Privacy Policy
Effective from: 01.01.2011.
Last update: 21.04.2023
Edition: V3
Who we are
The data controller of your personal data is SIA STENDERS, which is the owner of the online shop www.stenders-cosmetics.com. The Company’s unified registration No. 40003563248, registered on 28 September 2001, registered office at 63 Mūkusalas Street, Riga, LV-1004, Latvia.
SIA STENDERS has developed this privacy policy (“Privacy Policy”) to demonstrate our commitment to protecting your personal data and to inform you about how we process your personal data.
This Privacy Policy sets out our information processing practices in relation to the www.stenders-cosmetics.com website and the STENDERS mobile applications and other services we provide to users (collectively hereinafter in the text referred to as the “Services”). We will not disclose your personal data to other parties except for as set out in this Privacy Policy.
We will process the personal information you provide in Latvia in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
How to contact us
If you have any questions about how we collect, store and use your personal information and data, please contact us in one of the ways below:
- write to us at the following e-mail: info@stenders.lv;
- write to us at the following postal address (with note “About Privacy”):
SIA STENDERS, 63 Mūkusalas Street, Riga, Latvia, LV-1004.
STENDERS Services
By using the Services, you may view information and content owned, licensed or provided by SIA STENDERS, its subsidiaries and affiliates (“STENDERS”). The Services may also include information provided by third parties that is distributed pursuant to a licence, permission or other arrangement with STENDERS. In this Privacy Policy, the word “we” means STENDERS in the appropriate context.
Use of services and provision of information
Sometimes you may choose to provide us with personally identifiable information. For example, you may want to register, make purchases, read articles and view information, receive emails from us, receive invitations to events, participate in discussions, preview new services or take part in special promotions. If you register to use the Services or conduct transactions through www.stenders-cosmetics.com or any STENDERS mobile application, we will collect information about your transactions and other activities. We need certain information from you in order to register and authenticate you, process your entries and payments, and send goods to you as necessary.
In light of the above, the provision of your personal data to us is voluntary. However, if you do not provide them, we will not be able to achieve the purposes set out in the Privacy Policy. Where your personal data is processed on the basis of your consent, you may withdraw your consent to the processing of your personal data at any time, but this will not affect the lawfulness of the processing of personal data carried out before such withdrawal of consent.
Scope, purposes and duration of processing of personal data
We may collect information that you voluntarily provide to us, as well as site visit data, as described below.
Personally identifiable information that you provide
Personally identifiable information includes your name, email address, telephone number, date of birth, shipping and billing addresses, and a persistent identifier associated with the personally identifiable information, as well as other information that you may voluntarily provide to us. We collect such personally identifiable information provided by you for the following purposes of processing personal data:
1. Registration and membership administration in the STENDERS Loyalty Programme
We process your personal data in order to register you in the STENDERS Loyalty Programme and administer your membership. Membership in the STENDERS Loyalty Programme can be used to place an order in the STENDERS online shop, receive personalised offers, a permanent discount, commercial information about new products and other programme benefits both in the STENDERS online shop and in physical stores.
Your data will be used to create or access your STENDERS account and display relevant information in it, to respond to your requests, to make sure that your information is accurate and up to date, to verify your registration to you, and to contact you if we need to reach you and provide necessary information, such as changes to the conditions of STENDERS Loyalty Programme.
In order for us to create your account and manage your membership, you must provide the personal data necessary for the conclusion and execution of the contract, otherwise registration in the STENDERS Loyalty Programme is not possible. Your name, surname and email are required to register.
The retention period of personal data depends on the activity of your Member account. If it is inactive for two consecutive calendar years, the personal data will be deleted or permanently anonymised.
The legal basis for processing personal data is to enter into and perform a contract with you.
2. Managing personalised offers and other benefits
As part of your membership, we process your personal data to administer personalised offers and other benefits, such as birthday benefits. We only process personal data necessary for a specific benefit.
We use automated decision-making, including profiling, to provide you with personalised offers and other benefits. In order to do this, we may analyse the personal data you provide and the data we collect based on your behaviour (e.g., your shopping transactions, activities in your Member account) using a general rule or specific algorithms, predictive models. Our actions do not have any legal or similar effect on you.
In order to be able to provide you with basic benefits, we use automated decision-making based only on general rules that apply to all customers who are members of the STENDERS Loyalty Programme. It is not based on your preferences, behaviour or similar attributes and we do not offer or evaluate any aspect of your behaviour or preferences in order to provide such benefits. For example, based on the date of birth you enter, the system determines when your birthday benefits apply. Based on which benefits you do or do not use, we may identify other benefits we offer that are available to you.
