ROSAFA Skincare with headquarters at London, UK (further referred to as “ROSAFA”, “we”, “our”, “us”), recognises the utmost importance of privacy protection and personal data security. The purpose of this document is to inform on good practices and policies implemented by
ROSAFA in collecting, processing, and transferring personal data submitted by users via our website and/or electronic services.
In accordance with Article 13 par. 1 and 2 of The General Data Protection Regulation from April 27, 2016 further referred to as GDPR we inform that:
- ROSAFA is the Administrator of your personal data;
- Data Protection Officer can be contacted via e-mail firstname.lastname@example.org
The Administrator can be contacted via a contact form available on www.rosafaskincare.com webpage, or by a written letter sent to the Administrator’s headquarters;
Your personal data will be processed for purposes stated in par. 3; On the Administrator’s commission, your personal data can be made available to other entities like IT, legal, accountancy, postal, and courier services providers, as well as to other third parties like local ROSAFA Distributors;
You have a right to access and change your personal data as well as to have it removed from ROSAFA database, to limit its processing, to file objections, to transfer your personal data, and to withdraw your consent to its processing at any time.
Withdrawal of consent has no effect on ROSAFA right to processing your personal data exercised before the withdrawal has taken place.
You have a right to file a complaint to supervisory authorities if you find processing your personal data has violated the General Data Protection Regulation from April 27, 2016.
02 What kind of users’ data ROSAFA collects and for how long this data is stored?
ROSAFA can collect and store the following data concerning its users:
2.1 Data Submitted Directly by Users
Users can submit data that allows for their identification by using ROSAFA services, filling in forms or questionnaires available on our website (registration forms is one of the examples), taking part in competitions or promotions, interacting withROSAFA by phone, email, or any other means of communication, as well as by using ROSAFA customer support and a contact form.
The submitted data falls into one or more of the following categories: Mandatory data, necessary to register for services available throughROSAFA website or other services provided by ROSAFA (for example ROSAFA Resellers Platform or Blooms Service Platform); Photos (for example those posted on our forum); Records of all kinds of correspondence between users and ROSAFA; Detailed information on users’ visiting our website and using resources available there; Responses provided in all kinds of questionnaires. Those can be used for analyses, particularly the ones on users’ behaviour and users’ satisfaction; Information ROSAFA may require while submitting issues with its products and/or services, as well as while contacting its customer support; Geolocation data, if a user has consented to collecting and processing of it; In case of registering a user through social media, ROSAFA will have access to some of user’s personal data (like name, profile picture, email, number of friend on Facebook, etc.), posted on his or her profile in accordance with terms and conditions of a given social media platform.
2.2. Data Gathered Automatically
In regard to users’ visits on our website,
ROSAFA can gather, in accordance with relevant legal regulations and only upon users’ explicit consent, data on users’ devices and/or networks used by them to access
ROSAFA services. It may include data falling into the following categories: an IP address, login data, type and version of the web browser, kind and number of installed plug-ins used by the web browser, platform and operating system, advertising ID, visiting statistics including the URL of the website where the link to the
ROSAFA website has been clicked on, browsed and searched for products and/or services, downloading data errors, time-spans of activity at all visited web pages in
ROSAFA domain, interaction with other websites and all phone numbers used to contact
ROSAFA tech support.
ROSAFA obtains this data with various technologies, including cookies. Specific terms and conditions regulating the usage of cookies are to be found further in the Private Policy (pt. 8).
2.3. Storing the Data
Except for categories of personal data specifically mentioned in the following paragraphs, users’ personal data is stored for the entire duration of their relationship with
ROSAFA. This period extends to:
- 5 years since the last time a user has visited
- ROSAFA website, if his or her account has not been closed down;
- 1 year since the above-mentioned account has been closed down;
- The period can be extended for a limited time because of relevant claims, if processing of personal data is necessary for the Administrator to pursue or defend against those claims.
