PRIVACY POLICY

1. Why should I read this Privacy Policy?

This Privacy Policy (‘Policy’) outlines how CLM Discipline Guide, owned and operated by CLM Cosmetics, UAB (‘we’, ‘us’, ‘our’) collects, uses, discloses, and stores your personal data (‘data’) and what statutory rights you have under applicable data protection laws. We may amend this policy unilaterally from time to time. Any such amendments will be effective immediately upon publication. Please visit our website at www.celemicosmetics.com regularly for the latest version of this Policy.

 

2. Who is responsible for my data?

We are: Celemi Cosmetics, LLC

Our company number is: 3867856372

Our address: 416 N Orange Ave. Deland, FL 32720

Our e-mail address: sales@celemicosmetics.com  

 

3. What data do you collect, use or store?

We may collect, use, store and transfer different kinds of data about you which we have grouped together as follows:

• Identity and Contact data: full name, date of birth, and gender, email address, telephone number, username, password.
• Delivery data: billing address, company (when applicable), address, city, postcode, country, region/state, delivery method, comments about your order, whether you need gift wrapping, coupon code (if provided).
• Transaction data: information related to payments or credit card details, such as the payment method, card number, name on card, card expiration date, security code, payment date, amount, currency, and payment history, VAT number.
• Wellness data: information on your water consumption, sleep quality and time, step count, skin diseases, age, gender, hair mask days, face mask days, sports days, skin type, hair type, skincare routine, skin sensations, information related to your mental health, photographs of your facial skin, and other information that you voluntarily provide us with. Wellness data will be collected via third party applications like Apple Health, Google Health Connect and other associated applications.
• Technical and Usage data: IP address, website and app navigation and interaction details, user display information, device and browser information, country, preferred language, referring webpage, logs, location, login data, and operating system, product order history, whish list.
• Communications data: your preferences in receiving marketing communications, your feedback and survey responses, the date and time of your message, messages, submitted files, and information about interactions with our social media profile (shares, post reactions, comments).
• Recruitment data: CV, work experience, information in your professional social media account, and other information you provide us with.

4. Why do you collect, and how do you use my information?

• To process your orders, receive payments and deliver purchased goods

When you purchase our products, we require your Identity, Contact, and Transaction data (detailed in Section 3 above) to process your payment and deliver the goods to you.

Legal basis for the processing: contract (Article 6(1)(b) of the GDPR).

• To provide you with our services
  

When you use our disciplinary skincare and related services through our CLM Discipline Guide mobile app, we will process your Identity, Contact, and Wellness data (detailed in Section 3 above) to provide you with these services.

Legal basis for the processing:

• Contract (Article 6(1)(b) of the GDPR).
• Explicit consent (Article 9(2)(a) of the GDPR).

• To provide you with customer support

When you reach out to us with an inquiry, request, or complaint through email or telephone, we handle your Communications data (detailed in Section 3 above) to provide you with customer support. This means that any information you provide during these interactions, including your contact details and the content of your communication, is used by us specifically to address and resolve your concerns, answer your questions, or fulfill your requests.

Legal basis for the processing: consent (Article 6(1)(a) of the GDPR).

• To provide you with information about our products and services

When you register on our website, give us your consent or we have a legitimate interest, we will send you relevant offers and information about our services and goods, as well as those of our partners. We may also seek your opinion on our services. For these purposes, we will process your Communications data (detailed in Section 3 above).

Legal basis for the processing:

• Consent (Article 6(1)(a) of the GDPR).
• Relationship with the customer (Art. 81(2) of the Electronic Communications Law of the Republic of Lithuania).
• Legitimate interest to provide you information about our services (Art. 6(1)(f) of the GDPR).

If you wish to unsubscribe from our newsletters, you have several options: click on the unsubscribe link provided in the email, press the unsubscribe button in your account, send us an email request to unsubscribe at sales@celemicosmetics.com, or change your push-notification settings on your mobile.

• To operate our website and app, ensure its security

Please note that when you visit our website or app, we automatically collect Technical data (detailed in Section 3 above) about your device. This standard practice is designed to ensure optimal functionality and security throughout your browsing experience.

Legal basis for processing: our legitimate interest to ensure security and functionality of our website and app (Art. 6(1)(f) of the GDPR).

