The company OROEXPERT s.r.o, Jinonicka 804/80, 158 00 Prague 5 (Czech Republic) and registered in the Prague Trade and Companies Register under number 03517365, and whose intercommunity VAT number is CZ03517365 (hereinafter referred to as “OROEXPERT” Or “we”), operator of the online store www.oro-expert.com, declares that all personal data (hereinafter referred to as” data “) are considered strictly confidential and that they are treated in accordance with the provisions laws in force regarding the protection of personal data.
The security of your personal data is important to us. We therefore devote the necessary attention to your personal data and their protection. You will find in these Principles of processing of personal data (hereinafter referred to as “Principles”) information on the personal data that we collect about you, for which legal basis we process it, for what purposes we use it, how long we keep them, and to whom we can pass them. We also inform you in the Principles of your rights in connection with the processing of your personal data.
1. What personal data do we process?
If you use the services of our online store, we process various types of data about you.
• 1.1. If you buy
The most frequent data that you communicate to us is the data obtained through the form for ordering products or other services on our web pages. These are mainly data necessary for the conclusion and execution of a purchase contract.
These data are necessary for the processing of your order and can be divided into:
1. Identification data, which are the first and last name and, in the case of a purchase for a company, the identification number and the intra-community VAT number.
2. Contact details, which are email address, mailing address, billing address, phone number, bank details, payment information.
3. Data that emerged during the term of the contract, i.e. products purchased, volume of services provided and customer segment.
• 1.2. If you are registered for sending commercial messages
You may receive commercial messages from us regarding products similar to those you have purchased from us. You can always opt out of receiving these messages through an unsubscribe link that you will find at the bottom of every email containing these messages. If you have a customer account, opting out of receiving these messages is also possible through your account.
If you are a registered customer, you can also receive commercial messages via SMS messages or push notifications in our mobile app. You can also receive push notifications containing commercial messages on Facebook or Messenger. This processing is governed by the Principles for processing personal data of the social network in question. You can also refuse to receive messages through these channels.
If you are the recipient of these messages, we process the following data:
1. Identification data, that is to say the first and last name and, in the case of a purchase for a company, its identification number and the intra-community VAT number
2. Contact data, through which we can communicate with you, i.e. the e-mail address and also the telephone number.
3. Demographic data arising from your configurations and your behavior on the web, which are data on gender and preferred language.
• 1.3. If you visit our website or create content on it
If you visit our website, then we collect various information about you during your visit, including your IP address, browser settings and preferred language, websites visited, including time of visit. In addition, we also track your movement on the website or on what links you click, so that we can best personalize the content displayed and provide you with the products and content that you enjoy.
When visiting our website, we also store and subsequently read cookie files, which we discuss in a separate chapter of these Principles.
Apart from cookies, we also process data on your behavior on the web, your IP address, data communicated by your browser, i.e. the resolution, the operating system of your device, including its version and language configuration.
We may also connect you to social networks, including automatically logging into your account on specific social networks. For this connection, we use “social plugins” on our website, more specifically on blog posts. These are share buttons, through which you can share content on your profile. After logging in, personalized offers and targeted advertisements that link to our website may appear on your social networks and other websites.
To further integrate you into the world of beauty, we allow you to be active on our website and create content, such as reviews of products purchased and appreciation of their usefulness. A customer account is not required to be able to create this content. The first name and last name, which you entered, if you enter them in a form, can be indicated next to your comments. You are responsible for the added content and activity on our website, which is why we ask that you do not publicly share through personal data content that you do not wish to publicly publish.
• 1.4. If you contact us through our customer service or social media
If you decide to contact our customer service by phone or e-mail, we may process the phone call recordings, which are checked, as well as the recordings of the e-mail communication.
If you contact us regarding a request through our site or profile on certain social networks, the processing of your personal data is governed exclusively by the Principles of processing of personal data of the company which operates the social network in question.
• 1.5. If you give us a rating on rating portals
After receiving a product, you may be asked to rate it and rate your satisfaction through a rating portal. We greatly value every comment, but the decision to give us a review is up to you. If you do so, we process and transmit the following data to the relevant partners:
1. Contact data, that is to say the e-mail address, used for sending a request for evaluation.
2. Data that emerged during the term of the contract, that is to say the products purchased.
• 1.6. If you participate in user tests or other organized action
If you participate in a user testing program that we offer, we may process the following data:
1. Identification data, which are first and last name.
2. Contact details, i.e. your e-mail address and telephone number.
We also organize various actions and events for you, in the context of which we can process this data:
1. Identification data, which are first and last name, and where applicable your company identification’s number and the intra-community VAT number.
