Last modified on: 16.11.2023
At Makeup, we value your privacy. We attach great importance to the protection and transparent processing of your personal data.
This Privacy Policy defines the rules for the processing of personal data received through the online store https://makeup.ae (“Online Store”).
La MakeUp Sp. z o.o. is the owner of the Online Store and the controller of the personal data collected within the Online Store (“we”, “Company”), with headquarters in Warsaw (02-672), st. Domaniewska 37, loc. 17.6, KRS: 0000587427, NIP: 5252636585, REGON: 363029583.
Personal data collected by the Company through the Online Store are processed in accordance with:
• Federal Decree-Law of the United Arab Emirates on personal data protection № 45 from 20 September 2021 (“the PDPL”) and Executive Resolutions of the Cabinet of Ministers of the United Arab Emirates regarding the PDPL;
• the GDPR, also known as Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of individuals with respect to the processing of personal data, the free movement of such data, and on repealing Directive 95/46/EC.
We developed this Privacy Policy to inform you (“you” or “Customer”) how your personal data may be processed. We tried to write this Privacy Policy in clear and plain language for your better understanding. By doing so, we hope you will get all the needed details to be assured your personal data is safe with us.
The Privacy Policy defines:
• what personal data we process;
• what are the purposes of such processing;
• what rights the Customer has concerning such data;
• whether the data is transferred to third parties;
• what measures we take to protect personal data;
as well as other details of personal data processing.
This Privacy Policy is an integral part of our Online Store Rules (the “Rules”). Please make sure you read them carefully. In case of any discrepancies between the Rules and the Privacy Policy, the Privacy Policy shall prevail.
1. What is Personal Data?
Personal data is any information relating to you that alone or in combination with other pieces of information allows the person who collects and processes such information to identify you as an individual. In general, these could be your name, an identification number, email address etc. Personal data could also include such technical information as MAC addresses, IMEI, IP addresses, both static and dynamic, browser, and system information.
Personal data processing means any action with it, for example, collection, recording, organising, structuring, storage, use, disclosure by any means, and so on.
Other terms used in this Privacy Policy have the same meaning as in our Rules,the GDPR or the PDPL.
2. What Data Do We Collect?
The categories of personal data are divided into separate subsections based on the specific services that you consume. Please be aware that we do not purposely collect and process any of your sensitive information (like your health information, data about your religious beliefs, racial or ethnic origin etc.).
We collect information about individual consumers, individuals conducting their own business or professional activities, and individuals representing legal entities or similar organizational units.
We ask you not to provide us with excessive personal data, including the personal data of any third parties or sensitive data.
You provide us with your personal data voluntarily, in connection with the concluded Sales Agreements or to receive Services via the Online Store, as provided in our Rules. However, you should be aware that failure to provide the data specified in the forms when creating the account prevents registration.
Data related to orders in the Online Store
l
Type of data | Description |
Account data |
When you create an account in the Online Store, we collect and process the data you voluntarily provide to us: a) email address; b) address details; c) zip code and city; d) country (state); e) street and house number/apartment number; f) first and last name; g) telephone number.
You provide us with your personal data voluntarily, in connection with the concluded Sales Agreements or to receive Services via the Online Store, as provided in our Rules. However, you should be aware that failure to provide the data specified in the forms when creating the account prevents registration. |
Data related to orders in the Online Store |
When placing an order in the Online Store, you provide the following data a) email address; b) address details; c) zip code and city; d) country (state); e) street and house number/apartment number; f) first and last name; g) telephone number. |
Data related to your requests or claims |
There is a special form on our Online Store which allows you to contact us. By sending us your request, you provide us with the following data: a) your first name; b) your email; c) subject message; d) the message itself; e) the attached file, if applicable. Otherwise, you may also send us your request by email. In such a case, we may collect and process only your email and data indicated in such email. |
Newsletters | When you subscribe to the newsletter, we collect and further process your email address. We could send some marketing communication in the context of our Goods and services to your email addresses. In any case, you can choose to stop receiving our emails at any time. If you want to cease this type of communication, tap on the “Unsubscribe” link you may find in each of our emails. |
Automated collection (cookies and similar technologies) | We use cookies and similar technologies. Please find more details about how and what cookies we use in our Cookies Policy. |
Financial information |
Please pay attention that we do not collect your payment credentials (bank credentials, cards numbers and dates of issuance etc.). Such information may be collected exclusively by third-party payment providers with the respective licenses and security measures with regard to your payment credentials, as it is prescribed in our Rules. We receive from the third-party providers only Transaction ID and Receipts with the information on conducted transaction, date and time, and services bought, just to make sure that the transaction relates to you. |
Personal data collected by the Company through the Online Store are processed in accordance with:
3. Lawful Basis and Purposes of Processing Your Data
a. Lawful basis
Type of data | Lawful Basis |
Account data |
Necessity to perform the contract according to Art. 4 (10) of PDPL, namely to provide access to the account in order to place orders and make purchases
|
Data related to orders in the Online Store |
Necessity to conclude and perform the Sales Agreement according to Art. 4 (10) of PDPL |
Data related to your requests or claims |
Necessity to perform the contract according to Art. 4 (10) of PDPL, namely to provide you with the answers to your requests
|
Newsletters | Your consent to receive the news about our goods and services according to Art. 6 of PDPL. |
Automated collection (cookies and similar technologies) | Your consent for the use of cookies. The only exception is for the group which is strictly necessary for the mere functioning of the Online Store. The data collected with the use of such a group of cookies is processed since this is necessary to perform the contract according to Art. 4 (10) of PDPL, namely to ensure the proper functioning of the Online Store. |
In addition to the aforementioned, we may:
• in order to determine, investigate, and enforce claims, to prevent or investigate possible wrongdoing, some personal data you provide may be processed as part of using the functionality in the Online Store, such as: name, surname, data on the use of the Online Store, if the claims result from the manner in which you use the Online Store, other data necessary to prove the existence of the claim, including the extent of the damage suffered. The legal basis for processing data in this case is the establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities according to Article 4(3) of PDPL.
