PRIVACY POLICY
Personal data collected each time users visit the website or place an order is essential for the overall management of the order by BEAUTY MAZE and its affiliated providers. This management includes the detection of online fraud and fraud related to modern payment methods, prevention and management of payment (non-payment), and the maintenance of BEAUTY MAZE’s rights regarding its commercial activities. Additionally, this data can be used for updates on new products and services provided by BEAUTY MAZE and promotions or other promotional services. This data are retained for a period not exceeding the time required according to the purpose for which they were collected.
What Data We Collect
We ensure to collect only the necessary data appropriate and clear for the intended purpose. This data includes:
Data during the creation of a user account: email address, login password, name, surname, mailing address, phone number, VAT number – Tax Office – billing information (in case of registration as a professional), activity (aesthetics, makeup, massage, hair removal, or other), and proof of professional status (in case of registration as a professional).
Details of your transactions with us, either through our physical stores or through our online store.
Interests and purchasing preferences to recommend specific products and services tailored to your interests.
Website visitation information or other websites you visited before us.
Information collected from the use of cookies in your browser.
Payment information.
Your comments and product reviews.
Your image may be recorded on CCTV when you visit our physical store.
Technical information about your internet connection, browser, country code, and phone number.
Your data processing complies with the law, and we do not allow children under 16 years old to register on the website.
How We Use Your Data
We aim to offer you the best possible shopping experience, combining the data we have collected. We use your data to provide offers for products and services that may interest you. For members of the rewards program, additional relevant rewards may be offered. The processing of your data is within the framework of our legitimate interests and the need to understand our customers to provide them with a high level of service.
For more detailed information on how your data is used and why, including the provision of website information and services you request, product orders, account creation, and communication responses, please refer to the original Greek text.
“Below you will find details on how we use your Data and why:
For providing information for the Website and the requested services:
- Product Orders: The Company processes your Data to fulfill its contractual relationship, process product and/or service orders, provide customer service, comply with legal obligations, and address, assert, or exercise legal claims. If we do not collect your Data during the order completion, either from our physical stores or our online store, we will not be able to process your order and comply with our legal obligations. Your Data may need to be transferred to third parties for the supply or delivery of the product or service you have ordered. Additionally, we may retain your Data for a reasonable period to fulfill our contractual obligations, such as product returns, as provided by relevant legislation.
- User Account Creation: The Company processes your Data to provide you with account features and facilitate the purchase of products and/or services.
- Communication: The Company uses your Data to respond to the requests/questions you submit, refund requests, and complaints. The information you share enables us to manage your requests and respond to you in the best possible way. We may also maintain a record of your queries/requests to better respond to any future communication. We do this based on our contractual obligations to you, our legal obligations, and our legal interests to provide you with the best possible service and improve our services based on your personal experience.
- Sometimes, we may need to share your Data with a third party providing a service (such as courier delivery). Without sharing your personal data, we would not be able to fulfill your request. Further information on how we share personal data with third parties follows.
For sharing information about our products, services, and events, as well as other promotional purposes:
- Sending newsletters/offers: With your consent, we will use your personal data, preferences, and transaction details to inform you via email, internet, telephone, and/or social media about relevant products and services, including personalized offers, discounts, etc. Of course, you have the option to withdraw this consent at any time.
- Web push notifications: Depending on your navigation, you may receive notifications for our offers, news, your wish list, and shopping cart, provided you have given your consent. You also have the option to withdraw this consent at any time.
- Participation in the rewards program: The Company processes your Data for your participation in the rewards program, including the examination of your participation application, the collection and redemption of points, and the enjoyment of customer privileges, as detailed in the program’s participation terms. This allows us to offer you personalized offers based on the analysis of your previous purchases, including the products you have recently purchased. We do this based on our legal interest in showing you relevant offers. Of course, you are free to choose whether to benefit from these offers.
- Participation in Contests: The Company processes your Data if you agree to participate in contests it conducts to notify you if you are the winner and to deliver your prize.”
“For the operation, improvement, and maintenance of our business activity, products, and services:
- Development and improvement of systems and services for the products we provide. We do this based on our legitimate business interests.
- We want to offer you offers and suggestions that are more relevant to your interests. To help us shape a better and overall understanding of you as a customer, we combine your personal data collected throughout our relationship, for example, your purchase history in both our physical and online stores. For this purpose, we also combine the data we collect directly from you with data we receive from third parties to whom you have given your consent to transfer this data to us. For example, combining this data will help us tailor your experience and decide which inspiration or content to share with you. We also use anonymous data from customer purchase history to identify trends in various regions of the country. This can then guide which products we display in specific stores.
- To display the most interesting content on the Website, we will use the data we keep for your favorite products. This is done with your consent to place cookies on your device. For example, we may show you a list of products you recently viewed or offer recommendations based on your purchase history and any other data you have shared with us.
- To send you research and evaluation requests so that we can improve our services. These messages will not include advertising content and do not require prior consent when sent by email or text message (SMS). We have a legitimate interest in doing this, as it helps make our products or services more relevant to you. Of course, you are free to refuse to receive these requests from us at any time by updating your preferences in your online account.
