Privacy Policy

LIAGO COSMETICS d.o.o. for trade and services, with its registered office in Zagreb, Matijevka 4, OIB: 60928432230, respects the privacy of every individual whose personal data it processes. The processing of personal data is carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: the Regulation), the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/2018) and other regulations governing this area that apply in the Republic of Croatia. In this Privacy Policy, we wish to inform you in a transparent manner about which personal data we collect, for what purpose, on what legal basis, how we protect it and what your rights are. This Privacy Policy applies to any processing of personal data that we carry out as the data controller, unless otherwise provided by another policy or document for a specific processing activity.

DATA CONTROLLER

LIAGO COSMETICS društvo s ograničenom odgovornošću for trade and services
Republic of Croatia
Zagreb, Matijevka 4
OIB: 60928432230.
e-mail: info@aprive-cosmetics.com
www.aprive-cosmetics.com

PRINCIPLES OF PERSONAL DATA PROTECTION

We pay particular attention to respecting the principles of data processing as fundamental values

that must be observed throughout the entire cycle of personal data processing, from their

collection to their destruction or other termination of processing. We process data:

Lawfully – processing is possible if it is permitted by law and within the limits allowed by law.
Fairly – taking into account the specifics of each relationship, applying all appropriate measures to protect personal data and privacy in general and not preventing the data subject from exercising their rights.
Transparently – informing data subjects about the processing of personal data. We strive, especially when collecting data via web forms as the most common way of collecting your data, to immediately inform you of the most important details of the processing of your data, with more detailed information available in our Privacy Policy. In case of further questions or ambiguities, you can always contact us at e-mail info@aprive-cosmetics.com. Certain information may be restricted only when required by law or when necessary to protect third parties.
With purpose limitation – processing personal data for the purposes for which they were collected and for other purposes if the conditions from the Regulation are met. Data may be processed for compatible purposes only after taking into account (a) any link between the purposes for which the personal data were collected and the purposes of the intended further processing; (b) the context in which the personal data were collected, particularly with regard to the relationship between the data subject and the Controller; (c) the nature of the personal data; (d) the possible consequences of the intended further processing for the data subjects; and (e) the existence of appropriate safeguards.
With storage limitation – storing data in a form that permits identification of data subjects only for as long as is necessary for the purposes for which the personal data are processed, and longer only if permitted by the Regulation.
With data minimisation – processing data if they are adequate, relevant and limited to what is necessary. Particular care is taken not to collect data for which there is no justified need for processing.
With accuracy – taking care of the accuracy and up-to-dateness of the data and deleting inaccurate data within the limits of possibility and we kindly ask for your assistance in such a way that if you notice any inaccurate data please inform us immediately at e-mail: info@aprive-cosmetics.com
With integrity and confidentiality – providing appropriate security of personal data through technical and organisational measures, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by applying appropriate technical or organisational measures. Relevant measures are applied taking into account the risk of each type of data processing.

LAWFULNESS OF PERSONAL DATA PROCESSING

In order to respect the lawfulness of personal data processing, we process personal data

only if and to the extent that at least one of the following is fulfilled:

Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; this is the most common purpose of processing the data subject's data where the basis is an existing contractual relationship or a contractual relationship that is being sought.
Processing is necessary for compliance with a legal obligation to which the controller is subject. The controller as a legal entity has numerous obligations prescribed by various regulations. This obligation includes the collection, and often the submission of data to state authorities.
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into account the reasonable expectations of data subjects based on their relationship with the controller. When applying this legal basis we assess that the processing is appropriate to business needs, that it is as little intrusive as possible and that the interests of data subjects do not override our legitimate interests or those of third parties. An example of such processing are processing for administrative purposes, purposes of preserving the security of computer networks, purposes of direct marketing, improvement of our business. The data subject in these situations always has the right to object to such processing.
Processing is necessary in order to protect the vital interests of the data subject or of another natural person. The right to the protection of personal data is not an absolute right and we balance it with other fundamental rights in accordance with the principle of proportionality. We recognise the possibility that in some situations it is necessary to process personal data in order to protect the vital interests of the data subject or of another natural person.
The data subject has given consent to the processing of his or her personal data for one or more specific purposes. When processing personal data on the basis of consent, we pay particular attention that these are situations in which there are no, formal or informal, consequences for giving, refusing to give or withdrawing consent. When the processing is based on consent, the data subject may withdraw consent at any time without negative consequences. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

In some exceptional situations we may process data that would not be processed in regular situations, for example the collection of data on the basis of recommendations of the Croatian Institute of Public Health in the case of epidemics and the like.

