Effective Date: May 20, 2020
If you are an EU Individual, you can contact us at: 180 S Broadway Suite 102 White Plains, NY 10605, or firstname.lastname@example.org in relation to our processing of your PII or any other data protection or data privacy matters and our designated representative under the GDPR is Biorius, Rue Joseph Wauters 113, 7170 Fayt-lez-Manage, Belgium. For these purposes, processing means any operation, including collection, organization, storage, use, disclosure and erasure.
What Information Do We Collect?
- We collect information, including PII, from you when you register on the Site, place an order, enter a contest or sweepstakes, respond to a survey or communication such as e-mail, or participate in other Site features.
- When ordering or registering, we may ask you for your name, e-mail address, mailing address, phone number, credit card information or other information. You may, however, visit our Site anonymously.
- We also collect information names and delivery addresses about gift recipients so that we can fulfill gift purchases. The information we collect about gift recipients is not used for marketing purposes.
- Like many websites, we use various tracking technologies (including “cookies”) to enhance your experience and gather information about visitors and visits to our Site. See below for more information about our automatic collection practices. This information is collected from you primarily by you providing it to us. For example, when you complete forms on our Site or elsewhere in order to register, place orders for our products and services, enter contests or promotions or respond to surveys or marketing communications and in email or telephone correspondence with us. It is collected automatically in the case of information stored in “cookies,” for example when you surf the Site or use certain other Site features. We may also obtain information about you from other people, such as your name and delivery address where they purchase products for you.
- If you are an EU Individual, please review our sections below for additional information about the legal bases and other details regarding the collection and processing your PII.
How Do We Use the Information Collected?
We may use your information for the following purposes:
- to personalize your Site experience and to allow us to deliver the type of content and product offerings in which you are most interested;
- to develop and improve our products and services;
- to allow us to better service you in responding to your customer service requests;
- to process your transactions and provide you with goods and services;
- to administer a contest, promotion, survey or other Site features;
- to understand your needs or wishes;
- for security and to check your identity;
- for training and internal record keeping;
- making changes to our business, including its structure or organization and informing you of those changes;
- administering surveys, loyalty programs, contests and events;
- to comply with our legal or regulatory obligations or with good practice in our industry;
- account management, quality control, website and system administration and security, disaster recovery and fraud prevention;
- to communicate with you for any of the above purposes;
- sending you emails and newsletters about new products, special offers or other information, which we think you may find interesting (unless you have opted out); and
- contacting you for market research purposes, by email, phone or mail (unless you have opted out).
What are Legal Bases for our Collection and Processing of EU Individuals’ PII?
We only collect and further process the Personal Data of EU Individuals when we have a legal basis to do so.
Depending on the purpose of collection and use, the legal basis for processing your information is either that it’s necessary:
- to perform a contract to which you are party or take steps at your request before entering into a contract (Contract);
- to comply with our legal obligations (Legal Obligations);
- for our legitimate interests or those of a third-party, which are not overridden by your interests or fundamental rights and freedoms (Legitimate Interests); and/or
- because we have obtained your specific, informed, unambiguous consent (Consent).
Our legitimate interests and those of relevant third-parties include the operation and development of the applicable businesses, including, direct marketing and maintaining security and integrity.
- Legitimate Interest. In many cases, the purposes we have described simply represent our legitimate business interests and the processing is proportionate and reasonable to achieve them and does not override your interests, fundamental rights or freedoms. This includes the interests described throughout this policy among others such as our use of your PII for: management of the customer relationship; improving and managing your use and the experience of using our Site, products, and services; personalizing the user experience of our Site; ensuring the security of our Site; providing you with services, products, and information through combining data we collect from you with other data that we receive from you and other sources; ensuring the efficiency of our customer service; communicating with you about products, services, offers, benefits, events, carrying out studies and statistics; and letting you know about topics that interest you; and communicating important information to you about fraud.
- Legal Obligations. We process certain of your PII in order to comply with laws and in the event of litigation or other legal actions.
- Consent. In some cases we collect PII based on your freely given consent. When doing so, we will inform you of the purpose of the processing and you are free to withdraw consent at any time.
How We Automatically Collect Information
In addition to the information that users of our Site provide voluntarily, Grande Cosmetics may automatically collect certain information when you visit or use our Site. This information may include your IP address (or other unique device identifier, including one that we may assign); certain details about your browser, operating system, and hardware; your location, if available; the URL that referred you to our Site; your activities on our Site, including your preferences; and other logging information, such as the date and time of your visit. We may use a variety of tracking technologies to automatically collect information, such as cookies, web beacons, embedded scripts, browser fingerprinting, GPS, iBeacons, and ETags (or “entity tags”).
