Terms of use

 

Valid from: 01.01.2011.
Last updated: 10.05.2023.

 

The controller of your personal data is SIA CRYSTAL ROSE, the owner of the online store onezerocosmetics.lv. Company registration number 42403037051, legal address: “Annas kalns”, JUSI, Griškānu pag., Rēzeknes nov., LV-4601, Latvia

 

CRYSTAL ROSE SIA has developed this privacy policy (“Privacy Policy”) to demonstrate our commitment to protecting your personal data, as well as to inform you about how we process your personal data.

This Privacy Policy sets out our information processing practices in relation to the website onezerocosmetics.lv and ONE:ZERO mobile applications and other services we provide to users (hereinafter collectively referred to as the “Services”). We will not disclose your personal data to other parties except as set out in this Privacy Policy.

We will process the personal information you provide in Latvia in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 

How to contact us

If you have any questions about how we collect, store and use your personal information and data, please contact us in any of the ways below:

  • write to us at the email address info@onezerocosmetics.lv
  • write to us at the following postal address (with the indication “About privacy”):
    SIA CRYSTAL ROSE, Rēzekne prov., Griškānu parish, Jusi, "Annas kalns", LV-4601

 

ONE:ZERO services

By using the Services, you may view information and content owned, licensed or provided by SIA CRYSTAL ROSE, its affiliates and subsidiaries (“ONE:ZERO”). The Services may also include information provided by third parties that is distributed based on a license, permission or other agreement with ONE:ZERO. In this Privacy Policy, the word “we” refers to ONE:ZERO as appropriate.

 

Use of services and provision of information

Sometimes you may choose to provide us with personally identifiable information. For example, you may want to register, make purchases, read articles and view information, receive emails from us, receive invitations to events, participate in discussions, preview new services, or participate in special promotions. If you register for services or conduct transactions through the onezerocosmetics.lv website or one of the ONE:ZERO mobile applications, we will collect information about your transactions and other activities. We need certain information from you to register and authenticate you as needed, process your entries and payments, and ship your products to you.

In view of the above, providing us with your personal data is voluntary. However, if you do not provide it, we will not be able to achieve the purposes set out in this Privacy Policy. In cases where your personal data is processed on the basis of your consent, you may withdraw your consent to the processing of your personal data at any time, but this will not affect the lawfulness of the processing of your personal data carried out before such withdrawal of consent.

 

Scope, purposes and duration of personal data processing

We may collect information that you voluntarily provide to us, as well as website visit data, as described below.

Personally identifiable information you submit

Personally identifiable information includes your name, email address, telephone number, date of birth, shipping and billing addresses, as well as a persistent identifier associated with personally identifiable information, as well as other information that you may voluntarily provide to us. We collect such personally identifiable information that you provide to us for the following purposes of processing personal data:

 

1. Registration and membership administration in the ONE:ZERO Loyalty Program

We process your personal data to register you in the ONE:ZERO Loyalty Program and administer your membership. Membership in the ONE:ZERO Loyalty Program can be used to place an order in the ONE:ZERO online store, receive personalized offers, permanent discounts, commercial information about new products and use other program benefits both in the ONE:ZERO online store and in physical stores.

Your data will be used to create or access your ONE:ZERO account and display relevant information therein, respond to your requests, ensure that your information is accurate and up-to-date, verify your registration, and to contact you if we need to reach you and provide you with necessary information, for example, regarding changes to the ONE:ZERO Loyalty Program rules.

In order for us to create your account and manage your membership, you must provide the personal data necessary for the conclusion and execution of the contract, otherwise registration in the ONE:ZERO Loyalty Program is not possible. Registration requires your first name, last name and email.

The retention period for personal data depends on the activity of your Member account. If it is inactive for two consecutive calendar years, personal data will be deleted or permanently anonymized.

The legal basis for processing personal data is to enter into and perform a contract with you.

 

2. Management of personalized offers and other benefits

As part of your membership, we process your personal data to administer personalized offers and other benefits, such as birthday benefits. We only process personal data that is necessary for a specific benefit.

