Privacy policy

Zagreb-based company Creaticon d.o.o. (Creaticon) is a controller within the meaning of General Data Protection Regulation and as such it determines how and why it processes personal data with respect to its operations and transactions.

Creaticon takes special care to process personal data in line with the main principles set out in Chapter II of the General Data Protection Regulation, and above all to ensure lawful, fair, and transparent processing of personal data that is adequate, relevant and limited to what is necessary for the purposes for which they are processed.

As a rule, Creaticon does not process the personal data of persons under the age of 18. As per Article 8 of the General Data Protection Regulation, data of a person who has turned 16 years of age may be processed only in exceptional cases, whereas all other cases (persons under 16 years of age) require the explicit consent of the child's legal guardian, which must be granted clearly and unambiguously in accordance with Article 8(2) of the General Data Protection Regulation.

Creaticon does not process personal information that reveals racial or ethnic origin, political, religious, or other affiliations, union membership, individually identifiable genetic or biometric data, or data on the sexual life and sexual orientation of individuals.

Creaticon may process data related to your health, in order to inform your choice when browsing through the products from the Creaticon range, only in exceptional cases where you have granted   clear, unequivocal and explicit consent.

I. Purchase

When you make purchases through www.skintegra.com, Creaticon processes your personal data based on your purchase (which constitutes a sales contract) to allow you to exercise your consumer rights and obligations arising from your purchase, to have your product delivered, and to put you on the waiting list while the product is back-ordered. 

In such cases we obtain your name, billing address, shipping address, email, and telephone number.

We send these data to:

• our business partners who deliver the purchased products to you - DPD Croatia d.o.o. based in Sesvete, Slatinska ulica 7, General Logistics Systems Croatia d.o.o. based in Donji Stupnik, Stupničke Šipkovine 22, and DHL International d.o.o., based in Zagreb, Utinjska 40
• our business partner who provides card payment services - Corvus Pay d.o.o., based in Zagreb, Buzinski prilaz 10
• e-commerce provider - Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin, Ireland
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor Dublin 2, Ireland
• Klaviyo, 125 Summer St, Floor 6, Boston, MA 02111, USA

The data may be transferred to third countries, namely the third parties in the United States, depending on who the data recipients are. For more details on this and the personal data protection measures click here:

• https://policies.google.com/privacy?hl=en_US#enforcement
• https://www.facebook.com/about/privacy
• https://www.klaviyo.com/legal/privacy
• https://help.shopify.com/en/manual/your-account/privacy

We store the information on your purchase history and details of the products you previously purchased to inform your future purchases and point you to products you might be interested in.

Data is stored in electronic form and subject to personal data protection measures, namely information security measures.

II. Registration

If you register as a member of www.skintegra.com, Creaticon processes your personal information based on your consent - i.e. the fact that you chose to open an account on our website.

We collect the following data: your name, billing address, shipping address, email, telephone number, and date of your birthday.

The data is processed to enable you to use the services provided by Creaticon on the website www.skintegra.com (online shopping included), to participate in the SK University loyalty programme and advertising campaigns, and to facilitate access to the online store to complete the purchase and have the products shipped.

The recipients of these data are:

• our business partners who deliver the purchased products - DPD Croatia d.o.o. based in Sesvete, Slatinska ulica 7, General Logistics Systems Croatia d.o.o. based in Donji Stupnik, Stupničke Šipkovine 22, and DHL International d.o.o., Utinjska 40, Zagreb
• our business partner who provides card payment services - Corvus Pay d.o.o., based in Zagreb, Buzinski prilaz 10
• e-commerce provider - Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin, Ireland
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor Dublin 2, Ireland
• Klaviyo, 125 Summer St, Floor 6, Boston, MA 02111, USA

The data may be transferred to third countries, namely the third parties in the United States, depending on who the data recipients are. For more details on this and the personal data protection measures click here:

• https://policies.google.com/privacy?hl=en_US#enforcement
• https://www.facebook.com/about/privacy
• https://www.klaviyo.com/legal/privacy
• https://help.shopify.com/en/manual/your-account/privacy

Creaticon uses the Shopify Abandoned Checkouts application to send reminders of the webshop purchases you have started but have not completed. 

We store the information on your purchase history and details of the products you previously purchased to inform your future purchases and point you to products you might be interested in, and to allow you to participate in SK University loyalty programme that offers numerous incentives. The data are stored until the user account is closed or the consent relating to personal data processing is withdrawn. In any case, the data are deleted within 2 years of your last activity on the website.

Data are stored in electronic form and are subject to personal data protection measures, namely information security measures.

III. Consultation

If you use consulting services, Creaticon processes your personal data based on your consent.

The personal data are processed to facilitate the provision of cosmetic and health advice and recommendations for Creaticon’s products.

The personal data we collect are your e-mail, name, age and information on your health, especially skin health.

The data is not stored after the consent has been withdrawn, and in any case not after the purpose of data collection has been achieved. In any event, the data is deleted on the expiry of 2 years from the provision of consulting services. Since most consulting services are provided through social networks (Facebook and Instagram), you can delete your data as well as the entire communication thread at any time.

These data are not disclosed to anyone nor are they transferred to any recipients.

Data are not transferred to third countries.

Data are stored in electronic form and are subject to protection measures, namely information security measures.

IV. Newsletter

If you subscribe to the newsletter, Creaticon processes your personal email address information based on the consent given for marketing purposes.

The data are kept until you request they be deleted or withdraw your consent.

The recipients of these data are:

• Klaviyo, 125 Summer St, Floor 6, Boston, MA 02111, USA

The data may be transferred to third countries, namely the third parties in the United States, depending on who the data recipients are. For more details on this and the personal data protection measures click here:

• https://www.klaviyo.com/legal/data-processing-agreement

Data are stored in electronic form and are subject to protection measures, namely information security measures.

V. Surveys and quiz

On www.skintegra.com we use Typeform services to conduct surveys and quizzes, in order to recommend products from the Skintegra range. You can participate in surveys and quizzes completely anonymously, in which case no personal data is collected, or you may wish to provide your email data in which case Creaticon processes these personal data and uses them to send emails via the data recipient - Klaviyo.

 For more details on this and the personal data protection measures click here:

• https://admin.typeform.com/to/dwk6gt/
• https://www.klaviyo.com/legal/data-processing-agreement

PERSONAL DATA SECURITY AND SYSTEM RELIABILITY

Creaticon implements appropriate technical and organisational measures to enable the effective application of data protection principles, namely to reduce the amount of data and integrate the necessary safeguards into the processing to ensure that only personal data necessary for specific processing purpose are processed. This is also reflected in the fact that special attention is paid to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Creaticon implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk. This is primarily achieved by monitoring stored personal data on an ongoing basis, by processing the data only to the extent necessary, and by storing personal data only to the extent necessary to achieve the purpose of processing. Creaticon has a designated data protection officer who you can contact with all your questions and requests relating to your personal data at dpo@skintegra.com  

DATA SUBJECT’S RIGHTS

Everyone whose personal data is being processed has the following rights concerning the processing of their personal data:

• The right to transparent information, communication, and modalities for exercising one’s rights
• The right to access data
• The right to rectify data
• The right to delete data
• The right to data portability
• The right to object
• The right to restrict data processing
• The right to oppose automated processing of personal data or profiling

Transparency

When Creaticon collects your personal data in any way, it informs you in advance and informs you of the legal basis of personal data processing, the purpose of personal data processing, the duration of processing and your rights regarding the processing of your personal data. If your information is to be shared with third parties (e.g. for the purpose of payment and delivery of products, or a newsletter subscription), you will be notified. If your data is to be transferred to third countries (non-EU countries) then such fact will be pointed out to you.

The right to access data

Anyone whose personal data are processed has the right to request confirmation from Creaticon of whether their personal data is processed and, if so, to be given access to personal data and the following information:

• the purposes of processing
• the categories of personal data concerned
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the right to request from Creaticon rectification of personal data
• the right to deletion of personal data
• the right to restrict the processing of personal data
• the right to object to the processing of personal data
• the right to lodge a complaint with the Personal Data Protection Agency
• if personal data have not been obtained from you, any available information about their source
• whether there is automated decision-making, including profiling, and if so, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Anyone whose personal data are processed has the right to request from Creaticon a copy of their personal data undergoing processing and Creaticon will provide such data electronically upon such request.

Right to rectification

Anyone whose personal data are undergoing processing has the right to have Creaticon rectify inaccurate personal data concerning him or her.

Right to be forgotten

Anyone whose personal data are undergoing processing has the right to have Creaticon erase personal data concerning him or her, if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. The right to erase the personal data is also exercised by withdrawing the consent for the processing of personal data.

Right to restrict the processing

Anyone whose personal data are undergoing processing has the right to have Creaticon restrict the processing in the following cases: if the accuracy of the personal data is contested by the data subject (for a period enabling Creaticon to verify the accuracy of the personal data); if the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; if Creaticon no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; if the data subject has objected to processing pending the verification whether the legitimate grounds of Creaticon override those of the data subject.

Right to data portability

Anyone whose personal data are undergoing processing has the right to receive the personal data concerning him or her, which he or she has provided to Creaticon, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from Creaticon, where the processing is based on consent or a contract, or is carried out by automated means. The data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object

Anyone whose personal data are undergoing processing has the right to object to the processing of personal data concerning him or her.

The objection must be submitted in writing and sent to Ulica Blaža Šoštarića 10, Zagreb, or electronically to dpo@skintegra.com, and the person submitting the objection is required to indicate the reasons for his or her objection.

