Privacy Policy
The security of your personal data is a priority for us. Therefore, we pay due attention to personal data and its protection. In this Privacy Policy (hereinafter the “Policy”), you will find information about what personal information we collect about you, under what legal title we process it, what purposes we use it for, how long we store it for, and to whom we may transfer it. In the Policy, we will also inform you about your rights in connection with the processing of your personal data.
1. What personal data do we process?
If you use the services of our e-shop or establishments (i.e. stores and distribution points), we process various types of data about you.
1.1. If you make a purchase
The most common information you provide to us is information obtained through the form for ordering goods or other services on our website. This is mainly data that is necessary for the conclusion and performance of a Purchase Agreement.
This data is needed to process your order, and can be divided into:
1. identification data, i.e. first name and surname, and in the case of a purchase in the name of a company, the company identification number and tax identification number;
2. contact details, which include email address, postal address, billing address, telephone number, bank details and payment details.
3. data generated on the basis of the duration of the agreement, specifically the products purchased, the volume of services provided and the customer segment.
1.2. If you register
If you wish to use the benefits of a customer account, you must first register on our website or enter into an agreement with us in what is called the MyOrioudh Club. The customer account is secured by a password of your choice, to which we do not have access, and in the event of its loss we will be unable to send it to you on request or generate a new password.
Within your account, you have unlimited access to your personal data, as well as to its possible modification. In the account, you can view the history of your completed orders, products purchased and unfinished orders. Through the customer account, you also have the option to save your payment card information and manage the sending of the newsletter and what is called the wishlist, in which you can save your favourite products.
The customer account includes the MyOriOudh Club, in which we offer you a number of benefits. You can find more information in the relevant Business Terms and Conditions of the MyOriOudh Club. If you do not wish to open a customer account to make a purchase, you can make a purchase in our e-shop without registration. You may terminate the MyOriOudh Club Agreement in accordance with the applicable Business Terms and Conditions.
If you are a member of the MyOriOudh Club, we process the following data:
1. identification data, i.e. first name and surname, and in the case of a purchase in the name of a company, the company identification number and tax identification number;
2. contact details, which include email address, postal address, billing address, telephone number, bank details and payment details;
3. demographic data derived from your settings and behaviour on the website, which include gender, date of birth and preferred language;
4. login details, which are your login name and password. We do not have access to the actual password;
5. data generated on the basis of the duration of the agreement, specifically the products purchased, the volume of services provided and the customer segment.
1.3. If you have subscribed to newsletters
You can receive newsletters from us regarding products similar to those you have purchased from us. You can always unsubscribe from these newsletters via the “unsubscribe” link in the footer of each email containing such messages. If you have a customer account, you can also unsubscribe in your account. Cancellation of newsletter subscription is free.
If you are a registered customer, you can also receive newsletters via text messages or push notifications in our mobile application. You can receive push notifications containing newsletters on Facebook or via Messenger. This processing is governed by the privacy policy of the given social network. You can also always opt out of receiving newsletters through these channels.
If you have subscribed to such newsletters, we process the following data:
1. identification data, in particular first name;
2. contact details, thanks to which we can communicate with you, specifically your email address and, if you are a member of the MyOriOudh Club, also telephone number;
3. demographic data derived from your settings and behaviour on the website, which include gender and preferred language.
1.4. If you visit our website or create content there
When you visit our website, we collect various types of information about you during your visit, such as your IP address, browser settings, preferred language and websites visited, including the time of the visit. We also monitor your movements on the website, i.e. which links you click on, so that we can customise the displayed content and offer you products and content that you will appreciate.
When you visit our website, we store and subsequently read cookies in the Internet browser and device you use; we address cookies in a separate chapter of this Policy.
However, in addition to cookies, we also process information about your behaviour on the website, your IP address and data provided by your browser, specifically the resolution, the operating system of your device, including its version, and language settings.
We can also connect you to social networks, including automatically logging in to your account on the given social network. For that connection, we use what are called social plugins on our website, specifically in connection with blog posts, namely sharing buttons, with which you can share the relevant content on your profile. Once connected, you may see personalised offers and targeted ads linking to our website on social networks and other websites.