We use automated decision-making, including profiling, to provide you with personalized offers and other benefits. To do this, we may analyze the personal data you provide and the data we obtain based on your behavior (e.g., your shopping transactions, activities in the Member Account) using general rules or specific algorithms, predictive models. Our actions do not have any legal or similar effects on you.

In order to provide you with basic benefits, we use automated decision-making based solely on general rules that apply to all customers who are members of the ONE:ZERO Loyalty Program. This is not based on your preferences, behavior or similar attributes, and we do not offer or evaluate any aspects of your behavior or preferences to provide such benefits. For example, based on the date of birth you enter, the system determines when you are eligible for birthday benefits. Based on what benefits you use or do not use, we may determine other benefits that we offer that are available to you.

In order for us to be able to offer you personalized offers and personalized recommendations (and sometimes other benefits), we need to profile you, i.e. use special algorithms, predictive models to analyze your preferences, behavior or similar attributes. For example, special algorithms analyze the personal data you provide and your shopping transactions (e.g., products purchased) to develop personalized offers tailored to you. Based on your shopping transaction, we may also create a personalized recommendation for you about other benefits that we offer that are available to you.

Since personalized offers and benefits are the essence and fundamental purpose of membership, you cannot be a member if you do not want automated decisions and profiling to be made about you.

To manage personalized offers and other benefits, your first name, last name, date of birth, purchase history, user-generated personal data, for example, about activity in information systems (including the ONE:ZERO online store).

The retention period for personal data depends on the activity of your Member account. If it is inactive for two consecutive calendar years, personal data will be deleted or permanently anonymized.

The legal basis for processing personal data is to enter into and perform a contract with you.

 

3. Administration of purchases in the ONE:ZERO online store

We process your personal data to manage your purchases in the ONE:ZERO online store. Your personal data is processed to process your order, payment, send an invoice, contact you about your order and order status, deliver your order and perform similar actions related to order fulfillment.

In order for us to fulfill your order, you must provide personal data necessary for the conclusion and execution of the contract. For example, to pay for the order, you must provide payment details, if you want to receive home delivery, we need to know the address to which the order should be delivered.

You do not need to create an account to place orders in the ONE:ZERO online store. There is also the option to place an order as a guest, providing only the personal data required to place the order, such as name, surname, contact information and payment information.

We use your mobile phone number and email to contact you regarding your order. For example, to contact you in case of problems with your orders, to deliver orders to your address, or to inform you about the status of your orders (order confirmed, ready for delivery, delivered, canceled, not fulfilled, possible to receive after unsuccessful fulfillment, etc.).

ONE:ZERO may use external services or offer to use the services of other delivery companies to deliver your order. In this case, limited personal data information may be shared with ONE:ZERO’s partners, who act as a separate data processor or controller. For example, your personal data, contact information, order and delivery information. In the event that information is shared with another data controller, ONE:ZERO will provide a reference to the data controller’s privacy policy.

To administer purchases in the ONE:ZERO online store, you need your name, surname, all contact information, information about the order, payment, transaction and delivery.

The retention period for personal data depends on the activity of your Member account. If it is inactive for two consecutive calendar years, personal data will be deleted or irreversibly anonymized. Documentation related to orders will be stored in accordance with national law for 10 years from the date of order creation.

The legal basis for processing personal data is to enter into and perform a contract with you.

 

4. Compliance with legal requirements

We process your personal data to comply with a number of legal requirements to which we are subject, such as accounting requirements, product liability and product safety. For example, we store transaction information and documentation related to your ONE:ZERO online store order (e.g. order details, invoices, returns details) for the period required by law.

To comply with legal requirements, your name, surname, all contact information, information about the order, payment, transaction and delivery.

Documentation related to orders will be stored in accordance with national law for 10 years from the date of order creation. Other information related to the execution of legal acts will be stored in accordance with the deadlines set by law.

The legal basis for processing personal data is compliance with legal obligations.

 

5. Management of customer requests, complaints and suggestions

We process your personal data to handle your requests, complaints, suggestions and other questions, including feedback about our products in the online store.

When submitting a claim, please also provide the following information: your name, surname, contact information, description of the claim and documents proving the validity of your claim. If you do not provide the above information, we will not be able to assess and resolve your claim. Other categories of personal data mentioned in this privacy policy may also be processed as part of the processing of a customer's claim or complaint.

