Privacy
Trading company Creaticon d.o.o. from Zagreb (hereinafter: Creaticon) is the data controller, and it determines the purposes and means of processing personal data within the framework and for the needs of its business and legal activities in accordance with the General Data Protection Regulation.
Creaticon pays special attention to ensuring that personal data is processed in accordance with the fundamental principles set out in Chapter II of the General Data Protection Regulation, primarily ensuring lawful, fair, and transparent processing of personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which the data is processed.
Creaticon generally does not process personal data of persons under the age of 18. Exceptionally, in accordance with the provisions of Article 8 of the General Data Protection Regulation, data of a person who has reached the age of 16 may be processed, while for all other cases (persons under the age of 16), explicit consent of the child's legal guardian is required, which must be established in a clear and unambiguous manner in accordance with the provision of Article 8, paragraph 2 of the General Data Protection Regulation.
Creaticon does not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for the purpose of uniquely identifying an individual, nor data concerning individuals' sex life or sexual orientation.
Exceptionally and exclusively based on the clear, unambiguous, and explicit consent of the data subject, Creaticon may process data concerning the health of the data subject for the purpose of advising on the selection of products from Creaticon's assortment.
I. Purchase
When you make a purchase through the webshop channel www.skintegra.hr, Creaticon processes your personal data as a buyer of products based on the fact of concluding a sales contract and for the purpose of exercising rights and obligations from the concluded sales contract, delivering products, as well as for placing on the waiting list for the desired product that is intended to be purchased but is currently unavailable.
The personal data of buyers processed are: buyer's personal name, address of residence, delivery address of the product, email address, and telephone number.
Recipients of this data are:
contractual partners for the delivery of purchased products – DPD Croatia d.o.o. from Sesvete, Slatinska ulica 7, General Logistics Systems Croatia d.o.o. from Popovac, Varaždinska 116, and DHL International d.o.o., Utinjska 40, Zagreb
contractual partner for providing card payment services Corvus Pay d.o.o. from Zagreb, Buzinski prilaz 10
webshop sales service provider Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin, Ireland
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland
Klaviyo, 125 Summer St, Floor 6Boston, MA 02111, USA
Data may be transferred to third countries, namely the United States of America, with regard to the recipients of the data. More information about this and about measures to protect personal data can be found at:
- https://policies.google.com/privacy?hl=en_US#enforcement
- https://www.facebook.com/about/privacy
- https://www.klaviyo.com/legal/privacy-notice
- https://help.shopify.com/en/manual/your-account/privacy
Data about your previous purchases is stored, and details of the products you have previously purchased are used to suggest other products that we believe you may also be interested in.
The data is stored electronically, and measures to protect personal data relate to information security measures.
II. Registration
If you register as a member on www.skintegra.hr, Creaticon processes your personal data based on consent - the voluntary act of opening a user account on our website.
The personal data processed are: personal name, address of residence, delivery address of the product, email address, telephone number, and date of birth.
The purpose of processing this data is to use the services provided by Creaticon on the website www.skintegra.hr, including purchasing through the webshop channel, participating in the SK University loyalty program, marketing, and for easier access to the Internet store for purchasing and delivering products.
Recipients of this data are:
contractual partners for the delivery of purchased products – DPD Croatia d.o.o. from Sesvete, Slatinska ulica 7, General Logistics Systems Croatia d.o.o. from Popovac, Varaždinska 116, and DHL International d.o.o., Utinjska 40, Zagreb
contractual partner for providing card payment services Corvus Pay d.o.o. from Zagreb, Buzinski prilaz 10
webshop sales service provider Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin, Ireland
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland
Klaviyo, 125 Summer St, Floor 6Boston, MA 02111, USA
Data may be transferred to third countries, namely the United States of America, with regard to the recipients of the data. More information about this and about measures to protect personal data can be found at:
- https://policies.google.com/privacy?hl=en_US#enforcement
- https://www.facebook.com/about/privacy
- https://www.klaviyo.com/legal/privacy-notice
- https://help.shopify.com/en/manual/your-account/privacy
Creaticon uses the Shopify Abandoned Checkouts application, which serves as a reminder of initiated but unfinished purchases in the webshop.
Data about your previous purchases is stored, and details of the products you have previously purchased are used to suggest other products that we believe you may also be interested in, as well as to participate in the SK University loyalty program, which brings you numerous benefits. Data is stored for the longest until the closure of the user account or withdrawal of consent for personal data processing. In any case, the data is deleted within 2 years from your last activity on the website.
The data is stored electronically, and measures to protect personal data relate to information security measures.
III. Consultation
If you use consulting services, Creaticon processes your personal data based on your consent.
The purpose of processing this personal data is to provide cosmetic and health advice and recommendations for Creaticon products.
The personal data processed relate to email, personal name, age, and health status, especially skin condition.
Data is stored for the longest until the purpose for which they are collected is achieved, and earlier at your request or withdrawal of consent given. In any case, the data is deleted within 2 years from the provision of consulting services. Since most consulting services are provided through social networks (Facebook and Instagram), you can delete your data as well as the entire communication at any time.
