1. Statement on Privacy
We appreciate your usage of our website. Safeguarding your personal data is a priority for us, and we strive to ensure your security and peace of mind during your website experience
Details regarding the gathering of personal data
a. The following will provide you with information about how personal data is collected, processed, and utilized on our website. Personal data refers to any information relating to an identifiable living individual.
b. According to the United Kingdom General Data Protection Regulation (“GDPR”), the designated controller is:
Cosyelegance GmbH
8, The Green, Dover, State of Delaware, 19901, United States of America
The contact information for our Data Protection Officer (“DPO”) can be found below:
Cosyelegance GmbH
8, The Green, Dover, State of Delaware, 19901, United States of America
contact@cosyelegance.com
In the event that we engage contracted service providers to perform specific functions in order to deliver our services to you or process your data for advertising purposes, we will provide you with comprehensive information about the specific processes outlined below.
2. Data subject rights
a. Your rights regarding your personal data:
Right of access (Article 15, UK GDPR): You can request information about the personal data we hold about you, including categories, purposes, sources, and recipients. You have the right to obtain a free copy of your data, with potential charges for additional copies.
Right to rectification (Article 16, UK GDPR): You can request the correction of any inaccurate data concerning you to ensure its accuracy and completeness.
Right to erasure (Article 17, UK GDPR): You can demand the deletion of your personal data stored with us, unless certain legal grounds apply for retaining it.
Right to restriction of processing (Article 18, UK GDPR): You can request the limitation of processing your personal data under specific circumstances, such as disputed accuracy or unlawful processing.
Right to data portability (Article 20, UK GDPR): You can request the transfer of your data to another responsible party, if technically feasible and the processing is based on consent or necessary for a contract.
Right to object (Article 21, UK GDPR): You can object to the processing of your data based on legitimate interests, consent, or third-party interests, unless compelling legitimate grounds override your rights.
Right to withdraw consent (Article 7(3), UK GDPR): You can revoke your consent, leading to the cessation of future processing based on that consent.
b. If you feel that we have not adequately responded to your requests, complaints, or if you have further concerns, you have the right to lodge a complaint with the data protection authority.
c. For inquiries regarding your rights as a data subject, please send a data subject request to contact@cosyelegance.com
3. Gathering personal data during your website visit
When you visit our website without registering or consenting to further processing or utilization of data, only the personal data transmitted by your browser to our server is automatically saved. This is necessary to fulfill technical requirements for website viewing and ensure security. The following data is saved:
IP Address
Date and time of your visit
Time zone difference to Greenwich Mean Time (GMT)
Content of the specific page visited
Access status/HTTP status code
Amount of data transferred
Website from which the initial request originates
Browser
Operating system, device, and user interface
Language and version of browser software
The aforementioned personal data is processed for the following purposes and legitimate interests (Article 6 (1)(f), UK GDPR):
Ensuring a smooth connection to the website
Providing a comfortable user experience on our website
Evaluating system security, stability, and other administrative purposes
This information is temporarily stored in log files. It is automatically recorded and stored until it is deleted. If you do not want your personal data to be collected as mentioned above, please refrain from accessing our website, as we require this data for granting access.
4. Utilization of our webshop: placing orders and returning products
In order to place an order in our webshop, it is essential for the contract to be concluded that you provide your personal data, which we require to process your order and fulfill the sales agreement. The necessary data for contract completion is clearly indicated, while additional data is provided on a voluntary basis. The personal data you provide is used for order processing and product returns. For payment purposes, we may share your payment data with our bank or the selected payment service provider. To ensure the delivery of goods, we will need to share your delivery address and contact details (email and phone number) with delivery companies. Only relevant data necessary for delivery coordination, fraud prevention, and resolving urgent matters will be shared. The legal basis for this processing is the objective necessity for fulfilling the sales agreement with you (Article 6(1)(b) of the GDPR). Please note that if you fail to provide the required personal data, we may be unable to process your order.
If you wish to initiate a product return, we will also need to share your personal data (delivery address and contact details) with the designated non-governmental/charitable organization or delivery company responsible for the pick-up and collection of the product. The legal basis for this is the necessity of processing for the performance of a contract to which you are a party (Article 6(1)(b) of the GDPR) and our legitimate interest in managing product returns.
