Data controller - Naos Baltic UAB, kodas 300970809, registration address Kęstučio g. 65, Vilnius. This section of the privacy policy ("Privacy Policy") is intended for persons who purchase products distributed by Bioderma, visit the websites www.bioderma.ee, use the services provided by them.

 

Definitions related to privacy policy

 

Personal data - any information about an identified or identifiable natural person (data subject); a natural person who can identify himself or herself is a person whose identity can be identified, directly or indirectly, in particular by an identifier such as his name, personal identification number, location data and internet identifier or one or more physical, physiological identifiers, genetic, psychological, economic, cultural or social identity.

The data subject is a person who is interested in or uses the products distributed by Bioderma, or a person who participates in competitions organized by Bioderma, or a person who browses the Website.

Website - our administered websites www.bioderma.ee.

 

General provisions

 

The privacy policy defines the basic principles of personal data processing, the implementation of the data subject's rights. Additional information may be provided in sales, service and other agreements.

By using the Site, purchasing the goods, submitting your data, sending your CV, filling in the request form, continuing to browse the site, the data subject confirms that he has read this Privacy Policy, understands its terms and agrees to abide by them. If you do not agree to be bound by the terms of this Privacy Policy, please stop using this Site.

 

Principles of personal data processing

 

Personal data is processed in accordance with the personal data processing requirements specified in the Personal Data Protection Law of the Republic of Latvia and other legal acts.

The processing of personal data is carried out for specific purposes and only in accordance with them.

The data is accurate and, if necessary for the processing of personal data, is constantly updated. Data that is inaccurate or incomplete are corrected, supplemented, deleted or terminated.

Data is not stored longer than necessary.

Data is processed in accordance with the Customer's rights.

The data is safe.

 

Sources of personal data

 

Data is processed when a person uses our services, such as making calls, sending messages, e-mails, subscribing to newsletters, visiting the Website.

A person is not obliged to provide any personal data, but certain services, such as the sale of goods and settlement, cannot be provided without the corresponding personal data.

 

Purposes of personal data processing

 

We process personal data for the following purposes: business promotion, marketing campaigns, customer service, customer satisfaction measurements, billing administration, website maintenance and performance improvement, product delivery, recruitment, customer surveys, other specific purposes of which the person is informed at the moment when providing the relevant data.

Groups of data subjects: buyers, business partners, users of Bioderma products and those interested in Bioderma, vacancy candidates, job seekers.

The following categories of personal data are processed: name, surname, job, position, personal identification code, age / age of the child, mobile phone number, e-mail address, IP address, website visit history and date of visit.

The following specific categories of personal data are processed: gender, facial skin type, body skin type, photograph, diagnosis or visit to a dermatologist / allergist, skin type test.

Recipients and groups of recipients: public authorities, law enforcement agencies, auditors, legal and financial advisers, third parties managing software, hosting.

 

We process personal data:

 

Implementation of sales promotion campaigns. Data subject groups are people who are interested in the products we distribute. Personal data managed - name, surname, e-mail address, age, gender. The data is obtained from the data subject. The data subject has the right to consent / disagree to the processing of data for this purpose.

 

Newsletter marketing. Newsletters aimed at informing and promoting sales are sent through the Mailchimp program. Processed data: name, e-mail address, skin type. The data subject has the right to consent / disagree to the processing of data for this purpose.

 

Communication with customers. Various campaigns, games, doctor's consultations are organized. Personal data is obtained from the data subject. Data subjects can also ask questions (Facebook, social networking sites).

 

You have the right to cancel the processing of your personal data at any time by writing to e-mail info@ee.naos.com, clicking on this link, or by clicking on the "Unsubscribe" link at the bottom of each newsletter.

 

By participating in contests, downloading digital products, or asking questions on the Site, you agree to abide by these Terms by providing your full name and email address, which we may use to provide you with information in the future.

 

Time of personal data processing

 

Personal data shall be processed no longer than is necessary for the purpose of the processing or no longer than required by the data subject. 

Data is usually processed 10 years after the end of the contract or the end of the customer relationship.

Data submitted by candidates for Bioderma vacancies are stored for 1 year.

 

Transfer of data to third parties

 

Data processed by Bioderm will not be disclosed to third parties without the prior consent of the data subject, except as required by law.

Data may be processed by data controllers who provide us with accounting, domain hosting, IT maintenance, external audit and other services.

Data controllers have the right to process personal data only in accordance with our instructions and only to the extent necessary to fulfill the obligations under the contract. 

 

Rights of data subjects

 

Each data subject has the following rights:

(a) the right to know (to be informed) about the processing of their personal data;

(b) the right of access to and the processing of personal data processed, namely information on the personal data protection period, technical and organizational measures to protect data security, access to information from any source, and access to all personal data processed; and the purpose for which they were processed;

(c) the right to request the rectification, destruction or blocking of personal data or the suspension of the processing of personal data;

(d) the right to object to the processing of their personal data, except where such personal data are processed on the basis of a legitimate interest of the controller or of a third party to whom the personal data have been supplied;

(e) the right to have the personal data submitted destroyed;

(f) the right to request restrictions on the processing of personal data;

(g) the right to request that personal data submitted by him be transferred to another processor, provided that they are processed on the basis of his consent or contract and, where technically possible (data portability);

f) the right to submit a complaint to the State Data Protection Inspectorate regarding the processing of personal data.

 

The data subject may submit a written request for the exercise of his or her rights in person, by post, courier or e-mail, provided that an identity document is presented and that the person's identity can be properly identified and confirmed. Upon receipt of the data subject's request, we will respond within 30 calendar days of receiving the data subject's request.

 

The request can be submitted in the following ways: to e-mail info@ee.naos.com, by phone +372 503 6572, or to the office at Estonia pst 15, Tallinn 10141.

Ensuring data security

 

We implement appropriate organizational and technical data security measures to protect personal data from accidental or unlawful destruction, alteration, disclosure and any other unlawful activity. All personal data and other information provided by the data subject shall be treated as confidential.

 

Access to personal data shall be limited to those employees, service providers and authorized data controllers who need it in order to perform their job functions or provide services.