2. Contact details, i.e. your e-mail address and telephone number.
We will inform you of the concrete personal data processed for each action.
2. For what purpose do we process personal data?
• 2.1. Purchase of products and services
We most frequently process your personal data for the fulfillment of a purchase contract, to properly process your order placed through our website, mobile app or customer service hotline and to ship the product to you. The e-mail address and telephone number are used for sending an order confirmation, sending a confirmation of receipt of payment, sending an electronic invoice as well as to inform in a manner the status of your order and any other possible individual communication regarding this order.
• 2.2. Marketing offers
You may receive commercial messages from us regarding products similar to those you have purchased from us. You can always opt out of receiving these messages through an unsubscribe link that you will find at the bottom of every email containing these messages. If you are a registered customer, you can also receive commercial messages via SMS messages or push notifications in our mobile app. You can also receive push notifications containing commercial messages on Facebook or Messenger. This processing is governed by the Principles for processing personal data of the social network in question. If you unsubscribe from receiving commercial messages, we will no longer use your email contacts for these activities.
• 2.3. Personalization and creation of content, guaranteeing better functioning of the website
We want to personalize the content to you and recommend products that will interest you. For this reason, we use the personal data collected for the personalization of the content and offer of our website. The marketing offers you see may be chosen based on other information that we have obtained about you over time based on contact and demographic data, favorite articles, as well as other data related to the use of our site. However, we do not carry out fully automated processing which would have legal consequences for you.
We process data about your behavior on our website, which enables us to obtain information on the basis of which we can continually improve our site for you, to make it as pleasant as possible for you. We may also process your personal data for the creation of various statistics, in particular the monitoring of the number of visits to our site or the measurement of the effectiveness of an advertisement, also to test new features of our site or mobile application. Data about your behavior on the web is, among other things, important for any prevention of attacks on our site.
You can also create content on our site. If you decide to write a review for products you have purchased, we process your personal data for the processing and display of this review. If you join a discussion regarding our blog posts and write a comment to us, we are processing your personal data for the processing and display of that comment.
• 2.4. Customer service and communication
We strive to continuously improve the services provided by our customer service and, in order to be able to respond to your requests as quickly as possible and provide these services, we need your personal data for the successful handling of your requests or the resolution of problems when executing a purchase contract. If you contact us by phone, we may record our conversation after a prior warning so that we can further improve our services.
We also use the personal data collected for communication with you and its individual personalization. For example, we may contact you by phone, e-mail, in a mobile application or any other form, to remind you that you have a product in your shopping cart, to help you complete your order, or to communicate the up-to-date status of your order. We can also alert you to the need to take action to keep your customer account active.
• 2.5. Determination of satisfaction on evaluation portals
In connection with a purchase, you may also receive a request to rate it through a review portal. In this case, the purpose of processing is to determine satisfaction.
• 2.6. User tests and organization of actions
If you participate in a user testing program that we offer, we process your personal data in order to test new or existing functionality of our systems.
If you participate in an action of which we are the organizers, we process your personal data in order to plan, ensure and evaluate the organized actions.
• 2.7. Improvement of services
We use your personal data for the continuous improvement of our services and systems, including the addition of new features. We also process personal data in order to make informed decisions using global analytics and business intelligence, on the basis of our legitimate interest which derives from the freedom to conduct business and the need to improve the services provided to succeed in a competitive environment. To ensure sufficient protection of your rights and interests, we use personal data for these purposes which is anonymized as far as possible.
• 2.8. Protection, security and dispute resolution
We may also process your personal data to ensure the protection and security of our customers and systems, to assert our rights and legal claims, to detect and prevent fraud, to resolve disputes or to enforce our agreements. We may also process personal data for any checks carried out by public bodies.
3. On what legal grounds do we process personal data?
We process personal data under various conditions and for various purposes, as detailed in art. 1 and 2 above, and that is:
a) Without your consent on the basis of the performance of a contract, the fulfillment of a legal obligation or our legitimate interests.
b) Based on your agreement
The forms of processing that we can perform without your consent arise from the stated purpose of this processing as well as from your position: whether you are a simple visitor to our website, whether you are purchasing or registering with us. Your personal data may also be processed if you are the recipient of a product or service ordered, if you communicate with us.