In order for us to offer you personalised offers and personalised recommendations (and sometimes other benefits), we need to profile you, i.e., use specific algorithms, predictive models to analyse your preferences, behaviour or similar attributes. For example, specific algorithms analyse the personal data you provide and your shopping transactions (e.g., goods purchased) to develop personalised offers tailored to you. Based on your shopping transaction, we can also make a personalised recommendation to you about the other benefits we offer.
As personalised offers and benefits are the essence and primary purpose of membership, you cannot be a member if you do not want automated decisions and profiling to be made about you.
For the purpose of management of personalised offers and other benefits, your name, surname, date of birth, purchase history, user-generated personal data such as activity in information systems (including the STENDERS online shop) are required.
The retention period of personal data depends on the activity of your Member account. If it is inactive for two consecutive calendar years, the personal data will be deleted or permanently anonymised.
The legal basis for processing personal data is to enter into and perform a contract with you.
3. Managing purchases in the STENDERS online shop
We process your personal data in order to manage your purchases in the STENDERS online shop. Your personal data is processed in order to process your order, payment, send you an invoice, contact you about your order and the status of your order, deliver your order and perform similar activities related to the fulfilment of your order.
In order for us to be able to fulfil your order, you must provide the personal data necessary for the conclusion and performance of the contract. For example, to pay for an order you need to provide payment details, if you want home delivery we need to know the address where the order should be delivered.
You do not need to create an account to place orders in the STENDERS online shop. You can also place an order as a guest, providing only the personal details required to place the order, such as your name, surname, contact details and payment information.
We use your mobile phone number and email to contact you about your order. For example, to contact you in the case of problems with your orders, to deliver orders to your address or to inform you about the status of your orders (order confirmed, ready for delivery, delivered, cancelled, not fulfilled, available for pickup after unsuccessful delivery, etc.).
STENDERS may outsource the delivery of your order or offer to use the services of other delivery companies. In this case, limited personal data information may be shared with STENDERS partners acting as a separate data processor or controller. For example, your personal data, contact details, order and delivery information. In the event that information is shared with another data controller, STENDERS will provide a reference to the data controller's privacy policy.
Your name, surname, all contact details, order, payment, transaction and delivery information are required to administer purchases in the STENDERS online shop.
The retention period of personal data depends on the activity of your Member account. If it is inactive for two consecutive calendar years, the personal data will be deleted or permanently anonymised. Documentation relating to orders will be kept in accordance with national law for 10 years from the date on which the orders were placed.
The legal basis for processing personal data is to enter into and perform a contract with you.
4. Compliance with legal requirements
We process your personal data to comply with a number of legal requirements that apply to us, such as accounting requirements, product liability and product safety. For example, we store transaction information and documentation related to your order in STENDERS online shop (e.g., order data, invoice return data) for the statutory defined period.
Your name, surname, all contact details, order, payment, transaction and delivery information are required to comply with the legal requirements.
Documentation relating to orders will be kept in accordance with national law for 10 years from the date on which the orders were placed. Other information relating to the fulfilment of legal requirements will be kept in accordance with the time limits laid down in the legislation.
The legal basis for processing personal data is compliance with the legal obligation.
5. Managing customer claims, complaints and recommendations
We process your personal data in order to process your requests, complaints, suggestions and other enquiries, including feedback about our products in the online shop.
If you are making a claim, please also provide the following information: your name, surname, contact details, the statement of your claim and documents proving the validity of your claim. If you do not provide this information, we will not be able to assess and resolve your claim. Other categories of personal data referred to in this Privacy Policy may also be processed in the context of a customer claim or complaint.
All personal data relating to the claim, complaint or recommendation will be kept for a maximum of two years from the date of receipt. Personal data may be kept longer if the claim or complaint is still pending or if legal proceedings are still ongoing. In this situation, personal data will be stored until the outcome of the case or for 1 year after the conclusion of the relevant legal proceedings. Product reviews are stored until the product is available in the online shop.
Legal basis for processing personal data - processing is necessary for compliance with a legal obligation to which we are subject in relation to the handling of claims and complaints.
In the case of providing feedback on products in an online shop, the legal basis is that the processing is necessary to pursue our legitimate interest in receiving customer feedback to improve the shopping experience.
6. Surveys
We may process your personal data to ask you to participate in surveys to gather customer feedback in order to improve and expand our services. If you have consented to receive marketing information, we may send the survey to the contact channel of your choice. In other cases, we may publish your survey on our website, online or in physical stores, where you can access them and participate in the survey if you wish.