• To manage our social media profiles

Please be informed that when you engage with our social media profiles, such as by replying to our posts or sending messages, we will process your Communications data.

Legal basis for processing: consent (Art. 6.1)(a) of the GDPR).

• To carry out the selection of potential employees

When you apply for a position at our company or when we reach out to you regarding a job opportunity, we process your Recruitment data (detailed in Section 3 above) as part of the recruitment process.

Legal basis for processing:

• Consent (Art. 6.1)(a) of the GDPR).
• Legitimate interest in conducting the recruitment process (Art. 6(1)(f) of the GDPR).

• To comply with legal requirements and defend our legal interests

If you have entered into a contract with us, we will retain your data in accordance with statutory limitation periods to safeguard our rights and legal interests, should the need arise. We are also required to retain certain data to fulfill legal obligations in areas such as accounting, archiving, and others. Furthermore, if you become involved in a legal proceeding in which we are a party, we will utilize this data for the purposes of that proceeding.

Legal basis for processing:

• Legal obligation (Art. 6.1)(c) of the GDPR).
• Legitimate interest to defend our legal interests (Art. 6(1)(f) of the GDPR).

5. How long do you retain my data?

We will not retain your data longer than needed for the processing purposes outlined in Section 4 above unless the law requires a longer retention period.

• Your data will be retained for the duration of your active use of our website or mobile app, plus an additional 5 years of inactivity (e.g., not logging in).

• Data related to your purchases will be retained for 10 years from the transaction date.
• Data used for marketing purposes will be retained until you request to stop receiving such information, up to a maximum of 5 years.
• Data from interactions on our social media profiles will be retained for 10 years.
• Recruitment data will be retained for the period necessary to assess your application, with the possibility of extending this period upon your consent after the evaluation.
• Data necessary for protecting our legal interests will be retained for the 10-year statutory limitation period as defined in Article 1.125(1) of the Civil Code of the Republic of Lithuania, calculated according to the act’s specified rules.

Should there be any dispute, legal action, or pre-trial investigation involving you, we may retain your data for the duration of such proceedings.

6. Is providing my data mandatory and what if I choose not to?

When processing your data is essential to fulfill our contract with you or when we are legally obligated to collect your data (as detailed in Section 4 above), you must provide us with the specified data. Without it, we are unable to provide our services or sell goods to you.

7. Where do you collect my data from?
   

We collect most of the data from you. In addition, for certain purposes, we may receive information from other sources, as explained below:

• Employment portals (for recruitment purposes).
• LinkedIn Corporation (for recruitment purposes).
• Social media service providers (to manage our social media profiles).
• Law enforcement authorities, courts, and parties that are subject or related to legal processes (to establish, exercise, or defend our legal claims).

 

8. Who do you share my data with?
   

We share your information with data recipients in cases where necessary for the purposes described in Section 4 above and allowed under applicable laws.

• Microsoft Corporation (communications and work tools, cloud computing, and other service provider).
• Hostinger, UAB (website hosting service provider)

• Google LLC. (analytics and other tools provider)

• LinkedIn Corporation (professional social media service provider).
• Other service providers, such as IT companies, communication service providers, social media providers, as well as legal, financial, tax, business management, human resources, and accounting service providers.

• With courts, law enforcement bodies, or government institutions, but only when the law says we have to (like with bailiffs or courts).

Where we transfer data outside the European Economic Area, we rely on the European Commission’s decision recognising that the relevant third country, territory or one or more specified sectors within that third country or relevant international organisation provides an adequate level of protection for the protection of data. In the absence of the above decision, we may transfer the data to a third country or international organisation if we have put in place appropriate safeguards (for example, if we have signed the Standard Data Protection Clauses (Article 46(2)(c) of the GDPR). If no adequacy decision has been made or no adequate safeguards have been established, we will transfer the data if one of the exceptions provided for in Article 49 of the GDPR applies (e.g., we have your explicit consent).

