Privacy Policy

Privacy Policy

 Privacy Policy

We would like you to know we appreciate your trust in us of using information you have shared. We are doing our best to work with it as carefully and sensibly as possible.

This Privacy Policy explains how we collect and process your personal information through Kinetics website.

The Privacy Policy has been developed by taking into account the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter – the Regulation), Personal Data Processing Law and other applicable laws and regulations in the area of privacy and data processing. 

Policy is applicable to the processing of the data of natural persons (in this policy - Data Subject or you) regardless of the form and/or environment the personal data is submitted, and what is the acquisition source of the personal data.

Taking into account that we constantly develop our activity and are improving, we may change and supplement this Privacy Policy time by time. 

The Controller saves the previous versions of the Privacy Policy, and these are made available when contacting us.

1. Information concerning the Controller

The controller of the personal data processing set out in this Privacy Policy is SIA „Kinetics Nail Systems” (elsewhere also referred to as the Controller or we), a company registered in the Republic of Latvia under unified registration number 40103297500, address: Kurzemes prospekts 3K, Rīga, LV-1067, Latvia. 

As the Controller, we undertake to work in compliance with the standards set out in this Policy and. 

We invite you to contact us by using the contact information provided below if you wish to clarify the actual aspects of the personal data processing.

2. Contact information for matters related to personal data processing

Address for correspondence: Kurzemes prospekts 3K, Rīga, LV-1067, Latvia

E-mail: [email protected] 

3. How will you be informed concerning the processing of your data

In order to promote transparent data processing, the Controller in its activity informs and explains what personal data are processed when conducting the economic activity of the controller and how it will be used. The mentioned information is provided in this Privacy Policy.

The information concerning the use of cookies is available in the cookie policy.

When processing the personal data for purposes that are not specified in this Privacy Policy, as well as to clarify information regarding individual conditions of the data processing, the Controller may inform the data subject individually (for example, in the separate policy or other document, with notifications in the e-mail messages or in the social network platforms. The aspects of data processing may also be specified in the mutual agreement). The information may also be provided to you by the Controller’s personnel explaining it orally or requesting to familiarize yourself with the information specified in particular documents. 

4. Purposes (aims) of the personal data processing

4.1. Personal data processing for provision of the economic activity and performance of contractual obligations

4.1.1. Unregistred user 

Which personal data is processed by the Controller?

For the purpose of concluding the Distance agreement Controller needs to obtain and process the personal data specified in the order placement form (the identifying information of the data subject  and contact information), information about the purchased product, as well as payment information arising from the transaction, including the account No. and information regarding the credit institution, etc. If you fail to provide your personal data, you will not be able to conclude the Distance agreement.

What is the legal basis for the personal data processing?

The purpose of the data processing is provision of the Controller’s economic activity, including establishment and performance of the contractual relations, administration of the payment for the goods or services, provision and protection of the legitimate interests of the Controller and the third parties arising from the economic activity (for example, communication with the cooperation partners, compensation for damages, debt recovery), improving the quality of products and services.

Data processing with the purpose to ensure the Controller’s economic activity is performed on the basis of Article 6(1)(b), (c), (f) of the Regulation, i.e. the processing is necessary in order to perform the contract the party of which is the data subject or for performance of duties upon the request of the data subject prior to conclusion of the contract (if the contract is entered into with a natural person); the processing is necessary in order to perform a legal duty applicable to the Controller, as well as (in separate cases) to ensure the legitimate interests of the Controller and the third parties (for example, in order to organize the Controller’s economic activity, to examine the cases when complaints concerning the received payment have been received, to conduct the after-control, as well as to secure evidence in case of complaints or claims).

Who can access the information and to whom is it disclosed? 

Authorized employees of the Controller in accordance with the scope specified in their job descriptions in compliance with the requirements set out in the data protection and other laws and regulations. As well as the employees of the Controller’s cooperation partners (processors or subprocessors).

The personal data may be transferred to providers of auditing services in accordance with the provisions of a contract entered into by the parties, as well as to the providers of the debt recovery services in separate cases.

