MOSAIK B.V., established and having its registered office at Almere (1327AA), at the Veluwezoom 7C 1.38 and registered with the Chamber of Commerce under number: 83041516 (hereinafter referred to as: "MOSAIK", "we" or "us") places great importance on the privacy of its customers (hereinafter referred to as: "Customers") and users of the website www.MOSAIKskin.myshopify.com (hereinafter referred to as: the "Website"). If the information in this privacy statement (hereinafter referred to as: "Privacy Statement") applies to both the Customer and the user of the Website, there will be referred to: "you".
MOSAIK may process personal data and processes in certain circumstances also sensitive personal data, when the Website is visited or when a Customer purchases a product through the Website. MOSAIK only processes personal data and sensitive personal data as described in this Privacy Statement. MOSAIK processes personal data and sensitive personal data in a transparent and appropriate manner and will treat this data as confidential. In doing so, MOSAIK acts in accordance with applicable privacy laws, such as the General Data Protection Regulation (hereinafter referred to as: “GDPR”).
This Privacy Statement provides information about the processing of personal data and sensitive personal data by or on behalf of MOSAIK. This Privacy Statement applies to:
This Privacy Statement does not apply to:
Personal data is defined as: 'any information relating to an identified or identifiable natural person'. In other words, all information that is directly about a person or that can indirectly refer to a person. This includes, among other things your: name, address, e-mail address, telephone number, gender, but also your IP address. In certain cases we also process sensitive personal data, such as information about the health of your skin or your age. Sensitive personal data enjoys an enhanced protection under GDPR. We process this data only if we are entitled to do so.
We process personal data exclusively on a legal basis for the purposes for which the personal data was obtained. We only process personal data if we can rely on a legal exception and on a legal basis as stipulated in the GDPR (only as described in this Privacy Statement). Sensitive personal data is only processed following your expressed intention to undergo a contractual relation with us in accordance to GDPR and upon prior informed consent.
In order to achieve the above purposes, we process the following personal data. The processing of this personal data is necessary for the performance of the contract:
We use the personal data to be able to chat with you and to inform you about our products and the use of the Website. We process this personal data on the basis of your prior explicit consent.
In order to perform your personal skin assessment, if you decide so, we will need the following personal data and sensitive personal data from you. These personal data are processed in accordance with GDPR and the legal basis for this processing is necessity for the performance of the contract. The sensitive personal data processed by completing the skin assessment are also processed in accordance with GDPR and the legal basis for this processing is necessity for the performance of the contract and additionally we will ask for your explicit prior consent. It involves the following personal data:
When the skin assessment is completed, you will be directed to products we offer and that might be interesting for you. You can then choose from the following options:
and only if you have given us your prior explicit permission, we will store the sensitive personal (as a result of the filled in skin assessment) data in your personal account. Personal data (and if applicable sensitive personal data) will not be stored longer than necessary, but no longer than a maximum of one year.
MOSAIK does not retain the (sensitive) personal data obtained any longer than is strictly necessary to achieve the purposes for which the (sensitive) personal data was obtained or to comply with legal (retention) requirements. The maximum duration that processed personal data and/or special personal data will be stored by MOSAIK is one year. For the retention period of the data that become available when visiting our Website, we refer to the cookie statement published on the Website.
MOSAIK stores the personal data and sensitive personal data collected in the European Union within the European Economic Area ("EEA").
MOSAIK takes the protection of (sensitive) personal data seriously and therefore takes appropriate technical and organisational measures to prevent loss, misuse, unauthorised access, unwanted disclosure and unauthorised changes. We periodically assess whether these measures are still adequate. If we pass on personal data to a third party, we require them to treat the personal data obtained by us with the same care. Should the Customer or the user of the Website have the impression that personal data is not properly secured or that there may be a question of abuse, then contact can be made via: firstname.lastname@example.org. We do not pass on sensitive personal data.
MOSAIK will only share the personal data obtained from the Customer or the user of the Website with third parties if it has a legal basis for doing so. MOSAIK will explicitly inform the Customer or the user of the Website in advance about the processing and the purpose of the processing. If MOSAIK shares personal data with a third party, this will be done under very strict conditions and a Data Processing Addendum will be agreed upon with the third party in advance. MOSAIK shares the personal data of the Customer or the user of the Website, for example, with a third party to enable the delivery of the Product to their address or to enable the payment of the price of the product. If MOSAIK shares personal data with a third party, these parties will conclude a data processing agreement prior to processing the personal data. Personal data will only be shared with the third party for the necessary duration. If the Customer or the user of the Website no longer wishes MOSAIK to process their personal data, the Customer or the user of the Website can always withdraw their consent via email@example.com. We may also obtain data from third parties if we have a legal basis for doing so. MOSAIK will not share sensitive personal data with third parties.
MOSAIK's services are not directed towards minors. The use of (sensitive) personal data of minors by MOSAIK is only permitted after prior explicit consent of a parent or other legal representative.
Right to access, correct and delete personal data.
The Customer and/or the user of the Website has at all times the right to access, inspect, correct or remove the personal data provided to MOSAIK. The Customer and/or the user of the Website has the right to obtain a clear explanation about which personal data MOSAIK has processed and what MOSAIK does with this data. Transparency regarding the processing of (sensitive) personal data is paramount at MOSAIK. A request to access, inspect, change or remove (sensitive) personal data of the Customer/user of the Website can be made by sending an e-mail to firstname.lastname@example.org. If MOSAIK cannot, or cannot fully, determine what the request relates to, it is possible for MOSAIK to contact the relevant Customer and/or the user of the Website for further specification. Requests are resolved within 30 days.
Right to object
If the Customer and/or the user of the Website does not agree with the way we process (sensitive) personal data, there is a possibility to object. This can be done by sending an e-mail to email@example.com stating 'objection' Requests will be resolved within 30 days.
MOSAIK complies with the duty to report data breaches. If there is a data leak, a report will be made to the Dutch Personal Data Authority. We will contact the relevant persons whose (sensitive) personal data has been affected by a data leak directly.
We reserve the right to make changes to the Privacy Statement. We therefore advise the Customer and the user of the Website to read this Privacy Statement regularly. Any substantial changes to the Privacy Statement, will be announced on the Website.
Should the Customer/user of the Website have any complaints about how we process personal data, the complaint may be sent to firstname.lastname@example.org. Under the GDPR, the Customer/user of the Website has the right to lodge a complaint with the Autoriteit Persoonsgegevens’: https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap