YOUR PRIVACY IS EXTREMELY IMPORTANT AND THIS IS OUR COMMITMENT:
1) We respect your privacy and your choices.
2) We ensure that privacy and security are incorporated into everything we do.
3) We do not send you marketing communications unless we are authorized to do so. You can change your mind at any time.
4) We will never sell your data.
5) We are committed to keeping your data safe and secure. This includes only working with trusted partners.
6) We are committed to being open and transparent in the use of your data.
7) We do not use your data without informing you beforehand.
8) We respect your rights and, as far as possible, always try to respond to your requests in accordance with our own legal and operational responsibilities.
For more information about our privacy practices, below we set out what types of Personal Data about you we may collect or maintain, how we may use them, with whom we may share them, how we protect them, and how you can exercise your rights with respect to such data.
When you share your Personal Data with us or when we collect Personal Data about you, we use it in accordance with this Privacy and Data Protection Policy (hereinafter, the "Policy"). Please read this information carefully as it will apply to browsing our website: www.umoacosmetics.com (hereinafter the "Website"), as well as to the purchase of our products through it.
Welcome to UMOA.
1) WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
UMOA CARE S.L., located at c/ Camino Real de los Neveros 145, 1ºC, 18008 Granada, Spain, registered in the Commercial Registry of Granada under Volume 1783, Folio 29, Section 8, with Tax Identification Number (C.I.F.) B67817320, is responsible for the personal data you share with them ("UMOA", "we", "us" or "our") in accordance with applicable data protection laws.
You guarantee that the personal data you provide is true and accurate and commit to notifying any changes or modifications to this data.
2) HOW DID WE OBTAIN YOUR DATA?
At UMOA, we want to talk to you to learn from you so that our products better meet your needs. Therefore, there are many ways you can share your personal data with us so that we can collect it. For example, we may collect your data through our website, forms, applications, devices, or social networks, among others. In some cases, you directly provide us with your personal data (for example, when you create an account, contact us, make a purchase on our website). In other cases, we collect your data (for example, by using cookies to understand how you use our website), or we receive your data from third parties.
3) WHAT PERSONAL DATA DO WE PROCESS?
The data we will process for the legitimate purposes explained later are as follows:
3.1) Identification data necessary to maintain the relationship with you: name, surname, date of birth or age range, nationality, preferred language, postal and electronic address, telephone;
3.2) Payment information. Our product payments are managed through the PayPal, Klarna, and Shopify Payments platform, so UMOA does not collect any personal data of this nature;
3.3) Personal Data to create a product routine: gender, pregnancy or lactation data, age, skin type, etc.;
3.4) Profile data: ID, username and password, purchases or orders made, preferences, comments and survey responses, as well as all profile data we may add (such as data analysis or profile generation). Social media profile (when you use social login or share this personal information);
3.6) Any data that you voluntarily send us to one of our email addresses that end in @umoacosmetics.com or that you share with us about yourself (for example, through your "My Account" page, contacting us or providing your own content such as photos or reviews or questions through the chat function or other communication channels or participating in a contest, game or survey);
3.8) Marketing and communication data: data about your preferences for receiving direct marketing from us or third parties as well as your communication preferences;
3.9) We also collect, use and share aggregated statistical or demographic data regardless of its purpose: aggregated data can be derived from your personal data although once aggregated legally they are not considered personal data as they do not reveal your direct or indirect identity.
For example, we may aggregate your usage data to calculate the percentage of users accessing a particular feature on the Website.
3.10) In order to improve the service and content we offer, UMOA's website uses the Google Analytics web analysis service.
3.11) We also collect personal data from your resume through our website. For example, if there is any available vacancy at UMOA for which you may have applied.
4) WHY DO WE COLLECT YOUR PERSONAL DATA?
UMOA processes your personal data for the following purposes:
- Provide you with the information you request about our products.
- Ensure the proper processing of your order. For example, when you make a purchase with us through our website.
- When you register as a user through our website.
- Manage your subscription to our newsletter and send commercial communications.
- Gestión de la suscripción al programa de fidelización.
- Manage participation in giveaways, promotions, and/or surveys.
- We may conduct a personalized test to determine the best routine for you, which is why we would need to collect some data that may be considered sensitive. The data we need includes gender, age, skin type, pregnancy, habits, etc.