The processing of payments is provided by the payment platforms:
makecommerce.lv
braintreegateway.com
paypal.com
 
It means that our company transfers the necessary personal data to the platform owners.

Personal data may be transferred to the law enforcement authorities, court or other state and municipal institutions if it arises from the laws and regulations, and the relevant authorities are entitled to receive the requested information (for example, the State Revenue Service concerning you as a business partner).

For protection of the legitimate interests, for example, when submitting an application to the court or other state authorities against a person that has infringed upon the legitimate interests of the Controller, to the debt recovery companies.

Controller has some of the processors or subprocessors, that may, in some cases, have their registered offices outside the EU or the European Economic Area (EEA). In such cases, the data will be transferred to a third country. The transfer is based on a contract with the processor or subprocessor, to ensure an adequate level of protection of personal data.

To clarify information regarding individual conditions of the data processing or information of existence or absence of an adequacy decision by the European Commission, or reference to the appropriate or suitable safeguards or where to obtain a copy of data, the Controller may inform the data subject individually (for example, in the separate policy or other document, with notifications in the e-mail messages or in the mutual agreement).

What is the period of the personal data processing? 

The Controller shall store and process the personal data while at least one of the following criteria exists:

  • until the storage period set out by the laws of the Republic of Latvia expires (The Controller complies with all the special laws and regulations determining its duty to retain separate data, for example, the Law on Accounting sets the duty to retain information on transactions for at least five years);
  • or the statute of limitations for bringing an action in court lapses (The Commercial Law sets a time limit of three years);
  • until the respective matter has been fully settled, and the appellation period has expired.

4.1.2. Registred user 

Which personal data is processed by the Controller?

For the purpose of concluding the Distance agreement Controller needs to obtain and process the personal data specified in the order placement form (the identifying information of the data subject  and contact information), information about the purchased product, as well as payment information arising from the transaction, including the account No. and information regarding the credit institution, etc. If you fail to provide your personal data, you will not be able to conclude the Distance agreement.

Upon creating the Account, the data you insert is being processed to create and maintain the Account, including, to create and retain your wish list and purchase history (for a period of up to three years), and send you information related to the performance of the Distance agreement, such as information about performance of the order, updates to the order. If you fail to provide your personal data, you will not be able to create the Account.

Upon leaving a review about the Goods, your name, the assessment given to the Goods, and the review is published on the Website. If necessary, Controller may contact you on the phone or electronically in order to resolve any issues related to the service or product, for which you have left the review.

If you have created the Account using the option to register via Facebook, your picture of a diminished size appears with the review. Using services provided by third parties (Facebook, etc.), third parties should be recognized as separate controllers. Controller is not responsible for the data processing of these companies. Therefore, the Controller invites you to familiarize yourself with the privacy policies of these companies.

What is the legal basis for the personal data processing?

The purpose of the data processing is provision of the Controller’s economic activity, including establishment and performance of the contractual relations, administration of the payment for the goods or services, provision and protection of the legitimate interests of the Controller and the third parties arising from the economic activity (for example, communication with the cooperation partners, compensation for damages, debt recovery), improving the quality of products and services.

Data processing with the purpose to ensure the Controller’s economic activity is performed on the basis of Article 6(1)(b), (c), (f) of the Regulation, i.e. the processing is necessary in order to perform the contract the party of which is the data subject or for performance of duties upon the request of the data subject prior to conclusion of the contract (if the contract is entered into with a natural person); the processing is necessary in order to perform a legal duty applicable to the Controller, as well as (in separate cases) to ensure the legitimate interests of the Controller and the third parties (for example, in order to organize the Controller’s economic activity, to examine the cases when complaints concerning the received payment have been received, to conduct the after-control, as well as to secure evidence in case of complaints or claims).

Who can access the information and to whom is it disclosed? 

Authorized employees of the Controller in accordance with the scope specified in their job descriptions in compliance with the requirements set out in the data protection and other laws and regulations. As well as the employees of the Controller’s cooperation partners (processors or subprocessors).