9. What statutory rights do I have regarding my information?

Subject to conditions and limitations established by applicable laws, you have the rights:

• Right to access. You are entitled to ask us if we are processing your data and, if so, for a copy of the data we hold about you, as well as obtain certain other information about our processing activities.
• Right to rectification. If any data we hold about you is incomplete or inaccurate, you can require us to correct it.
• Right to erasure. This enables you to ask us to delete data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your data to comply with local law.
• Right to object. Where our reason for processing your data is legitimate interest you may object to the processing. You also have the right to object where we are processing your data for direct marketing purposes.
• Right to withdraw consent. Where our reason for processing is based on your consent, you may withdraw that consent at any time. If you withdraw your consent, we may not be able to provide certain services to you.
• Right to the restriction of processing of your data. You can contact us with a request to restrict the processing of your data, except for storage, if one of the following applies:
  • you contest the accuracy of the data for a period enabling us to verify the accuracy of the data;
  • the processing of your data is unlawful, and you oppose the erasure of your Data and request the restriction of their use instead;
  • the Data are no longer necessary in relation to the purposes for which they were collected, but they are required by you for the establishment, exercise or defence of legal claims;
  • you have objected to processing pending the verification whether our legitimate grounds override your legitimate grounds. It is possible that due to the restriction of processing of Data and during the period of such restriction we will not be able to ensure the provision of services to you.
• Right to portability of your data. You can contact us with a request to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format, also you can submit a request for us to transmit your data to another controller to the extent this is technically possible and when:
  • the processing of your data is based on your consent or performance of an agreement concluded with you; and
  • the processing of your data is carried out by automated means.
• Opt-out from marketing. We will also allow you to opt-out of our communication with you whenever we send you information about Celemi or any other information that we believe may be of interest to you. Additionally, you can also opt-out at any time by contacting us.
• Right to file a complaint. You have a right to file a complaint with the supervisory authority.

10. Do you engage in automated individual decision-making, including profiling?
    

No, we do not make decisions based solely on automated processing, including profiling, which would produce legal effects concerning you.

11. How do you secure my data?

We ensure the security of users' data through various measures, including:

• Encryption: All sensitive data transmitted between the client and the server is encrypted using industry-standard protocols such as HTTPS/TLS.
• Data Storage Security: Sensitive data stored on servers is encrypted at rest using advanced encryption standards (AES).
• Access Controls: We implement robust access control measures, including role-based access control (RBAC), to ensure that only authorized personnel have access to sensitive data.
• Regular Audits and Monitoring: Regular security audits and continuous monitoring of systems are conducted to detect and respond to potential security threats promptly.

12. Does your website use cookies or similar tracking technologies?

 Yes. Cookies are small textual files containing an identifier that is sent by a web server to your web browser and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

 Cookies do not typically contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.

 Our website places the following cookies on your device.

 

Cookies / other technologies	Purpose of processing	Can third parties have access to information?	Cookie use duration
_ga	This cookie assigns a unique number to identify users, tracking visits and sessions for site analytics.	Yes	1 year 1 month
__cf_bm	This cookie differentiates between humans and bots, helping generate accurate website usage reports.	No	30 minutes
language	Used to store language preferences.	No	1 month
_gid	Set by Google Analytics to track pageviews by updating a unique value for each visited page.	Yes	1 day
currency	Used to remember selected currency.	No	1 month
_ga_Q8F8ZZDBC5	This cookie is used by Google Analytics to persist session state.	Yes	1 year 1 month
_gcl_au	Used by Google AdSense to test ad efficiency across websites.	Yes	3 months
_dc_gtm_UA-257055403-1	This cookie enables Google Tag Manager to load scripts and code, essential for other scripts to function properly, and links to a specific Google Analytics account.	Yes	55 seconds
_fbp	Used by Meta for delivering ads, including real-time bidding, from third-party advertisers.	Yes	3 months
IDE	This cookie, set by DoubleClick, tracks user website activity and prior ads viewed.	Yes	1 year

13. How can I manage cookies?

 When you visit our website, we ask for your consent for the use of non-essential cookies. However, essential cookies are enabled by default because they are a prerequisite for our website to function. We respect your preferences concerning cookies, and you can easily manage and disable them below:

 You can also configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies, you may be unable to access certain areas or features of our website. You can control the use of cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:

• Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Google Chrome: https://support.google.com/chrome/answer/95647
• Opera: https://www.opera.com/help/tutorials/security/privacy
• Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-information-sfri11471/mac