Privacy Policy

1. GENERAL INFORMATION

This Privacy Policy (hereinafter the "Policy") applies to the online store of the company under the name "DOMINA INVICTA - Eleni Roumeliotou", with headquarters in Mesimeri Thessaloniki, Municipality of Thermaikos, TK. 57500, tel. 6948288748 (hereinafter the "Company" or "DOMINA INVICTA"), which is operated and managed by DOMINA INVICTA through the Website www.atualab.com (hereinafter the "Website", "Site", "e-shop") . DOMINA INVICTA Company is responsible for the production and packaging of cosmetic products (in a legal laboratory approved by the Greek Drug Administration - ΕΟΦ) under the registered name (Brand name) ATUA LAB. ATUA LAB cosmetic products of DOMINA INVICTA company are sold in the online store through the website www.atualab.com as well as in selected points of sale.

DOMINA INVICTA is the Controller of your personal data, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation). We value and respect your privacy to the maximum extent possible and necessary in the context of the proper functioning of the Website and its good use by you.

This Policy should be read together with the Cookies Policy and the Terms & Conditions of our e-shop, as these texts form an integral part of this Policy, and govern the operation of the e-shop and the conduct of transactions in a unified and comprehensive manner through it.

By continuing to browse our e-shop and/or by making your purchases, you automatically and unconditionally accept the terms of this Policy as amended from time to time. We invite you to periodically refer to this Policy, in order to be informed of any changes we may make. In case you do not agree with the modifications, you must not take any action (use of the website and/or purchase).

2. WHO THIS POLICY APPLIES TO

The following personal data policy of ATUA LAB is addressed to you (hereinafter "you", "you"):

Where to navigate on our Site,
Where you create an account and/or buy products from our -shop,
Where do you contact us,
That you receive updates from us through our promotions

3. HOW YOU CAN CONTACT US

Contact information: For any issue related to this Policy and the processing of your personal data, you can contact us in the following ways:

With telephone service at tel. +30 694 828 8748, Monday to Friday 9.00-15.00
By sending ordinary mail to the postal address: DOMINA INVICTA – Eleni Roumeliotou, Mesimeri Thessaloniki, Municipality of Thermaikos, PO Box 57500, Thessaloniki
By sending an e-mail to e-mail: hello@atualab.com

4. YOUR PERSONAL DATA

4.1. Your Personal Data includes any information that allows, either alone or in combination with others, your unique identification, according to the provisions of the Regulation, the applicable Greek legislation and the decisions of the Greek Personal Data Protection Authority (APDPH) as well as the instructions and decisions of the competent European bodies.

4.2. For example, we collect the following categories of Personal Data from you when:

Register on the website
- Contact and identity data (name, e-mail) account login data (credentials)
Submit an order
- Identity data (name and surname)
- Account login data (credentials)
- Transaction/purchase data, (billing address, place of delivery, value and time of purchases, card type, payment method)
- Contact data (phone number, e-mail)
- Other financial and tax data (payment method, card type, transaction value, credit, refunds, receipt details)
Participate in an online survey/competition
- On a case-by-case basis according to the conditions of the respective research/competition
Contact us
- Data and information or general feedback you share with us, e.g. for the products you use
- Submit the contact form on the "Contact" page of our website (https://atualab.com/contact)
Subscribe to our newsletter
- Contact data (e-mail)

4.3. In addition, for example, we collect the following categories of personal data for you by automated means when navigate to the website:

Technical Data (Internet Protocol (IP) address, operating system)
Analytics Data (statistical/pseudonymous data collected through cookies. More details on this can be obtained from our Cookies Policy)

4.4. We note that regarding the processing of your Personal Data by Facebook and Google, you will need to be informed by the respective texts of the Privacy Policies. These companies are Joint Processors with DOMINA INVICTA only when processing your personal data in the context of their use for your connection to our e-shop through them.

4.5. We clarify that during the payment process, we do not collect, process, record or store the payment information during this transaction, e.g. credit card numbers etc. You provide this information directly to the respective payment service provider exclusively.

4.6. If you provide Personal Data on behalf of a third party, you should ensure that such third party has previously been made aware of this Policy.