To involve you even more in the world of beauty, we allow you to be active on our website and create content such as reviews of purchased products that identify their benefits and comments on our blog posts. You do not need a customer account to create such content. These posts may include the first name and surname you entered in the form. You are responsible for the content and activity posted on our website, so we urge you not to share personal information that you do not wish to be publicly available publicly through the content.
Our website may contain links to other websites that we believe are sensible and could contain useful information. We would therefore like to note that such websites may be owned and operated by other companies and organisations that process data in accordance with their own privacy policies. Our company has no control over that processing and is not responsible for any information, materials, products or services contained on or accessible through those websites.
1.5. If you contact us on the customer line or social networks
If you decide to contact our customer support via telephone or email, we mainly process records of telephone calls that are monitored, as well as records of email communication.
If you contact us regarding your request via our website or profile on selected social networks, the processing of your personal data is governed exclusively by the privacy policy of the company that operates the given social network.
1.6. If you set alerts to watch for availability
In the case of unavailable goods that you are interested in, we offer you the option of setting up availability monitoring. When the product is re-stocked, we will inform you by a message sent to the email address you provided, which we will process for this reason.
1.8. If you give us a rating on rating portals
After delivery of the goods, you may receive a request for their rating and evaluation of your satisfaction through a selected rating portal. We appreciate any feedback but it is up to you to decide whether to give us a rating.
If you do, we process and pass on the following data to the relevant partners:
1. contact details, namely the email address used to send the rating request;
2. data arising from the agreement, specifically purchased products.
1.9. If you participate in a consumer competition
Through our website or profiles on selected social networks, we organise attractive competitions for you, in which you can participate and whose complete rules can be found here. The announcement can be public, which means that we can publish selected data of the winner on our website or profile on the given social network. Any activity or communication with us through social networks and the processing of your personal data is governed by the privacy policy of the company that is the operator of the given social network.
If you enter a competition, we process the following personal data:
1. identification data, which is your first name and surname;
2. contact details, specifically your profile on the social network or email address, and in the event of your winning also your address, postal address, billing address and telephone number for the purpose of sending the winnings.
1.10. If you participate in user testing or other organized events
If you participate in the user testing programme we offer, we may process the following information:
1. identification data, which is your first name and surname;
2. contact details, namely your email address and telephone number;
3. camera recording, i.e. capturing your likeness.
We also organise various events for you, within which we can process the following data:
1. identification data, which is your first name and surname, or company identification number and tax identification number;
2. contact details, namely your email address and telephone number.
For each event, we will inform you about the specific personal data that is processed.
2. For what purpose do we process personal data?
2.1. Purchases of goods and services
We most often process your personal data in order to fulfill a Purchase Agreement, so that we can successfully process your order sent via our website, mobile application or customer line and deliver the goods to you. The email address and telephone number are used to send an order confirmation, deliver a confirmation of receipt of payment, or send an electronic invoice, as well as to keep you informed about the status of your order and any other individual communication regarding the order.
2.2. Customer account
If you are a registered customer, we process your personal data for the purpose of fulfilling a MyOriOudh Club Agreement, i.e. maintaining your customer account, within which we offer you a number of benefits.
2.3. Marketing offers
We send you commercial communications regarding similar products to those you purchased from us. You can always unsubscribe from these messages via the “unsubscribe” link in the footer of each email containing these messages. If you are a registered customer, we also send you commercial messages via text messages or push notifications in our mobile application. You can also receive push notifications containing commercial messages on Facebook or via Messenger. This processing is governed by the privacy policy of the given social network. If you unsubscribe from commercial communications, we will no longer use your electronic contact details for this purpose. Cancellation of commercial communications subscription is free.
2.4. Customising and creating content, ensuring better website traffic
We want to customise the content and recommend goods you are interested in. For this reason, we use the personal data we collect to personalise the content and offers on our website. The marketing offers you see may be selected on the basis of additional information we have obtained about you over time on the basis of contact and demographic information and favourites, as well as other information related to the use of our website. However, we do not perform fully automated processing that would have legal effects for you. We process information about your behaviour on our website, which allows us to obtain information on the basis of which we can constantly improve our website for you to make it as user-friendly as possible. We may also process your personal data to generate various statistics, such as tracking traffic or measuring the effectiveness of advertising, as well as to test new functionalities of our website or mobile application. Information about your behaviour on the website is important, among other things, for any prevention of attacks on our website. You can also create certain content on our website. If you decide to write a review of the products you have purchased, we will process your personal data in order to process and display that review. If you join the discussion of our blog articles and leave us a comment, we will process your personal data in order to process and display that comment.
