ᐉ Zásady ochrany osobních údajů TOTIS Pharma v České republice

Zásady ochrany osobních údajů

1. GENERAL PROVISIONS

1. The privacy policy governs the processing of personal data received by the Administrator through the forms available in the application and data obtained automatically with the knowledge of the user (so-called cookies and server logs).

2. Application "TOTIS Pharma: for cosmetologists" is managed by "TOTISPHARMA GROUP" LLC. location at the address Odesa, Devolanivsky descent, 7, EDRPOU code 37169782 (hereinafter referred to as the Administrator). You can contact our data protection officer at info@totispharma.com or our postal address with the addition of "data protection officer".

3. The Administrator collects personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General data protection regulation), hereinafter referred to as the GDPR.

4. Next, we inform about the collection of personal data when using our -App. Personal data is any data that is personally accessible to you, e.g. name, surname, address, email addresses, user behavior. An application user is every person who visits the application, regardless of whether they use its functionality:

  • Ability to set up a user account or place an order.
  • Possibility to send a request via the contact form.
  • Newsletter subscription

5. The application performs the functions of obtaining information about Users and their behavior as follows:

  • Through information voluntarily entered by the User, for example by submitting a request form.
  • Automatically, with the knowledge of the User, through cookies stored on end devices (so-called "cookies").
  • Collecting web server logs by the hosting operator TOV "Hosting Ukraine" , REGON: Ukraine.

6. Please read our Privacy Policy carefully. This Privacy Policy (together with our Cookie Statement) sets out the basis on which we will process any personal information that Totis collects from you or that you provide to us.

 

2. COLLECTION AND USE OF INFORMATION

  1. The Application collects information voluntarily provided by the User.
  2. The following personal and identifying information may be provided by you when you visit our Application:
  • name, surname, address, e-mail address and / or telephone number and other information. Purpose: when you register or fill out our request form, this information allows us to contact you for information / services that you can request from us , the conclusion, execution and termination of civil law contracts; providing the User with access to the services, information and/or materials contained in the mobile application, uniquely identifying the Users of the Application; We may also ask you to provide us with other additional contact information, such as your mobile phone number. Legal basis: the need to fulfill the contract for the provision of the Account service (Article 6 (1) (b) GDPR);
  • a record of that email, form or comment - if you contact us through our Application, we may keep a record of this data. Purpose: providing the User with access to the services, information and/or materials contained in the mobile application.  If  you choose to provide feedback about your experience with us, we will collect your name and comments and may display them on our Application. We may also from time to time ask you to complete surveys for research purposes.
  • information about the placed order, for each of the created transactions: name, point of departure, destination, date and time of creation of the transaction. Purpose: execution of the contract of sale, for informational and promotional purposes.
  • access to the camera, photo, video content. Purpose: The memory of your device is used to select images, such as photos for an avatar or photos of a document to confirm the status of a beautician.
  • documents on education, documents confirming qualifications. Purpose: providing the User with access to the services, information and / or materials contained in the mobile application, concluding a contract for the sale of goods.
  • unique identifier of the user's phone, geographic coordinates of the user's location. Purpose: execution of civil law contracts, delivery of an order, identification of the User, advertising purpose, providing the User with access to services, information and / or materials contained in the mobile application, depending on the location.
  • access to the phone book. Purpose: providing the User with access to the services, information and/or materials contained in the mobile application.

The above data is also collected for the purposes of ensuring compliance with laws and other regulatory legal acts, to provide or improve the functions of the application.

Legal basis: the need to fulfill the contract of sale (Article 6 (1) (b) GDPR);

Personal data received from Users is processed in accordance with Article 32 of the GDPR and the administrator ensures:

  • Encryption of personal data.
  • Adoption of appropriate internal policies aimed at ensuring the confidentiality, integrity, availability, fault tolerance of the system and the ability to quickly restore the availability of personal data.
  • Regular testing, measurement and evaluation of the effectiveness of technical and organizational measures.
  • Using only those processors that provide the highest level of security and data protection.

3. When registering an account in the online store, the Buyer provides:

a) email address;

b) address data:

a. postal code and city;

b) country (state);

c) street with house/apartment number;

c) name and surname;

d) phone number;

4. When registering an account in the Online Store, the Buyer independently sets an individual password to access his account. The client can change the password later on one's own.

5. When placing an order in the online store, the Buyer provides the following data:

a) email address;

b) address data:

a) postal code and city;

b) country (state);

c) street with house/apartment number.

c) name and surname;

d) phone number.