• we also make backups of your personal data collected through the Online Store in order to ensure the security of data relying on Article 4(3) of PDPL.
In cases when it is applicable, we may also process your Data mentioned above on a legal basis, such as legitimate interest, performance of contract, or consent, as well as other bases allowed under the GDPR.
We generally process your Data based on your consent (except in cases when we may rely on another lawful basis according to PDPL). Where we process your Data based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us using the contact details listed in section 9.
b. Purposes of processing
Type of data | Lawful Basis |
Account data |
• to provide access to the Customer’s Account in order to place orders and make purchases; • to create, manage and technically maintain such Customer’s Account; • to quickly verify the identity of your person when making new orders, and give you the opportunity to use the Online Store; • to also send you transactional communications via email, including responding to your questions and requests and sending you our offers, propositions, recommendations or technical notices.
|
Data related to orders in the Online Store |
• to place an order in the Online Store; • to ensure the order is properly performed; • to send your order in the Online Store to the correct place of your stay. |
Data related to your requests or claims |
• to send you the news about our goods and services, our offers, propositions, or recommendations, • to keep you informed of all changes, innovations, and improvements we make within the Online Store.
|
Newsletters | as described in the Cookies Policy. |
Additionally, we may process your data:
• to comply with our legal obligations as a result of the services provided (e.g. accounting, fiscal, audit, etc.), these are always compatible with the main purposes, for which the data was collected;
• to protect your vital interests or vital interests of another natural person;
• to perform a task carried out in the public interest or in the exercise of official authority vested in us;
• to the extent that the data subject has given their consent for the processing of their personal data for one or more specific purposes;
• for any other purpose auxiliary to the above, or for any other purpose for which we have been provided with personal data, in compliance with the relevant legislation;
• for the purposes of the legitimate interests pursued by us or by a third party (e.g. to prevent or investigate possible wrongdoing in connection with the Online Store or to protect ourselves, our subcontractors, partners and affiliates against legal liability, to prevent or detect misuse of our intellectual property, fraud or other crimes).
If we decide to change the purposes of processing specified above, we will inform you of such changes prior to the use of your personal data within the newly set purposes and undertake to obtain your consent unless we have a legal obligation or have a different legal basis for processing the data.
Please note that we do not sell your data or make any decisions based solely on automated processing that may produce legal or similar significant effects.
4. How long do we store your data?
a) If the basis for the processing of personal data is consent, then we process your data as long as the consent is not revoked, and after revoking the consent for a period of limitation of claims that may be raised by the Company or against it.
b) If the basis for data processing is the performance of the contract, then we process your data as long as it is necessary to perform the contract, and after that time for a period of limitation of claims.
The period of data processing may be extended if the processing is necessary to establish and pursue any claims or defend against claims, and after that time only if and to the extent required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.
c) If the basis for data processing is the establishment or defense of any legal rights and claims, or in connection with judicial or security proceedings, then we process your data during a period based on the requirements of the relevant laws and regulations, and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.
The storage and retention period for cookies is described in our Cookies Policy.
5. Granting Access to Third Parties
We do not sell your personal data to third parties. However, to provide quality services and support various functions of our Online Store, we may hire people, and work with service providers and marketing providers. For these reasons, some of your personal data may be transferred to these persons.