2.5. Customer support and communication
We are constantly striving to improve the services provided by our customer service, and in order to be able to respond to your requests as quickly as possible and provide that service, we need your personal data to successfully process your requests or eliminate potential problems in fulfilling a Purchase Agreement or MyOriOudh Club Agreement. If you contact us by phone, we will record your call with us after prior notice so that we can continue to improve our services. We also use the personal data we have collected for the purpose of communication with you and its individual adaptation. For example, we may contact you by phone, email, mobile application or otherwise to remind you that you have items in your shopping cart or to help you complete your order. Furthermore, we may contact you to inform you of the current status of your request, order or complaint, or to obtain additional information from you. We may also notify you that you need to take the necessary action to keep your customer account active.
2.6. Camera footage
We place CCTV systems in our stores and other areas to protect our legitimate interests in order to protect our property and yours.
2.7. Notification of the availability of products
If you set the availability monitoring function for unavailable products, we will inform you at the moment of re-stocking the product by a message sent to the email address you provided.
2.8. Satisfaction assessment on rating portals
In connection with a purchase, you may also receive a request for its rating through a selected rating portal. In that case, the purpose of processing is to determine your satisfaction.
2.9. Consumer competitions
If you decide to take part in a competition organized by us, we will process your personal data in order to run the competition, and in the event of your winning to make a public announcement and contact you.
2.10. User testing and organising events
If you participate in the user testing programme we offer, we process your personal data in order to test new or existing functionalities of our systems. If you participate in an event that we organise, we process your personal data in order to plan, arrange and evaluate the event.
2.11. Improving services
We use your personal data to continuously improve our services and systems, including the addition of new functionalities. We also process personal data in order to make informed decisions using comprehensive analyses and business intelligence, based on our legitimate interest that stems from the freedom of business and the need to improve the services we provide in order to succeed among the competition. However, in order to ensure sufficient protection of your rights and interests, we use personal data which is as anonymous as possible for this purpose.
2.12. Protection, security and dispute resolution
We may also process your personal data to ensure the protection and security of our customers and systems, to exercise our rights and make legal claims, to detect and prevent fraud, to resolve disputes or to enforce our agreements. We may also process personal data for the purposes of any audits carried out by public authorities.
3. On what legal bases do we process personal data?
We process personal data to a different extent and for different purposes, as detailed in Articles 1 and 2 above: a) without your consent, on the basis of the performance of an agreement, the fulfilment of a legal obligation or our legitimate interests; b) Based on your consent The types of processing that we may perform without your consent depend on the intended purpose of the processing and also the position in which you act towards us – whether you are just a visitor to our website, buy from us or register. However, your personal data may also be processed if you are the addressee of goods or services that are ordered, if you communicate with us or if you visit our store.
3.1. Performance of a Purchase Agreement and a MyOriOudh Club Agreement
If you make a purchase or place an order, a Purchase Agreement is drafted, which is concluded by the acceptance of the draft by us in the form of sending the ordered goods. However, in order to successfully fulfil that Purchase Agreement or any other agreement regarding goods or services, we need a large part of your personal data entered via the order form. The specific data that we process in this case is set out in Article 1(1) and (5). If you register with us, we process your data on the basis of fulfilling the MyOriOudh Club Agreement, so that we can maintain your customer account. The Agreement on which our processing is based is established by creating your customer account. In the event of cancellation of the account, i.e. termination of the MyOriOudh Club Agreement in accordance with the relevant Business Terms and Conditions, we will stop processing personal data for this purpose. The specific data we process in this case is set out in Article 1(2).