CATEGORIES OF DATA SUBJECTS, PURPOSES OF PROCESSING AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

VISITORS TO OUR WEBSITE – COOKIES

By using the website www.aprive-cosmetics.com it is considered that you are fully acquainted with the Privacy Policy, that it is clear to you and that you accept it. If you do not agree with it, please do not access it and do not use its contents. If you have any questions or ambiguities related to its use, please contact our email address: info@aprive-cosmetics.com

We reserve the right to change the appearance and content of the website therefore we ask you to review it occasionally in order to familiarise yourself with possible changes. We will consider your subsequent use of the website as your acceptance of all eventual amendments.

Our website is built using the Contao CMS content management system and the Isotope eCommerce solution for the online shop (web shop) and we ask you to familiarise yourself with their privacy policies as well. These technologies enable functionalities such as content display, user session management, order and reservation processing and ensuring the technical correctness and security of the system. For this purpose, necessary cookies and other similar technologies that are required for the proper functioning of the site and the provision of requested services may be used.

If you use our website only for informational purposes, i.e. if you do not register, if you do not purchase our products or otherwise provide us with information, we collect only those personal data which your device's browser automatically transmits to our server. In addition, our website www.aprive-cosmetics.com uses cookies – small text files that the web server places on your computer when accessing the website. Essentially, your browser stores a database with various information. When you use the internet, your browser sends cookies from websites you have previously visited.

To enable the functionality of the pages we use necessary cookies and we cannot disable them.

It is possible that we will use the following types of cookies:

First party cookies
First party cookies come from the website the user visits and may be persistent or session cookies. These cookies allow the website to store data used during the next visit. Within first party cookies the following may be used:
- Functional (technical) cookies (necessary) – enable basic functioning of the website and user settings and are used without consent.
- Statistical cookies – enable recording of visits and traffic sources for the purpose of measuring and improving the effectiveness of the website (used with consent).
- Marketing cookies – serve to track users and display targeted advertisements (used with consent).
Third party cookies
Third party cookies come from other websites or service providers whose content is displayed on the website the user is visiting. They may include:
- External media cookies – used to display content from external platforms (e.g. YouTube, Google Maps, social networks). These cookies may enable third parties to track user interactions for statistical and/or marketing purposes.

Cookies that are not necessary for the functioning of the website are used exclusively with your consent.

Managing cookies on our website

When you first arrive on our website you will be informed about the use of cookies via a special

web form (so-called cookie consent banner), in which the categories of cookies we use will be

clearly displayed as well as a detailed description of each individual tool.

For cookies that are not necessary for the functioning of the site, we will request your explicit

consent.

Please note that you must adjust cookie settings separately for each device you use, or even for

the same device if you access it through different user accounts or internet browsers.

At any time you can change or withdraw your consent by reopening the "Cookies" option

available on our website. With your choice of cookie settings you decide whether cookies will be

stored on your device. You can also delete already stored cookies or manage their use through

the settings of your internet browser.

Links to instructions for deleting cookies in the most popular web browsers:

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hr
Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Mozilla Firefox: https://support.mozilla.org/hr/kb/Brisanje%20kola%C4%8Di%C4%87a
Microsoft Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

More detailed information about cookies and adjusting browser settings can be found on the page www.allaboutcookies.org.

Please note that individual cookies we use, especially those related to analytical and marketing tools, may involve the transfer of personal data outside the European Union or the European Economic Area, including countries that may not ensure an equivalent level of personal data protection. Information about the provider of each cookie, including the country in which it is located, will be clearly displayed in the cookie banner or in the list of cookies. In all cases where such a transfer is relevant, we request your explicit consent, and transfers are carried out with the application of appropriate safeguards in accordance with applicable regulations.

CUSTOMERS OF APRIVE PRODUCTS

Our APRIVE products can be purchased by customers through our web shop on the website www.aprive-cosmetics.com. For the purpose of carrying out the purchase process we collect the following data:

E-mail address
First name*
Last name*
Company (optional)
Street*
Street*
Postal code*
City*
Country (select from drop-down menu)
Telephone number*

We use the stated data for the purpose of identifying you as the Customer, concluding and fulfilling a one-time distance sales contract for APRIVE products, and contacting you for delivery. The legal basis is precisely the performance of the sales contract in which the customer is a party. Processing is also necessary for compliance with the controller's legal obligations (for example, the e-mail is necessary for fulfilling the obligation to send confirmation of the concluded distance contract according to the Consumer Protection Act).

Furthermore, we keep data on your eventual complaints and objections, for example in accordance with the Consumer Protection Act the Trader is obliged to keep a register of written consumer complaints on a durable medium for one year from the day of receipt of the written consumer complaint.

