Last modified on: January 2025
At Makeup, we value your privacy. We attach great importance to the protection and transparent processing of your personal data.
This Privacy Policy defines the rules for the processing of personal data received through the online store https://makeupshop.nl/ (“Online Store”).
La MakeUp Sp. z o.o. is the owner of the Online Store and the controller of the personal data collected within the Online Store (“we”, “Company”), with headquarters in Warsaw (02-672), st. Domaniewska 37, loc. 17.6, KRS: 0000587427, NIP: 5252636585, REGON: 363029583.
Personal data collected by the Company through the Online Store are processed in accordance with the GDPR, also known as Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of individuals with respect to the processing of personal data, the free movement of such data, and on repealing Directive 95/46/EC, as well as other applicable privacy laws relevant at the time of processing.
We developed this Privacy Policy to inform you (“you” or “Customer”) how your personal data may be processed. We tried to write this Privacy Policy in clear and plain language for your better understanding. By doing so, we hope you will get all the needed details to be assured your personal data is safe with us.
This Privacy Policy defines:
● what personal data we process;
● what are the purposes of such processing;
● what rights the Customer has concerning such data;
● whether the data is transferred to third parties;
● what measures we take to protect personal data;
as well as other details of personal data processing.
This Privacy Policy is an integral part of our Online Store Rules (the “Rules”). Please make sure you read them carefully. In case of any discrepancies between the Rules and the Privacy Policy, the Privacy Policy shall prevail.
1. What is Personal Data?
Personal data is any information relating to you that alone or in combination with other pieces of information allows the person who collects and processes such information to identify you as an individual. In general, these could be your name, an identification number, email address etc. Personal data could also include such technical information as MAC addresses, IMEI, IP addresses, both static and dynamic, browser, and system information.
Personal data processing means any action with it, for example, collection, recording, organising, structuring, storage, use, disclosure by any means, and so on.
Other terms used in this Privacy Policy have the same meaning as in our Rules and the applicable law.
2. What Data Do We Collect?
The categories of personal data are divided into separate subsections based on the specific services that you consume. Please be aware that we do not purposely collect and process any of your sensitive information (like your health information, data about your religious beliefs, racial or ethnic origin etc.).
We collect information about individual consumers, individuals conducting their own business or professional activities, and individuals representing legal entities or similar organisational units.
We ask you not to provide us with excessive personal data, including the personal data of any third parties, or sensitive data.
|
Type of data |
Description |
|
Account data |
When you create an account in the Online Store, we collect and process the data you voluntarily provide to us: a) email address; b) address details; c) postcode and city; d) country (state); e) street and house number/flat number; f) first and last name; g) telephone number; h) date of birth; i) password.
You provide us with your personal data voluntarily, in connection with the concluded Sales Agreements or to receive Services via the Online Store, as provided in our Rules. However, you should be aware that failure to provide the data specified in the forms when creating the account prevents registration. |
|
Data related to orders in the Online Store |
When placing an order in the Online Store, you provide the following data: a) email address; b) address details: c) postcode and city; d) country (state); e) street with house / flat number. f) first and last name; g) telephone number.
After you have made an order, we collect information regarding products or services you have purchased, returned, exchanged, or considered, as well as your preference, namely: ● order number; ● date of the order; ● cost of purchased goods in the order; ● the list of your purchased goods; ● delivery date.
When scrolling through our Online Store, you may add new items to your wish list, and we will store them for you. |
|
Data related to your requests, comments or claims |
There is a special form on our Online Store which allows you to contact us. By sending us your request, you provide us with the following data: a) your first name; b) your email; c) subject message; d) the message itself; e) the attached file such as photographs, images, videos, if applicable.
Otherwise, you may also send us your request by email. In such a case, we may collect and process only your email and data indicated in such email.
By requesting the call back, you provide us with the following data: ● your first name; ● your phone number; ● the message itself. Please, pay attention that we may collect recordings of your voice within your communications with our representative (such as when we record customer service calls to ensure the quality of our Services).
You may also communicate with us by asking us questions or leaving your comments, responses, product reviews, testimonials, and other content. In this case, you provide us with the following data: ● your first name; ● your email; ● your rating related to the relevant item; ● the message itself; ● the attached file such as photographs, images, and videos, if applicable.
Also, we may reach you, if we find it relevant to take back to you after you give us feedback. Thus, we will use: ● your first name; ● your phone number; ● your email; ● the feedback message you left, details of your order; ● the transcript of a call with you (if applicable).
