The company informs you about the processing of your personal data in a concise, transparent and comprehensible manner via this privacy policy. All personal data is processed fairly, transparently and lawfully by your service provider, who is responsible for the processing of personal data on this website.
Article 1. Applicable law - legal basis
This privacy policy is ensured to comply with the following legal requirements:
- Articles 12, 13 and 14 of the General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council.
- Loi Informatique et Libertés n° 78-17 du 6 janvier 1978 Loi Informatique et Libertés n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés modified by Loi n° 2018-493 du 20 juin 2018 relative à la protection des données personnelles pour les questions de traitement de données à caractère personnel.
- Law no. 2004-575 of June 21, 2004 for confidence in the digital economy: for any removal of disputed content.
The legal bases are as follows:
- Consent (for newsletter subscriptions)
- Fulfilment of a contract (for the performance of a service)
- Legal obligation (for invoicing)
Article 2. Collection of personal data
Personal data is collected automatically, for commercial, statistical and prospecting purposes, when a contact form is filled in, an appointment is made, an online quotation is requested or an invoice is issued, as soon as necessary. The processing of personal data may not concern:
- racial or ethnic origin,
- political opinions,
- religious or philosophical beliefs,
- trade-union membership,
- genetic data,
- biometric data for the purpose of uniquely identifying a natural person,
- data concerning health or data concerning the sexual life
- sexual orientation of an individual,
- criminal convictions and offences.
The data collected is :
- Last name
- First name
- E-mail address
- Postal address
- Telephone number
- Bank details
Article 3. Purpose of personal data processing
The processing of personal data is deemed lawful when at least one of the following conditions is met:
- The user of this website has consented to the processing of his/her personal data in order to have access to the company's free services.
- Processing is necessary for the performance of a contract with the service provider.
- The processing is necessary for the company to comply with a legal obligation, to safeguard the vital interests of the data subject or of another natural person, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
| Data collected | Purpose |
| Last name | Customer identification - invoices - order tracking |
| First name | Customer identification - invoices - order tracking - newsletters (if subscriber) |
| Bank details | Order payment |
| Postal address | Customer identification - invoices - order dispatch |
| Cell phone number | Customer identification - invoices - order tracking |
| E-mail address | Customer identification - invoices - order tracking - newsletter dispatch |
Article 4. Consent to the collection of personal data
The User must consent to the collection of personal data in order to benefit from the Provider's services.
It is possible to withdraw this consent at any time, in the simplest of formalities, by contacting the service provider in writing. Users who withdraw their consent are aware that this does not call into question the lawfulness of the previous processing of their personal data.
In accordance with article 9 of the French Civil Code, all customers have the right to the protection of their image, including their voice, and their private life. The use of photographs, audios and videos concerning them must be the subject of a transfer of image rights agreed in writing, by acceptance of this legal document. The transfer of image rights granted by the customer is valid for 5 years from the date of written authorization. This also includes the right to collect the customer's personal data as part of a collective event. The image rights granted are valid for all written, audio and video media required to promote the services provided by the company, or to produce advertising or canvassing content, in any medium whatsoever. Use of the media concerned by the image right is restricted to the European Union.
Article 5. Recipients of data
The recipient of personal data is the company responsible for processing personal data on this website. No personal data is transmitted, sold or rented to third parties. The company does not use any personal data subcontracting services.
Article 6. Register of processing activities
In principle, each data controller must keep a register of the processing activities carried out under their responsibility, mentioning :
- The name and contact details of the data controller
- The purposes of the processing
- A description of the categories of data subjects and personal data categories
- The categories of recipients who have been given access to the personal data, or the procedures for transferring personal data to a third country or to an international organization
- The deadlines set for the deletion of the various categories of data
- A general description of technical and organizational security measures.
This register takes the form of a written document, which may be in electronic or paper form.
The CNIL supervisory authority must have access to it on simple request, particularly when the company exceeds 250 employees or if its activities involve a recurring risk to the rights and freedoms of the persons concerned.
Article 7. Right of access to data
Any person concerned by the processing of his/her personal data has the right to obtain from the data controller confirmation of the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients established in third countries or international organizations;
- where possible, the length of time the personal data will be kept or, where this is not possible, the criteria used to determine this length of time;
- the existence of the right to request from the controller the rectification or erasure of personal data, or a restriction on the processing of personal data relating to the data subject, or the right to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where personal data is not collected from the data subject, any available information as to its source
- the existence of automated decision-making, including profiling.
In such cases, the company must provide the data subject with a copy on written request.
