Privacy policy

PRIVACY POLICY

This Privacy Policy sets out the rules for processing personal data obtained via the drogeria.be online store (hereinafter: the “Online Store”).
The owner of the Online Store and the data controller at the same time is Skiera Cosmetics BV, registered office in The Hague (2544EM), Koperwerf 27, KVK 72689331, BTW: NL859198819B01, hereinafter referred to as Skiera Cosmetics BV.
Personal data collected by Skiera Cosmetics BV via the Online Store is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
Skiera Cosmetics BV takes special care to respect the privacy of Customers visiting the Online Store.

§ 1 Types of data processed, purposes and legal bases

Skiera Cosmetics BV collects information about natural persons performing a legal act not directly related to their business, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal entities or organizational units without legal personality which are granted legal capacity by law, hereinafter collectively referred to as Customers.

Customer personal data is collected when:

Registering an account in the Online Store, in order to create and manage an individual account. Legal basis: necessity for the performance of the Account service agreement (Art. 6(1)(b) GDPR).
Placing an order in the Online Store, in order to execute the sales agreement. Legal basis: necessity for the performance of the sales agreement (Art. 6(1)(b) GDPR).
Subscribing to the newsletter, in order to perform the electronic service agreement. Legal basis: the data subject’s consent to perform the Newsletter service (Art. 6(1)(a) GDPR).
Using the contact form in the Online Store, in order to perform the electronic service agreement. Legal basis: necessity for the performance of the contact-form service agreement (Art. 6(1)(b) GDPR).
Using the “add a review” service, in order to perform the electronic service agreement. Legal basis: necessity for the performance of the review service agreement (Art. 6(1)(b) GDPR).

When registering an account in the Online Store, the Customer provides:

e-mail address;
first and last name;
phone number.

During registration, the Customer sets an individual password for their account (changeable later under §5).

When placing an order, the Customer provides:

e-mail address;
address details: postcode and city; country; street and house/flat number; province/region;
first and last name;
phone number.

For Business Customers, the above scope is additionally extended by:

company name;
VAT number.

When subscribing to the Newsletter, the Customer provides only their e-mail address.

When using the contact form, the Customer provides:

e-mail address;
first and last name;
phone number.

When using the “add a review” service, the Customer provides:

e-mail address;
first and last name or nickname (pseudonym).

When using the Store website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the ISP, domain name, browser type, access time, type of operating system.

Navigation data may also be collected from Customers, including information on links and references they choose to click or other actions taken in the Online Store. Legal basis: the controller’s legitimate interest (Art. 6(1)(f) GDPR) consisting in facilitating the use of electronic services and improving their functionality.

For the purpose of establishing, pursuing and enforcing claims, certain personal data provided by the Customer within the Store’s functionalities may be processed, such as: first and last name, data on the use of services if the claims arise from the manner of use, and other data necessary to evidence the claim, including the extent of damage suffered. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) consisting in establishing, pursuing and enforcing claims and defending against claims before courts and other public authorities.

Providing personal data to Skiera Cosmetics BV is voluntary in connection with entering into sales agreements or service agreements via the Store website; however, failure to provide the data specified in the forms during Registration prevents Registration and account creation, and in the case of placing an order without Registration prevents placing and executing the order.

§ 2 To whom data is disclosed or entrusted and how long it is stored

Customer personal data is transferred to service providers used by Skiera Cosmetics BV in operating the Online Store. Depending on contractual arrangements and circumstances, service providers either follow Skiera Cosmetics BV’s instructions regarding the purposes and means of processing (processors) or determine the purposes and means themselves (controllers).

Processors. Skiera Cosmetics BV uses providers who process personal data solely on Skiera Cosmetics BV’s instructions. These include providers of hosting services, accounting services, marketing systems, web analytics tools, and tools for analyzing marketing campaign performance.

Controllers. Skiera Cosmetics BV uses providers who do not act exclusively on instruction and independently determine purposes and means of processing Customers’ personal data. They provide electronic payment and banking services.

Location. Service providers are based in Poland and in other countries of the European Economic Area (EEA).

Data retention periods:

Where processing is based on consent, personal data is processed until the consent is withdrawn, and thereafter for a period corresponding to the limitation period for claims which may be raised by Skiera Cosmetics BV or against it. Unless a specific provision provides otherwise, the limitation period is six years, and for periodic performance claims and claims related to business activity — three years.
Where processing is based on contract performance, personal data is processed for as long as necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims (as above).

For purchases in the Online Store, personal data may be transferred, depending on the Customer’s choice, to the following entities to deliver the ordered goods:

a courier company;
POST NL BV, based in The Hague.

If the Customer chooses SOFORT Banking, their personal data is transferred, to the extent necessary to process the payment, to Mollie BV, Keizersgracht 126, 1015 CW Amsterdam.

If the Customer chooses PayPal, their personal data is transferred, to the extent necessary to process the payment, to Mollie BV, Keizersgracht 126, 1015 CW Amsterdam.