As a result of such communication, we may keep records of customer service calls and transcripts of chats to ensure the quality of our Services. |
|
Newsletters |
When you subscribe to the newsletter, we collect and further process your email address. We could send some marketing communication in the context of our Goods and Services to your email addresses. In any case, you can choose to stop receiving our emails at any time. If you want to cease this type of communication, tap on the “Unsubscribe” link you may find in each of our emails. |
|
Data related to Makeup Affiliate, includes (if applicable) |
If you are an influencer and blogger with the required amount of audience and monthly traffic, you may submit a request to join the Makeup Affiliate Program. If there is such functionality on the Online Store, in such a case, you provide us with the following data:
● your Account data; ● the message with a brief introduction about yourself; ● links to social media or website; ● as well as other information you provide to our affiliate manager during communication regarding the Makeup Affiliate Program.
After we approve your request, we will gain the following data related to your participation in the Makeup Affiliate Program, namely: ● the generated link with your affiliate ID; ● the statistics of your links; ● revenue information. |
|
Automated collection (cookies and similar technologies) |
Using cookies and similar technologies, we may collect the following personal data: ● device identifier, internet protocol (IP) address, ● cookies, beacons, pixel tags, mobile ad identifier, or similar unique identifiers, as well as ● browsing or search history and information regarding your interactions with our Online Store, emails, or advertisements.
Please find more details about how and what cookies we use in our Cookies Policy[1] . |
|
Financial information |
Please pay attention that we do not collect your payment credentials (bank credentials, cards numbers and dates of issuance etc.).
Such information may be collected exclusively by third-party payment providers with the respective licences and security measures with regard to your payment credentials, as it is prescribed in our Rules. We receive from the third-party providers only Transaction ID and Receipts with the information on conducted transaction, date and time, and services bought, just to make sure that the transaction relates to you. |
3. How We Collect Your Personal Data?
We collect personal data about you from different sources. For instance, we collect and obtain information:
|
Types of sources |
Personal data collected |
|
Directly from you |
We collect personal information from you when you choose to provide it, such as when you ● make a purchase; ● register for an account; ● sign up for the Makeup Affiliate program; ● contact us; ● respond to comments or otherwise interact with us in the Online Store and our social media (including requesting call back or leave your feedback); or ● subscribe to receive marketing emails. |
|
Created by us |
We may record customer service calls and maintain a transcript of chats to ensure the quality of our Services, as well as we may create some information when you purchase goods from us. |
|
From third parties (e.g. our service providers) |
We obtain from businesses that we have partnered with information related to your purchase confirmation such as Transaction ID and Receipts with the information on conducted transaction, date and time, and services bought, just to make sure that the transaction relates to you. |
|
From Social Media Platforms and Networks |
If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks (including Instagram, Facebook, Twitter, Google and YouTube) in connection with our Online Store, we collect information that you disclose to us, or that the social media platforms disclose to us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use. |
|
Using Online Tracking Technologies and Other Automatic Data Collection Technologies |
When you visit our Online Store or interact with our advertisements, we or third parties we work with automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies. For more information, please see our Cookies Policy[2] . |
|
From Other Sources |
For example, we may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.
If you are an influencer and blogger, and you join our Makeup Affiliate Program, we obtain information from our customers, based on the generated link with your affiliate ID, and we gain the statistical information to provide you with the benefits associated with the program. |
4. Lawful Basis and Purposes of Processing Your Data
a. Lawful basis
|
Type of data |
Lawful Basis
|
|
Account data |
Necessity to perform the contract, namely to provide access to the account in order to place orders and make purchases |
|
Data related to orders in the Online Store |
Necessity to conclude and perform the Sales Agreement |
|
Data related to your requests, comments or claims |
Necessity to perform the contract to provide you with the answers to your requests. Relying on the legitimate interest, namely to reach you back after the left feedback.
We may process the records of customer service calls and transcripts of chats to ensure the quality of our Services based on your consent. |
|
Newsletters
|
Your consent to receive the news about our goods and services. This provision applies when you did not enter into the Sales Agreement with us before, or when such newsletters concern products different from those you have previously purchased in our Online Store.
