Privacy Policy

 

Trading Company Belodore beauty Ltd. for trade and services based in the Republic of Croatia, Zagreb, Sveti Duh 28, registered in the Court Registry of the Commercial Court in Zagreb under the subject registration number (MBS): 081395421, Personal ID Number (OIB): 69403895116 (hereinafter: Belodore Ltd.), represented by Director Aleksandar Trivic, in force since 1.3.2022 until the change /abolition (hereinafter: Privacy policy / Rules):

 

I Definition

  • Buyer: a legal entity or other organization without legal subject, identified in accordance with the credible data specified in the Contract, which operates in accordance with the ​legislation in force at any time, acting via a representative with contractual capacity and rights, or an adult business-minded natural person, as defined by Croatian legislation, identified in accordance with the credible data specified in the Contract.
  • Web page: www.belodore.hr, website, including web shop, managed by the seller.
  • Selling point: every retail of the Trading Company Belodore beauty Ltd. in the Republic of Croatia;
  • OUP: general terms of business online trading on the website in its updated version.
  • Data Processing Manager/Seller: Trading Company Belodore beauty Ltd. for trade and services based in the Republic of Croatia, Zagreb, Sveti Duh 28, registered in the court registry of the Commercial Court in Zagreb under the subject registration number (MBS): 081395421, Personal ID Number (OIB): 69403895116, represented by Director Aleksandar Trivic.
  1. Data Processing Executor(s): Entities specified in Point V/2. of these rules.
  2. Registration: Registration of the Buyer on the website or at the retail store using data requested by the Seller; create a user account on a Web page or in a retail store.
  3. User Account: A unique password-protected account created on a Web page and associated with the Customer via registration, to which the e-mail address is assigned as a unique username.
  4. GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL AS OF 27 April 2016 on protecting individuals in connection with the processing of personal data and the free movement of such data and placing it outside the power of Directive 95/46/EC (General Data Protection Regulation).
  5. Personal data: all information relating to an identified natural person or natural person that can be identified ("data subject"); a natural person who can be identified is one that can be identified, directly or indirectly, especially by referring to an identifier such as the name, identification number, location data, network identifier or one or more of the individuals specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  6. Data processing: any operation or set of operations performed on personal data or personal data sets, whether by automated means or not, such as collection, recording, organization, structuring, storage, customizing or change, reach, consultation, use, transfer detection, expansion or otherwise making available, synchronizing or combining, restricting, deleting or destroying.
  7. Person of interest: The customer and any natural person representing the Buyer whose personal data is processed by the Processing Manager(s) and the Process Executor(s).
  8. Privacy Statement: Consent on the day before purchase or during the registration of the person in charge of processing the data.
  9. Personal Data Breach: security breach that leads to accidental or illegal destruction, loss, change, unauthorized disclosure, or access to personal data that is transmitted, stored or otherwise processed.
  10. Contracting: contracting procedure described in part II of the OUP.
  11. Contract: based on the relevant provisions of the Law of the Republic of Croatia, the contract between absent persons and the individual purchase contract made in the relation to the Product, to which the provisions of applicable OUP are also applied.

 

II Applicable laws (regulations) and principles relating to data processing

  1. The Processing Manager and the Data Processing Executor have the right to process ​personal data based on the provisions of relevant regulations and laws of the Republic of Croatia and based on GDPR. 
  2.  Personal data will be:

2.1. Processed in a legal, fair, and transparent manner in relation to the person concerned

2.2. Collected for certain, explicit, and legitimate purposes and the Processing Manager will not further process them ​in a manner that is not in accordance with these purposes,

2.3. Appropriate, relevant, and limited to what is required in relation to the purposes for which they are processed,

2.4. Accurate and, as needed, updated; The processing manager will take all reasonable steps to ensure that personal data that is inaccurate, considering the purposes for which it is processed, become deleted, or corrected without delay,

2.5. Stored in a form that allows the identification of the person in charge no longer than it is necessary for the purposes for which personal data is processed,

2.6. Processed in a manner that ensures the appropriate security of personal data, including protection from unauthorized or illegal processing and from accidental loss, destruction or damage, using appropriate technical or organizational measures.