Participation in the surveys is up to you.
Surveys are anonymous, except for where participation in a survey is organised at the same time as participation in a prize draw.
In order to participate in the survey, if it is not anonymous, we may need your name, surname, contact details, purchase history, your feedback and your opinion.
The survey data will be kept until one year after the end of the prize draw.
The legal basis used for participation in the survey is your consent.
7. Lotteries
We process your personal data in order to administer lotteries, games and/or competitions of STENDERS or suppliers of STENDERS if you have expressed your wish to participate in lotteries, games and/or competitions. We process your personal data to identify and notify the winner, to identify you when issuing lottery, game and/or competition prizes, and to include your name in the lottery report in accordance with a legal obligation.
If you want to participate in a lottery, game and/or competition, you must provide us with your personal data. If you do not provide your personal data, you will not be able to participate in the lottery, game or competition or, if you win, we will not be able to award you a prize.
Your identity will be verified when the prize is issued and any discrepancies will result in the prize being cancelled.
The lottery may require your name, surname, contact details, purchase history and user-generated personal data, such as information about activity in the STENDERS online shop.
If you are a winner, your name will be entered on the prize record and in the lottery, game and competition minutes, which will be kept for five years from the date of the lottery, game and competition. In all other cases, personal data collected during the lottery, game and competition shall be stored for a maximum period of two years from the date of closure of the lottery or game.
For the purposes of the lottery, the legal basis for processing your personal data is your consent and our legal obligation to prepare the lottery report/issue the prize.
8. Sending of commercial communications
We process your personal data to send you marketing information such as personalised offers, information about discounts, benefits, sales, special campaigns, our newsletters, events, the latest products in our product range via your chosen communication channel such as SMS, email, browser notifications. At the same time, it is only possible to register for commercial communications for various newsletters without registering for the STENDERS Loyalty Programme.
We use automated decision-making, including profiling, to provide personalised and effective direct marketing communications to you. To do this, we take into account the personal data you provide to us and the data we collect based on your behaviour. Our actions do not have any legal or similar effect on you.
You can opt-out of commercial communications or direct marketing communications that we send to you at any time. You can do this by contacting info@stenders.lv or by using the withdrawal link in the notification sent to you by email.
If you opt-out of direct marketing communications, we will reset your personal data processing settings so that direct marketing communications are no longer provided to you.
Commercial communications may require your name, surname, date of birth, contact details of any kind, information about benefits used, purchase history, customer preference data (e.g., consents given), user-generated personal data (e.g., about an unfinished shopping basket), connection information (e.g., about the type of device used).
Data for the purpose of sending commercial communications will be processed until you withdraw your consent to receive commercial communications.
For the purposes of commercial communications, the legal basis for processing your personal data is your consent.
9. Information security, fraud prevention and legal claims management
We may process your personal data to defend, establish and enforce legal claims, including to prevent and/or stop fraudulent or unlawful activity, to gather evidence of problems discovered and administer the situation, and to stop the misuse of our products or services.
Any information and personal data referred to in this Privacy Policy that you have previously provided to STENDERS may be necessary to prevent fraud and manage legal claims.
In the case of legal claims, the data will be processed while the investigation, settlement and enforcement of the legal claim are ongoing. The data will be retained for three years after the decision to close the investigation or until the final execution of the court decision.
Data such as audit trails are kept for information security purposes for up to 18 calendar months, unless a longer retention period is required by law.
Processing is necessary for the pursuit of our legitimate interests in establishing, exercising or defending legal claims and ensuring the security of information.
10. Statistical and market research purposes
We process your personal data for statistical purposes in order to monitor, evaluate, improve and expand our online services. For these purposes, we will not process your name, contact details or any other directly identifiable information that can directly point to you as a specific person.
For statistical and market research purposes, information about the member's participation in the STENDERS Loyalty Programme (e.g., duration, year of registration), information about orders, deliveries, payments, purchase history, customer preferences, user activity within the STENDERS Loyalty Programme and testimonials may be required.
Data for statistical and market research purposes will be retained for as long as is necessary for us to pursue our legitimate interests.
For statistical and market research purposes, the legal basis for processing personal data is that the processing is necessary to comply with our legitimate interests to improve and expand our services.
To protect your privacy and security, we will take appropriate measures to verify your identity, such as requesting a password and user ID before giving you access to your data. We strive to protect users' personal information and privacy, but we cannot guarantee the security of any information you disclose online and you do so at your own risk.