Article 8. Right to modify personal data
Any person concerned may request the company to rectify any personal data concerning him or her that is inaccurate. They may also request, in writing, that the personal data collected by the service provider be supplemented.
Article 9. Right to delete personal data
Any user or customer has the right to be forgotten. Persons concerned by the processing of their personal data may demand that the data be deleted if one of the following situations arises:
- the personal data is no longer required for the purposes for which it was collected or otherwise processed;
- the data subject withdraws the consent on which the processing is based,
- the data subject objects to the processing;
- personal data have been processed unlawfully;
- the personal data must be erased in order to comply with a legal obligation laid down by Union law or by the law of the Member State to which the controller is subject;
- personal data have been collected in the context of offering information society services,
The personal data collected are automatically deleted after 3 years of collection by the service provider.
Article 10. Right to object and restriction
Any person concerned by the processing of personal data may refuse to consent to it, or freely limit its scope, where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period allowing the data controller to verify the accuracy of the personal data;
- the processing is unlawful, and the data subject objects to the erasure of the data, demanding instead that its use be restricted;
- the data controller no longer needs the personal data for the purposes of processing, but they are still necessary for the data subject to establish, exercise or defend legal claims;
- the data subject has objected to the processing during the verification as to whether the legitimate grounds pursued by the data controller prevail over those of the data subject.
Article 11. Right of portability
The portability of personal data is the right of any data subject who wishes to transfer his or her data to another data controller, without opposition from the service provider, where this is technically possible and does not infringe the rights of third parties.
Any such request must be made in writing to the service provider.
Article 12. Data processing security
To maintain a low risk of personal data leaks, the company may reinforce its data retention measures: implement pseudonyms, encryption, a crisis protocol or re-evaluate the levels of the protocol in force.
The risks to be assessed in the context of processing are of several kinds, such as the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data, whether accidental or unlawful.
In the event of a proven risk of personal data breach, the data controller must communicate to the data subject, in clear and simple terms, all information and measures concerning the resolution of the problem.
Article 13. Person responsible for the processing of personal data
The person responsible for processing personal data is Lovy NK Kosmétik, whom you can contact at hello@lovynkkosmetik.com.
The data controller implements technical, organizational and professional measures to effectively review and update the collection and processing of your personal data. In doing so, it takes into account the nature, scope, context and purposes of the processing, as well as the risks, which vary in probability and severity, to the rights and freedoms of individuals.
It undertakes to cooperate and work intelligently with the supervisory authority, at the latter's request, in the performance of its duties.
Article 14. Moderation of comments
All comments and opinions left on this website may be subject to moderation, and any abusive comments will be deleted by means of a report or directly by the service provider.
Comments may be subject to moderation by the service provider, upon notification or in the event of non-compliance with others, in accordance with Law no. 2004-575 of June 21, 2004 for confidence in the digital economy concerning the deletion of contentious content.
Article 15. Cookies
By browsing this site, you accept that the website may install cookies in your browser, in order to benefit from the services of the service provider.
The User has a right of access, rectification, portability and deletion of its data, or limitation of processing, in accordance with the amended French Data Protection Act of January 6, 1978 and European Regulation n°2016/679/EU of April 27, 2016.
Any complaint in this regard must be made to the service provider.
You are free to refuse the use of cookies via your browser's settings menu.
In the event that you do not wish us to collect your personal data, you will not be able to use all of the site's services, such as requesting contact or services, collecting information to receive newsletters. In fact, certain information concerning you is necessary for the use of our site, and may collect data on your IP address, your browser, your access times, automatic pre-filling.
The information collected by this website is used exclusively for internal statistical purposes, in order to improve the quality of the services offered to you.
Databases are protected by the provisions of the law of July 1, 1998, transposing directive 96/9 of March 11, 1996, on the legal protection of databases.
Cookies are used to :
- Provide you with an optimal experience.
- Identify you once you have registered as a user.
- Monitor and analyze website performance, operation and efficiency.
- Guarantee the security of our platform and the safety of its use.
Article 16. Complaints - CNIL
In accordance withArticle 55 of the General Personal Data Regulation, if you believe that the company has violated your rights regarding the processing of personal data, you may write a complaint to the CNIL as soon as possible, ideally no later than 72 hours after becoming aware of it. The breach notification must :
- describe the nature of the personal data breach including, if possible, the categories and approximate number of persons affected by the breach and the categories and approximate number of personal data records affected;
- identify the name and contact details of the Data Protection Officer or other point of contact from whom further information can be obtained;
- describe the likely consequences of the personal data breach;
- describe the measures taken or proposed to be taken by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any negative consequences.
Date of last update :November 27, 2023