 

III Processed personal data, purpose, legal basis, and timeline of data processing

  1. The following personal data is processed for ordering and contracting:

1.1.    In case the buyer is a natural person:

1.1.1. Surname

1.1.2. Name

1.1.3. Delivery address, state, city, street, number, other address details (e.g., floor, door number), zip code,

1.1.4. In case the invoice address differs from the delivery address, a different state, city, street, number, other address details (e.g., floor, door number), postal code,

1.1.5. E-mail address,

1.1.6. Phone number.

1.2.    In the case of legal entities or buyers who qualify as other organizations without legal subjects:

1.2.1. The name and surname of a natural person representing a legal entity or organization without legal subjects,

1.2.2. Delivery address, state, city, street, number, other address details (e.g., floor, door number), zip code, if it can be linked to the natural person to whom the Contract refers,

1.2.3. In case the invoice address differs from the delivery address, a different state, city, street, number, other address information (e.g., floor, door number), postal code, if it can be linked to the natural person to whom the Contract refers,

1.2.4. E-mail address of a legal entity or organization without legal subject, if it can be linked to the natural person to whom the Agreement refers,

1.2.5. Phone number of a legal person or organization without legal subject, if it can be linked to the natural person to whom the Contract refers.

1.3. Data processing purposes:

1.3.1. Enabling contracting,

1.3.2. The correct execution of the Contract,

1.3.3. Resolution of complaints related to the contract, handling of the guarantee and other requests of buyers and customers,

1.3.4. Contacting the Buyer for the execution of the Contract,

1.3.5. Conducting other legitimate interests of the Salesperson.

1.4. Legal basis for data processing:

1.4.1. Consent of the person in issue (point a) item 1. Article 6. of GDPR),

1.4.2. Execution of the Contract (point b) item 1. Article 6. of GDPR),

1.4.3. Conducting other legitimate interests of the Supplier (point f) item 1. Article 6. of GDPR).

1.5. Data processing deadlines:

1.5.1. Until the withdrawal of the application of persons interested in data processing, to the application for deletion of processed personal data by the Seller, all in accordance with the conditions for processing and storage of personal data in accordance with the relevant regulations of the Republic of Croatia, primarily GDPR.

  1.   The following personal data processing is required to register:

2.1. In the case the buyer is a natural person:

2.1.1. Surname

2.1.2. Name

2.1.3. Delivery address, state, city, street, number, other address details (e.g., floor, door number), zip code,

2.1.4. E-mail address,

2.1.5. Phone number.

2.2. In the case of legal persons or buyers who qualify as other organizations without legal entity:

2.2.1. The name and surname of a natural person representing a legal entity or organization without legal subject,

2.2.2. Delivery address, state, city, street, number, other address details (e.g., floor, door number), zip code, if it can be linked to the natural person to whom the Contract refers,

2.2.3. In case the invoice address differs from the delivery address, a different state, city, street, number, other address information (e.g., floor, door number), postal code, if it can be linked to the natural person to whom the Contract refers,

2.2.4. E-mail address of a legal entity or organization without legal subject, if it can be linked to the natural person to whom the Contract refers,

2.2.5. Phone number of a legal person or organization without legal subject, if it can be linked to the natural person to whom the Contract refers.

2.3. By registering, the Byer creates a user account that makes it easier to place orders, facilitates and makes it easier to use the web page, largely eliminating the need to re-enter the data needed to enter the Contract before submitting each order, since they are retained, and the details of the order will automatically fill out the system.

