Privacy Policy
INTRODUCTION
SIA Rumi Cosmetiques a company registered in the Republic of Latvia under registration number 40203513127 ("we," "us," "our") respects your privacy and acts as the Data Controller for the personal data collected and processed through this Site.
This means that Rumi Cosmetiques is responsible for determining the purposes and means of processing your personal data in compliance with applicable da
ta protection laws.
As Data Controller, we are committed to protecting your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for customers in the European Economic Area (EEA). This Privacy Policy explains how we collect, use, disclose, and protect your personal data, and outlines the rights you have regarding your data.
1. DATA COLLECTION AND PURPOSE OF PROCESSING
We collect and process personal data for specific purposes, as outlined below. The categories of data processed vary depending on the purpose:
Before a purchase is made:
● Categories of Data Processed: Name, email address, browsing history, IP
address, device information, and any preferences or inquiries submitted.
● Purpose: When you browse our site, add items to your cart, or contact us with inquiries, we process your data based on our legitimate interest to provide customer support, enhance your shopping experience, and offer relevant services. Where required, we will seek your consent. After a Purchase is Made:
● Categories of Data Processed: Name, email address, phone number, shipping and billing address, payment information, and order details.
● Purpose: Once a purchase is completed, we process your data to fulfill the purchase contract, ship your order, manage payments, and communicate with you regarding your order. This processing is based on the legal obligation to fulfill your order and our legitimate interest in ensuring customer satisfaction and managing business operations.
Newsletter and SMS Subscription:
● Categories of Data Processed: Name, email address, and phone number.
● Purpose: When you subscribe to our email newsletters or SMS communications, we process your personal data based on your consent. By signing up, you consent to our use of your contact information to send you marketing updates, promotions, product launches, and other information related to our services. You may withdraw this consent at any time by following the unsubscribe link in our emails or by replying "STOP" to our SMS communications.
Store Session Information through Cookies:
● Categories of Data Processed: Address, device ID, session token, referring
website, IP address, and browsing behavior.
● Purpose: We may collect information related to your store session, including your address, device ID, session token, and referring website, through cookies and similar tracking technologies. This data is processed solely upon receiving your explicit consent, as required by applicable laws. Cookies help us understan
d your preferences, enhance your shopping experience, and optimize our services. For detailed information on how we use cookies and to manage your preferences, please refer to our Cookies Policy.
Data Processing on Social Media Platforms:
We may process Your personal data through our official profiles on various social media platforms, including but not limited to Facebook, Instagram, TikTok (collectively, “Social Media Platforms”). By interacting with our official accounts, such as liking, following, commenting, sharing, or messaging, you confirm that you are informed about the processing of your data as described in this clause.
Please note that when you interact with us on Social Media Platforms, yourv personal data may also be processed by the platform provider (e.g., Facebook, Instagram, TikTok) in accordance with their own privacy policies. Rumi Cosmetiques has limited control over the data processing practices of these platforms. For more information on how each platform collects, uses, and shares your data, please refer to the privacy policies of the respective Social Media Platforms.
● Categories of Data Processed: Profile Information - username, profile picture; Data obtained through private communication, like order information, contact details and any other information you share with us; user-generated content, like comments, messages, posts, and any interactions with our content (likes, shares, tags).
● Purpose: We process personal data on Social Media Platforms for purposes such as engaging with and responding to your inquiries, feedback, and comments; providing updates about our products, services, promotions, and brand activities; analyzing user interactions to better understand customer preferences and improve our services. We also could conduct advertising and targeted marketing activities based on user interactions, preferences, and demographic data available through the Social Media Platforms, in accordance with the platform’s privacy policies.
2. LEGAL GROUNDS FOR PROCESSING YOUR DATA
We process your personal data on the following legal bases:
● Consent: For newsletter and SMS subscriptions and cookies, we rely on your explicit consent to send marketing and promotional materials. Consent is provided at the time of sign-up, specifically when you submit your email address or phone number for this purpose. You may withdraw your consent at any time.
● Legitimate Interest: We rely on legitimate interest to respond to inquiries, provide support, and ensure smooth browsing and purchase experiences. In addition to that, also the processing of personal data on our Social Media Platforms is based on our legitimate interest in managing and promoting our brand, as well as engaging with our community.