We also may send you newsletters that promote our products, which are similar to those you have purchased in our Online Store before, relying on legitimate interest, to keep you informed of all new products you may be interested in, based on your previous purchasing experience in our Online Store. |
|
Data related to Makeup Affiliate |
Necessity to perform the contract, namely to provide you with the answers to your requests and provide you with the benefits associated with the Makeup Affiliate program. |
|
Automated collection (cookies and similar technologies) |
Your consent for the use of cookies. The only exception is for the group, which is strictly necessary for the mere functioning of the Online Store. The data collected with the use of such a group of cookies is processed since this is necessary to perform the contract, namely to ensure the proper functioning of the Online Store. |
|
Financial information |
Necessity to conclude and perform the Sales Agreement. |
We may also process some of your data on the basis of our legitimate interest:
● The legitimate interest is the legal basis for the processing when we store your personal data after you delete your account. In such cases, the legitimate interest consists in avoiding risks of the loss of the data within our systems in case you want to restore your account.
● In order to determine, investigate and enforce claims, to prevent or investigate possible wrongdoing, some personal data you provide may be processed as part of using the functionality in the Online Store, such as: name, surname, data on the use of the Online Store, if the claims result from the manner in which you use the Online Store, other data necessary to prove the existence of the claim, including the extent of the damage suffered. The legitimate interest lies in the establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
● In order to pursue our legitimate interest in ensuring the security of data, we also make backups of your personal data collected through the Online Store.
b. Purposes of processing
|
Type of data |
Purpose of processing
|
|
Account data |
● to provide access to the Customer’s Account in order to place orders and make purchases; ● to create, manage and technically maintain such Customer’s Account; ● to quickly verify the identity of your person when making new orders, and give you the opportunity to use the Online Store; ● to also send you transactional communications via email, including responding to your questions and requests and sending you our offers, propositions, recommendations or technical notices. |
|
Data related to orders in the Online Store
|
● to place an order in the Online Store; ● to ensure the order is properly performed; ● to send your order in the Online Store to the correct place of your stay; ● to provide you with receipts and order updates; ● to send you notifications related to your purchases, returns, exchanges. |
|
Data related to your requests |
● to provide you with the answers to your requests, inquiries, issues, or feedback, and to provide customer service; ● and to provide a forum for discussion, asking questions, posting photos and reviews, and sharing experiences. ● to improve our Services and ensure the quality of our Services (including by making calls based on your consent). |
|
Newsletters
|
● to send you the news about our goods and services, our offers, propositions, or recommendations, ● to keep you informed of all changes, innovations, and improvements we make within the Online Store; ● to show you advertisements for products and/or services tailored to your interests; ● to administer our sweepstakes, contests, and other similar promotions. |
|
Data related to Makeup Affiliate |
● to communicate with you, such as to response to your requests; ● to create, maintain, and otherwise manage your account related with the Makeup Affiliate program membership; ● to administer our Makeup Affiliate program; ● to track the revenue you earn for purchasing products; ● to provide you with the benefits associated with the Makeup Affiliate program. |
|
Automated collection (cookies and similar technologies) |
● as described in the Cookies Policy[3] .
|
|
Financial information |
● to complete the transactions you request; ● to process your payments. |
Additionally, we may process your data:
● to comply with our legal obligations;
● to protect your vital interests or vital interests of another natural person;
● to perform a task carried out in the public interest or in the exercise of official authority vested in us;
● to support core business functions, including to maintain records related to business process management, loss and fraud prevention;
● for the purposes of the legitimate interests pursued by us or by a third party (e.g. to prevent or investigate possible wrongdoing in connection with the Online Store or to protect ourselves, our subcontractors, partners and affiliates against legal liability).
If we decide to change the purposes of processing specified above, we will inform you of such changes prior to the use of your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes.
Please note that we do not sell your data or make any decisions based solely on automated processing that may produce legal or similar significant effects.
5. How long do we store your data?
|
The legal basis for the processing |
The justification for the processing |
|
Your consent |
We will process your data as long as the consent is not revoked, and after revoking the consent for a period of limitation of claims that may be raised by the Company or against it. |
|
Performance of the contract |
We will process your data as long as it is necessary to perform the contract, and after that time for a period of limitation of claims. |
|
Legitimate interest |
We will process your data until you object to processing, and after that time for a period of limitation of claims. |
The general limitation periods constitute 5 years as of the day of the review of this Policy. Hence, we review the data retention periods to determine whether some categories can be deleted earlier or needed to be kept. The periods of data processing may be extended if the processing is necessary to establish and pursue any claims or defend against claims, and after that time only if and to the extent required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.
The storage and retention period for cookies is described in our Cookies Policy[4] .
6. Granting Access to Third Parties
We do not sell your personal data to third parties. However, to provide quality services and support various functions of our Online Store, we may hire people, and work with service providers and marketing providers. For these reasons, some of your personal data may be transferred to these persons.