- We use your identification, technical, contact, tracking, usage, and profile data to create an understanding of what we believe you may want or need, or what may be of interest to you. This allows us to determine which products, services, and offers may be relevant to you in order to communicate them to you. This process is called "direct marketing."
- When we need to comply with any legal or regulatory obligations. For example, keeping sales records to fulfill our tax obligations.
- Manage your job application if you apply for a job through the website.
We always strive to make it clear on our website what we do and what communications we will send you when you decide to subscribe to our newsletter or participate in a promotion or survey. Of course, you have the right to change your mind at any time and unsubscribe from these services. The easiest way to cancel your subscription and object to receiving commercial communications at any time is by sending an email to firstname.lastname@example.org or by clicking on the unsubscribe link found at the end of each communication.
5) WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
We only use your personal data when permitted by law. Depending on the specific purpose for which we use your personal data, your processing may be based on more than one legal basis. Generally, the legal bases for processing your personal data are:
5.1) Your consent to:
- Conduct a personalized test to determine the best routine for you.
- Manage your subscription to our newsletter and send commercial communications when they are not related to our own products or when there is no contractual relationship, as well as create your commercial profile to send you information that may be of interest to you based on your purchase and browsing history.
- Management of subscription to a loyalty program.
- Managing registration or subscription to games, promotions, offers, surveys.
5.2) Our legitimate interest (after conducting a balancing test with your rights and freedoms, which is available upon prior request), in particular:
- Conducting statistics and personalization tests: to better understand your needs and expectations and therefore improve our services, websites/applications/devices, and products.
- Enabling the operation of our website/applications through technical and functional cookies: keeping our tools (websites/applications/devices) safe and secure and ensuring they function properly and continuously improve.
- Sending commercial communications in the case of our own products, similar to those you have purchased, as well as creating your commercial profile to send you information that may be of interest to you, based on your purchase and browsing history. For this purpose, we will not profile using data that we have not directly collected from you.
- Conducting treatments using your identification data, purchase history, and links to suspicious activities for the purpose of preventing fraud, with the legitimate interest of avoiding financial loss and damages.
5.3) Execution of a contract or performance of pre-contractual actions if requested, for example:
- Providing customer support service.
- Providing you with the information you request about our products.
- Ensuring the proper processing of your order. For example, when you make a purchase with us through our website.
- Registering you as a user through our website.
- Responding to a request you make (e.g., a job application, a request for information about a product you have purchased or wish to purchase, etc).
5.4) Compliance with UMOA's legal obligations that involve the processing of personal data (such as tax, accounting, and corporate obligations).
When we collect your personal data, we indicate the mandatory fields with asterisks. Some of the data we request from you is necessary to:
- Fulfill our contract with you (e.g., to deliver the products you have purchased on our website and/or applications).
- Provide you with the requested service (e.g., sending you a newsletter).
- Comply with legal requirements (e.g., invoicing).
If you need more information on this matter, please do not hesitate to contact us.
6) ABOUT PROFILING
7) DATA OF MINORS
We do not collect data from minors; likewise, to access this website, use it, and purchase our products, you must be of legal age.
8) UMOA'S PROFILES ON SOCIAL MEDIA
UMOA has the following profiles on Internet social media: LinkedIn, Facebook, Instagram, TikTok.
UMOA recognizes itself as responsible for the processing of its users', followers', or people who make comments through them. Likewise, UMOA is exempt from any responsibility derived from users' and followers' comments on its social media. .
We may use the profiles described above to inform our users about topics that we consider of their interest.
9) WHO CAN ACCESS YOUR PERSONAL DATA
9.1) Your personal data may be processed on our behalf by our trusted third-party providers.
We enter into contracts with third parties, entities, and trusted professionals to perform a variety of business operations on our behalf. We only provide them with the information they need to perform the service and require them not to use your Personal Data for any other purpose. We do our utmost to ensure that all third parties we work with maintain the security of your Personal Data and do not allow them to use your Personal Data for their benefit, ensuring that they only process them for the specified purposes and in accordance with our instructions.
9.2) Your data may be shared with payment providers.
9.3) Your data may be shared with Facebook, Pinterest, Google, and TikTok
All Facebook, Pinterest, and TikTok functions and services available on our website or applications are governed by the respective Privacy Policies of each of these platforms, where you can obtain more information about your privacy rights and configuration options.