These data are not disclosed to anyone, and there are no recipients of the data.
The data are not transferred to third countries.
The data are stored electronically, and measures for protection relate to information security measures.
IV. Newsletter
If you subscribe to the newsletter, Creaticon processes your personal data, email address, based on the given consent for marketing purposes.
Data is stored until you request deletion or withdraw your consent.
Recipients of this data are:
Klaviyo, 125 Summer St, Floor 6Boston, MA 02111, USA
The data may be transferred to third countries, namely the United States of America, with regard to the recipients of the data. More information about this and about measures to protect personal data can be found at:
https://www.klaviyo.com/legal/privacy-notice
The data are stored electronically, and measures for protection relate to information security measures.
V. Surveys and Quizzes
On the website www.skintegra.hr, we use the services of Typeform and Quiz Kit to conduct surveys and quizzes, for the purpose of recommending products from the Skintegra assortment. In surveys and quizzes, the user can participate completely anonymously, and in that case, no personal data is collected. However, if the user wishes, they can provide their email address, in which case Creaticon processes that personal data and uses it to send email via the recipient of that data - Klaviyo.
More information about this and about measures to protect personal data can be found at:
- https://admin.typeform.com/to/dwk6gt/
- https://www.quizkitapp.com/privacy-policy
- https://www.klaviyo.com/legal/privacy-notice
DATA PROTECTION AND SYSTEM RELIABILITY
Creaticon implements appropriate technical and organizational measures to enable the effective application of data protection principles, such as minimizing the amount of data and incorporating protective measures into processing to ensure that only personal data necessary for each specific purpose of processing is processed in an integrated manner. This is also reflected in the way special attention is paid to the issues of the quantity of collected personal data, the scope of their processing, the duration of storage, and their availability.
Taking into account the latest advancements, implementation costs, as well as the nature, scope, context, and purposes of processing, and the risk of varying likelihood and severity for the rights and freedoms of individuals, Creaticon implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk. This is primarily achieved by continuously monitoring stored personal data, processing only to the extent necessary, and keeping personal data only for as long as necessary to achieve the purpose of processing. Creaticon has appointed a Data Protection Officer whom you can contact with any questions or requests regarding your personal data at dpo@skintegra.hr.
DATA SUBJECT RIGHTS - INDIVIDUALS WHOSE PERSONAL DATA IS PROCESSED
Anyone whose personal data is processed has the following rights regarding the processing of their personal data:
Right to transparent information, communication, and modalities for exercising their rights
Right to access data
Right to rectify data
Right to erasure of data
Right to data portability
Right to object
Right to restriction of processing
Right to object to automated processing or profiling
Transparency
At the moment Creaticon collects any of your personal data, you will be informed in advance and made aware of the legal basis for processing personal data, the purpose of processing personal data, the duration of processing, as well as your rights regarding the fact of processing your personal data. If your data will be shared with third parties, for example, for payment and delivery of products or subscribing to a newsletter, you will be notified. If your data is transferred to third countries (outside the EU), this will be specifically emphasized to you.
Right to access data
Anyone whose personal data is processed has the right to obtain confirmation from Creaticon as to whether personal data concerning them are being processed, and if such personal data are being processed, access to personal data and the following information:
the purpose of processing
categories of personal data
recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the right to request rectification from Creaticon
the right to erasure of personal data
the right to restriction of processing personal data
the right to object to the processing of personal data
the right to lodge a complaint with the Personal Data Protection Agency
if the personal data were not collected from you, any available information about their source
whether there is automated decision-making, including profiling, and if so, information about the logic involved, the significance and the envisaged consequences of such processing
Anyone whose personal data is processed has the right to request from Creaticon a copy of their personal data processed by Creaticon, and Creaticon will provide it to them electronically upon such request.
Right to rectification
Anyone whose personal data is processed has the right to obtain from Creaticon the rectification of inaccurate personal data concerning them.
Right to be forgotten
Anyone whose personal data is processed has the right to obtain from Creaticon the erasure of their own personal data if such personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. The right to erase personal data is also exercised by withdrawing the given consent to the processing of personal data.
Right to restriction of processing
Anyone whose personal data is processed has the right to obtain from Creaticon the restriction of processing if they contest the accuracy of personal data (for a period enabling Creaticon to verify the accuracy of personal data), if the processing is unlawful and the data subject opposes the erasure of personal data and requests the restriction of their use instead, if Creaticon no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims, if the data subject has objected to processing pending the verification whether the legitimate grounds of Creaticon override those of the data subject.
Right to data portability
Anyone whose personal data is processed has the right to receive the personal data concerning them, which they have provided to Creaticon, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from Creaticon, where the processing is based on consent or on a contract and the processing is carried out by automated means. The right to direct transfer from one controller to another if technically feasible is guaranteed.
Right to object
Anyone whose personal data is processed has the right to object at any time to the processing of personal data concerning them.
