Last time updated: 26.01.2024.
1. INTRODUCTION AND DEFINITIONS
1.1. Greenum processes personal data only in accordance with applicable law, ensuring the security and protection of personal data. Please read this Privacy Policy carefully to better understand Greenum’s processing of personal data.
1.2.The following definitions are used in this Privacy Policy:
Data Subject – the individuals whose personal data is being processed; this may be the Customer or any other data subject.
Greenum – Ltd “Cosmetic Lab”, Reg.No LV40103863637, Maskavas 322a, Riga, Latvia.
GDPR – General Data Protection Regulation, i.e. EU Regulation 2016/679 on the processing of personal data.
Personal Data – any information relating to an identified or identifiable Data Subject. An identifiable Data Subject is a person who can be identified, directly or indirectly, including by an identifying element such as name, identification number, location, online identifier, or one or more factors specific to his or her physical, psychological, mental, economic, cultural or social identity.
Processing of personal data: any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Customer – a customer of Greenum who is a natural or legal person and to whom Greenum sells products and/or provides services.
Privacy Policy – this Privacy Policy.
Data processor – a natural or legal person, public authority, agency or other body which determines, unilaterally or jointly with others, the purposes and means of the processing of personal data.
Website – this website operated by Greenum.
Processor – a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
2. APPLICATION OF THE PRIVACY POLICY
2.1 This Privacy Policy applies in all cases where Greenum, as data controller, processes the personal data of Data Subjects in the course of providing services and products in the course of its business and professional activities.
2.2 This Privacy Policy does not apply to, and Greenum is not a data processor in respect of, any instalment service or loan offered and granted to a Customer by a financial institution. In such case, the data processor shall be the relevant financial institution.
2.3 In general, this Privacy Policy is also not applicable and Greenum is not the data processor if Greenum processes personal data of natural persons in relation to a customer who is a legal person (e.g. personal data of a member of the management board or other representative). In this case, the data controller is usually the client – the legal person – and Greenum is the data processor of the client. However, Greenum may process the personal data of such natural persons as Data Subjects for the purposes and in accordance with the procedures set out below, 4.1(c) to 4.1(f). Section 4.4.
2.4 The Privacy Policy shall come into force on the date of its last revision as indicated under the heading. Greenum may unilaterally amend and supplement the Privacy Policy. Greenum will notify Data Subjects of any changes to the Privacy Policy by making them available on its website or otherwise at Greenum’s sole discretion.
3. DATA PROCESSOR AND CONTACT DETAILS
3.1 In the cases set out in the Privacy Policy, Greenum is the data processor of the Data Subjects’ personal data (for further details, see section 1.2(b) above).
3.2 If you have any questions about the Privacy Policy and the processing of personal data, you may contact Greenum by sending an email to sales@cosmetic-lab.lv.
4. PURPOSES FOR WHICH PERSONAL DATA ARE PROCESSED
4.1 Greenum collects and processes personal data for the following purposes:
- providing services and/or selling products to the Customer on the basis of a contract entered into with the Customer, including communicating with the Customer to provide new services and/or sell products to the Customer at the Customer’s request;
- communicating with a prospective Customer in connection with the possible provision and/or sale of services and/or products where the relevant Data Subject has expressed a wish to do so (e.g. by making a request on the Website);
- to provide the functionality of the Website;
- to analyse the use of the Website;
- to protect and enforce rights under laws and contracts binding on Greenum;
- to comply with legal obligations and legal requirements to which Greenum is subject.
4.2 Greenum collects and processes the following personal data:
- to provide services and/or sell products to the Customer on the basis of a contract with the Customer (for the purpose see 4.1(a). Section 4.1) – Customer’s name, email address, telephone number, personal identification number, address, language of communication, payment method information, other order-related information (e.g. details of the kitchen ordered) and other personal data that Customer may provide to Greenum in connection with Greenum’s provision of services and/or sale of products;
- for the purpose of contacting a potential Customer (see Section 4.1(b) for purpose), name, email address, telephone number, address, language of communication and other personal data that the Data Subject may provide to Greenum in connection with pre-contractual enquiries and negotiations;
- to ensure the functionality of the Website (for the purpose see 4.1(c). Section 4.2) – personal data collected through cookies (e.g. information about the device used to visit the Website);
- to analyse the use of the Website (for the purposes, see section 4.1(d). (d) the personal data collected by cookies (e.g. IP address, information about the device used to visit the Website, data about the use of the Website);
- to exercise and protect Greenum’s rights (for the purpose, see section 4.1(e). (e) section (e.e. section (e)(4)) – any of the above personal data determined in accordance with the specific rights exercised by Greenum;
- to comply with legal obligations and orders (see 4.1(f) for purpose). Section 4.5) – any personal data referred to above which is identified pursuant to a specific obligation to which Greenum is subject.