- Billing information (for example data on payments, returns, and so on) is stored for the period required by relevant tax and accounting regulations.
- In case of the user’s account blockage or suspension, his or her personal data will be stored for the period of 1 year to prevent circumventing of our services’ terms and conditions.
03 How ROSAFA Uses the Data Collected from Users?
ROSAFA uses the data collected from its users for the following purposes:
- To fulfil its obligations arising from all kinds of agreements with users and to provide them with information concerning ordered products and/or services. Processing of such data is necessary to fulfil contractual obligations;
- To inform users on available products and/or services via email, text messages, and/or other means of communication. Processing of such data is necessary to fulfil contractual obligations and is entirely conditional on users’ explicit consent;
- To receive users’ payments or to issue payments previously received by ROSAFA on users’ behalf. Processing of such data is necessary to fulfil contractual obligations;
- To enable users to personalise their profiles on ROSAFA websites. Processing of such data is entirely conditional on users’ explicit consent;
- To enable users to share and exchange information about our services with other users. Processing of such data is necessary to fulfil contractual obligations and is done upon users’ explicit consent;
- To send users, in compliance with laws and regulations in force and, when necessary, upon users’ explicit consent, marketing materials and information necessary to improve delivery of ordered products and/or services, as well as suggestions regarding other products and services that may be of interest for users. Moreover, ROSAFA uses users’ data to send them personalised ads in social media. Detailed information on the operation of such services and kinds of data they collect from users is available on relevant webpages of a given social media platform. Processing of such data is entirely conditional on users’ explicit consent and the existence of ROSAFA justified cause for processing it;
- To provide users with information on changes in ROSAFA products and/or services. Processing of such data is necessary to fulfil contractual obligations, to comply with relevant laws and regulations, and to act upon or protect any legal claims that may arise during users’ relationship with ROSAFA;
- To properly manage ROSAFA websites and internal activities such as troubleshooting, data analysis, testing, and conducting research, analytic, and supervisory projects. Processing of such data is conditional on the existence of ROSAFA justified cause for processing it (for example to guarantee the security of ROSAFA platforms and their improvement);
- To improve ROSAFA website and to guarantee the content published there is always presented in the best possible way for users and their devices. Processing of such data is necessary to fulfil contractual obligations, and/or is entirely conditional on users’ explicit consent;
- To enable users’ use of interactive features in ROSAFA services, if they wish to use those features. Processing of such data is necessary to fulfil contractual obligations and/or is entirely conditional on users’ explicit consent;
- To ensure the security of ROSAFA website. Processing of such data is conditional on the existence of ROSAFA justified cause for processing it, necessary to act upon or to protect any legal claims that may arise during users’ relationship with ROSAFA, and to ensure compliance with relevant laws and regulations;
- To conduct measurements and activities aimed at evaluating the effectiveness of advertisements sent to users or third parties, and to deliver personalised ads to users. Processing of such data is conditional on the existence of ROSAFA justified cause for processing it and/or on the users’ explicit consent.
3.1. Forms and their purpose
- Contact Form. Its purpose is to respond to the user in a specific case;
- Newsletter Subscription Form. Its purpose is to deliver a newsletter with product announcements, press releases, and other news related to ROSAFA and electric fireplaces in general;
- Support Form. Its purpose is to submit encountered issues or requests for repairs. Acting upon such requests may require your personal data to be shared with third-party suppliers and service providers;
- Become a Reseller Form. Its purpose is to submit an application to become a ROSAFA Reseller. Sometimes it’s also used for offering products and effecting sales;
04 Who are the recipients of data collected from ROSAFA users and why it is available to those recipients?
When users use ROSAFA services, some of their personal data is made available to members of ROSAFA community, for example through users’ public profiles. Moreover,
- ROSAFA works closely with third party entities, who can be users’ personal data recipients such as: ROSAFA business partners like Resellers, who can offer related services to users; ROSAFA vendors in technical matters, payment processing, identity verification, as well as products and/or services delivery. ROSAFA makes data collected from users, including personal data, available to any of the above-mentioned third-party entities only if this is necessary: To enable the use of services provided by the third-party entity; To fulfil contractual obligations;To simplify the delivery of ROSAFA services or to extend the scope of those services.