2.4. Data processing purposes:

2.4.1. Enabling contracting,

2.4.2. Facilitation of the contracting by registration, as well as determining the right to other benefits according to the OUP

2.4.3. Correct execution of the Contract,

2.4.4. Resolution of complaints related to the Contract, handling of the guarantee and other requests of consumers and buyers,

2.4.5. Contact the Buyer for the fulfilment of the Agreement,

2.4.6. Loyalty programs and enabling other discounts applied by the Seller,

2.4.7. Conducting other legitimate interests of the Trader.

2.5. Legal basis for data processing:

2.5.1. Consent of the person in issue (point a) item 1. Article 6. of GDPR),

2.5.2. Fulfilment of the Contract (Pont b) item 1. Article 6. of GDPR),

2.5.3. Conducting other legitimate interests of the Supplier (Point f) item 1. Article 6. of GDPR).

2.6. Data processing conditions:

2.6.1. Until the withdrawal of the application of persons interested in data processing, to the application for deletion of processed personal data by the Buyer, all in accordance with the conditions for processing and storage of personal data in accordance with the relevant regulations of the Republic of Croatia, primarily GDPR.

2.6.2 By deleting the user account, the processing of data ceases, except in exceptional cases prescribed by the relevant laws and other regulations of the Republic of Croatia.

  1. The following cookies can be used during webpage operation:
  • Temporary cookies (Session cookies) — these are temporary cookies that stand out (and are automatically deleted) when you close the Internet browser. We use session cookies to provide access to content and enable comments (things you have to do when you sign in with your data to a web page).
  • Persistent Cookies – Persistent cookies typically have an expiration date far into the future, and will remain in your browser until they expire, or you delete them manually. We also use permanent cookies to better understand your habits, desires, needs and thus best adapt the content to your needs.
  • Required cookies – Required cookies make the page usable, enabling basic features such as page navigation and access to protected areas. Belodore uses cookies that are necessary for the proper functioning of our web page to enable certain technical features to provide you with a positive user experience.
  • Analytical cookies – Analytical cookies are anonymously collected and send data to help page owners understand how visitors communicate with the page. These are cookies that enable web analytics, that is, analysis of the use of our pages and measurement of attendance, which Belodore conducts to improve the quality and content of the services offered.
  • Marketing cookies –Marketing cookies are used to track visitors through web pages. They are used to show users relevant ads and encourage them to interact, which is important for third-party publishers and advertisers. Belodore uses Google Analytics ads/ga-audiences’ cookies, as well as Facebook cookies.

3.1. Cookies process the customer's uniquely recognizable IP address.

Data processing purposes:

3.7.1. Ensuring the correct use of the web site,

3.7.2. Ensuring the simple operation of the web site,

3.7.3. Enabling contracting,

3.7.4. Correct execution of the Contract,

3.7.5. Achieving the statistical and marketing goals of the Seller

3.8. Legal basis for data processing:

3.8.1. Consent of the person in issue (point a) item 1. Article 6. of GDPR),

3.8.2. Conducting other legitimate interests of the Trader (point f) item 1. Article 6. of GDPR).

  1. Direct Marketing
  2. Package Insurance

 

IV Methods and ways of data processing

  1. The processing manager records and stores all the data provided by the person in question, including personal data for the purposes specified in Part III. For the purposes specified in Part V, the Processing Manager transmits certain personal data to the Processing Executors, after which the personal data will be processed by the Executors. The practice of processing the Processing Executor's data can be found in data processing regulations, privacy policies or other public documents for this purpose issued by the Executor, in the absence that data processing will be conducted in accordance with this Privacy Policy. 
  2. The processing manager and the Executor process personal data in electronic form, except for documents that are processed in accordance with the relevant regulations of the Republic of Croatia in writing and/or any other form. The processing manager and the Processing Executor will prevent personal data breaches by applying IT protection and organizational measures that are reasonably and economically sustainable and operational in accordance with the latest technical condition.
  3. A person of interest guarantees that only he/she has access to an account that refers to the e-mail address specified as Personal Data and that only it will be available with the specified phone number. The processing manager excludes his/her liability in case the service provided under the OUP and The Contract affects a third party for access to the third party's e-mail account or phone number.
  4. The processing manager and the Executors will ensure that only the persons involved in the execution of the OUP and the Contract have access to the processed personal data, and only to the extent that it is strictly necessary to fulfil the tasks related to the execution of the OUP and the Contract