We have the right, for the purpose of fulfilling the contract, but also fulfilling the legal obligation, to send the customer by e-mail, SMS and/or via instant messaging platform so-called service messages – confirmations of the concluded contract, invoices, order confirmations and other notifications closely related to the specific purchase.

By calling our contact phone number, we may collect your data related to the purpose of your call for example, if it concerns a completed purchase we will ask for your name, surname, order number in order to be able to respond to your request. We also keep a log of calls based on legitimate interest.

We forward your data (except e-mail) to companies that deliver APRIVE products and we ask you to familiarise yourself with their privacy policies as well.

We publish your valued comments on APRIVE products with your consent on the website or on social media profiles, indicating your name.

Detailed information on the terms of sale please find in the General Terms and Conditions of the APRIVE web shop.

When paying by bank card, via PayPal, EPS, Klarna, Google Pay, Apple Pay all transactions are processed by Stripe, an independent payment service provider. The Seller does not store your card data nor has access to that data. More information on how Stripe processes personal data is available in their Privacy Policy: https://stripe.com/privacy..

After the first registration, when you come to the website you can only log in, but you can also use the website without logging in.

USERS WHO HAVE OPENED A CUSTOMER ACCOUNT

Opening a customer account is voluntary and is not a condition for viewing products or for purchase.

During registration the user enters the following data: first name, last name, e-mail address and password. After registration the user receives an e-mail message for confirmation of registration (so-called double opt-in), thereby ensuring the accuracy and security of the submitted data. Each further login to the customer account is enabled by entering the e-mail address and the password chosen by the user himself.

In the case of registration, the user's personal data are processed for the following purposes:

enabling the opening and management of the customer account,
verification of the user's identity and ensuring the security of the customer account,
viewing and management of the user profile, orders and delivery addresses,
simplification of the use of the web shop (without the need to re-enter data),
providing customer support and improving the user experience on the website.

The legal basis for the processing of personal data is taking steps at the request of the data subject prior to entering into a contract and the performance of the contract within the meaning of applicable personal data protection regulations.

Personal data are not processed for other purposes without additional user consent, except when such processing is necessary for compliance with legal obligations. The user at any time has the right to access, rectification, erasure, restriction of processing and other rights in accordance with applicable personal data protection regulations.

In the event that the customer account has not been used for a period of 5 years, the Seller may delete the customer account and the associated personal data, in order to ensure the up-to-dateness of the data and respect for the storage limitation principle.

NEWSLETTER SUBSCRIBERS – APRIVE NEWS

By subscribing to the newsletter on our website you give consent for your e-mail address to be processed exclusively for the purpose of sending Aprive newsletters. You can withdraw consent completely freely at any time by sending a message to info@aprive-cosmetics.com After withdrawal of consent, your data will no longer be processed for these purposes, but if a new newsletter list has already been formed before your withdrawal of consent, it is possible that you will receive one more newsletter, after which your address will be removed from the list. We note that withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Additionally, LIAGO COSMETICS d.o.o. has the right, on the basis of legitimate interest, to collect and use the data on e-mail address and first and last name of all customers, as well as data on completed purchases, for the purpose of direct marketing and exclusively for the purpose of informing about offers and news of LIAGO COSMETICS d.o.o. via e-mail. In this case you have the right to object to such processing including profiling to the extent that it is related to such direct marketing, either in relation to the initial or further processing, at any time and free of charge via e-mail to the address info@aprive-cosmetics.com .

QUIZ

A quiz for recommending skin care products is available on our website. In order to be able to send you a personalised recommendation, we process the data you enter in the quiz and your e‑mail address. After sending the recommendation, your address is not used for any other purposes nor is it stored longer than necessary for this one-time communication.

FOLLOWERS OF OUR SOCIAL NETWORKS

In order to be as close as possible to users we have opened profiles on the social networks Facebook, Instagram, and it is possible that we will open profiles on other social networks (together hereinafter: social networks).

By using social networks you accept their rules including rules related to the processing of personal data, and we refer you to familiarise yourself with them. You use social networks and their functions at your own risk. We note that with every interaction on our profiles on social networks as well as on other profiles, social networks record your behaviour through cookies and other technologies, i.e. the type, scope and purposes of data processing on social networks are primarily determined by the operators of social networks.

Consequently, some data (e.g. total number of visitors or visits to the page, activity on the page and data left by visitors, interactions (e.g. commenting, sharing, rating)) are processed and provided to us by social networks. We have no influence on the creation and display of these data.