All web servers log certain technical information from visitors each time they request a page. We may aggregate such logged information anonymously to assist in designing enhanced user experiences and easier access to our information and services.
“Cookie” technology helps Grande Cosmetics to simplify visitors’ interactions with our Site. A cookie is a very small amount of information that is placed on your computer's hard drive by your browser on our behalf. It is sent by your browser back to us when you return to our Site.
Cookies are used for various aspects of functionality such as keeping track of the items in your shopping bag, learning more about how you arrived at our Site, and to store your preferences so you don’t have to enter them each time you visit. See below for the types of cookies we use and the functionality they support.
- Essential Cookies. These are cookies that our Site needs in order to function and if they are not accepted by you, parts of the Site won’t be usable. Examples of where these cookies are used include: to store how many items are in your shopping bag, to anonymously determine when you are signed in, and to determine which currency we should use based on your preferred delivery location when displaying prices to you.
- Analytics Cookies. We use various software tools that allow us to study, and then improve, how customers interact with our Site - this is known as website analytics. Examples of analytical tools that we use are: Google Analytics and Adobe Analytics. Analytics cookies allow us to understand more about how many visitors we have to the Site, how many times they visit our Site and how many times a user viewed specific webpages within our Site. Although analytics cookies allow us to gather specific information about the pages that you visit and whether you have visited our Site multiple times, we cannot use them to find out details such as your name or address.
How Can I Manage My Cookies?
If you do not want to accept cookies from our Site, you can change your browser settings so that cookies are not accepted. If you choose to do this, please be aware our Site may no longer function as intended.
For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies; https://ico.org.uk/for-the-public/online/cookies/.
All popular Internet browsers (e.g. Chrome, Internet Explorer, Edge and Safari) allow you to amend your cookie settings so that cookies are no longer enabled across all websites that you visit. You can find information explaining how to disable cookies for the main browsers in the ‘Where to find information about controlling cookies’ section at the Information Commissions Site; https://ico.org.uk/for-the-public/online/cookies/.
If you wish to contact us to exercise your data rights, or ask about our data processing, you may do so using the following methods:
- Submit a request via web form that can be found here.
- Email email@example.com.
- Send request via mail to 420 Columbus Ave Valhalla, NY, 10595.
If you’re based in the EU/EEA or UK and wish to contact us via our GDPR Representative, DataRep, you may do so at:
Third-Party Sites & Services
Interactions with Other Sites and Services. Our Site may include features from third-parties that allow you to interact with other online services, including social media. For example, we may use third-parties to allow you to send messages, or make postings on social media sites, like Twitter and Instagram. If you use these features, then we may share information about you with those third-parties, and they may collect additional information. You should review the privacy policies for such third-parties to understand how they collect and use information.
Links to Third-Party Sites. Our Site may include links to third-party websites or other online services. We are not responsible for these other sites and services, and they may collect and use information about you. You should review the privacy policies for such third-parties before using their sites or services to understand how they collect and use information.
Third-Party Tracking and Do Not Track
Do Not Track is a technology that enables users to opt out of tracking by websites they do not visit. Currently, we do not monitor or take any action with respect to Do Not Track technology.
Additional ways your PII may be used and shared
As Required by Law or Similar Process. Grande Cosmetics may disclose your PII, the contents of your communications with us, and/or other information you have provided to us if required to do so by law, with your consent, or in the good faith belief that such action is necessary:
- to conform to applicable law or comply with legal process served on Grande Cosmetics;
- to protect or defend the rights or property of Grande Cosmetics or others;
- to assist, under exigent circumstances, in the investigation of possible violations of law or other investigations; and/or
- to assist law enforcement in preventing harm to anyone. If you are an EU Individual, the above will only apply to legal obligations imposed on us under UK or EU law.
Sale or rental or other transfer of your PII. We do not sell, trade, or otherwise transfer your PII to outside parties unless we provide you with advance notice, except as described herein. The term “outside parties” does not include Grande Cosmetics, LLC or its affiliates.
We may transfer or disclose your PII to:
- Site hosting partners;
- other parties, our service providers, sub-contractors and agents, to assist us in operating our Site, conducting our business, or servicing you;
- to applicable authorities, agencies and other bodies or person, when appropriate to comply with the law, enforce our Site policies, or protect ours or others' rights, property, or safety;
- our affiliates, including our subsidiaries in other countries;
- anyone to whom we may transfer any part of our business, rights, obligations or assets or our shares; and
- credit reference agencies and fraud prevention agencies.
Non-personally identifiable visitor information may, however, be provided to other parties for marketing, advertising, or other uses.