4.7. In order to keep your information up to date, please inform us of any changes to your data, which we process.

4.8. This Website is not designed for children and we do not knowingly collect personal information from children/minors under the age of 18. If you are under the age of 18, please do not use our website and do not provide us with any information (ie: do not create an account in our online store, do not provide your e-mail to subscribe to our newsletter, do not make any purchases and do not give any personal information to us, including your name, address, or contact details, etc.).

5. COLLECTION & PROCESSING OF PERSONAL DATA (PURPOSE & LEGAL BASIS OF PROCESSING)

5.1. The following objective table is intended to inform you about the purposes for which each processing is carried out (each act or series of acts carried out by us, which is carried out with or without the use of automated means, on personal data or sets of personal data p .e.g. collection, storage, transmission, etc.) on behalf of DOMINA INVICTA and to present you with the legal basis (i.e. the legal reason that allows us to process your personal data in the manner and for the purpose we refer you) on which each of them is based (Purpose of Processing - Data - Legal Basis of Processing).

I. Account Creation and Management

We collect the Personal Data you enter to create an account and/or those you enter during your order and are automatically stored in your account, and we process them for the purpose of creating and maintaining an account in our e-shop

Identity data (first name, last name)
Contact details (e-mail or phone)
Favorite product data
Order History Data
Comments (comment content and name/nickname you use)

a) the performance of our contractual relationship. We process your Personal Data on the basis of the contract between us, at a pre-contractual stage, during the conclusion, during or after its termination.

b) our compliance with our legal obligation. We process your Personal Data that is necessary in the context of the fulfillment of our legal obligations regarding the management and observance of the tax data resulting from the sales contract

c) our legitimate interest. We process your Personal Data to support or defend any legal claim.

II. Execution of order

We collect your Personal Data on the occasion of placing your order, exercising withdrawal or product return, communicating about your order, and process it for the purpose of shipping and delivering products, processing, managing and tracking your order and providing updates on its progress as well as the management and processing of your payments, and the security of our financial transaction

Identification data (name and surname)
Account credentials (credentials)
Transaction/purchase details (billing address, delivery location, value, purchase time, card type, payment method)
Contact information (phone number, e-mail)
Financial data (payment method, card type, transaction value, credit, refunds)
Tax data (receipt data)

III. Execution of requests

We collect the Personal Data you provide when you contact us by phone or e-mail and when you fill in the contact form on our website, when you send us a chat on social media, and we process it for the purpose of handling complaints you submit to us by e-mail or phone, solving problems with orders or product defects after the sale, satisfying your other requests and recording comments related to our sold products (either through e-shop or through physical stores)

Identity data (first name, last name)
Contact data (e-mail, phone)
Transaction data, where required (Type of purchase, time of purchase, time and place of delivery, withdrawal, your complaints, purchase history)
Information you share with us when you communicate

Given the different nature of requests submitted to DOMINA INVICTA's e-mail or call center, processing is based on the following legal bases:

a) the performance of our contractual relationship. We process your Personal Data on the basis of the contract between us, at a pre-contractual stage, during its conclusion and duration and/or after its termination, especially if you contact us with requests regarding your order,

b) our compliance with our legal obligation. We process your Personal Data necessary for the adoption of pre- and post-sale customer service tools/means;

c) your consent, where applicable, to be contacted by us about your service, after your request.

You can withdraw your consent at any time by sending an e-mail to hello@atualab.com.

IV. Operation of the e-shop

We collect some of your Personal Data derived from your navigation in the e-shop by automated means and process them in order to ensure the proper functioning of the site, the security of transactions, dealing with technical issues, optimizing commercial processes and technical systems , with the aim of providing you with the best possible service and browsing experience on the website

Technical (Internet Protocol (IP) Address, Operating System)
Other data through Cookies and log files

a) The legal interest of our company in the proper technical operation of our e-shop, the management and optimization of the technical systems and the security of transactions, which in this case is fairly weighed against your privacy and your rights.

b) Your consent through the acceptance of the relevant cookies through the cookie banner of our website when navigating the e-shop - see and in more detail in our Cookies Policy.

You can withdraw your consent through the cookie banner of our website.