We may process personal data related to your user activities on social networks for marketing purposes exclusively on the basis of your consent for cookies that you give on our website www.aprive-cosmetics.com . You can find out exactly which cookies these are and for what purpose in the cookie settings for the website.

For better management of social networks we also use the services of partners with whom we have concluded appropriate contracts.

Given that we use services of social networks that do not operate in the European Union we are obliged to inform you that these third parties managing social networks may transfer your data to the USA.

Below we provide links to the privacy policies of the companies that operate some social networks:
Facebook and (Meta Platforms Inc.) https://www.facebook.com/privacy/policy/
Instagram (Meta Platforms Inc.) https://privacycenter.instagram.com/policy/
TikTok (TikTok Ireland, TikTok UK) https://www.tiktok.com/legal/page/eea/privacy-policy/en

BUSINESS PARTNERS (suppliers of products and services)

In our business we process data of business partners or potential business partners:

natural person clients who are, may become or have been business partners e.g. craftsmen, persons in the regime of independent professions (e.g. lawyers,), persons with whom work contracts are concluded (e.g. photographers) and other natural persons who have the status of entrepreneurs;
natural persons who in some part of the business represent legal entities with which we have, may have or have had a business relationship (e.g. persons who perform delivery, persons to whom invoices are sent, signatories of contracts, persons with whom handover is agreed, etc.)

Purpose of processing and legal basis:

performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract: sending an offer, fulfilment of obligations under the contract, monitoring their fulfilment and ensuring all relevant measures for their fulfilment (for example: data on contact persons for sending offers, invoices, for agreeing on the time and place of delivery of equipment under the contract, data on contract signatories etc.);
direct marketing: processing of data for the purpose of quality and timely informing of business partners about news in our assortment, on the basis of legitimate interest or consent if consent is requested.

In addition to the stated purposes, processing of personal data for other specific purposes is possible, but always within the framework prescribed by law or if the processing is necessary for the exercise of rights and obligations from the business relationship.

Type of personal data of data subjects collected are:

first and last name,
e-mail,
telephone number,
data on the position within the legal entity represented (e.g. sales clerk, secretary of the board etc.) and the name of the legal entity,
occupation when the data subject is a natural person with whom a contractual relationship is entered into (for example: photographer, copywriter),
data stated on forms of blank promissory notes, promissory notes, bills of exchange (if requested),
bank account number (IBAN) when the business partner is a natural person with whom a contractual relationship is entered into
other data depending on the nature of the business relationship.

Places of collection of personal data of data subjects:

received inquiries or offers from the data subject for business cooperation, including your messages
received data from the data subject in the context of sale of products/services or purchase of products/services from a business partner
business correspondence related to a specific previous or current business cooperation (for example correspondence carried out as part of contract fulfilment),
publicly available sources (for example: public registers such as court register, websites of business partners, magazines, bulletins etc.).

In addition to the stated types of data and places of collection, processing of personal data for other specific purposes is possible, but always within the framework prescribed by law or if the processing is necessary for the exercise of rights and obligations from the business relationship.

DATA SUBJECTS WHO COME INTO CONTACT WITH US

In our business we process data when a natural person comes into contact with us in any way (by telephone and/or e-mail and/or filling out a contact web form or in another way) with a question, complaint, comment or feedback for example on issues related to delivered APRIVE products.

The purpose of processing is to respond to the initiated communication in an appropriate manner. Processing is based on legitimate interest or on consent if we have requested and received consent from the data subject.

Type of personal data of data subjects collected are: first and last name, contact data and content of communication. In that case the individual has control over the personal data he/she shares with us.

VISITORS TO OUR BUSINESS PREMISES

When visiting our business premises, it is possible that there will be video surveillance at the external entrance.

The purpose of processing is the protection of people and property, and the legal basis is legitimate interest.

Video recordings are kept for up to 15 days, except if a longer retention period is prescribed by another law or if they are evidence in court, administrative, arbitration or other equivalent proceedings.

JOB APPLICANTS AND EMPLOYEES

In the case of employment, we process data of employees, job applicants, persons on internship (pupils), professional training, students working on the basis of so-called student contract, and other persons whose data are processed within the framework of employment and related relationships.