5. Parties receiving personal data
a. In the course of our activities and services, there may be instances where we need to disclose your stored personal data to individuals, organizations, or public authorities. We enter into contracts with our service providers to ensure that they can only process your personal data as explicitly instructed by us. Additionally, we ensure that they implement the necessary technical and organizational measures to securely process your data and retain your personal data for as long as required. External service providers who may receive personal data generally fall into the following recipient categories:
Subsidiaries and affiliated companies
Credit institutions and payment service providers for billing and payment processing (online payment providers)
Parcel shipping companies
Non-governmental/charitable organizations responsible for collecting product returns
IT service providers for the maintenance of our IT infrastructure
Cloud providers
Service providers for optimizing our online offerings
Collection service providers or lawyers for debt collection and enforcement of claims in court. In the event of a collection case where personal data (customer and contact information, payment and consumption data, and claim-related data) is transferred to a collection service provider, we will inform you beforehand about the intended transfer.
b. When processing personal data in countries outside of the United Kingdom, we ensure that your personal data is processed in compliance with the level of data protection provided by the United Kingdom. In the absence of an adequacy decision, we only transfer data to third-country service providers who offer appropriate safeguards in accordance with Article 46 of the UK GDPR (typically through the use of Standard Contractual Clauses).
6. Correspondence and Contact Form
When you reach out to us, whether it’s via email or through the contact form, the information you provide will be processed to address your inquiry and handle any potential follow-up questions. If your contact is related to a purchase you made, our legal basis for processing your personal data is the fulfillment of our sales contract with you. If your contact pertains to other matters, our legal basis for processing your personal data is our legitimate interest in addressing your concerns and facilitating easy and efficient communication with you. This processing is in accordance with Article 6(1)(f) of the UK GDPR. The personal data collected during this interaction will be deleted once the associated request has been fully resolved and it is unlikely that the same contact will become relevant again in the future, unless there are legal obligations requiring us to retain the data.
7. Newsletters and Electronic Notifications
a. We send newsletters, emails, and other electronic notifications that contain promotional information. Our newsletters provide details about our products, offers, promotions, and company updates. The following information explains the content of our newsletter, the registration process, email dispatch, statistical evaluation procedures, and your right to unsubscribe.
To subscribe to our newsletter, we utilize a logged Double-Opt-in procedure. This means that after subscribing, you will receive an email asking you to confirm your registration. This confirmation step is necessary to prevent unauthorized registrations using email addresses. Newsletter subscriptions are logged to comply with legal requirements and demonstrate the registration process. This includes storing the registration and confirmation time as well as the IP address. Changes to your data stored by the service provider are also logged. This procedure serves the purpose of verifying your registration and addressing any potential misuse of your personal data.
To subscribe, you only need to provide your email address. The provision of additional data is voluntary and allows for personalized addressing. Upon confirmation, we will store your email address for the purpose of sending the newsletter. The dispatch of the newsletter and the measurement of its performance are based on your consent given during the subscription process.
b. If you receive newsletters, notifications, and/or marketing content without subscribing, we do so based on our legitimate interest for marketing purposes and to inform you about our products and services, as outlined in Article 6(1)(f), UK GDPR.
c. If you choose and provide consent to receive third-party marketing content from our trusted affiliate partners, we will send you newsletters that include products, services, offers, and promotions from these partners. These newsletters may cover various topics such as retail, consumer goods, health, beauty, sports, and entertainment. The processing of your personal data and the sending of these newsletters will be based on your consent as specified in Article 6(1)(a) GDPR.
By granting your consent to receive emails from trusted partners, you may receive content from the following partners in these communications:
Rituals Cosmetics B.V.
You can withdraw your consent for receiving content from Rituals Cosmetics B.V. at any time. To do so, simply use the unsubscribe link located at the bottom of our newsletter. Please note that the list of partners may be updated from time to time, and we will inform you of any changes through our privacy policy.
d. If you wish to stop receiving our newsletter, you have the option to withdraw your consent or object to receiving it at any time. You can accomplish this by clicking on the unsubscribe link provided in every newsletter email or by contacting us via (Email).
8. Retention of Personal Data
We retain your personal data throughout the duration of your customer relationship with us, and for a legally-mandated period following the termination of such relationship or agreement. This is done to safeguard our legal rights, protect and enforce our rights, and ensure compliance with applicable laws and regulations. Typically, documents of significant importance for taxation purposes, such as accounting receipts, are retained for ten (10) years, while other documents related to commercial or business transactions are retained for six (6) years.
