Beauty Icons AB – privacy policy
Your privacy is important to us here at Beauty Icons AB (“Beauty Icons”, “CAIA” or “we”). This policy aims to inform you about how we go about processing your personal data and what your rights are. Information that can be linked to you personally, such as your name and contact details, is termed “personal data”.
In summary, we process your personal data:
- To the extent necessary to process and deliver your order.
- To provide you with offers and inspiration. For this, we use newsletters, text messages and targeted personalised marketing on social media, as well as other online and offline activities.
- To communicate with you and answer your questions.
- To ask you about CAIA and what you think of us.
- To remind you of any shopping basket that you’ve abandoned.
- To create and maintain your customer account.
- For compliance with laws and regulations (such as consumer and accounting law).
You have a number of rights under the Data Protection Act. You always have the right to object to marketing, for instance. You can also find out about your rights, how you can influence our processing of your personal data.
Would you like to find out more? Detailed explanations are provided below. Information is given on how we process your personal data, why and for how long.
Who is responsible for the processing of your personal data?
Beauty Icons AB, company registration number 559153-2493, is the data controller for the processing of your personal data.
Please note that our payment solution providers such as Qliro process personal data that they obtain from our website when purchases are made, and they themselves are responsible for their own processing of personal data.
Contact details
Please get in touch by sending an email to info@caiacosmetics.com if you would like to contact us about the processing of your personal data. Our address is Biblioteksgatan 29, 6 vån, SE-114 35 Stockholm, Sweden.
From what sources do we obtain your personal data?
We process personal data that you have shared with us, or that we receive from you when you make a purchase or visit our website.
Who is able to access your personal data?
Your personal data is mainly processed by us here at CAIA. We will never sell your personal data on to anyone else. We share your personal data in some cases. Further details on the purposes for which we share your personal data, and which personal data we share, are set out below. We may need to share your personal data for effective, efficient fulfilment of our obligations to you, such as:
- Our payment solution providers will have access to your personal data so that we can be sure that you pay us.
- We will share your personal data with shipping companies so that we can deliver your products to your home address or collection point, and so that we can deal with returns.
- We share your personal data with the supplier who provides us with technical solutions for collecting and publishing reviews so that we can collect and publish your reviews on our website.
- We share your personal data with companies that provide us with marketing services so that we can market relevant products and make our website as relevant as possible. These companies include Facebook and Google.
- We will share your personal data with IT providers who process personal data on our behalf, acting as assistants to help us with IT services.
Please contact us if you would like to receive more detailed information on who we share your personal data with.
Do we transfer your personal data outside the EU/EEA?
CAIA generally processes your personal data within the EU/EEA, but occasionally we may use providers from outside the EU/EEA. CAIA ensures that there is a sufficiently high level of protection whenever we transfer your personal data outside the EU/EEA so as to ensure that the transfer takes place in accordance with the GDPR. CAIA may transfer your personal data to the US, to our newsletter provider and to our service providers in order to market relevant products and make our website as relevant as possible. If you have any questions about how we share your personal data, please get in touch with us.
How can you influence the processing of your personal data?
You have a number of rights under the Data Protection Act? that will allow you to influence our processing of your personal data. More details on your rights are provided below. Please get in touch with us if you have any questions about this or would like to exercise any of your rights.
Right to withdraw consent
You have the right to withdraw your consent to the processing of your personal data at any time, insofar as we base the processing of your personal data on consent. Your withdrawal will take effect from the moment you withdraw your consent.
Right to object
You have the right to object at any time to the processing of your personal data based on legitimate interest with regard to reasons that can be attributed to your own particular situation. More information on balancing interests is set out below. You always have the right to opt out of receiving our direct marketing, such as newsletters. There is no right to object in certain cases, such as when we are required by law to retain your personal data.
Right of access
You have the right to receive confirmation of whether we are processing personal data that relates to you. Enquiries can be sent to info@caiacosmetics.com. If we process your personal data, you have the right to access a copy of the personal data we process and information about how we process it.
Right of rectification
You have the right to demand that any inaccurate personal data relating to you should be rectified, and also to ask us to complete any incomplete personal data.
Right to erasure (“right to be forgotten”) and restriction of processing
You have the right to have your personal data deleted under certain circumstances. if your personal data is no longer necessary for the purposes for which it was collected or processed, for instance, or when you withdraw your consent on which the processing is based and there is no other lawful basis for continuing to process the data. You also have the right to ask CAIA to restrict the processing of your personal data. You can do this when you are contesting the accuracy of the personal data, for instance, or if the processing of the data is unlawful and you oppose the erasure of your personal data and ask for its use to be restricted instead. This is also applicable while we are checking a balance of interests test in instances where you object to our processing of your personal data.