• 3.1. Execution of a purchase contract
If you buy from us or place an order, this results in the creation of a proposal for a purchase contract concluded by the acceptance of the proposal from us in the form of sending the ordered product. In order for us to successfully execute this purchase contract, if applicable another contract for a product or services, we need a large part of your personal data entered through the order form. The specific data that we process in this case are indicated in Art. 1, s. 1 and 5.
• 3.2. Execution of legal obligations
We must also comply with certain obligations set out for us by the regulations in force. If we process your personal data on the basis of compliance with these obligations, we do not need to obtain your consent for this processing. On this legal basis, we therefore only process your identification and contact data, and data on your orders. The specific data that we process in this case are indicated in Art. 1, par. 1.
• 3.3. Agreement
With regard to the sending of commercial messages by e-mail, we may process your personal data on the basis of the consent you have given us. We process them on the basis of this agreement, if we do not process them on the basis of a legitimate interest. You can revoke your consent at any time and unsubscribe from receiving commercial messages. The specific data that we process in this case are indicated in Art. 1, s. 3.
We also ask for your consent if you plan to make public a review of a purchased product, comment on a blog, set up uptime monitoring, or take part in user testing or any other action. In these cases too, revoking your consent is of course possible at any time. The specific data that we process in this case are indicated in Art. 1, s. 4, 7 and 10.
• 3.4. Legitimate interest
We also process your personal data on the basis of a legitimate interest, in order to be able to improve and personalize the services provided, to determine whether the processing of an order was carried out to your satisfaction, to promote the products and services more effectively. This concerns above all the data indicated in art. 1, s. 4 and 5.
Based on a legitimate interest, relating to direct marketing, we may also send commercial messages about products similar to those you have purchased from us, only on the condition that you do not object to this processing.
Our legitimate interest is also the protection of legal rights, internal registration and control of the proper provision of our services. In this case, we process all the categories of personal data indicated in art. 1.
Our legitimate interest also consists in submitting a request for a review of a purchase made through a review portal.
4. To whom do we pass personal data?
We process your personal data in most cases for our own purposes as administrators, which means that we determine these purposes for the collection of your personal data, the determination of the means to process it and their proper execution.
We only transmit your personal data to our partners if this is essential for the execution of a purchase contract, for example to guarantee payment or transport; on the basis of a legitimate interest or if you have given prior consent to their transmission.
We also transmit your personal data to our processing entities, which obviously respect the conditions for the protection of personal data imposed by law. These entities processing personal data do so according to our instructions and your rights are not affected by this processing. We may also transmit your personal data with your consent to social networks or operators of marketing instruments for the display of targeted advertising on other sites.
• 4.1. Category of recipients
We may transmit your personal data to the following entities:
- Sister companies and dealing entities of OROEXPERT on the basis of the execution of a purchase contract in order to carry out internal processes and procedures.
- Companies operating payment services in order to process payments on the basis of your order, namely the execution of a purchase contract.
- Transportation companies so that the products or services you have ordered and the settlement of claims can be provided to you, including the termination of a purchase contract.
- Suppliers of products or service centers in connection with a claim for a product or service that you have ordered.
- Partners ensuring the sending of commercial messages, bound by an obligation of confidentiality and not having to use your personal data for any other purpose.
- Operators of marketing tools, which help us personalize offers and content.
- Social networks, if you communicate with us through them or share content using social plugins.
- Instrument suppliers for customer service communication with you or possibly an external call center.
- Partners carrying out customer satisfaction surveys.
- Technology providers and cloud service providers.
- Legal or financial representatives, courts for the processing of tax documents, debt collection or for other reasons that arise from the performance of our obligations imposed by law.
- Public bodies in the event of a claim of our rights (e.g. the police).
If third parties use your personal data in the context of their own legitimate interests, we are not responsible for this processing. Any such processing is governed exclusively by the Principles for processing personal data of companies and related persons.
• 4.2. Data transmission outside the EU
In the event of transmission of your personal data to our processing entities, in certain cases we may transmit the personal data also to third countries, which are not part of the European Union and which do not guarantee an appropriate level of protection of personal data. This transmission will only be carried out on our part if our processing entity undertakes to comply with the standard contractual clauses issued by the European Commission.