The personal data may be transferred to providers of auditing services in accordance with the provisions of a contract entered into by the parties, as well as to the providers of the debt recovery services in separate cases.

Personal data may be transferred to the law enforcement authorities, court or other state and municipal institutions if it arises from the laws and regulations, and the relevant authorities are entitled to receive the requested information (for example, the State Revenue Service concerning you as a business partner).

For protection of the legitimate interests, for example, when submitting an application to the court or other state authorities against a person that has infringed upon the legitimate interests of the Controller, to the debt recovery companies.

Controller has some of the processors or subprocessors, that may, in some cases, have their registered offices outside the EU or the European Economic Area (EEA). In such cases, the data will be transferred to a third country. The transfer is based on a contract with the processor or subprocessor, to ensure an adequate level of protection of personal data.

To clarify information regarding individual conditions of the data processing or information of existence or absence of an adequacy decision by the European Commission, or reference to the appropriate or suitable safeguards or where to obtain a copy of data, the Controller may inform the data subject individually (for example, in the separate policy or other document, with notifications in the e-mail messages or in the mutual agreement).

What is the period of the personal data processing? 

The Controller shall store and process the personal data while at least one of the following criteria exists:

  • until you delete the Account;
  • until the storage period set out by the laws of the Republic of Latvia expires (The Controller complies with all the special laws and regulations determining its duty to retain separate data, for example, the Law on Accounting sets the duty to retain information on transactions for at least five years);
  • or the statute of limitations for bringing an action in court lapses (The Commercial Law sets a time limit of three years);
  • until the respective matter has been fully settled, and the appellation period has expired.

If you would like to find out a more detailed information, please contact the Controller by using the above-mentioned contact information. If for the purposes of ensuring the economic activity and perform the contractual obligations the Controller will need to protect the interests that have been violated, to submit an application to the court, etc., all information related to the particular transaction will be retained until the moment of execution of the final settlement.

4.2. Subscription to Kinetics Nail Systems marketing communications

Which personal data is processed by the Controller?

If you have explicitly consented to receive our marketing communications, including newsletters, we may, from time to time, contact you with information about our services and latest offers. For this purpose we may process Your e-mail address, which you specified when you signed up for the marketing communications and information about your consent. 

What is the legal basis for the personal data processing?

Data processing for the stated purpose is performed on the basis of Article 6 (1) (a) of the Regulation - the Data Subject has given consent to the processing.

If you no longer want to receive our newsletters, You can unsubscribe from our marketing emails by clicking on the unsubscribe link in the emails sent to you. Controller suspends sending commercial notices as soon as your request is processed. However, please take note that the processing of requests depends on technological capacities to act on your request, which may take up to five days.

Information about your consent is being processed on the basis of Article 6 (1) (f) of the Regulation - processing is necessary for the purposes of the legitimate interests pursued by the Controller. Controller’s legitimate interests - be able to demonstrate that the data subject has consented to processing.

Who can access the information and to whom is it disclosed?

Authorized employees of the Controller in accordance with the scope specified in their job descriptions, as well as the Controller’s processors or subprocessors.

What is the period of the personal data processing?

For this purpose, we process your personal data until you unsubscribe from our newsletters.

Consent information can be stored 5 years from the date of withdrawal of consent.

4.3. Records of correspondence and record-keeping

Which personal data is processed by the Controller?

By using the various options to contact the Controller in writing (by e-mail, mail letter, by using social networks (Facebook, WhatsApp, etc.), information regarding the particular letter, request, application will be saved.

What is the legal basis for the personal data processing? 

Retention of information regarding the fact and content of communication is conducted on the basis of Article 6(1) (f) of the Regulation, i.e., in cases when you have submitted a statement of claim or request obliging the Controller to review your request (for example, a complaint arising from the Consumer rights), the legal basis for data processing is this duty (for example, performance of the requirements to protect the Consumer rights), and for assurance of the legitimate interests of the Controller and the third parties (for example, in order to examine cases when complaints have been received, as well as to secure evidence against the possible claims or to improve the quality of products and services) the legal basis for the data processing is the Controller’s legitimate interests. In other cases, as well the records of correspondence are kept in order to make the Controller’s commercial activity systematic and to achieve the purposes of the commercial activity - to inform regarding the range of goods and services, provisions for delivery.