9. Social media platforms
a. We maintain a presence on various social networks and employer evaluation portals mentioned below. These platforms are operated solely by the respective providers. They serve as a direct means of communication with customers, interested parties, and users. When you contact us through our social media channels, we process the personal data you provide us, as well as any additional personal data necessary to address your inquiry. If you have given your consent to the operators of these social media platforms (e.g., through a checkbox opt-in), the processing is based on your consent. You can withdraw your consent at any time by contacting the platform operator, and it will be effective for future processing.
b. When you visit our social media pages, the operator records your user data and provides it to us. The specific types of data collected vary depending on the provider but generally include the following information:
Follower: Number and stored profiles; information about growth and development over a specific time period.
Reach: Number of people who view a specific post; number of interactions with a post. This helps us understand which content resonates better with the community.
Ad performance: How many people were reached and engaged with a post or a paid advertisement?
Demographics: Average age, gender, location, and language of visitors.
c. As our social media channels are operated by the respective social network providers, they may utilize your personal data in ways beyond our control. This often includes recording your IP address, generating statistical evaluations, and processing additional information stored in the form of cookies. We cannot disable or prevent the generation and presentation of this personal data, as we have no control over it.
d. To assert your rights as a data subject and submit requests, it is most effective to directly contact the platform providers. They have access to your personal data and can promptly take action and provide information. If necessary, we will assist you in exercising your data subject rights.
e. For more detailed information on the terms of use of each platform, as well as a comprehensive description of further data processing and available objection options, please refer to the providers’ respective pages.
10. Social media plugins
We have integrated plugins into our web services, which are identified by their respective buttons associated with the service. These plugins enable users to share or post links to the corresponding websites on social networks such as Facebook or Twitter, or to recommend the content. When you actively interact with these plugins (e.g., by clicking the button or leaving a comment), the information is directly transmitted to the respective service and stored there.
When you visit one of our web services that contains an activated plugin, your browser establishes a connection with the servers of the respective service. The content of the plugin is then transmitted to your browser and integrated into the displayed page. As a result, information about your visit to our web services is forwarded to the respective service. We do not collect personal data ourselves through the social plugins, nor do we have control over the data collected or how it is used by the provider. It is reasonable to assume that at least the IP address and device-related information are collected and used. The service provider may also attempt to store cookies on your computer. If you are simultaneously logged into the respective service through your personal user account (e.g., in another browser session) while visiting our web services, the service provider may associate your visit with your account.
11. Facebook Insights – “Facebook Fan Pages”
When you visit our Facebook page, Facebook collects various information, including your IP address, which is stored on your device in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with statistical insights into Facebook usage. These statistics, known as Facebook “insights,” are collected and provided exclusively by Facebook. We, as the page operator, have no control over the generation and presentation of these statistics and cannot prevent their generation or data processing. For more information about Facebook Insights, please visit: https://www.facebook.com/help/pages/insights.
Through Facebook Insights, the following information is provided to us by Facebook: number of page views, likes, page activities, reach, impressions, video views, post clicks and reactions, post reach, comments, shared content, answers, gender ratio, regional distribution of users (based on country and city of origin), language, opens and clicks in the shop, and clicks on the address and telephone number.
The operation of this Facebook page and the processing of users’ personal data resulting from it are based on Article 6(1)(f) of the UK GDPR and our legitimate interest in informing and interacting with users and visitors of our Facebook page.
12. Cookies
a. In addition to the mentioned data categories, we utilize cookies to enhance your experience when visiting our website and enable you to utilize specific functions. Cookies are small text files that are stored on your browser’s designated hard drive, allowing certain information to be transmitted back to the party setting the cookie (in this case, us). Cookies are employed to improve the user experience and effectiveness of our website.
b. This website utilizes the following types of cookies:
Transient Cookies: Transient cookies are automatically deleted when you close your browser. They are primarily session cookies that store a “session ID” to enable the identification of different queries within your browser during a specific session. These cookies are deleted once you log out or close the browser window.
Persistent Cookies: Persistent cookies retain your information and settings for your next visit, offering faster and more convenient access to the website. For example, you won’t need to reconfigure your language settings. The duration of a persistent cookie on your device depends on its expiration date or duration, as well as your browser settings. These cookies are automatically deleted after a predetermined period, which can vary for each cookie. You can also manually delete persistent cookies through the security settings of your browser.
c. The use of cookies depends on their type. We employ cookies based on our legitimate interests (technically necessary cookies, Article 6(1)(f) of the UK GDPR) or your consent (optional cookies, Article 6(1)(a) of the UK GDPR), depending on your selection in the cookie banner displayed when you access the website. You can customize your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. However, please note that this may result in functional limitations for our offers and website.