3.2. Fulfilment of legal obligations
We must also fulfil certain obligations set out in the applicable legislation. If we process your personal data on the basis of the fulfilment of those obligations, we do not need to obtain your consent for such processing. On this legal basis, we specifically process your identification data and contact details and details of your orders. The specific data we process in this case is set out in Article 1(1).
3.3. Consent For the purpose of sending commercial communications via email, we may process your personal data with your consent.
We process your data on the basis of your consent if we do not process it on the basis of a legitimate interest or as a result of the performance of a MyOriOudh Club Agreement. You can revoke your consent at any time and unsubscribe from commercial communications. The specific data we process in this case is set out in Article 1(3). We ask for your consent even if you plan to publish a review of the purchased goods, post a comment on the blog or set up availability monitoring, or if you participate in user testing or other events. In these cases, it is, of course, also possible to revoke the consent at any time. The specific data we process in this case is set out in Article 1(4), (7) and (10).
3.4. Legitimate interest
We also process your personal data on the basis of a legitimate interest, so that we can improve and adapt the services provided, find out whether an order has been processed to your satisfaction and promote the products and services offered more effectively. This is, in particular, the data referred to in Article 1(4) and (5). On the basis of a legitimate interest consisting of direct marketing, we may also send you commercial communications regarding products similar to those you have purchased from us. However, this is only on condition that you do not object to such processing. If you are a registered customer, we send you commercial messages based on the performance of the MyOriOudh Club Agreement. The specific data we process in this case is set out in Article 1(3). Our legitimate interest also includes the protection of legal claims, internal records and checking the proper provision of our services. In this case, we process all categories of personal data listed in Article 1. Our legitimate interest also includes sending requests for rating a purchase made through a selected rating portal or evaluation of consumer competitions organised by us. The specific data we process in this case is set out in Article 1(8) and (9). The processing of your personal data on the basis of legitimate interest also takes place in the case of a visit to our stores, which are monitored by CCTV systems for the protection of property. You can object to this processing at any time. The specific data we process in this case is set out in Article 1(6).
4. To whom do we transfer personal data?
In most cases, we process your personal data for our own purposes as a controller, which means that we determine the above-mentioned purposes for the collection of your personal data, the means of processing and the proper execution. We transfer your personal data to our partners only if it is necessary within the performance of a Purchase Agreement, e.g. to ensure payment or transport, as part of the performance of a MyOriOudh Club Agreement, on the basis of a legitimate interest, or if you have given your consent to the transfer in advance. We also transfer your personal data to our processors, who, of course, comply with the statutory conditions for personal data protection. These processors process personal data according to our instructions and your rights are not affected by this processing. With your consent, we may also transfer your personal data to social networks or marketing tool operators to display targeted advertising on other websites.
4.1. Categories of recipients
We may transfer your personal data to the following entities: companies and processors of the OriOudh Group on the basis of the fulfilment of a Purchase Agreement or a MyOriOudh Club Agreement for the performance of internal processes and procedures; payment service companies for the purpose of processing payments based on your order, i.e. fulfilling a Purchase Agreement; carriers for the purpose of delivering the products or services you have ordered and resolving complaints, including withdrawal from a Purchase Agreement; suppliers of goods or service centres in connection with a complaint related to goods or services ordered by you; partners who distribute commercial communications, who are bound by a duty of confidentiality and may not use your personal data for any other purpose; operators of marketing tools who help us personalise offers and content; social networks if you communicate with us through them or share content with us through social plugins; providers of tools for customer service communication with you or external call centres; partners conducting customer satisfaction surveys; technology vendors and cloud service providers; legal or financial representatives or courts for the purpose of the processing of tax documents, recovery of debts or for other reasons ensuing from the fulfilment of our statutory obligations; public authorities in the case of enforcement of our rights (e.g. the police). If third parties use your personal data in the course of their own legitimate interests, we are not responsible for such processing. Such possible processing is governed exclusively by the privacy policies of the relevant companies and persons.
4.2. Data transfers outside the EU
When transferring your personal data to our processors, in some cases we may also transfer personal data to third countries that are not part of the European Union and that do not ensure an adequate level of personal data protection. However, such transfer will only be performed by us if our processor undertakes to comply with the standard contractual clauses issued by the European Commission, which are available here.