 

V Processing Executors and Personal Data Transfer

  1. In addition to the Processing Manager, the Processing Executors also take part in processing to execute the Contract within the legally permitted framework: 
  • Delivery services, shipping agents, postal services
  • IT partners in software support and maintenance
  • Cloud software service providers
  • Billing service providers and banks
  • Belodore affiliated societies and other related enterprises
  • Suppliers and contractors, business partners

 

  1. Depending on the purposes for which personal data is processed, processing executors can be divided into the following categories:
  2. a) Within Belodore beauty:
  • authorized personnel within the group
  • Subsidiaries and affiliated companies
  1. b) Business partners: they are required to always comply with applicable laws, personal data protection rules, and to pay exceptional attention to the confidentiality of personal data
  • advertising agencies, marketing and PR agencies and service providers (e.g. Google, Facebook) to send emails; only identification data (cookie) for re-marketing purposes, e-mail addresses for displaying ads in Google AdWords; identification data on cookies for purposes of analysis in Google Analytics; Facebook – only identification data (cookie) for re-marketing purposes; e-mail address for displaying ads in Facebook Custom Audiences): which help us conduct and analyse the effectiveness of our campaigns and promotional activities
  • package delivery: for delivery of packages, we may share your data with logistics business partners that provide delivery services for individual shipments (such as City One and other possible partners in the future).
  • Business partners: for example, trusted companies that may use personal data to provide the services and/or products requested by the user or to provide marketing material (provided that the user has agreed to receive this kind of material) as well as companies that provide Belodore beauty program support and provision of computer equipment services and maintenance of the website and retailer. Business partners include LeadIt Ltd., Kraljevo; Infobiro Ltd.l.Ohrid; Smart Point Adria Ltd., Belgrade as well as any other business partner of Belodore beauty in the future.
  1. c) Other third parties:
  • when required by law or legally necessary to protect the company Belodore beauty Ltd.
  • compliance with the law, at the request of the authorities, court decisions, legal proceedings, obligations of reporting and information of competent bodies, etc.
  • Checks or compliance controls with Belodore beauty Ltd. rules and contracts.
  • Protection of the rights, property, or security of Belodore beauty company and/or its clients
  • in connection with corporate transactions: within the transfer or sale of the entire or part of the business or otherwise related to merger, consolidation, changes in control, reorganization, or liquidation of the entire or part of the Belodore beauty company's business
  1. When processing personal data, Belodore beauty can present personal data in the companies of the Belodore Group as well as third parties (e.g., their business partners). If the data is presented abroad to a recipient who is not within the European Economic Area or in relation to which the European Commission has not made a decision on the existence of an adequate level of protection, and nor is there any other valid basis for the transfer of personal data prescribed by GDPR, Belodore beauty Ltd. will approach the contracting of corresponding contracts (such as the standard contractual clauses of the European Union) to ensure that the data recipient takes all measures of protection prescribed by the law of the  European Union. Belodore beauty will take all other necessary measures. 
  1. The processing manager and the Processing Executors will keep track of the data transfer.

 

VI  Interested persons' rights related to data processing

  1. A person of interest has the right to access their personal data that is processed at any time.
  2. A person of interest has the right at any time to request information regarding data processing from the Processing Manager and the Processing Executor.
  3. A person of interest may request correction and modification of their personal data. Considering the purpose of data processing, the Person of interest may request an update of incomplete personal data.
  4. A person of interest may request the deletion of their personal data processed by the Processing Manager.

Deletion may be denied, or further retention of personal data may be considered lawful if necessary for the exercise of the right to freedom of expression and information, to fulfil the legal obligations, especially the obligations arising from the OUP or the Treaty or applicable regulations and laws of the Republic of Croatia, or for the establishment, realization or defence of legal requirements.

