Nora Lina makes and sells the Nora Lina® brand of hair, sun and body care products. Our products are available for in-house use by qualified beauty professionals and for direct sale to customers in more than 80 territories worldwide. In this policy, we will tell you a little more about what data we collect and why.
Under the EU’s General Data Protection Regulation (GDPR), personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The personal data that we may collect from you includes:
• Basic contact information, such as your name, physical address, email address, and telephone number
• Customer service information, including customer service inquiries, comments, and history
• Content you provide
• Information we may obtain from our third-party analytics providers, such as Google Analytics. The analytics providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyze your use of our websites and apps. The information collected through these means (including IP address) may be disclosed to these analytics providers and other relevant third parties who use the information, for example, to evaluate use of the website or app. To learn more about Google Analytics and how to opt out, please visit http://www.google.com/analytics/learn/privacy.html
• IP Address
• Information about the user’s visit, including:
o The Uniform Resource Locators (URL) of the website from which the user entered the Site and the website the user then went onto after leaving the Site (including date and time)
o Products viewed or searched for
o Page response times
o Download errors
o Length of visit to certain pages
o Page interaction information (such as scrolling and clicks)
• Website usage information, including, but not limited to:
o Browser type and version
o Device type
o Operating system and platform
o Time zone setting
o Login information
o Browser plug-in types and versions
Our legal bases for processing for the personal data:
• Performance of a Contract: We may need to use your personal data in order to perform our obligations under a contract with you or in activities related to forming a contract with you. For example, we may use your personal information to provide services, products or information that you request from us.
• Compliance with our Legal Obligations: It is possible that we would need to process or retain your personal data in order to fulfill our legal obligations. For example, we may need to retain information about purchases made online in order to comply with laws relating to taxation and recordkeeping.
• Pursuit of our Legitimate Interests: Except as may be prohibited by your own interests, we may use your personal data to pursue our legitimate interests, such as to update and/or improve our website or our products. We may have other legitimate interests that we will make clear to you if and when necessary.
• Consent: Under limited circumstances, for example, if you were to sign up to receive a newsletter from us, we may seek your consent to processing or storing your personal data. Under these circumstances, you will have to proactively consent to our data processing, and the mechanism for withdrawing your consent is as specified below. You may withdraw consent at any time by email a withdrawal request to firstname.lastname@example.org.
Nora Lina will not collect any Special Category or Sensitive Data, which includes data about:
• Ethnic origin
• Political opinions
• Religious beliefs
• Philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data
• Health data
• Data concerning a natural person's sex life
• Sexual orientation
HOW NORA LINA USES INFORMATION
The personal data we collect may be used for the following purposes
• Providing services requested by our users
• Sending promotional communications
• Responding to customer service inquiries
• Conducting research and analytics related to our operations
• Posting your content on the site and our social media pages, with your consent
• Customizing our users’ visits to our websites
• Delivering content tailored to our users’ interests
Nora Lina may also have to disclose personally identifiable information in response to legal requests, for example court orders, or specific requests from law enforcement agencies. Under such circumstances, identifiable data subjects will be notified of the disclosure.
Under what circumstances will Nora Lina contact me?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Can I find out the personal data that the organisation holds about me?
Nora Lina at your request, can confirm what information we hold about you and how it is processed. If Nora Lina does hold personal data about you, you can request the following information:
• Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
• Contact details of the data protection officer, where applicable.
• The purpose of the processing as well as the legal basis for processing.
• If the processing is based on the legitimate interests of Nora Lina or a third party, information about those interests.
• The categories of personal data collected, stored and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
• How long the data will be stored.
• Details of your rights to correct, erase, restrict or object to such processing.
- • Information about your right to withdraw consent at any time.
- • How to lodge a complaint with the supervisory authority.
- • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- • The source of personal data if it wasn’t collected directly from you.
- • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
- What forms of ID will I need to provide in order to access this?
- In order to process your request, we will ask you to provide two valid forms of identification for verification purposes. Nora Lina accepts the following forms of ID:
- Passport, driving licence, birth certificate, utility bill (from last 3 months)
- Disclosure of information
- We may pass your personal data on to third-party service providers contracted to Nora Lina in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with Nora Lina’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so subject to one or more of the bases for processing your personal data described above. The following third parties may receive your personal data as part of our processing activities, as specified below:
- Third country (non-EU)/international organisation
- Retrieve a copy of the safeguards in place here:
- Magento (website CMS)
- Rackspace (website hosting)
- Facebook (Ads)
- Google Adwords (Ads)
- Google Analytics (Analytics tool)
- Bing (Ads)
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the unlikely event that Nora Lina refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. Nora Lina is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs. In addition, Nora Lina will retain personal data for as long as we have an ongoing legitimate business need to do so, for example for as long as your account is active. When we have no need to retain your personal data, we will either delete your personal data, anonymize your personal data, or, in case deletion or anonymization are not possible, will securely isolate your personal data in a location where it cannot be accessed for processing purposes.
In the event that you wish to make a complaint about how your personal data is being processed by Nora Lina, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Nora Lina’s Data Protection Officer.
The details for each of these contacts are:
Supervisory authority contact details
Data Protection Officer (AP)
2509 AJ Den Haag
Telephone: +31 (0)88 - 1805 250
Claus sluterweg 55
2012 WN Haarlem
Telephone: +31 (0)6 33 60 96 00