Navigation data may be used to provide better service, compile statistics and tailor the Online Store to Customer preferences, as well as to administer the Store.

Newsletter. If the Customer subscribes to the Newsletter, Skiera Cosmetics BV will send commercial information about promotions and new products to the Customer’s e-mail address.

Upon a lawful request, Skiera Cosmetics BV discloses personal data to competent public authorities, in particular to units of the Prosecutor’s Office, Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Cookies mechanism, IP address

The Online Store uses small files called cookies. They are stored by Skiera Cosmetics BV on the device of the person visiting the Store, if the web browser allows it. A cookie file usually contains the domain name it comes from, its “expiration time”, and a unique randomly selected number identifying the file. Information collected via such files helps tailor Skiera Cosmetics BV’s products to the individual preferences and real needs of Store visitors and enables the preparation of general statistics on visits to products presented in the Store.

Skiera Cosmetics BV uses two types of cookies:

Session cookies: data is deleted from the device memory after the browser session ends or the computer is turned off. Session cookies do not allow the retrieval of any personal data or confidential information from Customers’ computers.
Persistent cookies: stored on the Customer’s device until deleted or expired. Persistent cookies do not allow the retrieval of any personal data or confidential information from Customers’ computers.

First-party cookies are used to:

authenticate the Customer in the Online Store and maintain the Customer’s session (after logging in), so that the Customer does not have to re-enter the login and password on each subpage;
perform analysis, research and audience measurement — in particular to create anonymous statistics helping to understand how Customers use the Store website, which enables improvements to its structure and content.

Third-party cookies are used to:

promote the Online Store via facebook.com (third-party cookie controller: Facebook Inc., USA, or Facebook Ireland, Ireland);
collect general anonymous statistics via LiveChat analytics (controller: Smartsupp.com, Czech Republic);
display ads tailored to the Customer’s preferences via awin.com (controller: AWIN Limited, UK);
display tailored ads via rtbhouse.com (controller: RTB House S.A., Warsaw);
display tailored ads via go.pl (controller: GO.PL Sp. z o.o., Warsaw);
promote the Store via twitter.com (controller: Twitter Inc., USA);
collect general anonymous statistics via Google Analytics (controller: Google Inc., USA);
display ads via Google AdSense (controller: Google Inc., USA);
present the Rzetelny Regulamin certificate via rzetelnyregulamin.pl (controller: Rzetelna Grupa sp. z o.o., Warsaw).

The cookies mechanism is safe for Customers’ computers. In particular, viruses or other unwanted/malicious software cannot penetrate Customers’ computers via this route. Nevertheless, Customers may limit or disable cookies in their browsers. If this option is used, the Online Store will remain usable, except for functions that by their nature require cookies.

Changing cookie settings in popular browsers:

Skiera Cosmetics BV may collect Customers’ IP addresses. An IP address is a number assigned to a visitor’s computer by an ISP and enables Internet access. In most cases it is assigned dynamically, i.e., changes with each connection. IP addresses are used by Skiera Cosmetics BV to diagnose server problems, compile statistical analyses (e.g., to determine from which regions visits are most frequent), as information useful in administering and improving the Online Store, and for security purposes and potential identification of unwanted automated programs burdening the server.

The Online Store contains links and references to other websites. Skiera Cosmetics BV is not responsible for the privacy practices of those websites.

§ 4 Rights of data subjects

Right to withdraw consent — legal basis: Art. 7(3) GDPR.
The Customer may withdraw any consent given to Skiera Cosmetics BV at any time.
Withdrawal takes effect from the moment of withdrawal and does not affect processing lawfully carried out before withdrawal.
Withdrawal entails no negative consequences, but may prevent further use of services or features which, by law, Skiera Cosmetics BV may provide only with consent.

Right to object to processing — legal basis: Art. 21 GDPR.
The Customer may object at any time — on grounds relating to their particular situation — to the processing of their personal data, including profiling, where Skiera Cosmetics BV processes data based on legitimate interest (e.g., marketing of Skiera Cosmetics BV products/services, statistics on the use of Store features, facilitating Store use, satisfaction surveys).
Unsubscribing from marketing communications by e-mail constitutes an objection to processing (including profiling) for those purposes.
If the objection is justified and Skiera Cosmetics BV has no other legal basis for processing, the Customer’s personal data subject to the objection will be erased.

Right to erasure (“right to be forgotten”) — legal basis: Art. 17 GDPR.
The Customer may request deletion of all or some personal data, in particular where:

the data is no longer necessary for the purposes for which it was collected or processed;
consent has been withdrawn (to the extent processing was based on consent);
the Customer objects to processing for marketing purposes;
the data has been unlawfully processed;
erasure is required to comply with a legal obligation under EU or Member State law applicable to Skiera Cosmetics BV;
the data was collected in connection with offering information society services.