6. In the case of Entrepreneurs, the above scope of data is further extended by:

a) the company of the Entrepreneur;

b) taxpayer identification number.

7. In the case of using the "Newsletter" service, the Customer indicates only his e-mail address.

8. The personal data sent to us will be processed for the purposes arising from the form in which the data is entered, for example for correspondence, subscription to the newsletter or the purchase of products. The data will be processed:

  • The period of correspondence, and after its completion until the expiration of the limitation period for any claims arising from it.
  • Until the consent is withdrawn in the case of a newsletter service.
  • Within 2 years in case of data collection for order fulfillment
  • Within 5 years for data provided to us for the purpose of invoicing a purchase.

9. The legal basis for the processing of  personal data is the consent, provision of services and the legitimate interest of the Administrator, which is to provide evidence for the needs of possible claims.

10. The User of the Application has the right: to check his personal data, the right to correct them, limit processing, delete, object to their processing or transfer them to another Administrator. You have the right to withdraw your consent to the processing of personal data, without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.

11. In order to exercise the rights provided for in paragraph 5, the person whose personal data is being processed is obliged to send his request in writing to the Administrator's e-mail or correspondence address or use the functionality of the online store.

12. In the event of an objection, the statement referred to in paragraph 6 must additionally contain justification.

13. The administration reserves the right to verify the identity of persons whose applications are subject to consideration.

14. In the case of data processing for the purpose of sending newsletters, in order to withdraw consent to the processing of personal data, it is enough to click on the appropriate link attached to each message.

15. The administrator has 30 days to respond to the request. At the same time, the Administrator reserves the right to refuse to delete data if this entails criminal or financial consequences (for example, in the case of data processing for accounting purposes) or the data is necessary for him to continue providing the service or fulfill a legal obligation incumbent on the Operator, for example, the Buyer's warranty rights.

16. Personal data provided by the User are transferred to third parties for the purpose of providing (for the Operator) technical and marketing services that are aimed at ensuring the continuity of the Application or the provision of services provided within the Application, for example, newsletter services, maintenance of the Application, use of e-mail, provision of accounting services.

17. Your personal and identifiable information may be used in the following ways:

  • register you as a user of our Application;
  • to identify you when you visit our Application, including to help you log in;
  • to provide services and information to you as an actual or potential user of our technology and to fulfill our obligations arising from any contracts entered into between you and us;
  • to notify you of changes to the services and/or our Application.
  • your IP address may be used to diagnose problems with servers and to administer the Application;
  • to ensure the most effective presentation of content from our Application;
  • for the general administration of our Application; and as otherwise described at the time of collection

18. In addition, certain information automatically collected through the Application is considered personal data under European privacy law. Such information includes information such as your host IP address, pages viewed, browser type, Internet browsing and usage habits, internet service provider, domain name, time/date of your visit to this Application, link URL and operating system of your computer. This information is usually collected in log files on the Application's servers. The purpose of this collection is to:

  • your IP address may be used to diagnose problems with servers and to administer the Application;
  • to ensure the most effective presentation of content from our Application;
  • for the general administration of our Application; and as otherwise described at the time of collection
  • By using our Application and submitting your information, you consent to the collection and use of your information by us as described in this Privacy Policy.

 

3. YOUR RIGHTS

  1. You have the following rights in relation to personal data concerning you:

Right to information

Right to rectification or cancellation,

Right to restriction of processing,

The right to object to processing,

Right to data portability.

  1. You also have the right to complain about us regarding the processing of your personal data to a data protection supervisory authority.
  2. Right to withdraw consent - legal basis: Art. 7 sec. 3 of the General Data Protection Regulation.

a) The Client has the right to revoke any consent given by Totis.

b) The withdrawal of consent takes effect from the moment the consent is withdrawn.

c ) The withdrawal of consent does not affect the processing carried out by TOTIS. In accordance with the law until its revocation.

 d) The withdrawal of consent does not entail any negative consequences for the Customer, but may prevent the further use of services or functions that are in accordance with the law.

  1. Right to object to data processing - legal basis: Art. 21 GDPR.

a) The customer has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data.

b) An opt-out in the form of an email to receive marketing communications relating to products or services will constitute an objection by the Customer to the processing of his personal data, including profiling for these purposes.