V. Commercial Communication

We collect your personal contact data when:
a) enter it in the corresponding field on our website for the purpose of sending newsletters/abandoned cart automation)
b) you have made your purchases in the e-shop in order to carry out promotional actions for products related to your purchase

Contact data (e-mail)

a) Your consent. We process your data for commercial communication after your consent to subscribe to our newsletter.

b) Our legitimate interest. If you have made purchases from the DOMINA INVICTA e-shop, we process your e-mail or any other data you have provided to us for this purpose, in order to contact you and propose relevant and new products and services of ours that we think you will be interested.

You have the possibility to withdraw your consent at any time by pressing the unsubscribe button in the communication you will receive or by contacting our Company details.

VI. Participate in an online survey or contest

We collect your personal data when we organize online research/contest and you express your desire to participate by sending us the data required by the respective competition/survey and we process them in order to complete the competition/survey

Identity data (first name, last name)
Contact data (e-mail, phone)
Contest participation data
Feedback data you send us
Your consent for us to process your personal data in order to participate in any online surveys or contests that we organize in accordance with the terms of each contest.

You can withdraw your consent at any time by sending an e-mail to hello@atualab.com

5.2. Where the legal basis for processing your data is our company's legitimate interest, you may object to the processing by contacting the Company at hello@atualab.com.

5.3. Where consent is required for commercial communication (e.g. for sending the Company's Newsletter), you can choose to receive this communication at the e-mail address you provide us. In the event that you give us consent to be contacted without specifying an e-mail (e.g. at the account creation stage), we will use the contact e-mail you provided to us during registration.

5.4. In any case where you withdraw your consent, the withdrawal is valid for the future.

5.5. Some of your personal data may be processed on the basis of our legitimate interest and our Company's compliance with its legal obligation for other purposes, such as for example when we receive documents, requests, orders, writs, warrants, etc. third party legal authorities or bodies, such as supervisory, prosecutorial, judicial, tax authorities, to investigate crimes and protect you against fraud or fight any form of crime and infringement of legal goods.

5.6. During the quality control of our products when you submit your comments no profiling is done but this data is collected and used separately for communication per case of your contact with us.

6. HOW LONG IS YOUR DATA KEPT?

We will keep your personal data for as long as you maintain your interaction with the Company and/or for as long as it is necessary to fulfill the purposes of processing described above (e.g. if you maintain an Account, if you are subscribed to our newsletter, if you participate in contests, buy one of our products, for tax purposes, etc.). Your personal data is deleted immediately after the purposes for which it is kept are fulfilled (e.g. if you maintain an Account, if you buy a product from our store, if you participate in competitions that we organize, for tax purposes, etc.), while some data (eg order data) may be kept anonymous or pseudonymised for statistical analysis purposes. As long as their purpose has not been fulfilled, the data remains in the e-shop database until you request their deletion (e.g. in the case of a request to delete your account), unless their retention is imposed based on a legal obligation (e.g. tax purposes) or to support a legal right of our Company.

7. HOW CAN YOU EXERCISE YOUR RIGHTS?

You can exercise your rights at our Company's contact details above.

Since the protection of your privacy is a priority for our company, you can contact our company at any time for any issue or complaint regarding the processing of your personal data.

In addition, our company suggests that you choose the alternative dispute resolution – mediation as a more flexible means of resolving disputes between you and our company.

8. PROCEDURE TO EXERCISE YOUR RIGHTS

8.1. Identification: We aim to maintain a high level of confidentiality of all records held by DOMINA INVICTA that contain personal data, for this reason we reserve the right to ask you for certain information to prove your identity if you submit a request to exercise your rights regarding with said files.

8.2. Specific Requests: Your request must include specific and truthful information and/or facts in order for us to respond and/or satisfy it accurately. Otherwise, our Company reserves the right to reject requests that are unfounded, excessive, abusive or illegal.

8.3. Timelines: We will respond to your valid and accurate requests within one (1) month of receiving them, unless they are particularly complex or a series of your requests have been submitted together. If we need more time to respond to your request, we will let you know within the month.

