These data protection terms describe how customers’ personal data is processed within the Estee salon network and what customers’ rights are in relation to the processing of their personal data.
The personal data controller is Beautyset OÜ (registration code 12260841, registered office Nurga 7-80 74113 Maardu, hereinafter referred to as Estee).
Personal data is any information about an identified or identifiable natural person (“data subject”). The Estee salon network is guided by the current legislation in the processing of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR) and the Law on the Protection of Personal Data, and does its best to ensure a high level of protection personal data.
1. PROCESSED PERSONAL DATA AND PROCESSING
1.1. Estee processes the following personal data of customers:
- general identification data (including name, personal code, contact details);
- health data required to provide services, including responses to a client screening questionnaire and health information communicated verbally or otherwise to staff
- data about the services we provide to you, including the content of the service, time, cost, regularity, etc.;
- your communications with Estee salons, including your emails and other inquiries, including personal data disclosed by you in the course of communications;
- information about whether you would like to receive offers about products and services of Estee salons.
1.2. Estee is guided by the following principles when processing personal data:
- the principle of lawfulness, fairness and transparency – the processing is lawful, fair and transparent for the data subject;
- purpose limitation principle – personal data is collected for precisely and clearly defined and legitimate purposes and is not further processed in a manner contrary to these purposes;
- the principle of collecting as little data as possible – personal data is relevant, important and limited to what is necessary for the purposes of their processing;
- the principle of correctness – personal data are reliable and, if necessary, updated, and all reasonable measures are taken to immediately delete or correct incorrect ones from the point of view of the purpose of processing personal data;
- storage limitation principle – personal data is stored in a form that allows the identification of data subjects only as long as it is necessary to achieve the purpose for which personal data is processed;
- the principle of reliability and confidentiality – the processing of personal data is carried out in a manner that ensures adequate security of personal data, including protection against unauthorized or illegal processing, as well as against accidental loss, destruction or damage using appropriate technical or organizational measures.
- PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
2.1. The Estee salon network processes personal data for the following purposes and legal bases:
- to provide a specific service to a client;
- manage the contractual relationship with the client and organize services (for example, to confirm registration and billing).
- comply with the requirements arising from the law and the relevant provisions of national law that oblige us to process personal data;
- to monitor and ensure the quality of the services we provide and to improve your customer experience.
- send offers to the client on the services of the Estee salon network. For this purpose, we process the client’s personal data if the client has given their consent or if we use the client’s personal data to offer similar services that the client has already used in the Estee network of salons, and the client has not opted out of such use of his contact data (§ 103 1 of the Law about electronic communications).
- STORAGE OF PERSONAL DATA
3.1. Estee processes customer personal data during the provision of services and then retains personal data for as long as it is necessary to fulfill the purpose for which we collected it, including to comply with legal obligations that apply to us.
3.2. Personal data related to medical services and the provision of other services may be part of our accounting and business records and will be stored for 7 years from the end of the year of their registration.
3.3. As a general rule, we retain collected personal data for which a longer retention period is not required by applicable law, as long as it is necessary in connection with the provision of services.
- TRANSFER OF PERSONAL DATA
4.1. Estee may share your personal data with third parties for the purposes set out in paragraph 2, where permitted by applicable law. We share your personal data (including health data) in the following cases and in the following ways:
4.2. our cooperation partners, whom we use to better organize our activities (for example, IT service providers) or to improve and control the quality of our other services. In such cases, we ensure that all persons to whom we transfer your personal data for their processing as an authorized processor process personal data strictly in accordance with our instructions, limited to the legal basis for processing personal data, purposefully, to the minimum necessary extent. extent and otherwise in accordance with applicable data protection law;
4.3. to public authorities, if the transfer of personal data is necessary for the fulfillment of their obligations arising from the law, or for the prevention or investigation of possible crimes;
4.4. other third parties, if it is necessary to protect their property and rights or defend against legal claims;
4.5. Your personal data will not be transferred outside the European Economic Area.
- RIGHTS OF THE DATA SUBJECT
5.1. Data subjects have the following rights under applicable data protection laws, subject to restrictions arising from those laws on the exercise of these rights:
- the right to receive information about the personal data being processed about the data subject;
- the right to correct personal data if personal data is incorrect;
- the right to request the deletion of personal data, unless the data controller can legally refuse to do so;
- the right to demand restriction of the processing of personal data;
- the right to object to the processing of your personal data;
- right to transfer personal data
- the right to withdraw consent at any time.
5.2. To exercise your rights or have any questions, please contact us at [email protected]. We also ask that you contact us if you discover that we have processed your personal data in violation of applicable law.
- MODIFICATION OF THE DATA PROTECTION CONDITIONS