1. Introduction

This GDPR Privacy Notice concerns the way we process your personal data when you access the https://cosalindaskincare.com/ website and when you contact us for an appointment. This is important information, so please read it carefully.

2. Who are we and how can you contact us?

The https://cosalindaskincare.com/ website (hereinafter referred to as the “site” or “website”) is owned and operated by the company COSALINDA SKINCARE S.R.L., with headquarters in Intr. GHEORGHE SIMIONESCU, no. 19, app. B26, District 1, registered at the Trade Register under no. J40/1154/2022, having CUI 45522993, legally represented by Ionica Baciu-Dumont.

For any information regarding how we process personal data, you can contact us at the e-mail address info@cosalindaskincare.com .

3. What kind of information do we collect and what are the sources from which the data we collect come from?

When you access the website, we collect data about your IP and your behavior on our website – which we need to see how our website works, which pages are the most interesting, which are the countries where our visitors come from, which browser is most used and whether you access our website from a computer or a mobile device, in order to provide you with the best information and services.

Your personal data (first name, last name, phone number, and email address) is collected when you provide it to us, for an appointment, through Fresha, a software that we use for managing appointments, our website, over the phone, in Cosalinda salon (situated in Voluntari city, Pipera area, Ilfov County, 112 Erou Iancu Nicole Street, 1st floor), by email, social media, in writing or any other means by which you provide it to us. This personal data is collected to establish the details of the appointment, at your request.

For the data that provided to us through Fresha software please read the Freshais Privacy policy , Fresha terms of use, and Fresha Terms of service – summary .

We do not use cookies.

We use social media buttons on this site that redirect you to social media platforms (Facebook and Instagram). Please refer to the relevant social media platform’s privacy policies for information about their cookies.

Also please read Fresha’s Cookie Notice for information about Fresha’s cookies.

Children’s Privacy

We do not collect the personal data of children under the age of 16 without parental or guardian consent. If you believe that we hold any information from or about a child under age 16, please contact Cosalinda and if we cannot immediately obtain appropriate parental or guardian consent, will remove the personal data from storage.

4. What is the purpose for which we collect this information and the legal basis for processing your data?

We take your privacy seriously and we will never sell or rent your personal data to any third-party. Sharing of your data and direct marketing activities are only carried out with your express consent, which you are free to withdraw at any time.

We need to obtain and process your personal data to provide you with our products, services, and treatments and to fulfill our business and legal obligations. We will never collect any personal information from you that we do not need or retain any data that is no longer necessary for the purposes specified in this notice. 

When you browse our website, the purpose of collecting your data is our legitimate interests to know the performance of our website, to observe how we can provide better information and services to our customers, to observe trends and identify problems with our navigation system, our pages or our server, including regarding cyber-attacks.

The legal basis for collecting your data when you access and browse the website is Article 6 paragraph (1) letter f) GDPR (General Regulation no. 2016/679 on data protection), which establishes the right of the operator (us) to process personal data based on its legitimate interests.

When you contact us for an appointment, the purpose of collecting your data is to establish the appointment, engage in communication with you including confirmation and reminders of appointments, and requests to cancel or change bookings and make the necessary preparations for the conclusion of the service contract between you and us, which will be realized by visiting the salon, performing the cosmetic treatment and paying for the services.

The legal basis for collecting your data when you contact us for an appointment is Article 6 paragraph (1) letter b) GDPR, which establishes that the processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

Refusal to provide us with your first name, phone number, and email address when you contact us for an appointment leads to the impossibility of making the appointment.

Where we request sensitive personal data from you (e.g., health or medical data), the reason(s) for the request will be clearly given along with the purposes of the processing. We can collect health information to perform the agreed services appropriately, potentially highlight areas where products and services may cause issues to clients because of their health, and highlight treatments/services that may have a negative effect on your health due to the medication you are taking or a condition you have. Explicit consent through a signature will always be required for us to obtain and process your health information. The legal basis for collecting your data when you access and browse the website is Article 6 paragraph (1) letter a) GDPR, which establishes the right of the operator (us) to process personal data if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. At any time after giving consent, you can withdraw your consent, subject to legal, insurance, and contractual restrictions (see more on ‘your rights as an individual). Your privacy is very important to us and we only use this information for determining your suitability for the treatment.