Transfer of information
STENDERS will not disclose any personally identifiable information to third parties without your consent. Exceptions include:
-
STENDERS may share the information collected with our third party service providers (e.g., our payment service providers or courier services, etc.). If we share information about you, we will require the relevant third parties to treat it in accordance with this Privacy Policy and not to disclose or use your personally identifiable information for any purpose other than to provide services to you or for the benefit of STENDERS.
We currently use the following third-party service providers:
“PayPal (Europe) S.à r.l.et Cie, S.C.A.” (Registration No.: R.C.S. Luxembourg B 118 349)
“Paysera LT” (Registration No.: 300060819)
“QWQER EU SIA” (Registration No.: 40103636656)
“SIA DPD Latvija” (Registration No.: 40003393255)
“OMNIVA SIA” (Registration No.: 40103527192)
“Federal Express Corporation filiāle Latvijā” (Registration No.: 40003924047)
“DHL Express Latvia SIA” (Registration No.: 50003251661)
“Hetzner Online GmbH” (Registration No.: HRB 6089)
“Google Cloud EMEA” (Registration No.: IE660412)
“Google Commerce Limited” (Registration No.: IE512080)
“FACEBOOK IRELAND LIMITED” (Registration No.: IE462932)
“Magicx Ltd” (Registration No.: 515825495)
“Httpool Latvia SIA” (Registration No.: 40203196695)
“Hotjar Ltd” (Registration No.: C65490)
“SendinBlue” (Registration No.: 49801929)
“SMS solutions SIA” (Registration No.: 40203006794)
“Lucas Loureiro Carvalho Suporte Tecnico ME” (Registration No.: CNPJ 25132753000181)
“SIA Wonderland Media” (Registration No.: 40103290377) - We may disclose the information we collect, including personally identifiable information, to third parties as required by law. For example, we may disclose information to supervisory authorities and law enforcement authorities upon their formal request.
- We may disclose the information we collect, including personally identifiable information, to companies that may own STENDERS in whole or in part.
- We may transfer your personal data to our insurers and professional advisers in connection with risk management, professional advice or for the purpose of bringing, pursuing and defending legal claims.
We may transfer your personal data not only in the cases set out above, but also in order to comply with our legal obligations. For direct marketing purposes, we may share personal data with our partners who provide marketing services to us with your consent. These service providers currently are:
“Google Commerce Limited” (Registration No.: IE512080)
“FACEBOOK IRELAND LIMITED” (Registration No.: IE462932)
“Magicx Ltd” (Registration No.: 515825495)
“Httpool Latvia SIA” (Registration No.: 40203196695)
“Hotjar Ltd” (Registration No.: C65490)
“SendinBlue” (Registration No.: 49801929)
“SMS solutions SIA” (Registration No.: 40203006794)
STENDERS always endeavours to ensure the processing of your personal data in the EU/EEA.
our personal data may be transferred to a country outside the EU/EEA or processed in a country outside the EU/EEA by contracted service providers. To ensure adequate protection of your personal data when transferring data outside the EU/EEA, we make sure that adequate safeguards are in place to protect your personal data. For example, a decision by the EU Commission that the country ensures an adequate level of protection of personal data, standard contractual clauses, etc. You can obtain information about the personal data protection measures in place by submitting a written request to us.
STENDERS is not responsible for the protection of information that you provide on other websites. You should be aware that if you voluntarily disclose personally identifiable information on other applications and websites, it may be collected and used by other parties and you may start receiving unsolicited messages as a result.
Information storage
Trading transactions
Situations may arise where we decide, for strategic or other reasons, to sell, buy, merge or otherwise reorganise our business. Such a transaction may involve disclosing personally identifiable information to prospective or actual buyers or joint venture partners, as well as receiving such information from sellers. In line with our standard practice, we endeavour to ensure the adequate protection of information in such transactions.
Your rights
This section of the Privacy Policy covers your rights under data protection law. Some rights cover many aspects, so we only cover the main ones in this Privacy Policy. We recommend that you consult the relevant legislation and supervisory authorities' guidelines to know all the details about these rights.
You have the following rights in relation to the protection of your personal data:
- the right to receive information about the processing of personal data;
- the right to have access to your personal data that we store;
- the right to request rectification of the personal data we hold about you (most of which you can rectify by logging in to your account);
- the right to ask us to erase your personal data (“right to be forgotten”);
- right to limit the processing of your personal data;
- the right to object to the processing of your personal data;
- the right to object to your personal data being processed for direct marketing purposes;
- the right to data portability;
- the right to withdraw consent to the processing of your personal data;
- the right to lodge a complaint with the supervisory authority.
