Privacy Policy

Below is the privacy policy and data handling policy of cosmetic-market.com, in which we outline how we handle customer and personal data, how it is stored, how it is used and for what purposes and what are out data breach procedures.

Cookie Policy

About Cookies

“Cookies” is a term used in the world of computers to signify a small file used in the interaction between websites and the web browsers. These are small files that contain  basic information, which help a website to recognize a browser or to know of what actions a user has undertaken while browsing said website – what products have been added to the shopping cart, is the user logged in, has the use accepted the Terms & Conditions, etc. Depending on the usage, a cookie can store both general and private information and can either be used only for the current session (so called “session cookies”), i.e. the cookie is deleted once the browser is closed or can be retained across multiple sessions, i.e. the cookie will remain even if the browser is closed.

How do we use cookies?

An online store, that also allows users to register and have an online account with it, cannot function properly without cookies. It is absolutely necessary for our website to use cookies, so our system can know what products and how many of them our user has added to their basket. They are generated from the shopping platform we use – Woocommerce, and unless deleted will store this information inside the browser for up to a month. No other information will be contained inside the cookie, besides the added to the cart products.

The other persistent cookies we use notify our system if the user is logged in their profile. If a customer has created a user profile on our website and wishes to remain logged in, they can do so, and next time they open their browser and visit our website, they will still be logged on into the system, without needing to input their login credentials. Please note that is option should only be used on your personal device and not a shared device like a public or an office computer.

We will not collect of store any personal information using first party cookies from our website.

Third party cookies

A third party cookies is a cookie file generated by a third party and not cosmetic-market.com. These are cookies we have no direct control over and cannot directly control how the information stored and accessed with them is monitored and used. However, we have made the effort to only include the used of trusted sources of third cookies on our website. Such can be various analytics services, embedded media sources, integrated modules, checkout services.

Our website uses Google Analytics, which requires the usage of cookies from Google. You have the option to deny the usage of Google Analytics, which also prevents the usage of Google Analytics cookies. We also embed videos from websites such as Youtube, which also requires the usage of third party cookies. All embedded videos will have a warning and consent button and not third party cookies from videos will be added to your browser without your prior agreement.

You can disable Google Analytics cookies by disabling Google Analytics from the privacy settings menu.

The only required third party cookies are for any checkout service integrated into our website, as we only use checkout services where the user is redirected to a secure payment page on the website of our chosen processing service, where they make the card payment. Our checkout processing partners will need to use cookies to process the payment, however, we guarantee that the submitted information on the page is completely secured and the cookies are safe and delated once the page is left and the user is redirected back to our website.

Embedded media

Embedded content on our website is a part of or a full page hosted on another website. We do not have control over the content hosted on third party websites and servers. We will however add a notice to all embedded media and no cookies from the third party hosting the media will be used until the user has given their consent to access the video/media.

Google Analytics

We have integrated Google Analytincs on our website. This is a service offered by Google which allows websites to monitor user experience and browsing and shopping behavior, which allows us to collect and compare date related to site usage and analyze it to improve our services. Google Analytics only collects browsing and shipping data – it does not collect personal information.

Google Analytics only collects information for visited pages, clicked buttons, web traffic flow and sources, products added to the cart, purchased items, site searches and others. No private data is collected and stored and any collected data is only available to us and Google, but never provided to third parties. No names, emails, IP addresses are collected. There is geo-location, but the IP addresses have the last digits anonymized not allowing for the exact location of the site visitor to be visible.

Data Collection and Retention

Data from emails and correspondence

When our customers contact us from the website, using the contact form, or directly via email, we need a base amount of information that will allow us to properly handle inquiries, complains, orders or any other reasons for communication. We may request customers to provide their name, email address, phone number, billing address, shipping address, VAT number, alternative methods of payment and any other relative information we might need to process orders, inquiries of complaints. Any such information is strictly private and will never be disclosed to a third party.

Data Sharing

We have made al necessary steps to protec our customers data. Data submitted during the order process or in correspondence with our website is completely private and will never be provided to third parties.

Data collected with Google Analytics will be available to both us and Google, but never to other third parties and any data collected with Google Analytics is not personal and only collected with the user’s consent.

Data Retention

Active user accounts and their data will be maintained and stored, respectively, as long as the user account is active. Inactive user accounts and their data are deleted after a 5 year period of inactivity, automatically, except for instances where there pending cases, unresolved issues or we are legally obliged to retain the information.

User rights and control over their data

Our company is based in the European Union and we are bound to operate under the regulations of EU law and regulations, and specifically the GDPR. Our customers and site users have the ability to control their personal data – request the bulk of data from their website user account and request its deletion. This does not include the data from direct correspondence with us through the contact form, third party chat services and/or email correspondence. You will need to make a separate request for these and we will confirm whether providing and/or deleting the entirety of such correspondence is possible (in regard to technical limitation, not unwillingness from our team).

Personal data requests

At any moment a user/customer of our website can request their data that is stored on our web servers or user hosting services. To make such a request you can contact us at biz@cosmetic-market.com. We will need to confirm your identity prior to fulfilling said request. Please use to email you used to make your order or to create your user account, or that you used in your correspondence with us. Otherwise we cannot verify your identity. Please consult with us if you no longer have access to this email address, so we can offer you alternative ways to confirm your identity.

Data storage, handling and related policies

Protection of data

When making an order and/or a client profile on our website, we request customers provide a basic set of information – name, company name, billing address, delivery address, phone number, email address and possibly other information necessary for processing of a client’s order. This information is considered personal and private and is completely protected. No such information is accessible to or provided to third parties and is only handled by authorized  employees of Georock Desing LTD.

All normal measures to protect the website and web server and the stored information have been take, including limiting remote access and passing traffic from and to the website through a secure encrypted connection using an SSL encryption certificate (https).

When making an account on our website a user is required to provide an email address and password. It is the responsibility of the customer/user to protect the email account they’ve used for the registration and to use a secure enough password for login, as well as change said password on a regular basis, for security reasons. Georock Desing LTD will not be responsible for any data breaches which are the result of user/customer negligence, including using easy to guess passwords or insecure email account for password restoring.

Data breach procedures

We have taken all reasonable measures for the protection of our websites, emails and hosting/servers. However, data breaches are a constant risk and sometimes, unfortunately, happen. In the unlikely case of a data breach will in instantly notify all affected or at risk users and customers about the problem, what actions we have undertaken to solve it and what customers themselves might do to help us resolve the problem. We may request customers to change their account’s email address or update their password.

Automated data processing

All inactive accounts will be automatically deleted after a period of 5 years, excluding the instances cited in the Data Retention section of our Privacy Policy.

Google Analytics is automatically active on the website and will collect anonymous browsing and shipping data by default. However, you can turn  Google Analytics from the privacy settings menu off and prevent this automatic data collection. Please not that agreeing or disagreeing to the usage of Google Analytics, requires we store a cookie in your browser. No private data is stored or collected using this cookie – it only tells our system what your choice regarding our privacy policy was.

Data regulatory

Any unresolved  disagreements with Georock Desing LTD regarding privacy or data handling can be addressed toward our local EU data regulator:

http://www.cpdp.bg/