All personal data related to the processed claim, complaint or suggestion is stored for a maximum of two years from the date of its receipt. Personal data may be stored longer if the claim or complaint has not yet been processed or legal proceedings are still ongoing. In this situation, personal data is stored until its processing or 1 year after the end of the relevant legal proceedings. Product reviews are stored until the product is available in the online store.

Legal basis for processing personal data – processing is necessary to comply with a legal obligation to which we are subject regarding the handling of claims and complaints.

Regarding providing feedback on products in the online store, the legal basis for processing is necessary to pursue our legitimate interests in receiving customer feedback to improve the shopping experience.

 

6. Surveys

We may process your personal data to ask you to participate in surveys to collect customer feedback in order to improve and expand our services. If you have agreed to receive marketing information, we may send the survey to your chosen communication channel. In other cases, we may publish our survey on our website, online or in physical stores, where you can access them and participate in the survey at your own discretion.
Participation in surveys is up to you.

Surveys are anonymous, except if participation in the survey is organized simultaneously with participation in a raffle.

Your participation in the survey, if it is not anonymous, may require name, surname, contact information, purchase history, your feedback and opinion.

Survey data is stored for up to one year after the draw closes.

The legal basis used for participation in the survey is your consent.

 

7. Lotteries

We process your personal data to administer lotteries, games and/or competitions of ONE:ZERO or ONE:ZERO suppliers, if you have expressed a desire to participate in lotteries, games and/or competitions. We process your personal data to determine and notify the winner, to identify you when awarding prizes in lotteries, games and/or competitions, as well as to include your name and surname in the lottery protocol in accordance with legal obligations.

If you wish to participate in a lottery, game and/or competition, you must provide us with your personal data. If you do not provide your personal data, you will not be able to participate in the lottery, game or competition or, if you win, we will not be able to award you a prize.

When issuing the prize, your identity will be verified and in case of discrepancies, its issuance will be canceled.

The lottery may require your name, surname, contact information, purchase history and user-generated personal data, such as information about activity in the ONE:ZERO online store.

If you are the winner, your name and surname are indicated in the act of receipt of the prize and in the protocol of the lottery, game and competition, which are stored for five years from the date of the lottery, game and competition. In all other cases, personal data obtained during the lottery, game and competition are stored for no longer than two years from the date of the lottery or game.

The legal basis for processing personal data for lottery purposes is your consent and our legal obligation to prepare the lottery report/award the prize.

 

8. Sending commercial communications

We process your personal data to send you marketing information, such as personalized offers, information about discounts, benefits, sales, special campaigns, our news, events, latest products in the assortment via your chosen communication channel, such as SMS, email, browser notifications. At the same time, there is an option to register only to receive commercial notifications about various news without registering in the ONE:ZERO Loyalty Program.

We use automated decision-making, including profiling, to provide you with personalized and effective direct marketing communications. To do this, we take into account the personal data you provide and the data we obtain based on your behavior. Our actions do not have any legal or similar effects on you.

You may opt out of receiving commercial communications or direct marketing communications from us at any time. You can do this by contacting us by email at info@onezerocosmetics.lv or by using the unsubscribe link in the communication sent to you by email.

When you opt out of direct marketing communications, we will reset your personal data processing settings so that direct marketing communications are no longer provided to you.

Your information may be required to send commercial communications. name, surname, date of birth, all types of contact information, information about the benefits used, purchase history, customer choice data (e.g. consents given), user-generated personal data (e.g. about an unfinished shopping cart), connection information (e.g. about the type of device used).

Data for the purpose of sending commercial communications will be processed until you withdraw your consent to receive commercial communications.

The legal basis for processing personal data for the purposes of commercial communications is your consent.

 

9. Information security, fraud prevention and legal claims management

We may process your personal data to defend, establish and exercise legal claims, including to prevent and/or stop fraudulent or illegal activities, gather evidence of detected problems and administer the situation, as well as stop misuse of our products or services.

Fraud prevention and legal claims management may require any information and personal data referred to in this Privacy Policy that you have previously provided to ONE:ZERO.