8.4. Costs: We will not charge you costs for exercising your rights in relation to your personal data unless, as required by law, your request for access to information is unfounded or excessive, in which case we are entitled to charge a reasonable fee under the given conditions. In any case, we will inform you of any charges before we complete your request.

8.5. Contact: You can contact us at the details mentioned above and submit your comments, questions, observations or any complaints regarding this Policy and the collection and processing of your personal data in general.

9. RECEIVERS OF YOUR DATA

9.1. In the context of the proper operation of the e-shop and for the fulfillment of its contractual obligations, our Company cooperates with third-party companies that gain access only to the data that is absolutely necessary for activities such as the following mentioned cases:

Data Recipients - Examples:

Our service providers and Partners, who provide services on our behalf based on our instructions

When we work with third parties to:

hosting of our databases, creation and technical support of the Website
transportation and delivery of products
payments and refunds
provision of accounting and legal services
carrying out marketing and communication actions
optimizing our products and services
functional and computerized organization of the website
customer service from a partner company within the EU
Companies of the DOMINA INVICTA Group

In the context of their responsibilities per region where they operate.

Any public, police, administrative or judicial authority
When this is required by law or by a decision of a competent court or Authority or by another competent body/organization (e.g. in the case of a legal provision, official order or official preliminary examination)

9.2. When transmitting your personal data, we always ensure the highest possible level of security. Therefore, your data will only be transmitted to service providers and partner companies, which have been carefully selected and contractually bound in advance.

9.3. All partner companies that support the systems and operation of our company gain access only to your data that is absolutely necessary for the service they offer us. They are also contractually bound to observe the confidentiality of your data and all technical and organizational measures of secure processing and not to use your information in any other way than to help us provide you with the products and services we have agreed upon.

9.4. The Company generally maintains your personal data on servers located within the European Economic Area (EEA). In the event that data is to be transferred to third countries outside the European Economic Area, it is mainly transferred to a country that has an adequacy decision. If our Company needs to transfer your Personal Data to third countries for which there is no adequacy decision of the European Commission or to International Organizations, all appropriate guarantees provided for in the current Greek and European legislation for the protection of personal data will be taken and to the decisions and directives of the competent European bodies for the protection of personal data regarding transfers to third countries as well as the appropriate contractual, technical and organizational measures.

9.5. We may sell or buy stores, subsidiaries or business units as part of growing our business. In these transactions, information relating to visitors to the Website remains subject to the commitments made under this Policy. After any sale or transfer, you will be able to contact the entity to which your personal data will be transferred with any questions regarding its processing.

10. DATA SECURITY

10.1. The Company takes all the necessary technical and organizational security measures to protect and ensure the privacy of your personal data (such as SSL, Web Application Firewall (WAF), Security Operation Center (SOC) for WAF monitoring, Origin Lock on IP of WAF, Updated Magento and other industry standards for the online and offline security of your personal data). If you have any questions about the security provided through the Website, you can email us at hello@atualab.com.

10.2. To carry out the processing, the Company selects persons with corresponding professional qualifications who provide sufficient guarantees in terms of technical knowledge and personal integrity for the observance of confidentiality. The Company, through the corresponding contractual commitments and its partners, takes all the necessary security measures to protect and ensure the privacy, confidentiality and integrity of personal data. In any case, the security of those in the platform environment is subject to events that escape its sphere of influence, as well as errors due to technical or other weakness of the network not controlled by the Company or reasons of force majeure or fortuitous events.

10.3. You must not disclose your Account information/password and in particular protect unauthorized access to it from third parties.

11. CHANGES TO THIS POLICY

Given that the needs of e-shop visitors and our Company evolve, we reserve the right to modify this Policy at our discretion. Amendments to this Policy become effective from the date they are posted on this Website. We therefore recommend that you frequently visit this section of the Website in order to be constantly informed of any changes. Our right to process your personal data is reflected in the Personal Data Protection Policy that applies from time to time.

In case, however, you want any clarification or information regarding the changes or you have any disagreement, reservation or question related to them (changes), you can contact us. We note that any information/clarification provided to you in accordance with the above regarding possible changes to this Policy, does not constitute a replacement, substitution or any modification of this Policy.

This privacy policy was last modified on 5 December 2024