In all cases, we comply with the requirements of data protection legislation and make every effort to ensure that data processing is secure at all stages. Our subcontractors and any other third parties will provide equal protection of user data as stated in this Privacy Policy. Depending on contractual arrangements and circumstances, they shall comply with the instructions of the Company as to the purposes and methods of processing these data (processors) or independently define their processing purposes and methods (administrators).
To achieve the purposes of data processing, we may provide your data to the following persons:
a) Processors connected to the Online Store functioning. These include, among others, providers of hosting services, marketing systems (sending marketing messages and show you targeted advertising), systems for analysing traffic in the Online Store, systems for analysing the effectiveness of marketing campaigns.
b) Processors connected to ensuring the purchase is delivered: a courier, postal and/or logistic company as the case may be. You may see the list of the services when making a purchase via the Online Store.
c) Controllers – payment and banking services. The Company uses suppliers who do not act solely on the instructions and set the goals and methods of using your personal data by themselves. They provide electronic payment and banking services. You may see the list of the services when making a purchase via the Online Store.
For a detailed list of providers and services (processors) we use, don't hesitate to get in touch with us using the contacts listed in section 9.
In the event of a request, the Company provides personal data to authorised state authorities, in particular to organisational units of the prosecutor’s office, the police, or the respective data protection agency. This is done only to the extent required by law.
Since some of your data may be transferred to third parties outside of the UAE, we could also transfer such data on the basis of the contracts which applies the provisions and requirements of the PDPL or under the express consent of the data subject, if the country of transfer does not provide the adequate level of protection of personal data.
In case some of your data is transferred to third parties outside of the EEA, we could also transfer such data on the basis of the standard contractual clauses signed with the respective third parties, if the country of transfer (like Ukraine) is not subject to the adequacy decisions of the European Commission.
You may request the copy of such instruments via contact details provided in this Privacy Policy.
6. Your Data Processing Rights
To exercise your rights listed below, you can send a request to the Company to dpo@makeup.pl. In order to properly protect your data, the Company may take additional measures to identify you when processing your request. We will provide you with a response to your request no later than one calendar month from the date of its receipt. If there is a reason this term can be extended for another 30 days, we will inform you about such an extension and the reasons in advance.
Thereby, you have the following rights:
Right | Description |
Right of access to personal data (to be informed) |
E.g. to know about: • the categories of data processed; • the purposes and legal justification of the processing; • the sources of collection data; • third parties to whom your personal data are being transmitted; • the retention period of the processing or the criteria used to set that period; • the right to request the controller to rectify, erase personal data or limit the processing of personal data; • the measures to be taken upon in case of a data breach; • information on how to lodge a complaint with the supervisory authority. The Privacy Policy was created to ensure this right. You may also ask us additional questions as to your data. You have the right to receive an answer about whether your personal data is processed, as well as to receive the content of such personal data. You may receive information on the conditions for granting access to personal data, in particular information on third parties to whom your personal data is transferred. You may obtain a copy of your personal data. Please note that under the PDPL, we may refuse or restrict your right of access to personal data in the following situations: • your request does not related to the information mentioned above or is excessively repetitive; • your request conflicts with judicial procedures or investigations conducted by the authorities; • your request may negatively affect our efforts to protect information security; • request violates the privacy and confidentiality of the personal data of others.
In such cases, we will inform you of the reasons for refusal or limitation of this right. |
Right to make a reasoned request to change/ destroy your personal data |
This is applicable if such data are processed illegally or are inaccurate, as well as in other cases provided by law. In particular, in the event of any inaccuracies in the data processed by the Company, you have the right to contact us with a request to make appropriate changes to your personal data. You may also request that your data be destroyed if you believe that the Company no longer needs it for the purposes for which it was collected. However, we may retain certain personal data to the extent that processing is necessary to establish, assert or defend claims, as well as to fulfil a legal obligation requiring processing under EU law or the law of a Member State to which we are subject. |
Right to make reservations about the restriction of the right to process your personal data while giving consent |
If you submit such a request, pending its consideration, this may prevent you from the use of certain functionalities. Such requests could include questioning the correctness of your data, unlawfulness (if you do not want us to delete data), cases when we no longer need your data for the purposes collected. |
Right to limitation of processing (to restrict processing) |
You may ask to “block” or prevent future use of your data while we evaluate your request to erase your data. If processing of your data is limited, we continue to store them, but are not able to use them. We maintain a list of data subjects who have requested to limit processing of their data to ensure that this limitation is respected. Please note that we may refuse to restrict the processing of your personal data in cases provided by law. We will inform you of the reasons for refusal or limitation of this right. |
Right to object to the collection and processing of personal data |
