Privacy Policy

1. GENERAL

    1.1 This description regarding the processing of personal data (hereinafter referred to as "personal data policy") describes how ICON Hairspa A/S ("us", "our", "we", the website) collects and processes information about you.

    1.2 The Personal Data Policy applies to personal data that you provide to us or that we collect via organic-hairspa.dk's website, www.organic-hairspa.dk (the "Website").

    1.3 ICON Hairspa A/S is the data controller for your personal data. All inquiries to ICON Hairspa A/S can be made via the contact information listed under section 7.

    2. WHAT PERSONAL DATA DO WE COLLECT, FOR WHAT PURPOSES AND THE LEGAL BASIS FOR THE PROCESSING

    2.1 When you visit organic-hairspa.dk, we automatically collect information about you and your use of the website, e.g. what type of browser you use, what search terms you use on the website, your IP address, including your network location, and information about your computer.

    2.1.1 The purpose is to optimize the user experience and the functioning of the website, as well as to carry out targeted marketing, including retargeting via Facebook and Google. This processing of information is necessary for us to safeguard our interests in improving the website and showing you relevant offers.

    2.1.2 The legal basis for the processing is Article 6(1)(f) of the EU General Data Protection Regulation.

    2.2 When you purchase a product or communicate with us on the website, we collect the information you provide, such as name, address, email address, telephone number, payment method, information about which products you purchase and have possibly returned, delivery requests, and information about the IP address from which the order was made.

    2.2.1 The purpose of this processing of information is to enable us to deliver the products you have ordered and otherwise fulfil our agreement with you, including to administer your rights to return and complain. We may also process information about your purchases to comply with legal requirements, including for bookkeeping and accounting. When making a purchase, the IP address is collected for this purpose, and to safeguard our interest in preventing fraud.

    2.2.2 The legal basis for the processing is Article 6(1)(b), (c) and (f) of the EU General Data Protection Regulation.

    2.3 When you sign up for our newsletter, we collect information about your name, email address and possibly mobile phone number.

    2.3.1 The purpose is for us to be able to safeguard our interest in delivering newsletters to you.

    2.3.2 The legal basis for the processing is Article 6(1)(f) of the EU General Data Protection Regulation.

    3. RECIPIENTS OF PERSONAL DATA

    3.1 Information about your name, address, email, telephone number, order number and specific delivery requests will be passed on to GLS, which will be responsible for delivering the purchased goods to you.

    3.2 Information may be entrusted to external partners who process the information on our behalf. We use external partners for, among other things, technical operation and improvements of the website as well as targeted marketing, including retargeting, and for your assessment of our company and products. The data processors may not use the information for any purpose other than fulfilling the agreement with us, and are subject to confidentiality regarding these. We have entered into written data processing agreements with all data processors who process personal data on our behalf.

    3.3 Two of these data processors; Google Analytics by Google LLC. and Facebook Inc. are established in the USA. The necessary guarantees for the transfer of information to the USA are ensured through the data processor's certification under the EU-US Privacy Shield, cf. EU General Data Protection Regulation Art. 45.

    3.3.1 A copy of Google LLC's certification can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

    3.3.2 A copy of Facebook Inc.'s certification can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

    4. YOUR RIGHTS

    4.1 In order to create transparency regarding the processing of your information, we, as the data controller, must inform you of your rights.

    4.2 Right of access

    4.2.1 You are entitled at any time to request information from us about, among other things, what information we have registered about you, what purpose the registration serves, what categories of personal data and recipients of information there may be, as well as information about where the information originates from.

    4.2.2 You have the right to obtain a copy of the personal data we process about you. If you would like a copy of your personal data, please send a written request to info@organic-hairspa.com. You may be asked to provide evidence that you are who you say you are.

    4.3 The right to rectification

    4.3.1 You have the right to have incorrect personal information about yourself corrected by us. If you become aware of errors in the information we have registered about you, you are encouraged to contact us in writing so that the information can be corrected.

    4.4 The right to erasure

    4.4.1 In certain cases, you have the right to have all or some of your personal data deleted by us, for example if you withdraw your consent and we do not have another legal basis for continuing the processing. If you request that your personal data be deleted, this will mean that you waive your right to complain and will then not be able to contact us regarding previous orders due to missing data. To the extent that continued processing of your data is necessary, for example in order for us to comply with our legal obligations or for the establishment, exercise or defence of legal claims, we are not obliged to delete your personal data.

    4.5 The right to restrict processing to storage

    4.5.1 In certain cases, you have the right to have the processing of your personal data limited to storage only, for example if you believe that the information we process about you is incorrect.

    4.6 The right to data portability

    4.6.1 In certain cases, you have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit this information to another data controller.

    4.7 The right to object

    4.7.1 You have the right to object at any time to our processing of your personal data for the purpose of direct marketing, including the profiling carried out in order to target our direct marketing.

    4.7.2 You also have the right at any time to object, on grounds relating to your personal situation, to the processing of your personal data that we carry out on the basis of our legitimate interests, cf. section 2.1.

    4.8 The right to withdraw consent

    4.8.1 You have the right to withdraw any consent you have given us for any processing of your personal data at any time. If you wish to withdraw your consent, please contact us at info@organic-hairspa.com.

    4.9 The right to complain

    4.9.1 You have the right to file a complaint with the Danish Data Protection Authority, Borgergade 28, 5, 1300 Copenhagen K, at any time regarding our processing of your personal data. Complaints can be filed, among other things, by email at dt@datatilsynet.dk or by telephone at +45 33 19 32 00.

    5. DELETION OF PERSONAL DATA

    5.1 Information collected about your use of the website, cf. section 2.1, will be deleted at the latest when you have not used the website for 2 years.

    5.2 Information collected in connection with purchases you have made on the website, cf. clause 2.2, will generally be deleted 3 years after the end of the calendar year in which you made your purchase. However, information may be stored for a longer period if we have a legitimate need for longer storage, e.g. if it is necessary for legal claims to be established, asserted or defended, or if storage is necessary for us to comply with legal requirements. Accounting material is stored for 5 years until the end of a financial year to comply with the requirements of the Danish Accounting Act.

    6. SAFETY

    6.1 We have implemented appropriate technical and organizational security measures to protect personal data against accidental or unlawful destruction, loss, alteration or deterioration, and against unauthorized disclosure or misuse.

    6.2 Only employees who have a real need to access your personal data to perform their work have access to it.

    7. CONTACT INFORMATION

    7.1 ICON Online is the data controller for the personal data collected via the website.

    7.2 If you have any questions or comments about this Personal Data Policy, or if you wish to exercise one or more of your rights described in section 4, you can contact:

    ICON Online ApS
    Juliesmindevej 12
    4180 Sorø

    Email: info@organic-hairspa.com

    8. CHANGES TO THE PERSONAL DATA POLICY

    8.1 We will continuously update our privacy policy and you will always be able to find the latest version at the bottom of the website under Privacy Policy.

    9. VERSIONS

    9.1 This is version 1.1 of organic-hairspa.dk's privacy policy dated 22/8-2019.