4.3 In certain situations, the provision of personal data may be necessary for the conclusion or performance of a contract, for example, Greenum needs to know the name and contact details of a Customer in order to fulfil an order. If in such a situation the Data Subject refuses to provide personal data, Greenum may not be able to provide services or sell products to that Data Subject. If Greenum does not require the Data Subject to provide specific personal data, the provision of such personal data is voluntary and failure to provide such personal data will not have any adverse consequences for the Data Subject.
4.4 In general, Greenum obtains personal data directly from the Data Subject, for example, Greenum directly asks the Data Subject for name and contact details.
5. LEGAL BASIS FOR PROCESSING PERSONAL DATA
5.1 In accordance with applicable data protection law and the GDPR, any processing of Personal Data must have an adequate legal basis. We set out below the legal basis for each of the purposes of processing personal data set out above.
5.2 In the case that Greenum processes personal data on the basis of a contract concluded with the Customer to provide services and/or sell products to the Customer (see 4.1(a) for the purposes). Section 4.4.1), the processing of personal data is based on Article 6(1)(b) GDPR (first case). This means that the processing of personal data is necessary for the performance of a contract with the Customer.
5.3 In the case that Greenum processes personal data for the purpose of contacting a potential Customer (see section 4.1(b) for the purpose), the processing of personal data is based on Article 6(1)(b) of the GDPR (second case). This means that the processing of personal data is necessary to carry out pre-contractual activities at the request of the Data Subject.
5.4 In the case that Greenum processes personal data to provide the functionality of the Website (see 4.1(c) for the purpose). Section 4.4), Greenum will only do so if it has obtained the Data Subject’s consent. If Greenum processes personal data to analyse the use of the Website (for the purposes see Section 4.1(d). Section 4.1), Greenum will only do so if it has obtained the Data Subject’s consent. In this case, the basis for processing is the Data Subject’s consent in accordance with Article 6(1)(a) of the GDPR. The Data Subject is entitled to withdraw his or her consent at any time.
5.5 In the case where Greenum processes personal data for the purposes of exercising and protecting Greenum’s rights (for purposes see 4.1(e). Section 4.4.2), the processing is based on Article 6(1)(f) of the GDPR. In particular, the processing is necessary for the pursuit of Greenum’s legitimate interests. In this case, Greenum’s legitimate interest is to protect its rights in a manner that Greenum deems appropriate and necessary.
5.6 In the case where Greenum processes personal data to comply with legal obligations and obligations (for the purposes see 4.1(f). Section 5.5.4), the basis for processing the personal data is Article 6(1)(c) GDPR, i.e. the processing of the personal data is necessary to comply with a legal obligation of Greenum as data controller.
6. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
6.1 Greenum may transfer the Data Subject’s personal data to third parties or processors in the following cases:
- partners used by Greenum to provide services and sell products to Customers (e.g. transport service provider, etc.);
- other companies where this is necessary for one of the purposes set out in the Privacy Policy.
6.2 All data processors of Greenum ensure the protection of personal data in accordance with the GDPR and other applicable legislation on the protection of personal data. In general, Greenum does not transfer personal data outside the European Economic Area (except Switzerland as explained above). However, even if Greenum transfers personal data to other countries, Greenum will implement appropriate safeguards in accordance with the GDPR, for example by entering into an appropriate contract with the processor for the processing of personal data in accordance with the standard contractual clauses approved by the European Commission.
6.3 Greenum is also entitled to disclose the Data Subject’s personal data to an authority that has the right to require Greenum to disclose the personal data it processes in accordance with applicable law.