5. For how long do we process personal data and how is it secured?
5.1. Duration of processing
We primarily process your personal data for the duration of our contractual relationship, i.e. the duration of a Purchase Agreement or a MyOriOudh Club Agreement. We are obliged to process the personal data that is necessary for the performance of all our obligations, whether these are obligations arising from the Agreement concluded between us or from generally binding legal regulations, for the period specified by the legal regulations or in accordance with them. For example, in the case of accounting documents issued by us, we as a controller are obliged to keep information about you for at least ten years from the date of issue. We primarily process personal data for the duration of the contractual relationship, i.e. the duration of a Purchase Agreement or a OriOudh Club Agreement. In addition, we also process personal data for the period strictly necessary to be able to properly fulfil all our obligations arising from the concluded Agreement and generally binding legal regulations. For example, in the case of accounting documents issued by us, we are obliged to keep information about you for at least ten years. As part of the fulfilment of your requests and the provision of quality customer service, we process your personal data as of the conclusion of our contractual relationship, including one year from the end of the warranty period of goods purchased for the purpose of the resolution of potential disputes. If you communicate with us through our customer service, we store personal data from the communication for a period of two years, including the recordings of calls that are monitored. If you give us consent to the sending of commercial communications, this consent is valid for a period of four years or until revoked. If you give us your consent to notify you of the availability of goods you are monitoring, this consent is valid until the time of sending the information about availability, but no longer than for one year, or until it is revoked. The consent given by sending your review of goods is valid for six years or until revoked. If you create content within our blog posts, the consent given by submitting your comment to such a post is valid for two years or until revoked. If you decide to participate in user testing or another event organised by us and give us your consent, we process your personal data, including any camera or other audiovisual recordings, for a period of one year or until the consent is revoked. If you participate in a competition organised by us, we process your personal data for a period of one year. If you visit our store or other premises and their surroundings of our company, we process camera recordings for a period of 90 days from the date of the recording being made. In other cases, the duration of the processing of your personal data ensues from the purpose of processing or is determined by binding legal regulations in the field of personal data protection. Your personal data is automatically erased after the set processing periods expire.
5.2. Security
The personal data we have collected about you and which we process is transmitted to us in an already encrypted form, using the SSL (secure socket layer) encryption system for this transmission. This system ensures that your personal data is safe when your browser communicates with our server. We secure our website and other systems with which we work with appropriate technical and organisational measures against the loss and destruction of your personal data, against access of unauthorised persons to your personal data and against the modification or dissemination of your data. We are continuously improving this security, and we also require our processors to prove the compliance of the systems they use with the GDPR. If you register, access to your customer account is possible only after entering the password you have chosen. We do not have access to your password because we store it in an encrypted form that is not decryptable, even for us. Among other things, we would like to appeal to you that it is essential that you do not disclose your login details to third parties. We recommend that you log out when you are finished with your customer account, especially if you share the device with other users. We do not take responsibility for any misuse of your password unless we cause such a situation directly.
6. How do we use cookies?
We also use cookies so that our website can function properly, and so that our offer is relevant, interesting and user-friendly for you. In order to use cookies, the Internet browser you use needs to support them. Our website works without cookies but to a very limited extent and with the inability to use some basic functions. Cookies are a standard tool for storing information regarding the use of websites. Cookies are small text files that are created automatically when you visit each website and that are stored within the browser you use on your computer, smartphone or other device. Thanks to some cookies, we can link your activities on our website until you close the browser. These cookies are automatically deleted when the browser window is closed. However, other cookies remain in your browser or device for a set period of time and are reactivated each time you visit our website. In addition to cookies, we also use what are called tracking pixels, which are small images invisible to the average user that are based on a similar principle to cookies. The time for which cookies are left in your browser or device depends on the settings of the cookies themselves and also on the settings of your browser. We store data obtained from cookies for a maximum of one year.