If you wish to exercise your rights, or if you have any questions about the processing of your personal data or the exercise of your rights, please contact us at info@stenders.lv.
STENDERS provides its customers with the possibility to exercise the rights listed in this Privacy Policy in the profile settings on the STENDERS website.
The right to get familiarised with your personal data that we process. You have the right to receive confirmation from us as to whether we are processing your personal data. When we process your personal data, you have the right to get acquainted with the personal data processed and the information about the processing, such as the purpose of the processing, the categories of personal data, the recipients of the personal data, etc. We will provide you with a copy of your personal data. You have the right to receive your personal data in a systematic, commonly used and computer-readable format. But you can't use these rights where they might adversely affect the rights and freedoms of others.
We have the right to refuse to provide your processable personal data where the law specifies the circumstances in which personal data will not be provided.
Right to request the rectification of your personal data that we store. You have the right to update any inaccurate personal data and, taking into account the purposes of the processing, to complete any incomplete personal data.
Right to restrict the processing of your data. This right may be exercised in the following cases:
- you contest the accuracy of the personal data;
- the personal data is being processed unlawfully but you do not want it deleted;
- the personal data is no longer necessary for our processing purposes but you request it in connection with the establishment, exercise or defence of legal claims; or
- you do not consent to its processing based on our legitimate interests or those of a third party, pending verification of the grounds for your non-consent.
By restricting the processing of personal data, we may continue to store your personal data, but we will not continue to process it except:
- with your consent;
- in connection with the establishment, exercise and defence of legal claims;
- to protect the rights of other natural or legal persons; or
- for important public interest reasons.
The right to object to the processing of your personal data. You may exercise this right for any purpose for reasons relating to your particular situation, but only to the extent that we use the data in connection with our legitimate interests or those of a third party. If you do not consent, we will not continue to process your personal data unless we can demonstrate that the processing is for compelling legitimate reasons which override your interests, rights and freedoms or for the establishment, exercise and defence of legal claims and/or legal actions.
Right to object to the processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you do not agree, we will no longer process your personal data for these purposes.
Right to data portability. You can exercise this right in cases where we process your personal data by authorised means (computers, etc.) and the legal basis for processing your personal data is:
- Your consent, or
- performance of the contract or actions taken at your request before the conclusion of the contract.
The right to withdraw consent to the processing of your personal data. Where the legal basis for processing your personal data is consent, you have the right to withdraw consent at any time. Withdrawal of consent will not affect the lawfulness of data processing during the period prior to withdrawal.
The right to lodge a complaint with the supervisory authority. If you believe that we violate personal data protection legislation by processing your personal data, you have the right to file a complaint with the State Data Protection Inspectorate, located at Elijas street 17, Riga, LV-1050, https://www.dvi.gov.lv/lv/. In all cases, please contact us before making a complaint so that we can find a suitable solution together.
Data deletion
As stated above, you have the right to request the erasure of your personal data that we hold.
If you wish to delete this personal data, please contact us:
- write to us to the following e-mail: info@stenders.lv;
- write to us at the following postal address (with note “About Privacy”): SIA STENDERS, 63 Mūkusalas Street, Riga, Latvia, LV-1004.
Upon the receipt of your request for deletion, we will comply with the provisions of the General Data Protection Regulation (GDPR). GDPR provides for the right to have personal data erased in certain circumstances:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you withdraw your consent and there is no other lawful basis for processing the data;
- you do not consent to the processing of personal data for the purposes of our legitimate interests or those of a third party;
- personal data being processed for direct marketing purposes;
- personal data were processed unlawfully;
- personal data must be deleted in accordance with the requirements of the law applicable to us.
Please note that in some cases you may not be able to exercise these rights due to applicable exceptions. These exceptions include where the personal data processed is necessary for:
- the exercise of freedom of expression and information;
- the performance of our legal obligations; or
- the establishment, exercise or defence of legal claims.
We will check whether any of the cases listed apply to you. If GDPR requires personal data to be deleted at your request, it will be deleted.
Please note that personal data will not be deleted if their processing is necessary for compliance with a legal obligation imposed by law, or if personal data are necessary for the establishment, exercise or defence of legal claims.
Effective date
This Privacy Policy is effective as of January 2011. We reserve the right to change this Privacy Policy at any time. If we do, we will post the current Privacy Policy on this page. Any amendments to this Privacy Policy will take effect on the date of their publication.