About refusing requests for deletion, the Processing Manager will in any case notify the Person of interest, stating the reason for refusing to delete. After fulfilling the request to delete personal data, the previous (deleted) data can no longer be restored.

  1. If a person of interest considers data processing to be illegal, the person of interest has the right to object to data processing.

If the person in charge objects to the data processing, the Processing Manager will not proceed with personal data processing unless the Processing Manager proves convincing legitimate reasons for processing that have an advantage over the interests, rights, and freedoms of the person of interest or if it is necessary to establish, use or defend legal requests.

  1. A person of interest may ask the Processing Manager to limit the processing of personal data if the person of interest challenges the accuracy of the processed personal data. In this case, the limit is related to the deadline the Processing Manager needs to verify the exactness of the processed personal data. The processing manager indicates personal data if the person of interest challenges their accuracy or correctness.

A person of interest may also ask the Processing Manager to limit the processing of personal data if data processing is illegal, but the person of interest in this case objects to deleting the processed personal data and instead seeks to limit their use.

A person of interest may also ask the Processing Manager to limit the processing of personal data if the purpose of data processing is achieved.

  1. A person of interest has the right to receive personal data submitted to the Process Manager, in a structured, commonly used, and machine-readable format, and has the right to pass that data on to another Process Manager.
  2. The Process Manager keeps a record of exercising the rights of persons of interest.
  3. Exercising the rights of the person of interest specified in this part is considered acceptable and credible if the statement of entitlement regarding the processing of data is received from the postal address or e-mail address provided by the person of interest and if the person of interest proves their identity in any other appropriate manner.

 

VII Breach of personal data provisions

  1. In case of personal data breach, the Processing Manager will take all comprehensive steps to ensure that the persons of interest do not receive material or intangible damage or is minimized.
  2. After learning of the breach of personal data, the Processing Manager will identify the nature of the personal data breach and ensure that all appropriate technological safeguards and organizational measures have been implemented, including a special notification from the competent data protection body.
  3. If possible, in case of personal data breach, the Processing Manager will notify the competent data protection body within 72 (72) hours from the knowledge of personal data breach.
  4. In order for the person of interest to take the necessary precautions, the Processing Manager will notify the person of interest without unnecessary delay after learning of the breach of personal data, if it is likely that personal data breach will pose a high risk to the rights and freedoms of the person of interest. The information will include ​description of the nature of personal data breach and all suggestions given to the person of interest to mitigate all possible harmful effects.
  5. The Processing Manager will keep track of personal data breaches.

 

VIII Law Enforcement

  1. A person of interest may contact the Processing Manager to the address of Processing Manager office or any of the Data Processing Executors or by e-mail sent to podrska@belodore.hr in connection with data processing.
  2. A person of interest has the right to contact the Croatian competent body for protection of personal data – Agency for protection of personal data at 10 000 Zagreb, Selska road 136, 

e-mail: azop@azop.hr

Tel. 00385 (0)1 4609-000

Fax. 00385 (0)1 4609-099

Web: www.azop.hr

  1. In the case of violation of the rights of person of interest in connection with data processing, the person of interest may initiate appropriate proceedings before the competent court based in the Republic of Croatia. 

 

IX Other provisions

  1. These Privacy Policies are published on the Website and on the Retailer's locations in the Republic of Croatia. The customer has the right to read these Rules before providing their personal data and will accept them by issuing a Privacy Statement before ordering or registering. In the absence of acceptance of the Rules, the Contract will not be concluded.
  2. The processing manager has the right to unilaterally amend these Privacy Rules, which will be published on the Web page and at retail locations in the Republic of Croatia.
  3. A person of interest accepts a change to the Privacy Policy by maintaining registration and/or filing an order.



In Zagreb, 1.3.2022.



Aleksandar Trivić

Belodore beauty Ltd. for trade and services