Privacy policy

PERSONAL DATA INFORMATION AND PRIVACY POLICY

This Privacy Policy describes the processing of personal data carried out by BEAUTY LAB TWELVE, S.L. through its online store www.twelvebeauty.com (hereinafter, the “Website”) in relation to the personal data of users who browse the Website and/or place orders through it (hereinafter, the “Users”).

1. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?

The data controller responsible for the personal data collected and processed through the Website is BEAUTY LAB TWELVE, S.L. (hereinafter, “BLT”), with Tax Identification Number (NIF) B-22850226.

Users may contact BLT regarding any matters related to the processing of their personal data through the following channels:

Postal address:
Calle Santísima Trinidad, 8
03760 Ondara, Alicante, Spain

Email:
privacidad@pyd.es

For any enquiries relating to orders, the operation of the Website, products or customer service, Users should use the specific contact channels indicated on the Website.

2. WHAT PERSONAL INFORMATION DOES BLT PROCESS AND HOW IS IT OBTAINED?

BLT collects personal data directly from Users, primarily the following data and/or categories of data:

  • Identification and contact details (e.g. first name, surname, email address, postal address, postcode and telephone number).

  • Information required for invoicing and payment processing.

  • Website usage and browsing data, in accordance with the provisions of the Cookie Policy.

Consequently, when Users register on the Website, the personal data collected by BLT is obtained directly from the data subject. Failure to provide the requested information may prevent registration and/or the completion of an order.

3. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA AND WHAT IS THE LEGAL BASIS?

The purposes for which BLT processes Users’ personal data, together with the applicable legal bases, are detailed below.

a. Performance of a Contract

BLT processes Users’ personal data where necessary for the performance of a contract, including the following purposes:

  • Managing User registration on the Website.

  • Managing Users’ orders (i.e. processing and delivering orders and informing Users of the status of their orders via email, SMS and/or any other communication channel available at the relevant time).

  • Contacting Users when BLT needs to provide information or request clarification regarding an order (e.g. shipment confirmation).

  • Responding to any enquiries related to an order.

  • Managing and issuing documents evidencing the purchase transaction (e.g. electronic simplified invoices, sales invoices and Tax Free documentation).

b. Consent-Based Processing

BLT will process Users’ personal data where they have provided their explicit consent for the following purposes:

  • Creating a commercial profile based on the User’s browsing activity on the Website. Such profiling may be carried out using personal data and browsing information (e.g. products viewed or added to the shopping cart, sections of the Website visited, or the country from which the User accesses the Website) in order to assess preferences and interests and provide content, offers, services and products tailored to the User’s profile.

  • Sending commercial communications relating to our products, services and promotions by email.

  • Using cookies and similar technologies in accordance with the Cookie Policy.

Users may withdraw their consent at any time by sending a request to privacidad@pyd.es.

c. Compliance with Legal Obligations

BLT may process Users’ personal data whenever necessary to comply with applicable legal obligations.

d. Legitimate Interest

BLT may process Users’ personal data where necessary to ensure that the Website remains a secure environment, based on BLT’s legitimate interest in ensuring that transactions and access to the Website do not pose risks to Users’ privacy or other rights and freedoms.

4. HOW LONG DO WE RETAIN PERSONAL DATA?

In order to ensure that personal data is adequate, relevant and limited to what is necessary for the purposes for which it is processed, BLT will retain personal data only for as long as necessary to fulfil the purpose for which it was collected, taking into account the need to respond to enquiries, resolve issues, implement improvements, activate services and comply with applicable legal requirements.

Once the relationship between the User and BLT has ended, personal data will be blocked within BLT’s systems solely for the purpose of making it available to the competent authorities in connection with potential administrative or judicial liabilities and the exercise or defence of legal claims.

After the applicable retention and blocking periods have expired, the personal data will be permanently deleted.

Where processing is based on the User’s explicit consent, such processing will continue until the consent is withdrawn. Following withdrawal, the data will be retained in a blocked form in accordance with the provisions set out above.

 

5. WITH WHOM DO WE SHARE PERSONAL DATA?

Users’ personal data may be disclosed to third parties where required by applicable law, including Public Administrations and Government Authorities when such disclosure is required under tax, employment, social security or any other applicable legislation.

Personal data may also be shared with third parties that are necessary for the performance of the contract, including transport and logistics providers responsible for delivering purchased products and payment service providers that process transactions and verify the validity of the payment method used.

In addition, BLT may engage third-party service providers who require access to personal data in connection with the services they provide. In such cases, BLT will enter into the corresponding data processing agreements in accordance with applicable data protection legislation.

BLT does not carry out any additional disclosures of personal data or transfers for commercial purposes.

International Data Transfers

Some of the technology providers used to operate the Website (for example, the e-commerce platform, marketing tools or analytics services) may be located outside the European Economic Area (“EEA”).

In such cases, BLT ensures that any international transfer of personal data is carried out with the appropriate safeguards required under Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).

6. HOW DOES BLT PROTECT PERSONAL DATA?

BLT’s Website uses information security measures such as firewalls, automated attack prevention systems, access control procedures and cryptographic mechanisms, all designed to prevent unauthorised access to personal data and ensure its confidentiality. In addition, periodic security audits are conducted in order to assess risks and implement appropriate controls.

BLT confirms that it has implemented all necessary technical and organisational measures to guarantee the security and integrity of the personal data it processes and to prevent its loss, alteration and/or unauthorised access by third parties.

7. WHAT RIGHTS DO USERS HAVE IN RELATION TO THEIR PERSONAL DATA?

Users have the rights described below and may exercise them by contacting BLT at privacidad@pyd.es. Where there are reasonable doubts regarding the identity of the individual making the request, BLT may request additional documentation to verify their identity.

Right of Access

The right to obtain confirmation as to whether BLT is processing personal data concerning the User and, where that is the case, to access such personal data.

Right to Rectification

The right to request that BLT correct inaccurate personal data or complete incomplete personal data.

Users may also update certain personal information directly through the “My Account” section of their customer profile.

Right to Erasure

The right to request the deletion of personal data where, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

The right to request restriction of processing, in which case BLT will retain the data only for the establishment, exercise or defence of legal claims.

Right to Data Portability

The right to receive personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller where processing is based on consent or on the performance of a contract and is carried out by automated means.

Right to Object

The right to object to the processing of personal data where such processing is based on BLT’s legitimate interests or the public interest, including profiling activities.

In such cases, BLT will cease processing the data unless compelling legitimate grounds exist or the processing is necessary for the establishment, exercise or defence of legal claims.

Users also have the right to object to the processing of their personal data for direct marketing purposes.

Right to Lodge a Complaint

Users have the right to lodge a complaint with the competent supervisory authority.

In Spain, the competent supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD):

www.aepd.es

8. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy will always be available on the Website.

However, if BLT makes any substantial and material changes to its content, Users will be informed through the Website or by email, in compliance with the information requirements established by the GDPR.

This will enable Users, where appropriate, to exercise their rights as data subjects in relation to such changes.