Purposes of processing are:

Staff selection: includes collection and further processing of relevant application documentation, possibly testing and evaluation,
Conclusion of contract: processing for the purposes of concluding an employment contract, student contract, professional internship or professional training, or any other comparable relationship.
Realisation of material and other rights: processing is necessary in order to realise material and other rights of employees, persons in comparable relationship or other persons (e.g. children, spouses or insurance beneficiaries),
Performance of contract: processing of data is necessary for the purpose of performance of the contract by the data subject, which includes performance of work obligations, monitoring their fulfilment and ensuring all relevant measures for their performance.
Informing: processing of contact data for the purpose of quality and timely informing of candidates about open positions and competitions, i.e. possibilities of employment as well as for the purpose of quality and timely informing of current employees about information related to the employment or comparable relationship
Protection of property and persons: includes monitoring of entry/exit from business premises, use of official mobile devices, computer equipment, internet and telephone traffic, cars, premises, and other our property.
Termination of employment: processing of data due to termination of the employment contract or other comparable contract, in order to fulfil legal and contractual obligations.
Occupational safety: processing of data may also be necessary in cases where it is necessary for the fulfilment of the purpose of special regulations on occupational safety including alcohol testing in accordance with regulations.

SHARING PERSONAL DATA WITH THIRD PARTIES

We share and transfer personal data with others only when it is permitted. Sharing of personal data occurs in two cases:

When sharing is necessary and third parties act as independent data controllers and in that case we refer you to familiarise yourself with their privacy policies. An example for such sharing is delivery of employee data to competent institutes Croatian Pension Insurance Institute, Croatian Health Insurance Institute, Tax Administration and Central Register of Insured Persons and pension companies. Data may also be sent to creditors in accordance with enforcement regulations. An example is also the case of delivery of data to companies dealing with delivery of Products you have ordered. We could also receive a court request requesting disclosure of personal data.
When we use the services of our partners who then act as processors. For example when we engage external partners as support in maintaining our IT systems, implementation of marketing campaigns. In these cases appropriate personal data processing agreements are concluded.

Personal data are in principle processed within the European Economic Area (EEA). However, in certain cases data may be transferred to third countries (e.g. United States of America) through the use of services of third providers such as payment service providers, analytical and marketing partners.

In such cases the transfer is carried out with the application of appropriate safeguards in accordance with the General Data Protection Regulation, such as standard contractual clauses of the European Commission or other appropriate protection mechanisms.

Additional information on data processing via cookies and related transfers is available in the section VISITORS TO OUR WEBSITE

DATA RETENTION PERIOD

Data of data subjects are processed and stored, in accordance with applicable legal regulations when a retention obligation is prescribed (for example accounting documents on the basis of which the data were entered in the journal, general ledger and subsidiary books are kept for at least eleven years).

In situations where we are authorised to determine retention periods ourselves, data are kept for as long as is necessary for the purposes for which the personal data are processed taking into account the purpose of processing, legitimate interests and the interests of data subjects that the data be deleted. When nothing else is determined for a particular processing, the retention of personal data is determined at 5 years from the last activity related to the individual data subject.

RIGHTS OF DATA SUBJECTS

Regardless of the basis for data collection, when we are the data controller data subjects may exercise all rights guaranteed by positive regulations free of charge, within the limits and restrictions prescribed by the Regulation:

right of the data subject to be informed about the processing of personal data
right of access to personal data
right of the data subject to rectification of data
right of the data subject to erasure of personal data
right to restriction of processing of personal data
right to data portability
right to object to the processing of personal data
right to object to automated individual decision-making, including profiling

For the exercise of your rights, send your written request to the contact e-mail address: info@aprive-cosmetics.com or by post to the address LIAGO COSMETICS društvo s ograničenom odgovornošću for trade and services, Zagreb, Matijevka 4, Republic of Croatia.

The controller shall act on the request of the data subject unless the controller demonstrates that it is not possible to establish the identity of the data subject. The data subject shall be provided with the information upon request without undue delay and in any case within one month of receipt of the request. That period may be extended by a further two months, if necessary, taking into account the complexity and number of requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the extension. If the data subject submits the request electronically, the information shall be provided electronically if possible, unless the data subject requests otherwise.

You also have the right to lodge a complaint with the competent supervisory authority - the Personal Data Protection Agency, https://azop.hr/ , if you believe that your data protection rights have been violated.

SECURITY OF PERSONAL DATA

We collect and process personal data in a way that ensures appropriate security and confidentiality in their processing and enables the effective application of data protection principles, reduction of the amount of data, scope of their processing, storage period and their availability.

We take all appropriate technical and organisational protection measures in order to prevent accidental or unlawful destruction, loss, alteration, unauthorised use, disclosure or access to data, such as the use of passwords and very limited access to data.

All possible employees of the data controller undertake to keep personal data confidential by signing a confidentiality statement.

FINAL PROVISIONS

This Privacy Policy is available on the page www.aprive-cosmetics.com. You will be duly informed of all amendments and supplements via our website in accordance with the principle of transparency.

LIAGO COSMETICS d.o.o.