Nora Lina makes and sells the Nora Lina® brand of hair, sun, and body care products. Our products are available for in-house use by qualified beauty professionals and direct sales to customers in more than 80 territories worldwide. In this policy, we will tell you a little more about what data we collect and why.
Under the EU’s General Data Protection Regulation (GDPR), personal data defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online id or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
The personal data that we may collect from you includes:
• Necessary contact information, such as your name, physical address, email address, and telephone number
• Customer service information, including customer service inquiries, comments, and history
• Content you provide
• Information we may obtain from our third-party analytics providers, such as Google Analytics. The analytics providers that administer these services use technologies such as cookies, web server logs, and web beacons to help us analyze your use of our websites and apps. The information collected through these means (including IP address) may be disclosed to these analytics providers and other relevant third parties who use the data, for example, to evaluate the use of the website or app. To learn more about Google Analytics and how to opt-out, please visit http://www.google.com/analytics/learn/privacy.html
• IP Address
• Information about the user’s visit, including:
o The Uniform Resource Locators (URL) of the website from which the user entered the Site and the website the user then went onto after leaving the Site (including date and time)
o Products viewed or searched for
o Page response times
o Download errors
o Length of visit to individual pages
o Page interaction information (such as scrolling and clicks)
• Website usage information, including, but not limited to:
o Browser type and version
o Device type
o Operating system and platform
o Time zone setting
o Login information
o Browser plug-in types and versions
Our legal bases for processing for the personal data:
• Performance of a Contract: We may need to use your data to perform our obligations under a contract with you or in activities related to forming a contract with you. For example, we may use your personal information to provide services, products, or information that you request from us.
• Compliance with our Legal Obligations: It is possible that we would need to process or retain your data to fulfill our legal obligations. For example, we may need to keep information about purchases made online to comply with laws relating to taxation and recordkeeping.
• The pursuit of our Legitimate Interests: Except as may be prohibited by your interests, we may use your data to pursue our legitimate interests, such as to update and improve our website or our products. We may have other legitimate interests that we will make clear to you if and when necessary.
• Consent: Under limited circumstances, for example, if you were to sign up to receive a newsletter from us, we may seek your consent to processing or storing your data. Under these circumstances, you will have to consent to our data processing proactively, and the mechanism for withdrawing your consent is as specified below. You may withdraw consent at any time by email a withdrawal request to firstname.lastname@example.org.
Nora Lina will not collect any Special Category or Sensitive Data, which includes data about:
• Ethnic origin
• Political opinions
• Religious beliefs
• Philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data
• Health data
• Data concerning a natural person’s sex life
• Sexual orientation
HOW NORA LINA USES INFORMATION
The personal data we collect may be used for the following purposes
• Providing services requested by our users
• Sending promotional communications
• Responding to customer service inquiries
• Conducting research and analytics related to our operations
• Posting your content on the site and our social media pages, with your consent
• Customizing our users’ visits to our websites
• Delivering content tailored to our users’ interests
Nora Lina may also have to disclose personally identifiable information in response to legal requests, for example, court orders, or specific requests from law enforcement agencies. Under such circumstances, identifiable data subjects will be notified of the disclosure.
Under what circumstances will Nora Lina contact me?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.
Can I find out the personal data that the organization holds about me?
Nora Lina, at your request, can confirm what information we hold about you and how it is processed. If Nora Lina does keep personal data about you, you can request the following information:
• Identity and the contact details of the person or organization that has determined how and why to process your data. In some cases, this will be a representative in the EU.
• Contact details of the data protection officer, where applicable.
• The purpose of the processing as well as the legal basis for processing.
• If the processing is based on the legitimate interests of Nora Lina or a third party, information about those interests.
• The categories of personal data collected, stored, and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• If we intend to transfer the personal data to a third country or international organization, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
• How long the data will be stored.
• Details of your rights to correct, erase, restrict, or object to such processing.
- • Information about your right to withdraw consent at any time.
- • How to lodge a complaint with the supervisory authority.
- • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- • The source of personal data if it wasn’t collected directly from you.
- • Any details and information about automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
- What forms of ID will I need to provide to access this?
- To process your request, we will ask you to provide two valid forms of identification for verification purposes. Nora Lina accepts the following types of ID:
- Passport, driving license, birth certificate, utility bill (from last three months)
- Disclosure of information
- We may pass your data on to third-party service providers contracted to Nora Lina in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfill the service they provide you on our behalf. When they no longer need your data to fulfill this service, they will dispose of the details in line with Nora Lina’s procedures. If we wish to pass your sensitive personal data onto a third party, we will only do so subject to one or more of the bases for processing your data described above. The following third parties may receive your data as part of our processing activities, as specified below:
- Third country (non-EU)/international organization
- Retrieve a copy of the safeguards in place here:
- Magento (website CMS)
- Rackspace (website hosting)
- Facebook (Ads)
- Google Adwords (Ads)
- Google Analytics (Analytics tool)
- Bing (Ads)
At any point while we own or processing your data, you, the data subject, have the following rights:
• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organization.
• Right to object – you have the right to object to certain types of processing, such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the unlikely event that Nora Lina refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain, as outlined below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your data.
We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. Nora Lina is required to retain information by the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs. Also, Nora Lina will retain personal data for as long as we have an ongoing legitimate business need to do so, for example, for as long as your account is active. When we have no obligation to retain your data, we will either delete your data, anonymize your data, or, in case deletion or anonymization, are not possible, will securely isolate your data in a location where it cannot be accessed for processing purposes.
If you wish to make a complaint about how Nora Lina is processing your data, or how your claim has been handled, you have the right to complain directly of the supervisory authority and Nora Lina’s Data Protection Officer.
The details for each of these contacts are:
Supervisory authority contact details
Data Protection Officer (AP)
2509 AJ Den Haag
Telephone: +31 (0)88 – 1805 250
Claus sluterweg 55
2012 WN Haarlem
Telephone: +31 (0)6 33 60 96 00