Right to lodge a complaint with a supervisory authority
You always have the right to lodge a complaint with a supervisory authority. This can be done in the EU/EEA Member State where you reside, where you work or where an alleged breach of applicable data protection legislation has taken place. In Sweden, the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) is the supervisory authority.
Right to data portability
You have the right to instruct us to transfer certain elements of the personal data that we hold about you to another company (data portability). This right is applicable to any personal data provided to us by you in a structured, commonly used, machine-readable and compatible format if:
- The processing of this data is based on consent or a contract; and
- The data is processed automatically
When exercising your right to data portability, you have the right to have personal data transferred directly from CAIA to another data controller, where this is technically possible.
How do we process your personal data, and why?
We aim to be as transparent as possible when it comes to how we process your personal data, and why we process it. The tables below provide more details on why we process your personal data (purposes of processing), what personal data we process, our lawful basis for processing your personal data and how long we process your personal data for each purpose.
Processing necessary for making purchases
We process your personal data so that we can fulfil your purchase. This includes ensuring we can deliver your products.
Please note that our payment solution providers also process your personal data so that they can administer the payment for your order. Our payment solution providers are independent data controllers for such data processing. Some of our payment solution providers will allow you to choose an easier way to make purchases by automatically entering your personal details or being remembered on your device.
| Purpose – making purchases | |||
| Processing | Personal data | Lawful basis | Storage time |
| To administer your purchase, confirm your purchase, deliver your purchase and communicate with you in respect of your consignment, and to collect information about your experience. | Name | Contract | We will store your personal data for 36 months after you have placed an order. |
| Recipients of personal data | We will share your personal data with our payment service provider, who will process your personal data in connection with your purchase. Our payment service provider is an independent personal data controller for the processing of your data. Please see our payment service provider’s personal data policy for more information: more details about this will be provided when you make your purchase. We will also share your name, address, contact details and order information with our storage provider, who will process your personal data on our behalf in its capacity as a data processor. We will share your name, address and contact details, via our storage provider, with the carrier you choose when you make a purchase so that your products can be delivered. The carriers we use are independent data controllers for the processing of your personal data. Please see their respective privacy policies if you have questions regarding their processing of your personal data. | ||
| Purpose – to deal with any queries about your purchase, returns, etc. |
| ||
| Processing | Personal data | Lawful basis | Storage time |
| To get in touch with you as regards any issues regarding your purchase, such as letting you know if a product has been recalled or is no longer available, or similar information. | Name | Legitimate interest | From the time when you make |
| If you wish to exercise your right to | Name | Contract
| From the time when you make |
| To deal with any complaints, | Name | Legal obligation | From the time at which we are made aware |
| Recipients of personal data | We will share your personal data with our e-commerce platform provider and our customer service provider, who process personal data as a data processor on our behalf. | ||
Processing performed so that we are able to meet legal requirements
In some cases, we need to process your personal data in order to met our obligations as defined in law or other requirements, such as the data retention requirements of the Accounting Act, the Money Laundering Act and consumer protection laws. We will be unable to fulfil your purchase with us if you fail to provide us with personal data for these purposes.
| Purpose – to meet requirements in accordance with legal obligations | |||
| Processing | Personal data | Lawful basis | Storage time |
| For compliance with laws such as the Accounting Act and money laundering legislation | Transaction information, payment history and other information included in your invoice IP address | Legal obligation. In order to meet requirements as defined in law. | From the time when you make your purchase and for seven (7) to eight (8) years in accordance with the Swedish Accounting Actm and five to ten (5–10) years in accordance with money laundering legislation. |
| Recipients of personal data | We will share your personal data with our IT provider, who processes personal data as a data processor on our behalf. | ||
Processing in order to manage reviews
| Purpose – to manage reviews |
|
| |
| Processing | Personal data | Lawful basis | Storage time |
| Publication of your review on our website. | Name Order information Review | Consent We will always ask for your consent before we publish your review. You have the right to withdraw your consent at any time. However, this will not affect the processing of the information before you withdraw your consent. | We will process your personal data so that we can send you an enquiry after you have made your purchase. Your review will remain on the review platform |
| Recipients of personal data | We share your personal data with our marketing platform, which processes personal data as a data processor on our behalf. | ||
Processing for managing your customer account
You can choose to create a customer account on our website, and a customer account is created automatically when you purchase anything from us. We will process your personal data for the performance of our contract with you so that we can manage your customer account. We will be unable to provide you with your customer account if you fail to provide us with personal data for this purpose.
| Purpose – Managing your customer account |
|
| |
| Processing | Personal data | Lawful basis | Storage time |
| To manage the customer account that you We use cookies to identify you when you log in so that you can remain logged in to your customer account | Name Email Purchase history Returns and complaints Login details | Contract | We will retain your personal data until you ask us to delete your account, or for |
| Recipients of personal data | We will share your personal data with our marketing platform, which processes personal data as a data processor on our behalf. | ||
Processing so that we can pass on news, inspiration and relevant offers to you
We use cookies, pixels and similar technologies to collect your personal data so that we can analyse how you are using our website, and for marketing purposes. Our cookie policy [link] contains more information on which cookies we use and the purposes for which we use them.