By using this website or application, you can:
(i) Use social plug-ins such as those from Facebook ("like" or "share") to spread our content on these platforms;
(ii) Accept cookies from these websites or applications that will help us understand your activities, including information about your device, how you use our services, the purchase/s you make, and the ads you see, whether you have a Facebook, Pinterest, or TikTok account or if you are logged into them. When you use these functions, we collect data that helps us:
- Show you advertising that may interest you on Facebook (or Instagram, Messenger or any other Facebook service), Pinterest, and/or TikTok; and
- Measure and analyze the effectiveness of our website or applications and ads.
We may also use the personal information you have provided us on this website or application (such as your name and surname, email address, address, gender, and phone number) to identify you on Facebook (or Instagram, Messenger or any other Facebook service), Pinterest, and/or TikTok in order to show you ads that are even more relevant to you. By doing so, Facebook, Pinterest, and TikTok will not share your personal information and will delete it immediately after you finish the identification process.
9.4) Your data may be shared with the hosting provider: Shopify
9.5) Your data may be shared with the software provider for sending commercial communications: Klaviyo.
9.6) Your data in the future may be shared with Chat Applications.
9.7) We do not offer or sell your personal data.
10) INTERNATIONAL DATA TRANSFERS
The Personal Data we collect from you may be transferred, accessed, and stored in a destination outside the European Economic Area ("EEA"), particularly the United States. They may also be processed by staff operating outside the EEA who work for us or for one of our service providers. Whenever UMOA transfers your Personal Data outside the EEA, it will be done securely and legally, complying with the corresponding data protection legislation. As some countries may not have laws governing the use and transfer of Personal Data, we take measures to ensure that third parties comply with the commitments set out in this Policy. These steps may include reviewing third parties' privacy and security standards and/or entering into appropriate contracts (based on the EU Commission's standard data protection clauses).
Service providers located outside the EEA, such as Facebook or Google, may access your personal data. These service providers are required to protect your Personal Data according to a set of well-defined protection rules and safeguards established by the European Union, in particular by signing standard contractual clauses. If you want more information about privacy guarantees, you can contact us using the postal and email addresses provided above.
11) HOW LONG WE KEEP YOUR DATA
Your Personal Data will be kept for as long as your relationship with UMOA is maintained and, after the end of that relationship for any reason, during the legal limitation periods that are applicable. In this case, they will be processed solely for the purpose of proving compliance with our legal and/or contractual obligations.
To determine the data retention period of your Personal Data, we use the following criteria:
(i) Personal data obtained when purchasing products and services: for the duration of our contractual relationship, and after this period for as long as necessary to fulfill our legal obligations (tax, accounting, etc.) as well as during the limitation or expiration period of liabilities arising from processing;
(ii) Personal data obtained when participating in a promotional offer: during the validity of the promotional offer;
(iii) Personal data obtained when contacting us for an inquiry: Personal Data for as long as necessary to handle your inquiry;
(iv) Personal data obtained when creating an account: until you ask us to delete them or after a period of inactivity (without active interaction with the brand) of three (3) years;
(v) Personal data obtained when giving your consent for receiving commercial communications: until you unsubscribe, demand deletion or after a period of inactivity (without active interaction with the brands) of three years;
After these limitation periods have expired, your data will be deleted or alternatively anonymized.
12) SECURITY MEASURES APPLIED TO THE PROCESSING OF YOUR DATA
We are committed to protecting your Personal Data and taking all reasonable precautions to do so. We contractually require trusted third parties handling your Personal Data to do the same. We always do our best to protect your Personal Data, and once we have received your personal information, we use strict procedures and security features to try to prevent unauthorized access. As transmitting information over the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site.
13) LINKS TO THIRD-PARTY SITES AND SOCIAL LOGIN
14) SOCIAL MEDIA AND USER-GENERATED CONTENT
Our website and applications allow users to submit their own content. Remember that any content submitted to one of our social media platforms may be viewed by the public, so you should be careful when providing certain personal data (e.g., financial information or address details). We are not responsible for any actions taken by others if you post personal data on one of our social media platforms, and we recommend that you do not share such information.
15) YOUR RIGHTS AND OPTIONS
You can exercise your rights of access, rectification, erasure, and portability, restriction, and/or objection to processing by using the postal and email addresses provided, specifying the right you wish to exercise. To process your request, we may ask you to verify your identity..