6.4 At the request of the Data Subject, Greenum may also transmit the data to the financial institution offering the instalment or loan, but in this case the data controller is usually the financial institution itself and not Greenum.
7. STORAGE OF PERSONAL DATA
7.1 Greenum processes and stores personal data only for as long as is necessary to achieve the purpose of the processing – once the purpose has been achieved, the personal data will be deleted or made anonymous.
7.2 For each of the purposes for which we process personal data, Greenum retains personal data for the following periods:
- on the basis of a contract entered into with the Customer to provide services and/or sell products to the Customer (for the purpose see 4.1(a). Section 4.1) – until all contractual obligations have been fulfilled;
- to contact a potential Customer (see Section 4.1(b) for purposes) – until one year after the last contact with that Data Subject:
- to provide the functionality of the Website (for the purposes see Section 4.1(c). Section 4.2) – until the end of the Website session or until the Data Subject withdraws his or her consent (whichever is earlier);
- to analyse the use of the Website (for the purposes, see Section 4.1(d). Section 4.2) – 1-2 years or until the Data Subject withdraws his/her consent (whichever is earlier);
- for the purposes of enforcing and protecting Greenum’s rights (for the purpose, see 4.1(e). section) – up to 10 years after the execution of the order, which is the maximum limitation period for statutory claims:
- to comply with legal obligations and orders (for purposes see Section 4.1(f)) Section 4.5) – in accordance with the statutory time limits. For example, the law obliges Greenum to retain accounting supporting documents (which may include personal data) for five years after the end of the financial year in which the economic transaction on which the supporting document is based was recorded in the accounting records.
8. RIGHTS OF THE DATA SUBJECT
8.1 The data subject shall have the right to contact Greenum at any time by sending a free written request to the following email address: sales@cosmetic-lab.lv to:
(a) request access to his personal data;
(b) request the rectification of personal data;
(c) request erasure of personal data;
(d) restrict the processing of personal data;
(e) object to the processing of personal data;
(f) request the transfer of personal data;(g) request that no decision be taken in respect of the Data Subject by automatic processing, if applicable;
(h) withdraw their consent to the processing of personal data;
(i) lodge a complaint with a supervisory authority (the Data Inspectorate, additional information: https://www.dvi.gov.lv/lv; contact details: pasts@dvi.gov.lv).
8.2 Where Greenum processes personal data on the basis of its legitimate interests, the Data Subject shall have the right to request from Greenum additional information about the legitimate interests, including an explanation of how the interests of the Data Subject and Greenum are taken into account and weighed against each other.
9. COOKIES
9.1 The Greenum Website uses cookies. Cookies are small blocks of text data that are stored on a user’s web browser or device when they visit the Website. Some cookies are called first-party cookies and are linked to the Website, but third-party cookies (such as Google Analytics) are also used.
9.2 Cookies are generally used to make the visitor’s experience of the Website as smooth and convenient as possible and to collect statistical data about visits to the Website. The following cookies are used in particular:
- Strictly Necessary Cookies – cookies that are strictly necessary for the visitor to use the Website. Such cookies are used, for example, to protect the Website from unauthorised commands from malicious websites (CSRF cookies), to ensure a secure https connection, etc. The Website would not function without them. These cookies are usually stored for 1-2 years.
- Functionality cookies – cookies that enable the Website to function as intended. For example, we use session cookies to remember choices made by a visitor (such as language choices) and to recognise a visitor between sessions. Such cookies are usually stored until the end of the session on the Website.
- Analytical cookies – cookies that are generally used to analyse the visit and use of the Website. These cookies are usually stored for 1-2 years.
9.3 Cookies used on the Website may or may not collect personal data. As far as the processing of personal data is concerned, the provisions of this Privacy Policy are applied and the Data Subject’s rights regarding the processing of his/her personal data are set out in the Privacy Policy.
9.4 In relation to cookies, a visitor to the Website has the right to:
(a) refuse the use of cookies without giving or withdrawing consent;
(b) refuse the use of cookies by selecting the appropriate settings in their browser;
(c) delete cookies already stored on the device;
9.5 However, strictly necessary cookies will be used in any case without the visitor’s consent, as without them the use of the Website is impossible. It is possible to use the Website without other cookies, but in this case the Website may not function fully and correctly.