5. Right to erasure of data (“right to be forgotten”) – legal basis: Art. 17 GDPR.

a) The client has the right to request the deletion of all or some of the personal data.

b) The client has the right to demand the deletion of personal data if:

a) personal data are no longer needed for the purposes for which they were collected or processed;

b) withdrew a specific consent regarding the scope of processing of personal data on the basis of his consent;

c) he objected to the use of his data for marketing purposes;

d) personal data is processed unlawfully;

e ) personal data must be deleted in order to fulfill a legal obligation under the law;

6. Right to restriction of data processing - legal basis: Art. 18 GDPR.

a) The client has the right to request the restriction of the processing of his personal data. Submitting a request before it has been processed precludes the use of certain functions or services, the use of which will be associated with the processing of the data specified in the request.

b) The customer has the right to request the restriction of the use of personal data in the following cases:

c) when he doubts the correctness of his personal data - then Totis limits their use for the time necessary to verify the correctness of the data, but not more than 7 days;

             d) when the processing of data is unlawful and instead of deleting the data, the Client will request the restriction of their use;

e) when personal data is no longer needed for the purposes for which it was collected or used, but is necessary for the Customer to establish, assert or defend claims;

f) when he objected to the use of his data - then the restriction takes place for the time necessary for consideration - due to a special situation - the protection of the interests, rights and freedoms of the Client outweighs the interests that the Administrator performs when processing the personal data of the Client.

7. Right to access data - legal basis: art. 15 GDPR.

a) The Customer has the right to receive confirmation from the Administrator whether he processes personal data, in which case the Customer has the right:

a ) access your personal data;

b) obtain information about the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients of these data, the planned storage period for the Customer’s data or the criteria for determining this period (if it is impossible to specify the planned period for data processing), about the Customer’s rights in accordance with the GDPR and the right to file a complaint to a supervisory authority about the source of this data, about automated decision-making, including profiling, and about the security measures applied in connection with the transfer of this data outside the European Union;

c) obtain a copy of your personal data.

8. Right to rectification of data - legal basis: Art. 16 GDPR.

a) The Client has the right to demand from the Administrator the immediate correction of his personal data if they are incorrect. Taking into account the purposes of processing, the data subject has the right to request the addition of incomplete personal data, including by submitting an additional application by sending a request to the e-mail address.

9. Right to data portability - legal basis: Art. 20 GDPR.

a) The Client has the right to receive his personal data, which he provided to the Administrator, and then send them to another personal data administrator of his choice. The Client also has the right to request that personal data be sent by the Administrator directly to such administrator, if this is technically possible. In this case, the Administrator will send the Client's personal data in the form of a CSV file, which is a widely used machine-readable format that allows sending the received data to another personal data administrator.

10. In the event that the Client wishes to exercise the above rights, Totis satisfies the demand or refuses to fulfill it immediately, but no later than within one month after receiving it. However, if - due to the complexity of the request or the number of requests - Totis will not be able to satisfy the request within a month, will satisfy it within the next two months, having previously notified the Customer within one month from the date of receipt of the request - about the proposed extension of the period and its reasons.

11. The Client may send complaints, requests and inquiries to the Administrator regarding the processing of his personal data and the exercise of his rights.

 

