Privacy policy

In compliance with the provisions of the General Data Protection Regulation 2016/679 (GDPR) and the Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDD) of December 5, 2018, we inform:

PERSON IN CHARGE OF THE PROCESSING

Identity: DONY COSMETICS TRADING L.L.C con CIF 139251 hereinafter “the Owner”

Address: Office 404, Al Saaha Offices – B, Souk Al Bahar, Burj Khalifa District, P.O. Box 487177, Dubai – UAE (Emiratos Arabes Unidos)

Contact email:

 PURPOSE OF DATA PROCESSING

  • The User’s personal data will be processed for the following purposes:
  • To manage a user account with a unique registration for use on the website, with the aim of facilitating, expediting, and fulfilling the commitments established between the User and the Data Controller, as well as maintaining the relationship between both parties.
  • For the commercialization of our products, including order and purchase management made through the website and the corresponding invoicing. This also includes handling any issues related to the placed order (such as inquiries, returns, or claims).
  • To attend to and respond to contact requests, information inquiries, and/or questions submitted through the contact methods available on the website.
  • To send commercial communications, offers, and promotions about our products and services that may be of interest to the User.
  • To manage the subscription to our Newsletter, which includes the periodic sending of updates regarding the company, its services, and other content that may be relevant to the User.

LEGITIMATION FOR DATA PROCESSING

The legal basis for the processing is based on:

  • The consent given by the User through the acceptance of this Policy and the corresponding box.
  • The User has provided his/her personal data within the framework of a contractual or pre-contractual relationship for the attention of his/her request and/or consultation and therefore its processing is necessary for the maintenance of such relationship.
  • The legal obligations applicable to the Owner that require the processing of personal data in accordance with the services provided or those related to tax matters.

The User may, at any time revoke their consent to the processing of their personal data. In no case does the withdrawal of these consents condition the provision of the service, and/or the execution of contracts with the Owner.

PERSONAL DATA THAT IS PROCESSED AND ORIGIN

The personal data that we process are of an identifying nature and have been provided by the User himself/herself by sending emails or using the functionalities offered on the website.

The use of the contact sections, completion of forms and/or functionalities offered on the Portal is voluntary. However, the completion of certain fields of the form or its facilitation through the use of other functionalities are necessary to correctly attend and manage your request, so the refusal of the User to provide the required information will prevent the Owner from attending and managing it correctly.

The User guarantees that the data provided are true, accurate and complete. The data will be cancelled, deleted or blocked when they are inaccurate, incomplete or no longer necessary or relevant for their purpose in accordance with current legislation. If the personal data provided belong to a third party, the User guarantees that he/she has informed them of the Privacy Policy and has obtained their authorisation to provide their data for the aforementioned purposes. The User also guarantees that the data provided are accurate and up to date, and shall be liable for any direct or indirect damage or harm that may be caused as a result of non-compliance with this obligation. The User undertakes and accepts responsibility for the veracity and accuracy of the data provided, undertaking to keep them duly updated.

LINKING POLICY

The website may include links to third party sites such as social networks in which the Owner is present. The aforementioned third-party websites have not been reviewed and are not subject to control by the website itself or its owner. The Owner can in no case be held responsible for the contents of these websites or for the measures adopted in relation to your privacy or the processing of your personal data. It is recommended that you carefully read the terms of use and privacy policy of these sites. If you are interested in activating a link to this page you must inform the Owner, obtaining express consent to create the link. The Owner reserves the right to oppose the activation of links to its website.

RETENTION PERIODS FOR PERSONAL DATA

The personal data provided by the User will be kept for as long as the User remains registered in the service, for as long as the business relationship is maintained, for as long as the User does not request its deletion, or for the established legal period. They may also be kept when they are necessary for the fulfilment of a legal obligation or for the formulation, exercise and defence of claims.

If the User withdraws their consent or exercises their rights of opposition or deletion, their data will be kept blocked at the disposal of the Administration of Justice for the legally established periods in order to attend to possible liabilities arising from the processing of personal data. In no case will it condition the provision of the service, and/or the execution of contracts with the Data Controller.

CONFIDENTIALITY AND SECURITY OF PERSONAL DATA

The Data Controller undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data collected, so as to ensure the security of personal data and to prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised communication of or access to such data.

Personal data shall be treated as confidential by the Data Controller, who undertakes to inform and to ensure by means of a legal or contractual obligation that such confidentiality is respected by his employees, associates, and any other person to whom he makes the information accessible.

TRANSFERS AND RECIPIENTS OF PERSONAL DATA

Your personal data will be disclosed only in the cases legally permitted for the fulfillment of obligations directly applicable to the Data Controller, or when necessary to fulfill the purposes outlined above. For instance, data may be shared with payment service providers that facilitate the processing of financial transactions, such as payment gateways. In such cases, data processing by these third parties will be subject to their own privacy policies and carried out under their sole responsibility.

Data may also be shared with logistics and delivery service providers, solely for the purpose of managing the shipment of purchased products and fulfilling the contractual relationship established with the User. These third parties will only have access to the data strictly necessary for this purpose and will be required to process the data in accordance with the instructions provided by the Data Controller and to maintain its confidentiality.

Additionally, your personal data may be communicated to the Data Controller’s service providers, with whom the appropriate data processing agreements have been signed in order to guarantee the security and confidentiality of personal data in compliance with applicable regulations.

USERS' RIGHTS

What are your rights when you provide us with your data? The User has the right to obtain confirmation as to whether or not we are processing personal data concerning them. The User has the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, the User may request the limitation of the processing of his/her data, in which case we will only keep them for the exercise or defence of claims. In certain circumstances and for reasons related to their particular situation, the User may oppose the processing of their data, so that the data controller will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims. In those cases, in which it is legally appropriate, you have the right to data portability, which means that you have the right to receive the personal data relating to you that we are processing and to store them in a device of your own.

You may exercise before Janette Lockett, where appropriate, the rights of access, rectification, opposition, deletion, limitation of processing, portability and to object to being subject to automated individual decisions by written communication accompanied by a photocopy of the ID card, identifying the reference "Data Protection" addressed to the following email Amoedo@donybydonya.com

Likewise, we inform you that you may address any type of complaint regarding the protection of personal data to the Spanish Data Protection Agency  http://www.agpd.es, the Spanish Supervisory Authority.