Privacy Statement

Identity 


MOSAIK B.V., established and having its registered office at Almere (1327AA), at the Veluwezoom 7C 1.38 and registered with the Chamber of Commerce under number: 83041516 (hereinafter referred to as: "MOSAIK", "we" or "us") places great importance on the privacy of its customers (hereinafter referred to as: "Customers") and users of the website www.MOSAIKskin.myshopify.com (hereinafter referred to as: the "Website"). If the information in this privacy statement (hereinafter referred to as: "Privacy Statement") applies to both the Customer and the user of the Website, there will be referred to: "you".

MOSAIK may process personal data and processes in certain circumstances also sensitive personal data, when the Website is visited or when a Customer purchases a product through the Website. MOSAIK only processes personal data and sensitive personal data as described in this Privacy Statement. MOSAIK processes personal data and sensitive personal data in a transparent and appropriate manner and will treat this data as confidential. In doing so, MOSAIK acts in accordance with applicable privacy laws, such as the General Data Protection Regulation (hereinafter referred to as: “GDPR”).

Applicability

This Privacy Statement provides information about the processing of personal data and sensitive personal data by or on behalf of MOSAIK. This Privacy Statement applies to:

  • The use of personal data of Customers who enter into an agreement with MOSAIK, because they purchase a product from MOSAIK. 
  • The use of personal data and/or sensitive personal data from users of the Website. 

This Privacy Statement does not apply to:

  • websites of third parties, such as websites, social media channels, or apps to which MOSAIK refers on its Website, its social media channels and in its mailings. MOSAIK advises users of the Website and Customers to consult the privacy statement of these third parties on the relevant websites to which reference is made.

What is personal data and what is sensitive personal data?

Personal data is defined as: 'any information relating to an identified or identifiable natural person'. In other words, all information that is directly about a person or that can indirectly refer to a person. This includes, among other things your: name, address, e-mail address, telephone number, gender, but also your IP address. In certain cases we also process sensitive personal data, such as information about the health of your skin or your age. Sensitive personal data enjoys an enhanced protection under GDPR. We process this data only if we are entitled to do so.

How does MOSAIK process personal data and sensitive personal data?

We process personal data exclusively on a legal basis for the purposes for which the personal data was obtained. We only process personal data if we can rely on a legal exception and on a legal basis as stipulated in the GDPR (only as described in this Privacy Statement). Sensitive personal data is only processed following your expressed intention to undergo a contractual relation with us in accordance to GDPR and upon prior informed consent.   

What personal data does MOSAIK process, for what purposes and on what legal basis?

  • Delivery of a product 
    MOSAIK processes personal data when the Customer places an order via the Website to purchase a product. At that point an agreement is concluded between MOSAIK and the Customer. To process the Customer's order and payment, and to deliver the product, we process personal data. This enables us to provide the Customer with information about the availability of the product, to keep the Customer informed about the status of the order, to deliver the product to the correct address and to inform the Customer about the status of any returns.

In order to achieve the above purposes, we process the following personal data. The processing of this personal data is necessary for the performance of the contract:

  • Name
  • E-mail address
  • Telephone number
  • Address
  • Payment details

  • New products and offers
    We process personal data to send you targeted communications and offers (only if we entitled to do so), such as a newsletter or to offer you a similar product as the one you previously purchased from us, electronic messages and/or service messages. We may contact you personally by telephone, e-mail and other internet channels of your choice. When sending newsletters, we take into account the applicable laws and regulations. These processes are carried out on the basis of legitimate interest and, if necessary, on the basis of your prior explicit consent.

  • Communication with Customer Service
    We process personal data when you visit the Website and you would like to contact customer service via the chat box. It involves the following personal data:
  • (Chat) Name
  • E-mail address 
  • IP-address

We use the personal data to be able to chat with you and to inform you about our products and the use of the Website. We process this personal data on the basis of your prior explicit consent.

  • Skin Assessment
    On the Website, we offer you the opportunity to complete a skin assessment. In order to perform the skin assessment, we will have to ask you questions about the condition of your skin and about your skin type. By doing so, we receive and process, among other things, personal data and sensitive personal data from you, namely inter alia data about the health of your skin and about your skintone. We do this exclusively to advise you about the most effective product which might be interesting for you personally. We only process personal data and sensitive personal data that is strictly necessary to achieve this goal. The results of the skin assessment are in no way medical advice and no rights can be derived from them. 


In order to perform your personal skin assessment, if you decide so, we will need the following personal data and sensitive personal data from you. These personal data are processed in accordance with GDPR and the legal basis for this processing is necessity for the performance of the contract. The sensitive personal data processed by completing the skin assessment are also processed in accordance with GDPR and the legal basis for this processing is necessity for the performance of the contract and additionally we will ask for your explicit prior consent. It involves the following personal data:

  • Name
  • Place of living
  • Gender
  • E-mail address
  • Skin type
  • Condition of the skin
  • Skin tone
  • Age

When the skin assessment is completed, you will be directed to products we offer and that might be interesting for you. You can then choose from the following options:

  • You give us your prior explicit consent to send a copy of the results of the skin assessment to your email address. By doing so, you also agree that a copy will be stored (exclusively) by MOSAIK for a maximum duration of one year, or;
  • You click on save results and create an account where the results of the skin assessment will be stored (only by MOSAIK) for a maximum duration of one year. In this way you can easily find the results of the skin assessment and we can give you a more personalized experience, or;
  • When leaving the page (clicking on next page or closing the window) all information is lost and will not be saved. This may result in you having to fill in the skin assessment again during your next visit to our Website, in order to be made aware of products that may be of interest to you.