An objection is submitted in writing to the address Ulica Blaža Šoštarića 10, Zagreb, including in electronic form via email to dpo@skintegra.hr and the person submitting the objection is obliged to specify the reasons for their objection in the objection.
From the moment an objection is received, Creaticon will no longer process personal data unless there are compelling legitimate reasons for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
Right to object to profiling
Anyone whose personal data is processed has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
SPECIAL PROVISIONS RELATED TO WWW.SKINTEGRA.HR
Creaticon is the owner of the domain skintegra.hr and is responsible for the content published on it as well as for its operation in general. By using the website www.skintegra.hr, certain personal data is automatically collected through web technologies. The primary purpose of collecting personal data on the website www.skintegra.hr is to provide the user with a safe and efficient experience and to provide services and features that better meet the user's needs and requirements.
When visiting the website www.skintegra.hr, Creaticon processes personal data based on the fact of your visit to the website.
The personal data processed are cookies, IP addresses, and web beacons. The mentioned personal data are processed solely as aggregate data, i.e., based on cookie data, IP addresses, and web beacons, they are not linked to a specific individual, and Creaticon does not know the identity of the person who accessed a particular website based on this data.
The so-called "cookie" technology is used to improve the quality of use and collect data for statistical reporting on the website. Cookie technology does not store an individual email address or any personal data about the user. A cookie is a small unit of information sent from a website that the user visits, which the user's computer browser stores on the user's hard drive. It contains information that may be needed by the www.skintegra.hr website to personalize the user experience (e.g., rotating images on the homepage of skintegra.hr) and to collect statistical data about the website, such as the pages visited, what is downloaded from them, the domain name of the internet access provider, and the country from which users
or visitors come, as well as the addresses of pages visited immediately before or after visiting the www.skintegra.hr website. None of the data mentioned is associated with the user personally but is measured only in aggregate form, as aggregate data. Nevertheless, for maximum protection and security, if the user wishes, they can browse and use the www.skintegra.hr website without "cookie" technology by configuring their Internet browser to reject all cookies or with prior notice when a particular cookie is set.
Mandatory cookies are necessary for the operation of any website, and without them, it is not possible to use the website. Analytical, statistical, and marketing cookies, as well as retargeting cookies, are collected solely on the basis of the consent given by each data subject.
The purpose of processing this data is the functioning of each individual website, analytics and statistics on website visitors, and marketing.
The recipients of this data are: Google Analytics, Facebook Pixel.
The data is transferred to third countries, namely the United States, with regard to the recipients Google Analytics and Facebook Pixel.
Cookie data is stored on the user's computer and is kept depending on the settings set for each user's computer and can be deleted at any time by the user of the computer.
IP address data is stored in the Creaticon computer system as part of the placed order and is kept as long as the placed orders are stored, or until the user requests deletion themselves.
Creaticon uses so-called "web beacons" for advertising, strengthening email advertising, and tracking the use of the skintegra.hr website. Third parties are used to manage "web beacons" and the data collected in this way. Web beacons do not store individual email addresses of skintegra.hr website users or any personal information. Web beacons (clear GIFs) are invisible files on the web pages visited by the user, which communicate with the user's computer on the skintegra.hr website to determine, among other things, whether that user has visited that page before or whether they have viewed a particular advertisement.
When paying on the webshop, CorvusPay is used – an advanced system for secure acceptance of payment cards over the Internet.
CorvusPay ensures complete confidentiality of card data from the moment it is entered into the CorvusPay payment form. Payment data is encrypted and sent from the user's web browser to the bank that issued the card. Creaticon's store never comes into contact with the complete data about the user's payment card. Also, the data is not available even to CorvusPay system employees. An isolated core independently transmits and manages sensitive data, keeping them completely secure. The payment data entry form is secured with SSL transport encryption of the highest reliability. All stored data are additionally protected by encryption, using a cryptographic device certified according to the FIPS 140-2 Level 3 standard. CorvusPay meets all the requirements related to the security of online payments prescribed by leading card brands, i.e., operates in accordance with the PCI DSS Level 1 standard – the highest security standard in the payment card industry. When paying with cards included in the 3-D Secure program, the user's bank, in addition to the validity of the card itself, further confirms the identity of the user using tokens or passwords. Corvus Info d.o.o. considers all collected information to be bank secrecy and treats it accordingly. The information is used only for the purposes for which it is intended. Personal data are completely secure, and their privacy is guaranteed by the most modern protective mechanisms. Only data necessary for performing the job according to the prescribed rigorous procedures for online payment are collected. Security controls and operational procedures applied to Creaticon's infrastructure ensure the immediate reliability of the CorvusPay system. Additionally, by maintaining strict access control, regularly monitoring security, conducting in-depth network vulnerability checks, and systematically implementing provisions on information security, the security level of the system for protecting user data is permanently maintained and improved.
Additional measures to protect personal data used by Creaticon are encrypted communication with the website, Akismet and CAPTCHA verification to prevent spam, and encrypted communication with the mail server.
SECURITY PROGRAMS