● Legal Obligation: After a purchase, we process your data to fulfill our contractual and legal obligations, including order processing, tax compliance, and record-keeping.
3. DATA SHARING AND DISCLOSURE
We may share your personal data with trusted third-party service providers (e.g., Shopify for e-commerce, payment processors, and logistics providers) to fulfil l your order, process payments, and facilitate our communications. These third parties are bound by confidentiality and data protection obligations, and we only share data as necessary to provide services to you.
4. INTERNATIONAL DATA TRANSFERS
We operate globally and may transfer your data outside the EEA. We implement
safeguards, such as standard contractual clauses, to protect your data and ensure compliance with GDPR.
5. DATA RETENTION
We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. For marketing purposes, your data is retained until you withdraw consent. After this period or upon your withdrawal, we securely delete or anonymize your data.
6. YOUR RIGHTS UNDER GDPR
Under GDPR, you have rights regarding your personal data, including access, rectification, erasure, restriction, portability, and objection. You may withdraw consent for marketing communications at any time. To exercise these rights, contact us at hello@rumicosmetiques.com or hello@rumicosmetiques.eu.
7. SECURITY OF YOUR DATA
Rumi Cosmetiques is committed to safeguarding your personal data and implements strict security measures to protect against unauthorized access, loss, misuse, or alteration of data under our control. We apply a range of technical, physical, and organizational measures to ensure the security and confidentiality of your information.
Technical Security Measures
● Encryption: All personal data transferred to and from our Site is encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. This protects your data during transmission, especially for sensitive information such as payment details.
● Access Control: We limit access to your data to only authorized personnel who
require it to perform their duties. We use strong authentication protocols to verify user identities, ensuring that only authorized individuals have access to our systems.
● Data Anonymization and Masking: Where appropriate, we anonymize or mask personal data to further protect your privacy and minimize the risk of unauthorized access.
● Network Security: We employ firewalls, intrusion detection systems, and other
protective technologies to secure our network from external threats. Regular network security audits and vulnerability assessments help us identify and address potential weaknesses.
● Regular Software Updates: Our systems and software are regularly updated to ensure that security patches are applied promptly, minimizing vulnerabilities from outdated software.
Physical Security Measures
● Secure Facilities: We store data on secure servers located in facilities with physical access controls. These facilities are equipped with security measures such as surveillance cameras, alarm systems, and access control protocols to prevent unauthorized access.
● Data Backups: Regular data backups are performed and stored securely to protect against data loss or corruption. These backups are securely stored and only accessible by authorized personnel.
● Equipment Security: Devices used to process personal data are protected by
strong access controls and are kept in secure locations to prevent unauthorized physical access.
Organizational Security Measures
● Employee Training: We conduct regular training sessions for employees on data protection and security best practices. Employees are educated on the importance of safeguarding personal data and the steps they must take to ensure compliance with security policies.
● Access Control Policies: We maintain strict access control policies that define which employees and contractors can access specific types of personal data. Access rights are regularly reviewed and adjusted to align with job responsibilities.
● Data Minimization and Retention Policies: We adhere to data minimization principles, collecting only the necessary personal data and retaining it only as long as required for legitimate business purposes or as mandated by law.
● Incident Response Procedures: In the event of a data breach or security incident, we have a dedicated incident response team and procedures in place to quickly assess, contain, and resolve the issue. We notify affected users and authorities
as required by applicable data protection laws.
● Regular Audits and Compliance Checks: We conduct regular security audits and compliance checks to evaluate our data protection practices and ensure they align with industry standards and legal requirements.
While we employ these measures to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure.
Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
8. COOKIES AND TRACKING TECHNOLOGIES
We use cookies to provide and improve our services, for which we obtain consent
where necessary. For detailed information on how we use cookies and to
manage your preferences, please refer to our Cookies Policy.
9. UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically. Continued use of our site signifies acceptance of any updates.
10. COMPANY AND CONTACT DETAILS
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Company: SIA Rumi Cosmetiques
Registration Number: 40203513127
Address: Dzirnavu iela 57A - 4, Riga, LV-1010, Latvia