Last updated: April 2020
Our Commitment to You
Maelys Cosmetics Ltd. and its affiliated companies (together: “Maelys”, "us" or "we") are dedicated to providing clients and site visitors (collectively. "users") with the highest level of transparency and control over the use of their information. In order for us to provide you with our services we are required to collect and process certain personal information about you and your activity.
By entrusting us with your information, we would like to assure you of our commitment to keep such information private. We have taken measurable steps to protect the confidentiality, security and integrity of this Information.
Grounds for Data Collection
You are not legally required to provide us with your “Personal Data” (meaning any information which may potentially allow your identification with reasonable means), but without it we might not be able to provide you with the full range of, or the best experience while using our websites or the full range of our services (together, the “Services”).
Processing of is necessary for the performance of our contractual obligations towards you, for providing you with our services and the operation of our, to protect our legitimate interests and for compliance with legal and regulatory obligations to which we are subject.
Our legal basis for collecting and using your Personal Data will depend on the particular purpose for which your data is being processed, however, we generally use the following:
- Performance of a contract – We will use this basis for processing necessary to make the Services, including support services, available to you, and to send you service communications.
- Consent – In limited cases (where you choose to sign up to receive direct marketing emails, and where you accept cookies on our website) we will process your Personal Data based on your consent. You can withdraw your consent at any time by contacting us using the details provided below.
- Legitimate interests – We will process your Personal Data based on our legitimate interests in maintaining and improving our Services, such as for the purpose of understanding how our Services are used and improving them, our customer service and support operations, and protecting and securing our users, ourselves and our Services.
- Compliance with a legal obligation - In limited cases we may process your Personal Data where we need to do so to comply with a legal obligation e.g. which is set out in an applicable law, or if we receive an order from a court or regulatory body.
What type of data we collect?
In the course of using the Service, we may ask you to provide us with certain Personal Data to provide and improve the Service, to contact or identify you, to enable you to access certain parts of the Website, and as otherwise indicated in this Policy. We collect the following Personal Data about you:
- Registration and order information – when you make a purchase on our website, or register to become a Maelys member, we will collect your name, your mailing address, your email address, your telephone number. If you choose to register to our Services using your social media account in addition to the above we will also receive access to personal information included in such account, such as your profile picture and any other information you make available subject to your privacy settings in the applicable social media platform.
- Information received from you – you may choose to provide us Personal Data voluntarily, such as when you contact us (via a contact form on our Services, e-mail or any other channel, including any support services), or when you provide us with your e-mail address when you sign-up to receive our newsletter or other communications.
- When using our Website – our webserver will collect your IP-address, and information about your general location (such as city and country).
- Information from third parties – this includes information we receive from our business partners, and may include Personal Data such as your contact details (name, phone, email) as well as details pertaining to your company, your job description, etc’.
We also collect data about the use of our Service and the characteristics and activities of users, in order to operate it and improve it. We may collect the following non-Personal Data:
- Technical information – when someone visits, interacts with or uses our Services, including by e-mail or text messages sent to them by us or our Services, we may collect or generate technical data about them. This includes data such as website visits, the browser you are using and its display settings, your operating system, device type, session start/stop time, referral URL, time zone, network connection type (e.g., Wi-Fi, cellular), and cookie information. We collect or generate such data either independently or with the help of third party services, including through the use of “cookies” and other tracking technologies (as further detailed in the Tracking technologies section below). We do not use such data to learn a person’s true identity or contact details, but mostly to have a better understanding on how our users typically use and engage with our Services.
- When you make a purchase on our Service – we do not collect or save your payment details. These are processed directly by our payment processing providers.
If we combine Personal Data with non-Personal Data, the combined data will be treated as Personal Data. Further Personal Data will only be stored and processed if you voluntarily provide it to us, e.g. through a contact form.
When you visit or access our Services we use (and authorize 3rd parties to use) pixels, cookies, events and other technologies ("Tracking Technologies"). Those allow us to automatically collect information about you, your device and your online behavior, in order to enhance your navigation in our Services, improve our Services’ performance, perform analytics and customize your experience. We and our advertising partners also use Tracking Technologies to improve our advertising practices and make ads and related marketing content we deliver more effective, relevant and enjoyable, including by deploying retargeting and ad measurement and attribution systems. Such data is pseudonymized and only includes advertising identifiers (Advertising IDs), IP addresses, and other interest-based data.