5. How long we keep your data?

Cosalinda retains your personal data for as long as necessary to provide you with our services as our client. Cosalinda is required under tax laws to keep your personal data for a minimum of 10 years.

The criteria for which we would continue to process your personal information include:

• Where there is a legal basis, obligation, or legitimate interests to continue processing your personal information
• Where the processing is necessary for the establishment, exercise, or defense of legal claims

6. To whom do we disclose data and why?

We can disclose your data to the accounting company, law firm, companies, or other natural or legal persons with whom we collaborate, when disclosure is necessary, as well as to any state authorities, at their request or to defend a right in court.

Your personal data is shared also with Fresha representatives in cases where customer support and troubleshooting are required for the salon. Cosalinda does not share your personal information with any third-party without your prior consent, other than those already disclosed in this privacy notice or as part of our legal obligations under the relevant data protection laws.

7. Information about the transfer of data outside the European Union

Personal information may be processed by partner companies operating outside the European Economic Area for the purposes mentioned above.

If we provide any personal information to such persons, we have an obligation to take appropriate measures to ensure that the recipient of the information adequately protects your personal information. These measures include the conclusion of standard contractual agreements of the European Commission with them.

8. What are your rights? 

• Right to be informed (Article 15 GDPR)

You have the right to know who, how and in what way processes your personal data. 

• Right of access (Article 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed by us, and, where that is the case, access to your personal data and information on how they are processed.

• ‍Right to data portability (Article 20 GDPR)

You have the right to receive the personal data processed in a structured, commonly used, and machine-readable format including the right to have this data transmitted directly to another controller if this is technically feasible.

• ‍Right to object (Article 21 GDPR)

You have the right to object to the processing of your personal data when processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. You have the right to object at any time if your personal data are being processed for direct marketing purposes.

• ‍Right to rectification (Article 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. The rectification must be communicated by the controller to each recipient to whom the data subject’s data have been transmitted unless this proves impossible or involves disproportionate (demonstrable) efforts.

• ‍Right to erasure – “right to be forgotten” – (Article 17 GDPR)

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the following grounds applies: (i) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent on which the processing is based and there is no other legal ground for the processing; (iii) you object to the processing and there are no overriding legitimate grounds for the processing; (iv) your personal data have been unlawfully processed; (v) your personal data have to be erased for compliance with a legal obligation; (vi) your personal data have been collected in relation to the offer of information society services.

• Right to restriction of processing (Article 18 GDPR)

You have the right to obtain from us restriction of processing where one of the following applies: (i) you contest the accuracy of your personal data, for a period that allows the verification of the correctness of the data; (ii) the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead; (iii) we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; (iv) you have objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

• Right not to be subject to a decision based solely on automated processing

You have the right not to be subject to a decision solely based on automated processing, including profiling, which produces legal effects concerning you or similarly affects you in a significant manner. Therefore, we hereby state that Cosalinda does not use applications, algorithms, artificial intelligence, or automatic process to make automatic decisions (without human intervention) that produces legal effects for you. 

To exercise your rights listed above you can send us your request (accompanied by your contact details) both electronically at the e-mail address info@cosalindaskincare.com, as well as by postal services with a registered letter and confirmation of receipt at Bucharest, Intr. GHEORGHE SIMIONESCU, no. 19, app. B26, District 1. 

9. Information concerning Data Protection Supervisory Authority  

If you consider that your rights provided by GDPR have been violated, you have the possibility to communicate this to us at the address: info@cosalindaskincare.com or to contact the NSAPDP (the National Supervisory Authority for Personal Data Processing) by submitting a complaint.

‍The contact details of NSAPDP are the following:

Complaint Form: https://www.dataprotection.ro/?page=Plangeri_pagina_principala 

Contact link: https://www.dataprotection.ro/?page=contact&lang=ro 

Website: https://www.dataprotection.ro/ 

Address: B-dul G-ral. Gheorghe Magheru no. 28-30, District 1, postal code 010336, Bucharest, Romania

Phone: +40.318.059.211 or +40.318.059.212; Fax: +40.318.059.602