  • Account
    In the event that you have created an account, we will store personal data. This includes the following personal data:
  • Name
  • Address
  • Telephone number
  • E-mail address
  • Payment details.

and only if you have given us your prior explicit permission, we will store the sensitive personal (as a result of the filled in skin assessment) data in your personal account. Personal data (and if applicable sensitive personal data) will not be stored longer than necessary, but no longer than a maximum of one year.

  • Use of the Website
    For the use of the Website and any personal data processed, please refer to the cookie statement. Click here for our cookie statement. 
  • Improvement of the Website
    To improve our organization, we process personal data, when, for example, dealing with complaints and objections on the basis of legitimate interest. We process the following personal data from you: 

  • Name
  • E-mail address

How long is personal data stored by MOSAIK?

MOSAIK does not retain the (sensitive) personal data obtained any longer than is strictly necessary to achieve the purposes for which the (sensitive) personal data was obtained or to comply with legal (retention) requirements. The maximum duration that processed personal data and/or special personal data will be stored by MOSAIK is one year. For the retention period of the data that become available when visiting our Website, we refer to the cookie statement published on the Website.

Where is the personal data stored?

MOSAIK stores the personal data and sensitive personal data collected in the European Union within the European Economic Area ("EEA").

How is personal data protected?

MOSAIK takes the protection of (sensitive) personal data seriously and therefore takes appropriate technical and organisational measures to prevent loss, misuse, unauthorised access, unwanted disclosure and unauthorised changes. We periodically assess whether these measures are still adequate. If we pass on personal data to a third party, we require them to treat the personal data obtained by us with the same care. Should the Customer or the user of the Website have the impression that personal data is not properly secured or that there may be a question of abuse, then contact can be made via: enquires@mosaikskin.com. We do not pass on sensitive personal data.

With whom do we share personal data?

MOSAIK will only share the personal data obtained from the Customer or the user of the Website with third parties if it has a legal basis for doing so. MOSAIK will explicitly inform the Customer or the user of the Website in advance about the processing and the purpose of the processing. If MOSAIK shares personal data with a third party, this will be done under very strict conditions and a Data Processing Addendum will be agreed upon with the third party in advance.  MOSAIK shares the personal data of the Customer or the user of the Website, for example, with a third party to enable the delivery of the Product to their address or to enable the payment of the price of the product. If MOSAIK shares personal data with a third party, these parties will conclude a data processing agreement prior to processing the personal data. Personal data will only be shared with the third party for the necessary duration. If the Customer or the user of the Website no longer wishes MOSAIK to process their personal data, the Customer or the user of the Website can always withdraw their consent via enquires@mosaikskin.com. We may also obtain data from third parties if we have a legal basis for doing so. MOSAIK will not share sensitive personal data with third parties.

Minors

MOSAIK's services are not directed towards minors. The use of (sensitive) personal data of minors by MOSAIK is only permitted after prior explicit consent of a parent or other legal representative. 

Rights of the Customer and user of the Website

Right to access, correct and delete personal data.
The Customer and/or the user of the Website has at all times the right to access, inspect, correct or remove the personal data provided to MOSAIK. The Customer and/or the user of the Website has the right to obtain a clear explanation about which personal data MOSAIK has processed and what MOSAIK does with this data. Transparency regarding the processing of (sensitive) personal data is paramount at MOSAIK. A request to access, inspect, change or remove (sensitive) personal data of the Customer/user of the Website can be made by sending an e-mail to enquires@mosaikskin.com. If MOSAIK cannot, or cannot fully, determine what the request relates to, it is possible for MOSAIK to contact the relevant Customer and/or the user of the Website for further specification. Requests are resolved within 30 days.

Right to object
If the Customer and/or the user of the Website does not agree with the way we process (sensitive) personal data, there is a possibility to object. This can be done by sending an e-mail to enquires@mosaikskin.com stating 'objection' Requests will be resolved within 30 days. 

Duty to report data breaches

MOSAIK complies with the duty to report data breaches. If there is a data leak, a report will be made to the Dutch Personal Data Authority. We will contact the relevant persons whose (sensitive) personal data has been affected by a data leak directly.

Amendments to the Privacy Statement

We reserve the right to make changes to the Privacy Statement. We therefore advise the Customer and the user of the Website to read this Privacy Statement regularly.  Any substantial changes to the Privacy Statement, will be announced on the Website. 

Questions or complaints?

Should the Customer/user of the Website have any complaints about how we process personal data, the complaint may be sent to enquires@mosaikskin.com. Under the GDPR, the Customer/user of the Website has the right to lodge a complaint with the Autoriteit Persoonsgegevens’: https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap