep you informed of all changes, innovations, and improvements we make within the Online Store;

      to show you advertisements for products and/or services tailored to your interests;

      to administer our sweepstakes, contests, and other similar promotions.

Automated collection (cookies and similar technologies)

      as described in the Cookies Policy.

 

Financial information

      to complete the transactions you request;

      to process your payments.

 

Additionally, we may process your data:

 

      to comply with our legal obligations;

      to protect your vital interests or vital interests of another natural person;

      to perform a task carried out in the public interest or in the exercise of official authority vested in us;

      to support core business functions, including to maintain records related to business process management, loss and fraud prevention;

      for the purposes of the legitimate interests pursued by us or by a third party (e.g. to prevent or investigate possible wrongdoing in connection with the Online Store or to protect ourselves, our subcontractors, partners and affiliates against legal liability).

 

We will not process the personal data we obtain beyond the scope of the purposes of processing above, except to the extent that consent has been obtained from you or as permitted by applicable laws. Additionally, we will take appropriate measures to ensure that personal data is not used for any other purpose.

If we decide to change the purposes of processing specified above, we will inform you on such changes prior to the use of your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes.

 

Please note that we do make any decisions based solely on automated processing that may produce legal or similar significant effects.

 

 

4. How long do we store your data?

 

Note, we typically retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy policy, unless a longer retention period is required or permitted by law.

 

a) If the basis for the processing of personal data is consent, then we process your data as long as the consent is not revoked, and after revoking the consent for a period of limitation of claims that may be raised by the Company or against it.

 

b) If the basis for data processing is the performance of the contract, then we process your data as long as it is necessary to perform the contract, and after that time for a period of limitation of claims.

 

c) If the basis for data processing is the legitimate interest, then we process your data until you object to processing, and after that time for a period of limitation of claims.

 

The period of data processing may be extended if the processing is necessary to establish and pursue any claims or defend against claims, and after that time only if and to the extent required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.

 

The storage and retention period for cookies is described in our Cookies Policy.

 

 

5. Granting Access to Third Parties and Subcontractors

 

We do not sell, provide, disclose or share your personal data to third parties unless we have obtained your consent or such selling, provision, disclosure or sharing of personal data is permitted by applicable laws. However, to provide quality services and support various functions of our Online Store, we may hire people, and work with service providers and marketing providers. For these reasons, some of your personal data may be transferred to these persons.

 

Service providers will access the personal data only to the minimum extent required for performing the relevant services on our behalf, and will not use the personal data beyond the scope of such services.

 

In all cases, we comply with the requirements of data protection legislation, provide necessary and appropriate supervision of the subcontractors,  and make every effort to ensure that data processing is secure at all stages. Our subcontractors and any other third parties will provide equal protection of user data as stated in this Privacy Policy and undertake the same level of necessary protective measures the applicable law requires. Depending on contractual arrangements and circumstances, the subcontractors shall comply with the instructions of the Company as to the purposes and methods of processing these data (processors) or independently define their processing purposes and methods (administrators).

 

To achieve the purposes of data processing, we may provide your data to the following persons:

 

a)    Processors connected to the Online Store functioning. These include, among others, our affiliates, subcontractors, providers of hosting services, to provide shared business services (e.g. customer service, loss prevention, information security, IT support, accounting, tax), and systems for analysing traffic in the Online Store.

 

To achieve the purposes specified in section 3 (b), we may share with these providers the following types of data: Account data, Data related to orders in the Online Store, Newsletters, Data related to Automated collection (cookies and similar technologies), Financial information.

 

b)    Processors connected to the marketing systems (sending marketing messages and showing you targeted advertising) and systems for analyzing the effectiveness of marketing campaigns.

 

To achieve the purposes specified in section 3 (b), we may share with these providers the following types of data: Newsletters, Automated collection (cookies and similar technologies).

 

c)     Processors connected to ensuring the purchase is delivered: a courier, postal and/or logistic company as the case may be. You may see the list of the services when making a purchase via the Online Store.

 

To achieve the purposes specified in section 3 (b), we may share with these providers the following types of data: Data related to orders in the Online Store.

 

d)    Controllers – payment and banking services. The Company uses suppliers who do not act solely on the instructions and set the goals and methods of using your personal data by themselves. They provide electronic payment and banking services. You may see the list of the services when making a purchase via the Online Store. 

 

To achieve the purposes specified in section 3 (b), these providers obtain the following types of data: Automated collection (cookies and similar technologies), Financial information (directly from you, as we do not collect such data).

 

For a detailed list of providers and services (processors) we use, don't hesitate to get in touch with us using the contacts listed in section 9.

 

Some of your personal data can be viewed by third parties, such as your name, comments, feedback or questions regarding some goods on the Online Store that can be accessed by unspecified or large numbers of users.

 

The foregoing information may be copied, stored or spread by the viewer, and accessed by an unintended third party, due to the nature of digital data. When posting on our Online Store, please pay attention to the contents and scope of disclosure of such a post.

 

In the event of a request from the Company provides personal data to authorised state authorities, in particular to organisational units of the prosecutor’s office, the police, or the respective data protection agency. This is done only to the extent required by law. In such a case, we may share the following types of data: Account data, Data related to orders in the Online Store, Newsletters, Data related to Automated collection (cookies and similar technologies), Financial information.

 

If you provide personal data to the Company, it might be processed in a foreign country with privacy laws that aren't as strict as those in your own country. By sharing your personal data with us, you consent to it being transferred, stored, and processed in a country different from your residence, which may include, but is not necessarily limited to, the United States, Poland and Ukraine. Although all of the countries and regions that we may provide personal data to in the future cannot be specified, we will notify you via this Privacy Policy upon the future addition of any country or region in which the third-party recipient of personal data is located.

 

Since some of your data may be transferred to third parties outside of the EEA, we could also transfer such data on the basis of the standard contractual clauses signed with the respective third parties, if the country of transfer (like Ukraine) is not subject to the adequacy decisions of the European Commission. You may request the copy of such instruments via contact details provided in this Privacy Policy.

 

 

6. Your Data Processing Rights

 

To exercise your rights listed below, you can send a request to the Company to dpo@makeup.pl. In order to properly protect your data, the Company may take additional measures to identify you when processing your request. We will provide you with a response to your request no later than 1 month from the date of its receipt, except as provided by law. If there is a valid reason this term can be extended for another 2 months, and we will inform you about such extension and the reasons in advance.

 

Thereby, you have the following rights:

 

Right

Description

Right of access to personal data (to be informed)

E.g. to know about:

      the categories of data processed;

      the purposes and legal justification of the processing;

      the sources of collection data;

      third parties to whom your personal data are being transmitted;

      the retention period of processing or the criteria used to set that period;

      the right to request the controller to rectify, erase personal data or limit the processing of personal data;

      the right to lodge a complaint with the supervisory authority and obtain the contact details of that authority.

 

The Privacy Policy was created to ensure this right. You may also ask us additional questions as to your data. You have the right to receive an answer about whether your personal data is processed, as well as to receive the content of such personal data.

 

You may receive information on the conditions for granting access to personal data, in particular information on third parties to whom your personal data is transferred. You may obtain a copy of your personal data.

 

Please, note that we may refuse or restrict your right of access to personal when any of the following applies:

 

● disclosure is likely to harm the life, wellbeing, property, or other rights or interests of yours or another individual;

● disclosure is likely to seriously impede the proper execution of our business;

● disclosure violates other laws and regulations;

● when you failed to verify your identity upon your disclosure request; or

● we are otherwise permitted by applicable laws to refuse your request.

 

In such cases, we will inform you in writing and without undue delay, of the reasons for refusal or limitation of this right.

Right to make a reasoned request to change/ delete your personal data

This is applicable if such data are processed illegally or are inaccurate, as well as in other cases provided by applicable law. In particular, in the event of any inaccuracies in the data processed by the Company, you have the right to contact us with a request to make appropriate changes to your personal data.

 

You may also request that your data be deleted if you believe that the Company no longer needs it for the purposes for which it was collected.

 

We will inform you in writing and without undue delay about  changes made to your personal data or its deletion.

 

However, we may retain certain personal data to the extent that processing is necessary to establish, assert or defend claims, as well as to fulfill a legal obligation requiring processing under EU law or the law of a Member State to which we are subject. In such cases, we will inform you in writing and without undue delay, of the reasons for retaining certain personal data.

Right to make reservations about the restriction of the right to process your personal data while giving consent

If you submit such a request, pending its consideration, this may prevent you from the use of certain functionalities. Such requests could include questioning the correctness of your data, unlawfulness (if you do not want us to delete data), cases when we no longer need your data for the purposes collected.

Right to limitation of processing

You may ask to “block” or prevent future use of your data while we evaluate your request to erase your data. If processing of your data is limited, we continue to store them, but are not able to use them. We maintain a list of data subjects who have requested to limit processing of their data to ensure that this limitation is respected.

 

Please, note that we may refuse or restrict your right to limitation of processing as long as it is prescribed by applicable national law.

In such cases, we will inform you in writing and without undue delay, of the reasons for refusal or limitation of this right.

Right to object to the collection and processing of personal data

This is applicable except in cases where the collection and processing of personal data is mandatory in accordance with the law. To exercise this right, you have to submit the objection to us in writing. Upon receipt of such objection, we shall immediately stop the collection and processing of your personal data.

 

You cannot object to the collection and processing of personal data when it is mandatory in accordance with the laws we are subject to.

 

But your right to object is absolute if we process your data on the basis of legitimate interest, for instance when we send you marketing emails. If you object and we do not have any other legal basis for the processing of personal data, we will delete your personal data, the processing of which has been objected to.