Storing Tracking Technologies
We store Tracking Technologies when you visit or access our Services (typically, when you are access our Website). These are called "First Party Tracking Technologies". In addition, Tracking Technologies are stored by other third parties (for example our analytics service providers, business partners and advertisers) – these are called "Third Party Tracking Technologies".
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
- Analytical or performance cookies. These allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our Service works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the ads more relevant to your interests. We may also share this information with third parties for this purpose.
How to Manage Your Tracking Technologies Settings
There are various ways in which you can manage and control your Tracking Technologies settings. Please remember that, by deleting or blocking Tracking Technologies, some of the features of the Services may not work properly or as effectively.
- Below are some links to some commonly used web browsers. Information about cookies is usually found in the "Help" section of the web browser.
- Mobile Devices - You can-opt out of certain types of interest-based advertising (or “cross-app” advertising), by accessing the “settings” on your device:
- If you're using an Apple device you can configure your device to limit ad tracking to by clicking on "settings" > "privacy" > "advertising" and toggling "limit ad tracking" to ‘on.’
- If you're using an Android device you can opt out of most app-based tracking for advertising by opening the "Google Settings" app on your device, selecting "Ads", and then selecting the option to opt-out of interest-based ads.
Please note that the above information may change when manufacturers update their systems. Also note, that your device may use another platform, not described above. In that case, please consult the manufacturer documentation for further instructions.
- You can also turn off certain third party targeting and advertising cookies by visiting the following link: Network Advertising Initiative.
How Do We Use the Data We Collect?
- Provision of service - for the provision and improvement of our Services, including for support and to respond to your queries.
- Service announcements - we will use your Personal Data to communicate with you and to keep you informed of our latest updates to our Services and offer you service offers.
- Marketing purposes - we may use your Personal Data (such as your email address or phone number). For example, by subscribing to our newsletter you will receive tips and announcements straight to your email account. We may also send you promotional material concerning our services or our partners' services (which we believe may interest you), including but not limited to, by building an automated profile based on your Personal Data, for marketing purposes.
- Opt-out of receiving marketing materials - You may choose not to receive our promotional or marketing emails (all or any part thereof) by clicking on the “unsubscribe” link in the emails that you receive from us.
Please note that even if you unsubscribe from our promotional or marketing emails, we may continue to send you service-related updates and notifications, or reply to your queries and feedback you provide us.
Please note that even if you opt-out, we may still use and share your Personal Data with third parties for non-marketing purposes (for example to provide our Services, fulfill your requests, communicate with you and respond to your inquiries, etc.). In such cases, the companies with whom we share your Personal Data are authorized to use your Personal Data only as necessary to provide these non-marketing services.
- Opt-out of receiving marketing materials - You may choose not to receive our promotional or marketing emails (all or any part thereof) by clicking on the “unsubscribe” link in the emails that you receive from us.
- Analytics, surveys and research - from time to time, we may conduct surveys or test features, and analyze the data we have to develop, evaluate and improve these features, all in order to improve our Service and think of new and exciting features for our users.
- Protecting our interests - we may use your Personal Data when we believe it’s necessary in order to take precautions against liabilities, investigate and defend ourselves against any third party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of our services and protect the rights and property of Maelys, its users and/or partners.
- Enforcing of policies - we may use your Personal Data in order to enforce our policies, including but not limited to our client agreement.
- Compliance with legal and regulatory requirements - we may use your Personal Data to investigate violations, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.
With Whom Do We Share Your Personal Data?
- Internal concerned parties - we share your information with companies in our group, as well as our employees, in order to provide you with our services.
- Compliance with laws and law enforcement entities - we cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any data about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party's property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable. We also may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
Transfer of data outside the EEA (for EU data subjects)
Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.
How we protect your information
We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Data. Your data is stored on secure servers and isn’t publicly available. We limit access of your information only to those employees or partners on a “need to know” basis, in order to enable the carrying out of the agreement between us.