For the protection of rights, property, or safety, ours or third parties:
- Protecting your account from fraud and other illegal activities: This includes using your data to maintain, update, and protect your account. We also monitor browsing activity with us to quickly identify and resolve any issues and protect the integrity of our website. All of the above is part of our legitimate interest. For example, we check your password when you log in and use automated IP address monitoring to detect possible false entries from unexpected locations.
- Operation of CCTV systems: In order to protect customers, premises, property, and partners from criminal activity, we operate CCTV systems in our stores that record images for security. We do this based on our legitimate business interests. If we detect any criminal activity or alleged criminal activity through the use of CCTV, fraud monitoring, and monitoring of suspicious transactions, we will process this data for the purpose of preventing or detecting illegal acts. Our goal is to protect customers, employees, and partners from criminal activities.
- Processing payments and preventing fraudulent transactions: We do this based on our legitimate business interests. This also helps protect our customers from fraud.”
For our compliance with obligations arising from the law:
- To comply with our contractual or legal obligations, we may exchange data with law enforcement. For example, following a court order for data exchange with judicial services. • To send you communications required by law or necessary to inform you about changes in the services we provide. For example, updates related to privacy notices, product recall notices, and legally required information regarding your orders. These service messages will not include advertising content and do not require prior consent when sent via email or text message (SMS). If we do not use your personal data for these purposes, we cannot comply with our legal obligations.
For what purpose do we process your data?
We collect your data for the purposes of the products and/or services provided by our Company, particularly for: a) managing the sale of our products/services, such as communicating and informing you about product availability, order progress, order fulfillment, product shipment, managing your debts to the Company, processing returns, and providing warranties. b) complying with obligations imposed by current legislation, such as tax laws and e-commerce directives. c) monitoring, improving, and adapting to your preferences and choices regarding our products and/or services. d) sending administrative, technological, organizational, and/or commercial information electronically or traditionally about our Company’s products and/or services. e) conducting customer satisfaction surveys, promoting our products/services, and sending informational newsletters about our products and/or services. f) evaluating job applications and resumes for employment in our Company.
What is the legal basis for processing your data by the Company?
- Data protection legislation defines various reasons for a company to collect and process your personal data, including: the terms of our contractual relationship. • Your consent, when required. For example, when choosing to receive newsletters. During the collection of your personal data, we will always inform you of the necessary data for a specific service. • The Company’s obligations arising from the law (e.g., tax legislation, e-commerce legislation, etc.). • Our Company’s legitimate interest. In specific cases, we collect your data in a way that is reasonably expected as part of the operation of our business and does not substantially affect your rights, freedom, or interests. For example: – We will use your purchase history to send you personalized offers. – We also combine the purchase history of many customers to identify trends and ensure that we can meet market demand or develop new products/services.
Who are the recipients of your data – How is your data disclosed?
Access to your data is strictly limited to the necessary personnel of the Company, which is committed to confidentiality, as well as to our collaborating businesses or third-party service providers who process your data as Data Processors on our behalf and in accordance with our instructions.
Disclosure of Data by the Company:
The Company shares your data with:
- Third-party service providers processing personal data on behalf of the Company, such as (indicated for example) credit card and payment processing, transportation and delivery, hosting, data management and maintenance, email distribution, research and analysis, brand and product promotional activities, Google, Facebook, as well as managing certain services and elements. When using third-party service providers, we enter into agreements that require them to implement appropriate technical and organizational measures to protect your personal data.
- Other third parties, to the extent required for the following purposes: (i) compliance with government requests, court orders, or applicable laws, (ii) prevention of illegal use of our websites or violations of our Terms of Use and policies, (iii) our protection from third-party claims, and (iv) contributing to the prevention or investigation of fraud cases (e.g., counterfeiting).
- Other third parties when you have given your consent.
Sharing by You:
- When you use certain social media features on our website, you may create a public profile that includes information such as username, profile picture, and city. You can also share content with your friends or the public, including information about your interaction with the Company. We encourage you to use the tools we provide for managing sharing on the Company’s social media platforms to control the information you make available through these means.
Here is the policy we apply to those with whom we share your data according to the above:
- We provide only the information necessary for the execution of their specific services.
- They can use your data only for the precise purposes defined in our agreement with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we cease to use their services, any data they hold will be deleted or anonymized.
- To enhance your customer experience on the website, we use the following companies, which will process your Personal Data as part of their contracts with us: Google, Facebook.
How do we ensure that Data Processors respect your data?
Data Processors processing on our behalf have agreed and committed contractually with the Company:
- To maintain confidentiality.
- Not to send your data to third parties without the Company’s permission.
- To take appropriate security measures.
- To comply with the legal framework for the protection of personal data, especially Regulation 979/2016/EU (GDPR).