Once the objection is received, Creaticon will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Right to oppose profiling

Anyone whose personal data are undergoing processing has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.  

SPECIAL PROVISIONS RELATED TO WWW.SKINTEGRA.COM

Creaticon is the owner of the domain skintegra.com and is responsible for the content published on the site as well as for its operation in general. By using the website www.skintegra.com, certain personal data are automatically collected via web technologies. The primary purpose of collecting personal data on the site www.skintegra.com is to provide the user with a safe and efficient experience and to provide services and features that better meet the user's needs and requirements.

When you visit www.skintegra.com, Creaticon processes personal data based on the fact that you visited.

The personal data we process are cookies, IP addresses, and web beacons. These personal data are processed exclusively as aggregate data, i.e. data which are not individually identifiable based on cookies, IP addresses and web beacons, which means that Creaticon does not know the identity of the person who accessed a specific web page.

The purpose of cookies is to improve the user experience and to collect data for statistical reporting on the website. Cookies do not contain individual email addresses or any personal data about the user. A cookie is a small unit of information sent from a website, which your computer browser stores on your hard drive. It contains information that www.skintegra.com may need to personalise the user experience (e.g. rotating images on the skintegra.com homepage) and collect statistical data about the website, such as the pages visited, the content downloaded from them, the domain name of the internet access provider and the user’s or visitor’s country of origin, as well as the addresses of the pages that are visited immediately before or after the visit to the site www.skintegra.com. None of the above data are individually identifiable data - they are collected in aggregate form only. Nevertheless, for maximum protection and security, should you so wish, you can search and use the site www.skintegra.com without cookies, simply by configuring the Internet browser in such a way that it rejects all cookies or displays a prior notice for each cookie.

Mandatory cookies are necessary for the operation of each website and without them you cannot use the website. Analytical, statistical, and marketing cookies and retargeting cookies are collected only if you have granted your consent.

We process these data to enable the functioning of each web page, conduct traffic analytics and statistics, and for marketing purposes.

The recipients of these data are Google Analytics and Facebook Pixel. 

The data are transferred to third countries, more specifically to Google Analytics and Facebook Pixel in the United States.

Cookie data are stored in the computer of the person who accessed the website based on the individual settings, and can be deleted at any time by the computer user.

IP addresses are stored in Creaticon’s computer system as part of the purchase order; they are stored for as long as the orders are or until the user requests deletion.

Through www.skintegra.com, Creaticon can collect IP addresses to manage systems, diagnose server problems and collect aggregate information (e.g. to find out how many visitors have registered on www.skintegra.com). When a user visits a certain web page at the www.skintegra.com website, the servers record the user's IP address. An IP address is a number that is automatically assigned to the user’s computer when online.

Creaticon uses web beacons for advertising purposes, to boost e-mail advertising and monitor traffic at skintegra.com site. Third parties help us manage web beacons and data collected in that way. Web beacons do not store individual e-mail addresses of www.skintegra.com visitors or any kind of personal information. Web beacons (clear GIFs) are invisible files on web pages you visit and they communicate with your computer to determine, among other things, whether you have visited that page before or whether you checked out a particular ad.

 

Data are stored in electronic form and are subject to protection measures, namely information security measures.

We use CorvusPay to enable online purchases. CorvusPay is an advanced system for the secure processing of card payments online.

CorvusPay ensures absolute confidentiality of cardholder data from the moment the data are entered in the CorvusPay payment form. Payment information is encrypted and forwarded from your web browser to the bank that issued the card. At no point does the Creaticon store have any access to a complete set of cardholder data. What is more, not even CorvusPay employees have access to such data. An isolated core independently transmits and manages sensitive data, while keeping them completely secure. The payment form you are required to fill in is secured with the highest-level SSL protocol. All data are additionally protected by encryption enabled by cryptographic module compliant with FIPS 140-2 Level 3 standard. CorvusPay meets all requirements relating to the security of online payments prescribed by leading card brands, i.e. it operates in accordance with PCI DSS Level 1, the highest security standard in the payment card industry. When using payment cards included in the 3-D Secure programme, your bank verifies not only the validity of the card but also your identity by requesting a token ID or a password.  Corvus Info d.o.o. applies the banking secrecy principle to all data it collects.  The data are used only for the intended purposes. Personal data are completely secure, and their privacy is guaranteed by state-of-the-art security mechanisms. Only need-to-know data are collected, as per statutory requirements for online payments. Security controls and operating procedures applied to Creaticon's infrastructure ensure instant reliability of the CorvusPay system. In addition, by maintaining strict access control, regular security monitoring and in-depth checks to prevent network vulnerabilities, and implementation of information security provisions, they continuously maintain and improve the security level of the system designed to protect cardholder data.

Creaticon employs additional measures to protect your privacy - we use an encrypted link to the website, Aksimet and CAPTCHA checks to prevent spam, and encrypted communication with the mail server.

SECURITY PROGRAMS