In all cases, we comply with the requirements of data protection legislation and make every effort to ensure that data processing is secure at all stages. Our subcontractors and any other third parties will provide equal protection of user data as stated in this Privacy Policy. Depending on contractual arrangements and circumstances, they shall comply with the instructions of the Company as to the purposes and methods of processing these data (processors) or independently define their processing purposes and methods (administrators).
To achieve the purposes of data processing, we may provide your data to the following persons:
a) Processors connected to the Online Store functioning: these include, among others, providers of hosting services, marketing systems (sending marketing messages and show you targeted advertising), systems for analysing traffic in the Online Store, systems for analysing the effectiveness of marketing campaigns.
b) Processors connected to ensuring the purchase is delivered: a courier, postal and/or logistic company as the case may be. You may see the list of the services when making a purchase via the Online Store.
c) Controllers such as payment and banking services: the Company uses suppliers who do not act solely on the instructions and set the goals and methods of using your personal data by themselves. They provide electronic payment and banking services. You may see the list of the services when making a purchase via the Online Store.
For a detailed list of providers and services (processors) we use, don't hesitate to get in touch with us using the contacts listed in the Section 10.
In the event of a request from the Company provides personal data to authorised state authorities, in particular to organisational units of the prosecutor’s office, the police, or the respective data protection agency. This is done only to the extent required by law.
Since some of your data may be transferred to third parties outside the EEA, we could also transfer such data on the basis of the standard contractual clauses signed with the respective third parties, if the country of transfer (like Ukraine) is not subject to the adequacy decisions of the European Commission. You may request the copy of such instruments via contact details provided in this Privacy Policy.
7. Your Data Processing Rights
To exercise your rights listed below, you can send a request to the Company to dpo@makeup.pl. In order to properly protect your data, the Company may take additional measures to identify you when processing your request.
We will provide you with a response to your request no later than 1 (one) month from the date of its receipt, except as provided by law. If there is a valid reason, this term can be extended for another 2 (two) months, and we will inform you about such extension and the reasons in advance. Whenever we cannot execute your request, we will promptly inform you, in writing on the matters of such a decision, and the following steps from our side.
Thereby, you have the following rights:
|
Right |
Description |
|
Right of access to personal data (to be informed) |
By publishing this Privacy Policy and our Rules, we are enabling your right to be aware of: ● the types of personal data that are processed and to which categories they belong; ● available information on the origin of the data; ● the purposes and legal basis for the processing; ● the recipients or categories of recipients to whom the data is disclosed, including recipients in third countries or international organisations; ● the period for which the data will be stored or the criteria used to determine this period; ● the right to rectification or erasure of the data or restriction of data processing by the controller or the right to object the processing; ● the right to lodge a complaint with the data protection authority; and the contact details of the data protection authority.
To execute your right, you are welcomed to contact us using the details listed in Section 10. |
|
Right to rectify or erase data about yourself |
You are able to control your own data. Thus, you can request reasonable corrections to inaccurate data, or you can erase the data about your identity. Your request may be restricted once the process of the data rectification or erasure will take disproportionate efforts from us.
However, you may not request to change your data if such data is processed for statistical purposes.
Hence, you are welcomed to reach us anytime. In case of disability to perform your request, we will reach you back with a reasonable explanation. |
|
Right to object to the collection and processing of personal data |
To exercise this right, you have to submit the objection to us in writing. Upon receipt of such objection, we shall immediately stop the collection and processing of your personal data. Hence, the execution of this right is not applicable in cases where the collection and processing of personal data is mandatory in accordance with the law.
Still, your right to object is absolute if we process your data on the basis of legitimate interest, for instance when we send you marketing emails. If you object, and we do not have any other legal basis for the processing of personal data, we will delete your personal data, the processing of which has been objected to. |
|
Right to withdraw consent to the processing of personal data |
You can withdraw your consent to the processing of your personal data at any time. In this case, we must stop processing, i.e., destroy or delete your personal data and notify you of the results.
However, there may be exceptions to the execution of this right. For example, if the law requires the Company to retain this data, or when it is necessary for the protection in litigation, or when the Company has other grounds for the processing, we will not be able to satisfy your request. |
|
Right to restriction of processing
|
You may ask to “block” or prevent future use of your data while we evaluate your request to erase your data. If processing of your data is limited, we continue to store them, but are not able to use them. We maintain a list of data subjects who have requested to limit processing of their data to ensure that this limitation is respected.
Please, note that we may refuse or restrict your right to limitation of processing as long as it constitutes a necessary and proportionate measure to: ● avoid damage to investigations, inquiries or legal proceedings; ● avoid prejudice to the prevention, detection, investigation or repression of criminal offences or to the execution of criminal sanctions; ● protect public safety; ● protect national security; or ● protect the rights, freedoms and guarantees of third parties.