Despite an erasure request (following objection or consent withdrawal), Skiera Cosmetics BV may retain certain data to the extent necessary to establish, exercise or defend legal claims, and to comply with a legal obligation under EU or Member State law applicable to Skiera Cosmetics BV. This applies in particular to personal data such as first and last name, e-mail address (kept for complaint/claim handling related to services), and, additionally, residential/mailing address and order number (kept for complaint/claim handling related to sales or service agreements).

Right to restriction of processing — legal basis: Art. 18 GDPR.
The Customer may request restriction of processing. While the request is being examined, use of certain features or services involving the restricted data may be impossible; Skiera Cosmetics BV will also refrain from sending any communications, including marketing. Restriction may be requested when:

the accuracy of personal data is contested — processing is restricted for the time needed to verify accuracy (no longer than 7 days);
processing is unlawful and the Customer requests restriction instead of erasure;
the data is no longer needed for the original purposes but is required by the Customer to establish, exercise or defend claims;
the Customer has objected to processing — restriction applies for the time needed to consider whether, due to the Customer’s particular situation, the protection of the Customer’s interests, rights and freedoms overrides the Administrator’s interests in processing.

Right of access — legal basis: Art. 15 GDPR.
The Customer has the right to obtain confirmation whether the Administrator processes their personal data and, if so, to:

access their personal data;
obtain information on processing purposes, categories of data, recipients or categories of recipients, the envisaged storage period or the criteria used to determine that period (if it cannot be specified), the rights under GDPR, the right to lodge a complaint with a supervisory authority, the source of data, automated decision-making including profiling, and safeguards for transfers outside the EU;
obtain a copy of their personal data.

Right to rectification — legal basis: Art. 16 GDPR.
The Customer may request immediate rectification of inaccurate personal data. Considering the purposes of processing, the Customer has the right to have incomplete personal data completed, including by providing an additional statement, by sending a request to the e-mail address indicated in §6 of this Privacy Policy.

Right to data portability — legal basis: Art. 20 GDPR.
The Customer has the right to receive the personal data they provided to the Administrator and to transmit it to another controller chosen by the Customer. The Customer may also request that the data be transmitted directly by the Administrator to another controller, where technically feasible. In such a case, the Administrator will transmit the data in a CSV file (a commonly used, machine-readable format).

Response times. When the Customer exercises any of the rights above, Skiera Cosmetics BV will comply or refuse without undue delay, no later than one month after receiving the request. If, due to the complexity or number of requests, Skiera Cosmetics BV cannot act within one month, it will act within a further two months, informing the Customer within one month of receipt about the extension and reasons.

The Customer may submit complaints, queries or requests regarding the processing of their personal data and the exercise of rights to the Administrator.
The Customer has the right to request a copy of the standard contractual clauses by contacting the Administrator as indicated in §6.
The Customer has the right to lodge a complaint with the President of the Personal Data Protection Office concerning any violation of their data-protection rights under GDPR.

§ 5 Security management — password

Skiera Cosmetics BV ensures secure, encrypted connections during the transmission of personal data and when logging into the Customer Account. Skiera Cosmetics BV uses an SSL certificate issued by a leading global provider of Internet security and encryption.

If a Customer with an Online Store account loses their password, the Store enables generation of a new one. Skiera Cosmetics BV does not send password reminders. Passwords are stored in encrypted form, making them unreadable. To generate a new password, provide the e-mail address in the form available via the “Forgot your password” link on the login page. The Customer will receive an e-mail containing a link to a dedicated form on the Store website to set a new password.

Skiera Cosmetics BV never sends any correspondence (including e-mail) asking for login details, especially the account password.

§ 6 Changes to the Privacy Policy

This Privacy Policy may be amended; Skiera Cosmetics BV will notify Customers 7 days in advance.
Questions regarding this Privacy Policy should be sent to: [email protected]
Date of last modification: 08.09.2021

Cookie name	Provider	Purpose	Expiry
AEC	Google	Ensures that requests within a browsing session are made by the user and not by other sites.	6 months
cookiesplus	drogeria.be	Stores your cookie preferences.	1 year
DV	Google	It is used to collect information about how the visitor uses the website. The cookie collects information anonymously, including the number of people visiting the website, where the visitors came from and the pages they visited.	1 day
PHPSESSID	drogeria.be	This cookie is native to PHP and enables websites to store serialised state data. It is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie.	Session
PrestaShop-#	drogeria.be	This cookie helps keep user sessions open while they are visiting a website, and help them make orders and many more operations such as: cookie add date, selected language, used currency, last product category visited, last seen products, client identification, name, first name, encrypted password, email linked to the account, shopping cart identification.	480 hours
SOCS	Google	Stores information about the user's cookie decision.	13 months
__cflb	Cloudflare	Technical cookies required by CDN provider Cloudflare.	1 hour
__Secure-ENID	Google	Used to store user preferences and information.	13 months

Cookie name	Provider	Purpose	Expiry
_ga	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years
_ga_#	Google	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.	2 years

Cookie name	Provider	Purpose	Expiry
_fbp	Facebook	Stores and tracks visits to websites.	3 months
_gcl_au	Google	Collects and stores information from ad clicks.	3 months