While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You need to help us prevent unauthorized access to your account by protecting your password appropriately and limiting access to your account. You will be solely responsible for keeping your password confidential and for all use of your password and your account, including any unauthorized use. You should also be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your Personal Data, we cannot ensure or warrant the security and privacy of your Personal Data or other content you transmit using the service, and you do so at your own risk.
We will retain your Personal Data for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, trading information, account opening documents, communications and anything else as required by applicable laws and regulations.
European Union Users
If you reside in the EU, you may request to:
- Receive confirmation as to whether or not Personal Data concerning you is being processed, and access your stored Personal Data, together with supplementary information.
- Receive a copy of Personal Data you directly volunteer to us in a structured, commonly used and machine-readable format.
- Request rectification of your Personal Data that is in our control.
- Request erasure of your Personal Data.
- Object to the processing of Personal Data by us.
- Request to restrict processing of your Personal Data by us.
However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
You have the right to:
- Request that we disclose to you (the "Right to know") (i) the categories of personal information we collected about you and the categories of sources from which we collected such information; (ii) the specific pieces of personal information we collected about you; (iii) the business or commercial purpose for collecting personal information about you; and (iv) the categories of personal information about you that we shared or disclosed and the categories of third parties with whom we shared or to whom we disclosed such information in the preceding 12 months.
- Request that we delete personal information we collected from you subject to certain exceptions.
- To not be discriminated against in pricing and services because you exercise any of your rights under the CCPA (as defined below).
- To opt out of the sale of your personal information.
You can designate an authorized agent to make a request under the CCPA on your behalf if:
- The authorized agent is a natural person or a business entity registered with the Secretary of State of California;
- You sign a written declaration that you authorize the authorized agent to act on your behalf.
If you use an authorized agent to submit a request to exercise your Right To Know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below. If you provide an authorized agent with power of attorney pursuant to Probate Code §4000–4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
Submitting a request
Under applicable law, when you submit a request regarding any of the aforementioned rights, please note that your request must:
- Provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
- Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.
- Do Not Sell My Personal Information
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Our Policy Toward Children
We understand the importance of protecting children’s privacy, especially in an online environment. The Site and Services are not designed for or directed at minors under the age of 16 years old (“Minors”). We do not knowingly collect any Personal Data from Minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Data, he or she should contact us using the details provided above.
Additional Information for California Residents
Collecting Personal Information
In the preceding twelve (12) months, we have collected the following categories of Personal Information:
|Category of Personal Information Collected||Personal Information Collected||Categories of Sources of Personal Information||Business Purpose for Collection|
|A. Identifiers||Name, email address, social media identifier, IP address, username||
|B. Personal Information Categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e))||Name|
|C. Internet or Other Electronic Network Activity Information||Interaction with our Services||
|D. Geolocation Data||Country, State||Directly from consumer’s device by using IP address|
|E. Inferences drawn from any of the personal information listed above to create a profile or summary about||An individual’s preferences and characteristics||
|F. Commercial Information||Transaction information, purchase history||Internal record of transactions.|
Sharing Personal Information
In the preceding twelve (12) months, we have disclosed personal information (as mentioned above) to, or allowed access to personal information by, the following categories of recipients:
- Data analytics vendors
- Quality assurance vendors
- Cloud storage Providers
- Payment and auditing processors
- Service providers
- Advertising networks and marketing affiliates
Selling Personal Information
We do not "sell" personal information about our users as most people would typically understand this term. However, we do allow certain third-party advertising partners to collect pseudonymized information about consumers through our Services for purposes of serving ads and related marketing materials that are relevant (including related activities such as campaign measurement and analytics, fraud detection and reporting). In this context, we "sell" resettable advertising identifiers and IP addresses with our advertising partners. These mobile advertising IDs allows developers and marketers to track activity for advertising purposes and are used to enhance the personalization of ads.
How to Contact Us?
If you wish to exercise any of the aforementioned rights, or receive more information, please contact: [email protected].
Maelys EU representative information:
MAELYSEU COSMETICS 2017 LTD
2A cheilonos str.
The riverside Forum
1101 Nicosia, Cyprus
Updates to This Policy