5. How long do we process personal data and how is it secured?
• 5.1. Duration of the treatment
We process your personal data first for the duration of our contractual relationship, i.e. a purchase contract. We are required to process this personal data, which is essential for the performance of all our obligations, whether it is an obligation resulting only from a contract concluded between us or from generally binding regulations, for the period set by given regulations or in accordance with them. For example, with respect to the accounting documents that we issue, we as administrators are required to retain information about you at least for a period of 10 years after they are established.
As part of the execution of your requests and the provision of quality customer services, we process your personal data from the conclusion of our contractual relationship, and this up to 1 year after the end of the period of warranty of the purchased product for the purpose of settling potential disputes.
If you communicate with us through our customer service, we retain personal data from that communication for a period of 2 years, including call recordings, which may be monitored.
If you give us consent to send commercial messages, this agreement is valid for 4 years or until revoked. Likewise, if you give us an agreement to be notified of the availability of the product you are tracking, this agreement is valid until the time of sending the information on its availability, but not more than 1 year or up to upon revocation. An agreement given by sending your review of a product is valid for 6 years or until revoked. If you create content for our blog posts, your consent to comment on this post is valid for 2 years or until revoked. If you decide to participate in user tests or other action which we are the organizer and give us consent, we will process your personal data for 1 year or until it is revoked. If you take part in a competition that we organize, we process your personal data for a period of 1 year. In other cases, the duration of the processing of your personal data results from the purpose of the processing or is governed by the binding regulations in the field of personal data protection. After the expiration of the processing times, your personal data is automatically deleted.
• 5.2. Securing
The personal data that we have collected about you and that we process are transmitted to us in an already encoded form and we use a coding system for this transfer. This system ensures that when your browser communicates with our server, your personal data is safe. We secure our website and the other systems with which we work by using appropriate technical and organizational measures against the loss and destruction of your personal data, as well as against unauthorized access to your personal data, their modification or dissemination. We are constantly improving this security, also asking our processing entities to demonstrate the compliance of the systems they use in connection with the GDPR. If you register, access to your customer account is only possible after entering the password you have chosen. We do not have access to your password because we save it in an encrypted form, which cannot be deciphered retroactively, and even for us.
Among other things, we would like to remind you that it is essential that you do not pass your login information on to third parties. After all activity in your customer account has ended, we recommend that you log out, especially if you share your device with other users. We are not responsible for any possible misuse of your password, unless we have been the direct cause.
6. How do we use cookie files?
We also use cookie files, to ensure the proper functioning of our website and to ensure that our offer is relevant, interesting and pleasant to consumers. To be able to use cookie files, their support by the internet browser you are using is necessary. Our site also works without cookies, but to a very limited extent with the impossibility of using certain basic functions.
Cookies are a standard instrument for recording information about the use of websites.
Cookies are small text files that are created automatically when you visit each site and that are saved in the browser you use on your computer, smartphone or other device. Thanks to certain cookies, we can interconnect your activities on our site until the moment you close your browser. These cookies are automatically deleted by closing the browser window.
Other cookies remain in your browser or device for the configured period and are reactivated each time you visit our site. Apart from cookies, we also use “tracking pixels”, which are small images invisible to the normal user, operating on the same principle as cookies. The length of time that cookies are stored in your browser or device depends on the configuration of the cookies themselves as well as on your browser. We keep the data obtained by the cookie files for a maximum of 1 year.
• 6.1. What cookie files do we use?
The cookie files that we use on our site can be divided into 2 main types:
- Short-term, known as “session cookies”, deleted at the end of the visit to our site.
- Long-lasting, so-called “persistent cookies”, remaining in your browser or device for a certain time or until you delete them manually.
Cookie files can also be divided according to their operation into cookies:
o Essential, which are technical and functional cookies, important for the basic functioning of websites. Without these cookies, you would not be able to insert a product in your basket, send an order or log into your customer account.
o Analytics, helping us to increase the convenience of using our site by identifying how it is used. They also allow us to analyze the performance of various sales channels.
o Remarketing, which we use to personalize the content of advertisements and to ensure their correct targeting.