- ROSAFA uses third-party services for analytics and search engine optimisation. It is assumed that by signing up for ROSAFA services users’ give their consent for their data to be used by the above-mentioned third-party entities.
ROSAFA may disclose users’ personal data upon request from authorities or the court of law in compliance with relevant laws and regulations, or upon a bona fide belief that such disclosure is necessary to:
- Fend off any legal claims brought against ROSAFA in the court of law;
- Provide evidence in an ongoing legal investigation
- Remove an imminent threat that may cause a human death or injury;
- Protect rights, property and security of ROSAFA, its users, or third parties.
05 Personalised ads delivered through social media, email, and text messages.
In compliance with relevant laws and regulations, and when necessary, upon users’ explicit consent, ROSAFA can use the data submitted via its platforms for the purpose of direct marketing through electronic means of communication which may include, but is not limited to:
- Sending newsletters, invitations for ROSAFA-organised events or other messages that according to ROSAFA may be of interest for users;
- Delivering personalised ads through social media platforms or third-party websites.
- Targeted ads and materials: On social media platforms like Facebook, Twitter, Instagram, or LinkedIn users can opt-out of receiving the above-mentioned ads and materials by changing the appropriate account settings at a given social media platform;
- To opt-out of receiving ads on third party websites, please follow the instructions included in the paragraph Cookies and Similar Technologies.
06 Access to Users’ Data by Third-Party Entities
All users’ personal data are stored within the European Union. Considering that ROSAFA operates at an international scale, it does grant access to its users’ personal data to third party entities based in non-EU countries where regulations on handling personal data may by less rigorous than those in force in the user’s place of residence. It may be the case when a third party entity providing data processing services for
- ROSAFA has its headquarters in a non-EU country that does not have the appropriate legal protections for users’ personal data in place. Such service providers responsible for users’ data processing may take part in delivering services ordered by users, processing of their billing information, delivering advertising and marketing services on behalf of
- ROSAFA, and/or delivering support services through electronic means of communication.
The above applies to making users’ data available to corporate entities based outside of the EU for the purpose of delivering relevant services in their respective countries.
In case of making user’s data available to non-EU entities,
- To obtain detailed information on data security measures in place at ROSAFA, please use the contact forms available below.
07 Users’ Rights on Personal Data
If regulated by laws in force, users may have a right to obtain copies of their personal data stored at ROSAFA. Before responding to a written request for such a copy, ROSAFA may ask users for:
- Identity verification;
- Additional information necessary to process the request.
ROSAFA is committed to resolving the above-mentioned requests in a timely manner, within a period required by relevant laws and regulations. To act upon this right, users need to contact ROSAFA using the contact forms available below.
Users have a right to access, correct, modify or remove their inaccurate personal data. Users can also update or remove their personal data by using the contact forms available below. Users can remove their accounts at any time and object to any further processing of their personal data by ROSAFA.
In some cases, ROSAFA can keep some of users’ data, if it is required by law, or if there is a justified cause for doing so. For example, when ROSAFA has reasons to believe a user has committed a fraud or violated terms and conditions, it can keep some users’ data to prevent further violations. Users have a full right to file a complaint to relevant authorities, or take their case to the court of law whenever they believe their rights have been violated.
08 Cookies and Similar Technologies
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
09 Links to External Websites and Social Media
ROSAFA can include links to external websites belonging to its partnership networks, advertisers, or subsidiary corporate entities. In case of using links to external websites, users should bear in mind they are bound by privacies policies in place at those respective websites.
11 Contact Details