Who can access the information and to whom is it disclosed?

Authorized employees of the Controller in accordance with the scope specified in their job descriptions, as well as the Controller’s processors or subprocessors.

Personal data may be transferred to the law enforcement authorities, court or other state and municipal institutions if it arises from the laws and regulations, and the relevant authorities are entitled to receive the requested information (for example, the State Revenue Service concerning you as a business partner).

For protection of the legitimate interests, for example, when submitting an application to the court or other state authorities against a person that has infringed upon the legitimate interests of the Controller, to the debt recovery companies.

In the case of communication using services provided by third parties (Facebook, WhatsApp, LinkedIn, twitter, etc.), third parties should be recognized as separate controllers. Controller is not responsible for the data processing of these companies. Therefore, the Controller invites you to familiarize yourself with the privacy policies of these companies.

What is the period of the personal data processing?

The Controller shall store and process the personal data while at least one of the following criteria exists:

- until the respective matter has been fully settled, and the appellation period has expired;

- as long as is permitted by applicable law.

4.4. With a purpose to publicize and promote recognition of brands which are represented by the Controller, establishes good relations with the customers and cooperation partners, including, participation in reflection of events in mass media and social networks.

Which personal data is processed by the Controller?

In the events organized by the Controller and the cooperation partners and in locations, where photo and video records of the event are made, photo and video images of the participants, visitors may be processed by retaining these images in the Controller’s archives, by placing them on the website, social networks administered by the Controller and in other informative materials of the Controller. In order to promote recognition of the represented brands, the Controller may also use the e-mail address obtained during performance of the commercial activity in order to provide information on news and updates in terms of range of goods, to invite you to the organized events and demonstrations, as well as to inform you regarding announced campaigns or competitions.

What is the legal basis for the personal data processing?

With a purpose to reflect the events organized by the Controller in mass media and social networks, in order to ensure the recognition of products represented by the Controller, as well as in order to communicate by using an e-mail address, the processing of personal data is performed on the basis of Article 6(1)(f) of the Regulation.

The Controller has a legitimate interest to reflect its organized events or events it participates in, or to provide information regarding the properties of the products it represents and the campaigns in mass media and social networks, thus ensuring the recognition of the represented brands. When selecting the information to be published, the Controller always applies the highest standards of ethics, thus attempting to ensure that the publications will not infringe upon the rights and freedoms of the data subjects. At the same time, the Controller is aware that it might possibly not be aware of all facts and circumstances; therefore, in order to ensure honest data processing, it does not prohibit any data subject to contact the Controller at any time by using the provided information, so that the data subject might object against the data processing. At the same time, the Controller explains that if you cooperate in various public events, for example, by providing interviews, deliberately being photographed and filmed, it is assumed prima facie that you do not object to the publishing of the relevant information.

Who can access the information and to whom is it disclosed?

The recipients of the personal data may be the Controller’s authorized employees, as well as the Controller’s processors or subprocessors.

In order to fulfil the principle of honest data processing, the Controller explains that taking into account the circumstance that the purpose of reflection of the events is to publish information about the Controller and the brands it represents, the obtained materials will be publicly available and accessible to any third party.

Using services provided by third parties (Facebook, WhatsApp, LinkedIn, twitter, etc.), third parties should be recognized as separate controllers. Controller is not responsible for the data processing of these companies. Therefore, the Controller invites you to familiarize yourself with the privacy policies of these companies.

What is the period of the personal data processing?

The Controller is planning to retain the obtained information continuously, for example, in its archive, in order to save information on historic events in which it has participated.

