Hairloxx Privacy Statement
In order to make shopping with Hairloxx as pleasant as possible, we store – with your permission – the personal details and the details with regard to the order and the use of our services. This is how we can personalize the website.
When placing the first order, it is possible to indicate that you want to receive updates concerning the new collections, trends, special offers and the development of the website by means of a digital newsletter. We use your e-mail address for this purpose. When this information is no longer desired, the digital newsletter offers you the possibility to sign out.
Information about the use of our website and the feedback we get from our visitors helps us to further develop and improve our website.
Questions concerning Hairloxx’ Privacy Statement? Please use the contact page for this request.
The General Data Protection Regulation (GDPR), also known as the General Data Protection Regulation (AVG), will take effect on 25 May 2018 within the entire European Union. Hairloxx B.V. is a professional provider of hair extensions and related products. compelled to process and store data from organizations and its employees.
This description describes the information that Hairloxx B.V. processed from third parties, why this is required and what rights an individual has with regard to the viewing, transfer or deletion of personal data. Information about how Hairloxx B.V. dealing with its suppliers in the context of the AVG. For questions about this document and its contents, an e-mail can be sent to email@example.com.
2. Data processing
Below is an overview of the data that Hairloxx B.V. processed:
• NAW company data;
• administrative business data (bank and collection data) for invoicing purposes;
• contact details of the administrative, technical and / or sign authorized contact person within companies for invoicing, support and information provision;
• telephone numbers of companies for the service;
• names and telephone numbers of employees for administrative, business and service organization;
• invoices, offers and payment behavior of companies for the administration;
• e-mail traffic sent to and from Hairloxx B.V. sent for the benefit of the service;
• statistical recording of all telephone calls, SMS messages sent and data consumed per individual for service, administration and support purposes; these data are stored securely for a period of 90 days, after which they are permanently and automatically deleted;
• textual and manual registration by a Hairloxx B.V. of the (telephone) conversations for support purposes;
2.1. Storage period
From the European Union, the AVG law does not set a limit for the storage of business (personal) data. If there is no need for data to be saved, Hairloxx B.V. dispose of this and remove it from its systems in accordance with tax and / or legal provisions.
2.2. View, transfer or delete personal data
Persons whose Hairloxx B.V. storing data has the right to view, transfer and / or have this information removed from the systems. For this the individual can submit a request by sending an e-mail to firstname.lastname@example.org.
2.3. Confidentiality and regulation
Hairloxx B.V. has concluded a confidentiality agreement with all of its employees regarding company and privacy-sensitive information.
3. Processing agreement with third parties
Hairloxx B.V. outsources the processing of personal data to its suppliers and partners. In accordance with the AVG, mutual agreements must be made regarding the processing of these data. The document in which these agreements are recorded is called the processing agreement. Hairloxx B.V. has concluded such an agreement with all its suppliers and partners in which aspects such as security, confidentiality and procedures concerning data leaks are recorded. And what happens to the data after the agreement.
The Hairloxx B.V. processed and stored data are never sold to third parties. Data are only provided to third parties if this is necessary for the execution of the delivery of goods or services.
3.1. processor agreement with customers
It is not deemed necessary to conclude a processor agreement with every company that uses the services of Hairloxx B.V. The point is that agreements are made between the parties about the processing of personal data and that these agreements are recorded in writing. This does not have to be done in a separate document but can be processed in the general conditions and / or in a document like this. Hairloxx B.V. has chosen to inform about the handling of the AVG through this document and refers to this document from the general conditions.
4. Data protection impact assessment
Organizations must, according to the AVG, not perform a DPIA for every data processing. A DPIA is an instrument to map privacy risks of data processing in advance and to take measures in advance to reduce these risks. This is only mandatory if the data processing poses a high privacy risk for those involved (the persons whose organization processes data). This is the case if an organization:
• systematically and extensively evaluate personal aspects, including profiling;
• special personal data are processed on a large scale;
• people are being followed on a large scale and systematically in a publicly accessible area, for example with camera surveillance.
Outside of these three situations, the AVG does not provide an overview of high-risk processing operations that require a DPIA. Hairloxx B.V. does not process data related to the situation mentioned and thereby discards the obligation to draw up a DPIA.