Use of Analytics Services. We may use third-party analytics services (such as Google Analytics or Adobe Analytics) that track details about your online activities over time and across different sites. These services help us to improve our Site, products, and services. These services may also allow us and others to provide you with targeted advertisements or other content that you may be interested in based on your online activities. If you would like to learn more about targeted ads that may be based on your online activities, and the choices that you may exercise for certain sites and advertisers, you may wish to visit the Network Advertising Initiative or the Digital Advertising Alliance. Those websites can be found here: https://www.networkadvertising.org/ and here: https://digitaladvertisingalliance.org/ respectively. To opt out of being tracked by Google Analytics across all Web sites, visit: https://tools.google.com/dlpage/gaoptout.
Notice to non-U.S. Site users
If you are from a non-U.S. country, please be aware that the information you submit to us is being sent by you directly to a location operated by us in the United States for collection and further processing by us. The data protection laws in the United States may differ from those of the country in which you are located.
If you are an EU Individual, please note that since we are collecting the information directly from you (or from individuals who purchase goods for you for personal purposes), this does not involve our transferring your information to the United States.
Statutory Rights of EU Individuals
If you are an EU Individual, upon request, free of charge, you have the right to:
- obtain confirmation as to whether we process your PII;
- access and obtain a copy of the PII we hold about you;
- obtain information about the purposes for which we process your PII and the categories of PII concerned;
- obtain information on the recipients or categories of recipients (including international recipients) to whom your PII has been or will be disclosed;
- request the correction of inaccurate PII we hold about you;
- request that we delete your PII, or stop processing it or collecting it, in some circumstances;
- request the transfer of your PII from us to another data controller;
- lodge a complaint to the supervisory authority in your jurisdiction in respect of our collection or use of your PII; and
- withdraw your consent to our collection, use, storage, and dissemination of your data at any time.
Please be aware that any request for withdrawal of consent under item (9) above will not affect the lawfulness of PII collected, processed, and transferred prior to the date of such withdrawal of consent.
To make any of the requests above, contact us at firstname.lastname@example.org.
How You Can Control the Use of Your PII
You may indicate certain preferred restrictions on our use of your PII, such as opting-out of or unsubscribing from our marketing communications, newsletters or e-mails by using the “unsubscribe” feature included in such messages or by contacting us by e-mail at email@example.com. In that e-mail, you should indicate which of the following options you prefer:
- Grande Cosmetics should not send me physical mail with newsletters or other information that may be of interest to me;
- Grande Cosmetics should not send me electronic mail with newsletters or other information may be of interest to me;
- I understand that Grande Cosmetics may send me any information about third-party or other products and services, subject to my having opted in to this where I am an EU Individual.
To request access to, or notify us of changes to, PII we have collected, contact us at firstname.lastname@example.org.
How Your PII is Secured and Protected
Grande Cosmetics implements reasonable administrative, technical and physical safeguards designed to protect your PII from accidental loss and from unauthorized access, use, alteration or disclosure. Your PII is contained behind reasonably secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. Regardless of any such precautions taken in good faith by visitors or by us, security on the Internet is imperfect, and we cannot warrant the protection of any information visitors transmit to us, which visitors do voluntarily and at their own risk.
For How Long do we Store your Information?
If you are an EU Individual, we will delete your PII once it is no longer proportionate for us to store it for the purposes of the processing in accordance with our applicable data record retention period.
Where your PII relates to a contract, we will retain it for six years from the end of the contract, being the period when the time limit for claims has expired (unless a claim is made and the information is required for the claim).
Otherwise, if you are a customer, we will retain it for three 3 years since our last communication from you.
If you are not a customer, we will retain it for eighteen (18) months.
This is subject to any legal or regulatory requirement to retain the information for a minimum period.
Linking to Other Sites
About Children's Privacy
The Site is intended for general audiences, and we do not knowingly seek or collect PII from children under the age of eighteen (18). In accordance with the Child Online Privacy Protection Act, in the event that we learn that we have collected PII from a child under age thirteen (13) without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any PII from or about a child, please contact us at email@example.com.
Your California Privacy Rights
We may from time to time elect to share certain information about you collected by us on the Site with third-parties for those third-parties’ direct marketing purposes. California Civil Code Section 1798.83 permits California residents who have supplied personal information, as defined in the statute, to us to, under certain circumstances, request and obtain certain information regarding our disclosure, if any, of PII to third-parties for their direct marketing purposes. If this applies, you may obtain the categories of PII shared and the names and addresses of all third-parties that received PII for their direct marketing purposes during the immediately prior calendar year (e.g., requests made in 2019 will receive information about 2018 sharing activities) or to request to opt-out of such future sharing. To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. You may make this request in writing at: firstname.lastname@example.org.
Sweepstakes, Contests and Promotions