5. Your rights

5.1. Data Subject is entitled to request from the Controller access to his/her personal data and to receive clarifying information on what personal data about him/her is at the disposal of the Controller, for what purposes the Controller processes the personal data, the categories of the recipients of the personal data (persons to whom the personal data has been disclosed or to whom it intended to be disclosed, if the laws and regulations in the particular case permit the Controller to provide such information (for example, the Controller may not provide to the Data Subject information regarding relevant state authorities which direct the criminal proceedings, are subjects of operative activity or other institutions of which the laws and regulations prohibit to disclose the information), information concerning the period of personal data retention, or criteria used to determine the mentioned period. 

5.2. If the Data Subject believes that the information at the disposal of the Controller is outdated, inaccurate or incorrect, the Data Subject is entitled to request the correction of his/her personal data. 

5.3. Data Subject is entitled to request deletion of his/her personal data or to object against the processing if the person believes that the personal data is processed illegally or is no longer necessary in relation to the purposes for which it was collected and/or processed (by using the principle - the right “to be forgotten”). 

5.4. The personal data of the Data Subject may not be deleted if personal data processing is necessary: 

5.4.1. for the Controller to protect vitally essential interests of the Data Subject or another natural person, including life and health; 

5.4.2. for the Controller or the third party to raise, implement or protect their legitimate (legal) interests; 

5.4.3. data processing is necessary in accordance with the laws and regulations binding to the Controller. 

5.5. Data Subject is entitled to request the Controller to limit the processing of the Data Subject’s personal data if one of the following circumstances exists:

5.5.1. Data Subject contests the accuracy of the personal data – for the period while the Controller can verify the accuracy of the personal data; 

5.5.2. processing is illegal, and the Data Subject objects against deletion of the personal data and instead requests restriction on use of data; 

5.5.3. The Controller no longer needs the data for processing; however, it is necessary to the Data Subject to raise, implement or protect legal claims;

5.5.4. Data Subject has objected against the processing while it has not been verified whether the legitimate reasons of the Controller are more important than the legitimate interests of the Data Subject.

5.6. The Controller informs the Data Subject before cancellation of the restriction on processing of the personal data of the Data Subject.

5.7. Where processing is based on consent, Data Subject are entitled to withdraw the consent given for the data processing at any time the same way that Data Subject provided it. In that case further data processing on the basis of the previous consent for the particular purpose will no longer be performed. Withdrawal of the consent does not affect data processing performed at the time when your consent was valid. Data processing performed on the grounds of other legal bases (for example, in accordance with the external laws and regulations or contract) cannot be terminated by withdrawing the consent.

5.8. Data Subject can submit a request concerning exercise of Data Subject rights:

5.8.1. in a written form in person by presenting an identification document;

5.8.2. by electronic mail, signing the letter by a secure electronic signature and sending it to the e-mail address:  [email protected] ;

5.8.3. by sending mail to the registered office of the Controller.

Data Subject is obligated as much as possible to clarify in their request the date, time, location, additional identifiers and other circumstances that might aid in fulfilment of their request.

5.9. If general information is required, Data Subject can submit a request by electronic mail  [email protected]  without electronic signature.

5.10. After receipt of a written request of the Data Subject concerning exercise of their rights, the Controller shall:

5.10.1. verify the person’s identity;

5.10.2. evaluate the request and act in the following way:

  • if it can ensure the request, perform it as soon as possible; 
  • if additional information is necessary to identify the Data Subject or to perform the request, the Controller may request additional information from the Data Subject in order to be able to perform the request correctly;
  • if information has been deleted or the person requesting the information is not the Data Subject or the person cannot be identified, the Controller may reject the request.

5.11. Data Subject is entitled to submit a complaint to the Latvian Data State Inspectorate if he/she believes that the Controller has processed their personal data illegally.

6. Third-party advertisers and links to other websites

Kinetics Nail Systems website may include third-party advertising and links to other websites and apps. Third party advertising partners may collect information about you when you interact with their content, advertising, and services.

7. Children's data

Kinetics Nail Systems doesn't sell products for purchase by children. If you're under 18, you may use Kinetics Website only with the involvement of a parent or guardian.

Last revised on April 15, 2020.