In practice, for example, we use these cookie files to:
o Ensure functioning of the shopping cart so that you can complete your order as easily and as quickly as possible.
o Remember your login details so you don’t have to enter them repeatedly.
o Adapt our site as best as possible to your requests, and this by monitoring attendance, your movement on the site and the functions you use.
o Determine information about the type of advertisements you see, so that we do not show you an advertisement in the future for a product that does not interest you.
Some cookies, including their content, may collect information that can then be used by third parties and, for example, directly supporting our advertising activities (so-called “third-party cookies”). This may include information about products purchased from our site that may be displayed by an advertising agency in connection with the display and tailoring of banner ads on the sites displayed to you. These cookies are in an anonymized form for third parties and you cannot be identified based on this data.
6.2. How can you limit cookie files?
Configuring the use of cookie files is part of the web browser you use, with most browsers automatically accepting cookies in their default settings. Cookie files may be refused through your browser or may only be limited to the types you have selected. By doing this, you also limit the operation of our site and you will no longer be able to use the functions we offer to their full extent, including logging into your customer account.
7. What are your rights and how can you exercise them?
Just as we have rights and obligations when processing your personal data, you also have certain rights, which you can assert. Are part of :
• 7.1. Permission to access
You have the right to request information about the processing of your personal data, including what data we process about you, for what purpose and for how long, where we obtain your data and from whom we obtain it. As part of the right of access, you can also ask us to send your personal data in a structured machine-readable format. We will be happy to generate a copy for you after proper verification of your identity, just send your request to the e-mail address of the Data Protection Officer (hereinafter referred to as the “Delegate”) info @ oro-expert.com
• 7.2. Right of correction
If you notice that the personal data processed are inaccurate or incomplete, you have the right to request their correction. We will be happy to correct or supplement your data without undue delay. Simply send your request to the Delegate’s email address email@example.com
• 7.3. Right to erasure
In certain cases, you can exercise your right to have the personal data that we process about you erased. We erase or anonymize your personal data without undue delay. This does not concern personal data which we need for the performance of our obligations imposed by law and which regulations require us to keep (for example the processing of an order already sent) or for the protection of our legitimate interests. The elimination of personal data also takes place if this data is no longer necessary for the specified purpose or if the recording of your personal data is prohibited for other reasons prescribed by law. You can request the deletion of your personal data from the Delegate through the address firstname.lastname@example.org.
• 7.4. Right to restriction of processing
In some cases, you can also use the right to restriction of the processing of the personal data that we process about you. You can request that the personal data you designate not be the subject of future processing, for a limited period of time. You can request the limitation of the processing of personal data from the Delegate through the e-mail address: email@example.com.
• 7.5. Right of portability
You have the right to obtain from us any personal data that you have communicated to us that we process on the basis of your consent. We provide you with personal data in a structured, machine-readable format. We will be happy to generate the data for you in this format, just send your request to the Delegate’s email address: firstname.lastname@example.org.
• 7.6. Right to object to processing
You have the right to object to the processing of personal data, taking place on the basis of our legitimate interest. If this is processing for marketing purposes, we stop processing personal data without undue delay. In other cases, we do so based on a reassessment of our legitimate interests and your rights and reasons. You can object to the processing by sending a request to the Delegate’s email address: email@example.com.
• 7.7. Right to lodge a complaint
The application of these rights and procedures in no way limits your right to lodge a complaint with the competent supervisory body. You can use this right first and foremost if you believe that we are processing your personal data illegitimately or in contradiction to generally binding regulations. The entity responsible for handling customer complaints in the UK is the ICO. You can contact them by mail at the following address: firstname.lastname@example.org or via telephone: 0303 123 1113 (charges may apply) or write them at Information Commissioner’s Office; Wycliffe House Water Lane; Wilmslow; Cheshire;SK9 5AF
8. Contact us
If you have a question, comment and request regarding these Principles and the processing of your personal data, you can contact the Data Protection Officer at any time, through: email@example.com. Your request will be taken into account without undue delay, but within 60 days at most. In exceptional cases, especially in view of the complexity of your request, we are authorized to extend this deadline for two more months. We will inform you of this possible extension and its justification.
If applicable, please feel free to also contact us at the customer service address or telephone number provided at the end of these Principles.
Contact: OROEXPERT; Jinonicka 804/80; 150 00 Prague 5; Customer service: +420 xx xx xx xx or firstname.lastname@example.org, Mon-Fri 9 am-5pm
9. Entry into force
These Principles of personal data protection are valid and come into force from 1. 11. 2020.