4. COLLECTION AND USE OF INFORMATION THROUGH OUR TECHNOLOGIES

  1. We may collect information about a visitor's interaction with the advertisements we place on the Web, which we may use to provide more relevant advertisements to your current interests. This process is called Interest Matching and examples of how we can perform interest matching are given below:
  2. One example is that if you interact with one of our advertisements (for example, by hovering your mouse over one of our underlined keywords), we may use information about your interaction through cookies and other technologies and draw inferences from your visits to provide you with advertising that is more relevant, interesting and useful to you.
  3. Cookies are small text files placed on a visitor's browser. Cookies make it easier for visitors to use our App, among other things, by storing their login preferences and improving the user experience of our App.
  4. Cookies are IT data, in particular text files, that are collected on your computer or mobile device when you browse our Application. Cookies usually contain the name of the Application from which they were obtained, the storage time on the end device and a unique number.
  5. The entity processing the data collected by means of cookies is the administrator of the Application.
  6. Cookies are used for the following purposes:
  • Creation of anonymous statistics that help understand how App Users use the App, such as which page they visit most often, how long they spend on the App on average, etc.
  • Maintaining the session of the User of the Application (after authorization), so that the User does not need to re-enter the login and password on each subpage of the Application.
  • Tracking User activity to better match advertising content, for example, by limiting the sending of advertising to a User who has visited the Application in the last 30 days, or sending advertising to a User who has not completed a purchase.
  1. The administrator of the data provided by the Customer (and the data obtained automatically) does not use certain factors to assess the economic situation of the Customer, his health, personal preferences, interests, reliability, behavior, location or movement.
  2. The application uses two cookies:
  • Temporary cookies (session cookies) - cookies placed for the duration of the browser (session) are deleted after it is closed,
  • Persistent cookies - are not deleted after the browser is closed and remain on the User's device for a certain period of time or without an expiration date depending on the settings of the Application Owner or until they are manually deleted by the User.
  1. The Application browser software (web browser) usually allows cookies to be stored on the User's end device by default. Users of the Application can change the settings in this regard. The web browser allows you to delete cookies. You can also automatically block cookies. Detailed information on this subject can be found in the help or documentation.
  2. Cookies placed on the computer of the Application User are provided to entities providing analytical services and are processed using Google Analytics and Pixel Facebook.
  3. Cookies may be used by advertising networks, in particular the Google and Facebook networks, to display advertisements tailored to the user's use of the Application.
  4. With regard to user preference information collected by the Google advertising network, the user can view and edit information obtained from cookies using the tool: https://www.google.com/ads/preferences/.
  5. With regard to user preference information collected by the Facebook advertising network, the user can view and edit the information obtained from cookies using the tool: https://www.facebook.com/about/privacy/update .
  6. We may also use behavioral retargeting, which allows us and some of our advertising partners to serve ads to you when you are on an App in our Network based on your browsing patterns and interactions with the App (which may or may not be part of our network). For example, if you visit the Application, you may see ads from our network from the same merchant showing the products you have viewed.
  7. In the case of all of the above examples, the information collected and used does not include personal information such as your name, mailing address, email address or telephone number.
  8. Aggregated and non-personally identifiable browsing data is also collected and used for other purposes, including ad delivery and reporting, campaign performance measurement, campaign optimization, and operational purposes. We may also combine browsing data with information (such as demographic data) provided by other organizations to make the advertisements of our advertiser clients more relevant.
  9. If you would like to opt out of having Totis collect your information for interest-based advertising, please contact info@totispharma.com . When you opt out, we will place an opt-out cookie on your browser. The opt-out cookie prevents us from collecting your information to tailor our online advertising campaigns. However, we may continue to collect certain data for basic ad serving and other purposes, such as counting the number of clicks on a keyword.
  10. Our legal bases for collecting and using this personal data are as follows: (a) Consent - We will not place cookies on your browser unless you give us consent to do so. You will continue to receive ads through our technology, but such ads will be context-only, which means they are placed where you can see them, based only on the words or images on the page of the Application you are viewing. (b) legitimate interests, including our interests in providing, improving and customizing our technologies for our clients and customers, and in providing you with relevant advertising and content, unless these interests are overridden by your interests or fundamental rights requiring the protection of personal information.
  11. We process data primarily in the European Economic Area. However, we are a global company and from time to time we transfer data outside the EEA. In such cases, the data is pseudo-anonymized so that no data can be linked to any user.

 

5. WHO ELSE MAY USE YOUR INFORMATION

  1. We may share the information described above in this Privacy Policy with third parties or transfer such information to a third party in the following cases:
  • to other members of our team, our partners and service providers (for example, people who provide technical services) to manage or administer certain aspects of our Application or to help us develop new services;
  • to a third party or successor in connection with a corporate merger, consolidation, sale of all or substantially all of Totis' assets in a bankruptcy or other corporate change.

 

6. SAFETY

  1. We have administrative, physical and technical measures in place to protect the confidentiality and integrity of the information we hold about you. These measures may include encryption and the use of storage security technologies to restrict access to our network. Despite these efforts, you should be aware that no method of transmitting information over the Internet is completely secure.

 

7. FINAL INFORMATION

1. This Privacy Policy is valid from the moment it is posted.

2. The Application Operator reserves the right to change the Privacy Policy by notifying about changes in the Application

3. Registered Users have the right to object to changes to the Privacy Policy by sending an email to the Administrator's address within 14 days of receiving notification of the change.

4. If you believe that their personal data is being processed in violation of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95 /46/EC you have the right to lodge a complaint with the President of the Office for the Protection of Personal Data.

5. If you have any questions, comments, or complaints about the TOTIS Pharma: Beauty Care App or this privacy statement, please contact us in one of the following ways:

 

Email: info@totispharma.com;