This is applicable except in cases where the collection and processing of personal data is mandatory in accordance with the law. To exercise this right, you have to submit the objection to us in writing. Upon receipt of such objection, we shall immediately stop the collection and processing of your personal data. You cannot object to the collection and processing of personal data when it is mandatory in accordance with the laws we are subject to. But your right to object is absolute if we process your data on the basis of consent or legitimate interest depending on what is applicable, for instance, when we send you marketing emails. If you object and we do not have any other legal basis for the processing of personal data, we will delete your personal data, the processing of which has been objected to. |
Right to oppose receiving marketing communications | You may unsubscribe from our marketing communications at any time. The easiest way for you to unsubscribe is to click the “Unsubscribe” button in any email or communications we send you. You may also send us an email at info@makeup.ae |
Right to receive your personal data and send the data to another provider (data portability) |
You may receive your personal data and send the data to another provider. We will send your personal data in the form of a csv file, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data controller. This right only applies to those data that you provide to us, which we process on the basis of consent or performing the contract. |
Right to withdraw consent to the processing of personal data |
You can withdraw your consent to the processing of your personal data at any time. In this case, we must stop processing, i.e., destroy or delete your personal data and notify you of the results. However, there may be exceptions to this right. For example, if the law requires the Company to retain this data, or when it is necessary for the protection in litigation, or when the Company has other grounds for the processing, etc. |
Right to file a complaint about the processing of your personal data |
If you have not obtained satisfaction in the exercising of your rights or the way to exercise them, you may file a complaint with the UAE Data Office. Please do not hesitate to contact us by any means indicated below before you file a complaint with the UAE Data Office. |
Right to know about us making decisions based solely on automated processing (including profiling) and object to it |
You have the right to know the mechanism of automatic processing of personal data and the right to protection against an automated decision that has legal consequences for you. This provision is intended to protect the data subject from decisions made by the algorithm without human involvement or control. If you wish to object to profiling or realize your rights connected with such data, please contact us using the details below. This is since we may make decisions about you based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you. We may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s personal preferences, interests, behavior etc.). This means that we may collect personal data about you like viewed products, your purchases or search history. We centralize this data and analyze it to evaluate and predict your personal preferences and/or interests for marketing purposes, to display the content tailored to your interests/needs. For more information about some of the instruments that we use to collect such data - see our Cookies Policy. |
7. Security of Personal Data
We take appropriate security measures to protect your personal data from accidental loss or destruction from unlawful processing or access to it.
Type of measures | Description |
Confidentiality |
All personnel are subject to full confidentiality; and any subcontractors and subprocessors are required to sign a confidentiality agreement if full confidentiality is not a part of the main agreement between the parties. Also, any access by authorised personnel is logged. We use verified contractors that might have access to the data as specified in this Privacy Policy and with whom relevant data processing agreements are concluded. Moreover, we guide and train our personnel to process your data securely. |
Isolation |
Access to personal data is restricted to individually authorised personnel. Authorised personnel are granted minimum access on a need-to-have basis. |
Account protection |
The Company provides Customers with a secure and encrypted connection when transferring personal data and logging in to the account on the Online Store. The Company uses an SSL certificate issued by one of the world’s leading companies in the security field and encryption of data sent over the Internet. In the event that the Customer who has a Customer’s Account in the Online Store has lost any access password, the Online Store allows you to generate a new password. The Company does not send a password reminder. The password is stored in the database in an encrypted form in a way that prevents its reading. In order to generate a new password, please provide your email address in the form available under the link “Remind password”, provided next to the account login form in the Online Store. The new password will be automatically sent to the email address provided during registration or saved in the last change of the account profile. We never send any correspondence, including electronic correspondence with a request to provide login details, in particular the access password to the Customer's account. |
Internal Policies and Procedures |
All the employees and contractors are obliged to obey the internal security policy with respect to the processing of personal data. Such policy provides for organisation, physical, and technical security measures and, for such purpose, takes into account the nature, scope, context and purposes of the processing, as well as the risks posed to the rights and freedoms of data subjects. |
Disclaimer. While taking the necessary steps to secure your data, we have no choice but to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under the breach and if there is a high risk of violating your rights as a data subject, we would inform you and the respective data protection authorities as to the accidents without undue delay. We will also do our best to minimise any such risks.
8. Changes to this Privacy Policy
We may amend or update this Privacy Policy from time to time. If we decide to do so, and the amendments will substantially affect your rights and legitimate interests, we will notify you of any changes via email. We will also indicate the “Last modified” date at the top of this Privacy Policy.
9. Contact Information
If you have any questions about the Privacy Policy or your data we process, you are welcome to contact us:
La Makeup Sp. z o.o.
st. Domaniewska 37, loc. 17.6
Warsaw, Poland
Email: dpo@makeup.pl