The personal data we collect (or process) on our Web Sites will be stored in Greece. However, some of the recipients of the Data with whom the Company shares your Personal Data may be located in countries other than the one in which the initial collection of your Personal Data took place. The legislation in these countries may not provide the same level of data protection as the country that initially provided your Personal Data. However, when we transfer your Personal Data to recipients in other countries, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law. We take measures to comply with the applicable legal requirements for the transfer of personal data to recipients in countries outside the European Economic Area or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries enjoys adequate protection in accordance with data protection rules. These include the signature of Standard Contractual Clauses, certification that the recipient has adopted the European Binding Corporate Rules, or adherence to the Privacy Shield between the EU-US and Switzerland-US.
How long do we keep your Data?
We retain your Personal Data as long as needed to fulfill the purposes defined in this Privacy Policy (unless a longer retention period is required by applicable law). Generally, this means that we will retain your personal data for as long as you have an account with our Company. Regarding your Personal Data related to product purchases, we retain this data for a longer period to comply with our legal obligations (such as tax and commercial law) and for warranty purposes. At the end of this retention period, your data will be fully or anonymously deleted, for example by aggregating it with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning. Some examples of customer data retention periods: • Orders: When you place an order, we will retain the personal data you provided for five years to comply with our legal and contractual obligations. • Warranties: If your order included a warranty, the related personal data will be retained until the end of the warranty period. • Newsletter: Your consent for receiving newsletters is kept for as long as you receive newsletters from the Company.
Are your Data secure?
We are committed to safeguarding your Personal Data. Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures for the security and protection of your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure the maximum possible security. The website uses the TLS protocol for secure online transactions. In this way, all the Data you provide, including your credit card number, name, and address, are encrypted so that they cannot be decrypted or altered during their transfer over the Internet. Additionally, the credentials used to identify you as a user are two: the Login Code (Username) and the Personal Secret Security Code (Password). Each time you enter your credentials, you are granted access to your personal account. This process is securely achieved through encryption during their transfer over the Internet and the Company’s servers. According to the same standards, you have the ability to change your Personal Secret Security Code (Password) as often as you desire. After entering the desired code, the new code is encrypted and stored in the Company’s systems. For this reason, you are the only one who knows your code, and you are solely responsible for maintaining the confidentiality of your code from third parties. These measures are reviewed and modified when deemed necessary.
“What are your rights?
You have the right to access your personal data. This means you have the right to be informed by us if we process your data. If we process your data, you can request information about the purpose of processing, the type of data we hold, to whom we disclose it, how long we store it, whether automated decision-making is involved, and your other rights, such as correction, deletion of data, processing restrictions, and filing a complaint with the Data Protection Authority. You have the right to correct inaccurate personal data. If you find errors in your data, you can request us to correct them (e.g., name correction or address change). You have the right to be forgotten. You can ask us to delete your data if it is no longer necessary for the purposes mentioned above or if you wish to withdraw your consent if it is the only legal basis. You have the right to data portability. You can ask us to provide your data in a readable format or to transfer it to another data controller. You have the right to restrict processing. You can ask us to limit the processing of your data while your objections to the processing are pending. You have the right to object and revoke your consent to the processing of your data. You can object to the processing of your data, and we will stop processing your data unless there are other compelling and legitimate reasons that override your right. If you have given your consent for the collection, processing, and use of your personal data, you can withdraw your consent at any time in the future. Choosing not to receive marketing communications. You can choose not to receive marketing communications from the company by changing your preferences in your user account (my profile) on our websites. You can also choose not to receive marketing communications by changing email and SMS subscriptions by clicking the unsubscribe link or following the instructions in the message. Alternatively, you can contact us using our contact details. In cases where we rely on our legitimate interest. In cases where we process your personal data based on our legitimate interest, you can ask us to stop for reasons related to your personal situation. We must do so unless we believe that we have a legitimate and compelling reason to continue processing your personal data.
How can you exercise your rights?
To exercise your rights, you can submit a request to the Data Protection Officer at the company’s postal address (Marios Seretis www.beautymaze.gr), Gerakas, Attica, at 18 Spaton Ave., 15344) or to the company’s email address (info@beautymaze.gr) with the title “Exercise of Right,” and we will examine and respond to it as soon as possible. Exception: If you want to correct your data in your user account, you can log in and make any corrections/changes without submitting a request. If you want to withdraw your consent for receiving newsletters, you can do so by selecting the link “To unsubscribe from the newsletter mailing list, click here,” located at the bottom of each newsletter. If you do not want to receive web push notifications from the company, you can disable this option in your browser settings. Identity verification To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request based on this Privacy Policy. If you have authorized a third party to submit a request on your behalf, we will ask them to prove that they have your permission to act for this purpose.
When do we respond to your requests?
We respond to your requests free of charge without delay, and in any case, within (1) one month from the date we receive your request. However, if your request is complex or there is a large number of your requests, we will inform you within the month if we need an extension of another (2) two months, within which we will respond to you. If your requests are obviously unfounded or excessive, especially due to their repetitive nature, the company may charge a reasonable fee, taking into account administrative costs for providing information or performing the requested action or refuse to further process the request.
What is the applicable law for processing your data by us?
The applicable law is Greek law, as shaped according to the General Data Protection Regulation 2016/679/EU and, in general, the current national and European legislative and regulatory framework for the protection of personal data. The competent courts for any arising disputes related to your data are the courts of Athens.”