In the event of legal claims, the data will be processed while the investigation, settlement and enforcement of the legal claim are ongoing. The data will be retained for three years after the decision to close the investigation or until the final execution of the court ruling.

Data, such as audit logs, are stored for information security purposes for up to 18 calendar months, unless the law requires a longer retention period.

Processing is necessary for the purposes of our legitimate interests to establish, exercise or defend legal claims and to ensure the security of information.

 

10. Statistical and market research purposes

We process your personal data for statistical purposes in order to monitor, evaluate, improve and expand the online service offering. For these purposes, we will not process your name, contact details and any other directly identifiable information that can directly identify you as a specific person.

It may be necessary for statistical and market research purposes information about the member's participation in the ONE:ZERO Loyalty Program (e.g. duration, year of registration), information about orders, deliveries, payments, purchase history, customer preferences, user activities within the ONE:ZERO Loyalty Program and feedback.

Data for statistical and market research purposes will be retained for as long as necessary to pursue our legitimate interests.

Legal basis for processing personal data for statistical and market research purposes – processing is necessary to ensure compliance with our legitimate interests in improving and expanding our services.

 

To protect your privacy and security, we will take appropriate steps to verify your identity, such as requesting a password and user ID, before granting access to your data. We strive to protect our users' personal information and privacy, however, we cannot guarantee the security of any information you disclose online, and you do so at your own risk.

 

Transfer of information

ONE:ZERO will not disclose any personally identifiable information to third parties without your consent. The following exceptions apply:

  • ONE:ZERO may share the information we collect with our third-party service providers (such as our payment service providers or couriers, etc.). If we share information about you, we will require the relevant third parties to handle it in accordance with this Privacy Policy and not to disclose or use your personally identifiable information for any purpose other than to provide services to you or for the benefit of ONE:ZERO.

We currently use the following third-party service providers:
“OMNIVA SIA” (registration number: 40103527192)
We may disclose the information we collect, including personally identifiable information, to third parties as required by law. For example, we may disclose information to regulatory authorities and law enforcement agencies upon their formal request.

  • We may disclose the information we collect, including personally identifiable information, to companies that may acquire, in whole or in part, ONE:ZERO.
  • We may transfer your personal data to our insurers and professional advisors in connection with risk management, professional advice or for the purpose of establishing, exercising and defending legal claims.

We may share your personal data not only in the cases specified above, but also to fulfill our legal obligations. For direct marketing purposes, we may transfer personal data with your consent to our partners who will provide us with marketing services.

ONE:ZERO always strives to ensure that your personal data is processed within the EU/EEA.

Your personal data may be transferred to a country outside the EU/EEA or processed in a country outside the EU/EEA where contracted service providers do so. In order to ensure adequate protection of your personal data when transferring data outside the EU/EEA, we ensure that appropriate security measures are in place to protect your personal data. For example, an EU Commission decision that the country in question ensures an adequate level of personal data protection, standard contractual clauses, etc. You can receive information about the personal data protection measures used and implemented by submitting a written request to us.

ONE:ZERO is not responsible for the protection of information you provide on other websites. You should be aware that if you voluntarily disclose personally identifiable information on other applications and websites, it may be collected and used by others and may result in unwanted messages being sent to you.

 

Information storage

Trade transactions
Situations may arise where we may decide to sell, purchase, merge or otherwise reorganize our business for strategic or other reasons. Such a transaction may involve the disclosure of personally identifiable information to prospective or actual buyers or joint venture partners, as well as the receipt of such information from sellers. In accordance with our standard practices, we strive to ensure appropriate protection of information in such transactions.

 

Your rights

This section of the Privacy Policy discusses your rights under data protection law. Some rights cover many aspects, so we only cover the main ones in this Privacy Policy. We recommend that you familiarize yourself with the relevant legislation and the guidelines of the supervisory authorities for full information about these rights.

You have the following rights related to the protection of personal data:

  • the right to receive information about the processing of personal data;
  • the right to access your personal data that we store;
  • the right to request correction of your personal data that we hold about you (you can correct most of it by logging into your account);
  • the right to ask us to delete your personal data (“right to be forgotten”);
  • the right to restrict the processing of your personal data;
  • the right to object to the processing of your personal data;
  • the right to object to your personal data being processed for direct marketing purposes;
  • the right to data portability;
  • the right to withdraw consent to the processing of your personal data;
  • the right to lodge a complaint with a supervisory authority.