| Purpose – Newsletters and other marketing |
| |||
| Processing | Personal data | Lawful basis | Storage time | |
| So that we can send you newsletters | Telephone number Address (Based on your interaction on account of the newsletter) | We process your personal data | If you opt to receive newsletters and relevant | |
| To send marketing information to you | Email Age (Based on your interaction on account of the newsletter) | When you have made a purchase, we will process | If we send newsletters on the basis of | |
| To carry out targeted marketing aimed at | Name Email Search history Click history Interaction data | Our legitimate interest | Your personal data will be processed | |
| We may publish any photos/videos | The photo/video that you have shared on social media, your username and text. This may include personal details relating to you. | Our legitimate interest | Until you tell us that you no longer | |
| Recipients of personal data | We will share your personal data with our e-commerce platform provider and our marketing platform provider, who process personal data as a data processor on our behalf.
| |||
Processing of personal data when you contact us
We will need to process your personal data if you contact our customer service team by email or via other channels.
| Purpose – Customer service | |||
| Processing | Personal data | Lawful basis | Storage time |
| So that we can answer your questions when you contact us using forms on our website, by phone or on social media, or via any other channel where you contact us. | Name, Contact details (telephone number and email) Address Social media username Case information and any photos sent to us and other information provided to us by the person. | Legitimate interest Our legitimate interest to administer and follow up our contact with you. | We will retain your personal data from the communication with you for 12 months from the end of our contact with you on the matter. |
| So that we can communicate | Email | Legitimate interest Our legitimate interest to administer and follow up our contact with you. | We will retain your personal data from the communication with you for 12 months from the end of our contact with you on the matter. |
| Recipients of personal data | We will share your personal data with our customer service provider, which processes your personal data as our data processor on our behalf. | ||
Processing that takes place when you visit our website
Your personal data will be collected from your mobile phone, computer or other devices that you use to visit our website if you have consented to allow this.
We use cookies, pixels and similar technologies to collect your personal data so that we can analyse how you are using our website, and for marketing purposes. This is known as profiling. Our cookie policy [link] contains more information on which cookies we use and the purposes for which we use them.
We and our providers take action to protect your personal data.
| Purpose – When you visit our website |
|
| |
| Processing | Personal data | Lawful basis | Storage time |
| To improve our website and its features, to customise and enhance the user experience, and to analyse how you use our website. Calculating the number of visitors to our website. | Information about how you use our website, such as the products you have chosen to click on. The geographical areas from which you use our website. Visit history | Consent We will obtain your consent to process your personal data for marketing purposes when you visit our website. You have the right to withdraw your consent at any time. | We will retain personal data for no more than 24 months after you visit our website, or until you withdraw your consent. |
| To save your abandoned shopping basket and remind you of the product(s) still | Information on products in your shopping basket | Our legitimate interest | From the moment you place |
| Offers on our products based on your use of our website are marketed on social media sites that you visit. We use marketing services that are based on analysis of how you use our website, by means of cookies, pixels or similar technologies, and information held by these marketing services about you. | Digital identifier Information on how you use our website Click history Purchase history Web browser Screen resolution Information on how you use our website, such as which products you have clicked on The geographical areas from which you use our website Visit history | Consent We will obtain your consent to process your personal data for marketing purposes when you visit our website. You have the right to withdraw your consent at any time. | We may send you marketing messages for 24 months after you have visited our website. |
| Recipients of personal data | We will share your personal data with our e-commerce platform provider and our marketing platform provider, who process personal data as a data processor on our behalf. We use Google Tag Manager in order to obtain information about how you use our website. If you have agreed, we provide pixels to ad service platforms such as Meta, Tiktok and Google, with whom we work in order to optimise our purchased ads. We then share aggregated information on pseudonymised personal data. | ||
HOW HAVE WE ASSESSED THE BALANCE OF INTERESTS TEST WHEN THE LAWFUL GROUNDS FOR PROCESSING YOUR PERSONAL DATA ARE OUR LEGITIMATE INTEREST?
Beauty Icons AB processes your personal data for certain purposes and relies on our legitimate interest as the lawful basis for the processing of the data. We rely on a balance of interests test when assessing the lawful basis. We have indicated our legitimate interest in the tables that appear above. Please get in touch with us if you would like to know more about how we have performed this test. Our contact details are provided at the start of this privacy policy.
AMENDMENTS TO THIS PRIVACY POLICY
Beauty Icons AB reserves the right to amend this privacy policy. The currently valid policy is available to view on our website.
This privacy policy was updated by Beauty Icons AB on 3 March 2024.