Right to oppose receiving marketing communications

You may unsubscribe from our marketing communications at any time. The easiest way for you to unsubscribe is to click the “Unsubscribe” button in any email or communications we send you. You may also send us an email at info@makeupstore.com.

Right to receive your personal data and send the data to another provider (data portability)

You may receive your personal data and send the data to another provider. We will send your personal data in the form of a csv file, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data controller.

 

This right only applies to those data аthat you provide to us, which we process on the basis of consent or a contract.

Right to withdraw consent to the processing of personal data

You can withdraw your consent to the processing of your personal data at any time. In this case, we must stop processing, i.e., destroy or delete your personal data and notify you of the results.

 

However, there may be exceptions to this right. For example, if the law requires the Company to retain this data, or when it is necessary for the protection in litigation, or when the Company has other grounds for the processing, etc.

Right to file a complaint about the processing of your personal data

If you have not obtained satisfaction in the exercising of your rights or the way to exercise them, you may file a complaint with the Personal Information Protection Commission (PPC).

 

PPC contacts:

 

Address: Kasumigaseki Common Gate West Tower 32nd Floor, 3-2-1, Kasumigaseki, Chiyoda-ku, Tokyo, 100-0013, Japan.

 

TEL: +81-(0)3-6457-9680

More information you may find on PPC`s website: https://www.ppc.go.jp/en/contactus/ 

You may lodge a complaint to the court and apply legal remedies in case of violating the data protection laws. You may also demand payment of moral and material damage.

 

Please do not hesitate to contact us by any means indicated below before you file a complaint with the national data protection authority.

Right to know about us making decisions based solely on automated processing (including profiling) and object to it

You have the right to know the mechanism of automatic processing of personal data and the right to protection against an automated decision that has legal consequences for you. This provision is intended to protect the data subject from decisions made by the algorithm without human involvement or control. If you wish to object to profiling or realize your rights connected with such data, please contact us using the details below.

 

This is since we may make decisions about you based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you. We may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s personal preferences, interests, behavior, etc.). This means that we may collect personal data about you like viewed products, your purchases or search history. We centralize this data and analyze it to evaluate and predict your personal preferences and/or interests for marketing purposes, to display the content tailored to your interests/needs. For more information about some of the instruments that we use to collect such data - see our Cookies Policy.

 

 

7. Security of Personal Data

 

We take appropriate security measures to protect your personal data from accidental loss or destruction from unlawful processing or access to it.

 

Type of measures

Description

Confidentiality

All personnel are subject to full confidentiality; and any subcontractors and subprocessors are required to sign a confidentiality agreement if full confidentiality is not a part of the main agreement between the parties. Also, any access by authorised personnel is logged. We use verified contractors that might have access to the data as specified in this Privacy Policy and with whom relevant data processing agreements are concluded. Moreover, we guide and train our personnel to process your data securely.

Isolation

Access to personal data is restricted to individually authorised personnel. Authorised personnel are granted minimum access on a need-to-have basis.

Account protection

The Company provides Customers with a secure and encrypted connection when transferring personal data and logging in to the account on the Online Store. The Company uses an SSL certificate issued by one of the world’s leading companies in the security field and encryption of data sent over the Internet.

 

In the event that the Customer who has a Customer’s Account in the Online Store has lost any access password, the Online Store allows you to generate a new password. The Company does not send a password reminder. The password is stored in the database in an encrypted form in a way that prevents its reading. In order to generate a new password, please provide your email address in the form available under the link “Remind password”, provided next to the account login form in the Online Store. The new password will be automatically sent to the email address provided during registration or saved in the last change of the account profile.

 

We never send any correspondence, including electronic correspondence with a request to provide login details, in particular the access password to the Customer's account.

Internal Policies and Procedures

All the employees and contractors are obliged to obey the internal security policy with respect to the processing of personal data. Such policy provides for organisation, physical, and technical security measures and, for such purpose, takes into account the nature, scope, context and purposes of the processing, as well as the risks posed to the rights and freedoms of data subjects.

 

Disclaimer. While taking the necessary steps to secure your data, we have no choice but to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under the breach and if there is a high risk of violating your rights as a data subject, we would inform you and the respective data protection authorities as to the accidents without undue delay. We will also do our best to minimise any such risks.

 

 

8. Changes to this Privacy Policy

 

We may amend or update this Privacy Policy from time to time. If we decide to do so, and the amendments will substantially affect your rights and legitimate interests, we will notify you of any changes via email. We will also indicate the “Last modified” date at the top of this Privacy Policy.

 

 

9. Contact Information

 

If you have any questions about the Privacy Policy or your data we process, you are welcome to contact us:

 

La Makeup Sp. z o.o.

st. Domaniewska 37, loc. 17.6

Warsaw, Poland

Email: dpo@makeup.pl

 

 

ログイン

パスワード復元

折り返しお電話いたします!