15.1) Right to information - You have the right to obtain clear, transparent, and easily understandable information about how we use your Personal Data and about your rights. We provide you with this information in this Policy;
15.2) Right of access Right of access - You have the right to access the Personal Data we hold about you (subject to the limits of applicable law). Manifestly unfounded, excessive, or repetitive requests may not be honored or we may charge the costs incurred. To exercise this right, please contact us using any of the means specified in this Policy;
15.3) Right of rectification - You have the right to have your Personal Data rectified when it is inaccurate or no longer valid or to have it completed when it is incomplete. To exercise this right, please contact us using any of the means specified in this Policy. If you have an account, it may be easier for you to correct it yourself by modifying it from your profile;
15.4) Right to erasure/right to be forgotten - In certain cases, you have the right to have your Personal Data erased or deleted. It should be noted that this is not an absolute right, as we may have legal or legitimate reasons to retain them. If you want us to delete your Personal Data, please contact us using any of the means specified in this Policy;
15.5) Right to object to direct marketing, including profiling - You can unsubscribe from our direct marketing communications at any time. The easiest way to unsubscribe is by clicking on the "Unsubscribe" link in any email or communication we send you. Alternatively, you can contact us using any of the means specified in this Policy. To object to profiling, please contact us using the means specified in this Policy.
15.6) Right to withdraw consent at any time when data processing is based on consent - You can withdraw your consent to the processing of your Personal Data when the processing is based on your consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before your withdrawal. To find out when the processing is based on consent, please refer to the list included in section "5) WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA", where we specify the legal basis for processing your Personal Data. If you wish to withdraw your consent, please contact us using any of the means indicated in this Policy.
15.7) Right to object to processing based on legitimate interests - You can object at any time to the processing of your data when the processing is based on legitimate interests. To find out when the processing is based on legitimate interests, please refer to the list included in section "5) WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA", where we specify the legal basis for processing your Personal Data. If you want to exercise the right to withdraw your consent, please contact us using any of the means indicated in this Policy.
15.8) Right to lodge a complaint with a supervisory authority - You have the right to lodge a complaint with the Spanish Data Protection Agency regarding UMOA's privacy and data protection practices. Please feel free to contact us using any of the means indicated in this Policy before lodging a complaint with the competent data protection authority.
15.9) Right to data portability - You have the right to transfer, copy, or transfer data from our database to another database. This right can only be exercised with respect to data that you have provided, when the processing is based on the performance of a contract or on your consent, and the processing is carried out by automated means. To find out when the processing is based on a contract or consent, please refer to the list included in section "5) WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA", where we specify the legal basis for processing your Personal Data. For more information, please contact us using any of the means indicated in this Policy.
15.10) Right to restriction of processing - You have the right to request the restriction of the processing of your data. If you exercise this right, the processing of your data will be subject to limitations, so we may store them but may not continue to use or process them.
This right can only be exercised in certain circumstances defined by the General Data Protection Regulation, as follows:
- If you challenge the accuracy of Personal Data, during the period that allows the controller to verify its accuracy;
- If the processing is unlawful and you oppose the erasure of Personal Data and instead request the restriction of its use;
- If the controller no longer needs the Personal Data for processing purposes, but you need it for the establishment, exercise, or defense of legal claims;
- If you have objected to processing under Article 21, section 1, while verifying whether the legitimate grounds of the controller override your interests.
If you wish to exercise this right, please contact us using any of the means indicated in this Policy.
Si consideras que el tratamiento de tus Datos Personales vulnera la normativa o tus derechos de privacidad, puedes presentar una reclamación:
- With UMOA, at the postal and email addresses indicated.
- With the Spanish Data Protection Agency, through its electronic headquarters or at its postal address.
16) CONTACT US
If you have any questions or concerns about how we treat and use your Personal Data or if you wish to exercise any of the rights described above, please do not hesitate to contact us using our usual contact methods such as our contact form, email: LOPD@umoacosmetics.com or by writing to the following address: UMOA CARE - Privacy: C/Camino Real de los Neveros 145, 1ºC 18008 Granada, Spain.
For any other questions, you can use this email: email@example.com
We are committed to improvement, and if you believe that your advice can help us in that regard, we will be happy to listen.
Last update: December 12th, 2022