If you wish to exercise your rights, or if you have any questions regarding the processing of personal data or the exercise of your rights, please contact us by e-mail info@onezerocosmetics.lv

ONE:ZERO provides its customers with the opportunity to exercise the rights listed in this privacy policy in the profile settings on the onezerocosmetics.lv website.

The right to access your personal data that we process. You have the right to obtain confirmation from us as to whether we are processing your personal data. When we process your personal data, you have the right to access the personal data being processed and information about their processing, for example, the purpose of the personal data processing, the categories of personal data, the recipients of personal data, etc. We will provide you with a copy of your personal data. You have the right to receive your personal data in a structured, commonly used and machine-readable format. However, you cannot exercise this right in cases where it may adversely affect the rights and freedoms of others.

We have the right to refuse to provide your processed data if the legal acts specify circumstances in which personal data is not provided.

The right to request rectification of your personal data that we store. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

The right to restrict the processing of your data. This right can be exercised in the following cases:

  1. you dispute the accuracy of personal data;
  2. personal data is being processed unlawfully, but you do not want it to be deleted;
  • the personal data is no longer necessary for the purposes of our data processing, but you request it in connection with the establishment, exercise or defense of legal claims, or
  1. You do not agree to their processing based on our or a third party's legitimate interests until the grounds for your objection have been verified.

By restricting the processing of personal data, we may continue to store your personal data, but we will not further process it, except:

  1. with your consent;
  2. in connection with the establishment, exercise and defense of legal claims;
  • to protect the rights of other natural or legal persons or
  1. for important public interests.

The right to object to the processing of your personal data. You may exercise this right for any purpose for reasons relating to your particular situation, but only to the extent that we use the data in connection with our legitimate interests or those of a third party. If you object, we will not continue to process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

The right to object to the processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you object, we will no longer process your personal data for these purposes.

Right to data portability You can exercise this right in cases where your personal data is processed by authorized means (computers, etc.) and the legal basis for the processing of personal data is:

  • Your consent, or
  • performance of the contract or actions taken at your request prior to the conclusion of the contract.

Right to withdraw consent to the processing of your personal data. In cases where the legal basis for the processing of your personal data is consent, you have the right to withdraw consent at any time. Withdrawing consent will not affect the lawfulness of the processing for the period prior to its withdrawal.

Right to lodge a complaint with a supervisory authority. If you believe that we are in breach of the legislation governing the protection of personal data when processing your personal data, you have the right to lodge a complaint with the State Data Inspectorate, located at Elijas iela 17, Riga, LV-1050, https://www.dvi.gov.lv/lv/. In all cases, please contact us before submitting a complaint so that we can find a suitable solution together.

 

Data deletion

As stated above, you have the right to request the deletion of your personal data that we hold.

If you would like to delete this personal data, please contact us by email at info@onezerocosmetics.lv;

Upon receipt of your request to delete your data, we will act in accordance with the provisions of the General Data Protection Regulation (GDPR). The GDPR provides for the right to request the erasure of personal data in certain cases:

  1. the personal data are no longer necessary to achieve the purposes for which they were collected or otherwise processed;
  2. you withdraw your consent and there is no other lawful basis for the processing of the data;
  • you do not agree that personal data will be processed to achieve our legitimate interests or those of a third party;
  1. personal data is processed for direct marketing purposes;
  2. personal data was processed unlawfully;
  3. personal data must be deleted in accordance with the requirements of the laws applicable to us.

Please note that in some cases you may not be able to exercise these rights due to applicable exceptions. These exceptions include cases where the personal data being processed is necessary to:

  1. exercise freedom of expression and information;
  2. to enforce our legal obligations; or
  • to establish, exercise or defend legal claims.

We will check whether any of the listed cases apply to you. If, in accordance with the GDPR, personal data must be deleted at your request, it will be deleted.

Please note that personal data will not be deleted if their processing is necessary for the fulfillment of legal obligations provided for by law, as well as if the personal data is necessary for the establishment, exercise or defense of legal claims.