In such cases, we will inform you, in writing and without undue delay, of the reasons for refusal or limitation of this right. |
|
Right to oppose receiving marketing communications |
You may unsubscribe from our marketing communications at any time. The easiest way for you to unsubscribe is to click the “Unsubscribe” button in any email or communications we send you. You may also email us at _________________[5] . |
|
Right to receive your personal data and send the data to another provider (data portability) |
You may receive your personal data and send the data to another provider. We will send your personal data in the form of a CSV file, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data controller.
This right only applies to those data that you provide to us, which we process on the basis of consent or a contract. |
|
Right to know about us making decisions based solely on automated processing (including profiling) and object to it |
You have the right to know the mechanism of automatic processing of personal data and the right to protection against an automated decision that has legal consequences for you. This provision is intended to protect the data subject from decisions made by the algorithm without human involvement or control. If you wish to object to profiling or realise your rights connected with such data, please contact us using the details listed in Section 10.
This is since we may make decisions about you based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you. We may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s personal preferences, interests, behaviour etc.). This means that we may collect personal data about you like viewed products, your purchases or search history. We centralise this data and analyse it to evaluate and predict your personal preferences and/or interests for marketing purposes, to display the content tailored to your interests/needs. For more information about some of the instruments that we use to collect such data - see our Cookies Policy[6] . |
|
Right to file a complaint about the processing of your personal data |
If you have not obtained satisfaction in the exercising of your rights or the way to exercise them, you may file a complaint with the data protection authority or to the court and apply legal remedies in case of violating the data protection laws. You may also demand payment of moral and material damage.
The Data Protection Authority – Autoriteit Persoonsgegevens contacts:
Phone: +31 70 888 8500 |
8. Security of Personal Data
We take appropriate security measures to protect your personal data from accidental loss or destruction, from unlawful processing or access to it.
|
Type of measures |
Description |
|
Confidentiality |
All personnel are subject to full confidentiality, and any subcontractors and sub-processors are required to sign a confidentiality agreement if full confidentiality is not a part of the main agreement between the parties. Also, any access by authorised personnel is logged. We use verified contractors that might have access to the data as specified in this Privacy Policy and with whom relevant data processing agreements are concluded. Moreover, we guide and train our personnel to process your data securely. |
|
Isolation |
Access to personal data is restricted to individually authorised personnel. Authorised personnel are granted minimum access on a need-to-have basis. |
|
Account protection |
The Company provides Customers with a secure and encrypted connection when transferring personal data and logging in to the account on the Online Store. The Company uses an SSL certificate issued by one of the world’s leading companies in the security field and encryption of data sent over the Internet.
In the event that the Customer who has a Customer’s Account in the Online Store has lost any access password, the Online Store allows you to generate a new password. The Company does not send a password reminder. The password is stored in the database in an encrypted form in a way that prevents its reading. In order to generate a new password, please provide your email address in the form available under the link “Remind password”, provided next to the account login form in the Online Store. The new password will be automatically sent to the email address provided during registration or saved in the last change of the account profile.
We never send any correspondence, including electronic correspondence, with a request to provide login details, in particular the access password to the Customer's account. |
|
Internal Policies and Procedures |
All the employees and contractors are obliged to obey the internal security policy with respect to the processing of personal data. Such policy provides for organisation, physical, and technical security measures and, for such purpose, takes into account the nature, scope, context and purposes of the processing, as well as the risks posed to the rights and freedoms of data subjects. |
Disclaimer. While taking the necessary steps to secure your data, we have no choice but to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under the breach and if there is a high risk of violating your rights as a data subject, we would inform you and the respective data protection authorities as to the accidents without undue delay. We will also do our best to minimise any such risks.
9. Changes to this Privacy Policy
We may amend or update this Privacy Policy from time to time. If we decide to do so, and the amendments will substantially affect your rights and legitimate interests, we will notify you of any changes via email. We will also indicate the “Last modified” date at the top of this Privacy Policy.
10. Contact Information
If you have any questions about this Privacy Policy, our Online Store Rules, or your data we process, you are welcome to contact us:
La MakeUp Sp. z o.o.
st. Domaniewska 37, loc. 17.6
Warsaw, Poland
Email: dpo@makeup.pl
Also, you may reach a supervisory authority regarding collection and processing of your personal data at MakeUp at any time. Please refer to the contacts of your regulatory authority in section 7.
Thank you for choosing MakeUp!