6.1. What cookies do we use?
The cookies that we use on our website can be divided into two basic types: short-term, called “session cookies”, which are deleted immediately after the end of a visit to our website; long-term, called “persistent cookies”, which remain in your browser or device for a certain period of time or until you delete them manually. Cookies can also be divided according to their functionality into: essential, which are technical and functional cookies that are important for the basic functionality of the website. Without these cookies, you would not be able to add goods to the shopping cart, place an order or log in to your customer account; analytical, which help us increase the user comfort of our website by understanding how users use it. They also allow us to analyse the performance of different sales channels; remarketing, which we use to personalise the content of ads and their correct targeting. In practice, we use the above cookies, for example, for: the correct functionality of the shopping cart so that you can complete your order as easily and quickly as possible; remembering your login details so that you do not have to enter them repeatedly; making the best possible adaptation of our website to your requirements, thanks to the monitoring of traffic, your movements on the website and the functions you use; finding out what ads you view so that we do not show you ads for goods in which you are not interested in the future. Some cookies, including their content, may collect information which may subsequently be used by third parties and which, for example, directly supports our advertising activities (called “third-party cookies”). For example, information about the products purchased on our website may be displayed by an advertising agency as part of the display and customisation of advertising banners on the websites you view. However, these cookies are anonymised for third parties and you cannot be identified according to this data.
6.2. How can you restrict cookies?
The setting of the use of cookies is part of the Internet browser you use; most browsers automatically accept cookies by default. Cookies can be completely blocked by your browser or restricted to the types you select. However, this will also limit the operation of our website and you will not be able to use the functions we offer in full, including logging in to your customer account. Alternatively, you can also use the anonymous browser mode, which does not completely prevent the use of cookies but anonymises them better and does not store the history of websites you have visited. Information on the options for setting preferences for cookies can be found at the links below or in other documentation of Internet browsers: Chrome Firefox Internet Explorer Android iPhone and iPad An effective tool for managing cookies is also available on the website https://www.youronlinechoices.com/uk/.
7. What are your rights and how can you exercise them?
Just as we have our rights and obligations when processing your personal data, you also have certain rights that you can exercise. These rights include:
7.1. Right of access
You have the right to request free information about the processing of your personal data – what data we process about you, for what purpose and for how long, where we collect your data and to whom we transfer it. As part of the right of access, you can also ask us to send you a structured, machine-readable format of the processed data. We will be happy to generate a copy for you after proper verification of your identity; just send your request to the email address of the Data Protection Officer (hereinafter the “DPO”), dpo@orioudhino.com.
7.2. Right of rectification
If you find that the processed personal data is incorrect or incomplete, you have the right to request its rectification. We will be happy to correct or supplement your data without undue delay. Just send your request to the email address of the DPO, dpo@orioudh.com.
7.3. Right of erasure
In some cases, you can exercise the right to erasure of the personal data about you that we process.
We will erase or anonymise your personal data without undue delay. However, this does not apply to the personal data that we need to fulfil our statutory obligations and the retention of which is required by law (e.g. processing of an already-placed order) or for the protection of our legitimate interests. Personal data will also be destroyed if it is no longer needed for the specified purpose or if the storage of your personal data is inadmissible for other reasons stipulated by law. You can request the DPO to erase your personal data via the email address dpo@orioudhno.com.
7.4. Right to restrict processing
In some cases, you may also exercise the right to restrict the processing of personal data that we process about you.
You may request that the personal data indicated by you is not subject to further processing for a limited period of time. You can ask the DPO to restrict the processing of personal data via the email address dpo@orioudh.com.
7.5. Right to portability
You have the right to obtain from us all personal data provided by you, which we process on the basis of your consent. We will provide you with that personal data in a structured and machine-readable format. We will be happy to generate data for you in this format; just send your request to the email address of the DPO, dpo@orioudhino.com.
7.6. Right to object to processing
You have the right to object to the processing of personal data that takes place on the basis of our legitimate interest. If it is processing for marketing purposes, we will stop processing the personal data without undue delay. However, in other cases, we will do so on the basis of a reassessment of our legitimate interests and your rights and reasons. You can object to the processing by sending a request to the email address of the DPO, dpo@orioudh.com.
7.7. Right to lodge a complaint
The exercise of the rights and procedures set out above in no way restricts your right to lodge a complaint with the competent supervisory authority.
You may exercise this right, in particular, if you believe that we process your personal data without authorization or in violation of generally binding legal regulations.