November 1, 2023

This Privacy Policy for the Processing and Protection of User Personal Data (hereinafter referred to as the “Policy”) is adopted and in effect at ArtEsthetic EUEE OU (hereinafter referred to as the “Company” or “we”).

The controller for the processing of personal data is ArtEsthetic EUEE OU, registration number 164975866, address: Katusepapi tn 4/2, 11412, Tallinn; phone +37253003957, email info@artesthetic.ee.

We collect, use, and store personal data that you provide to us when using our websites and mobile applications (hereinafter referred to as the “Sites”) from any device and when communicating with us in any form, in accordance with this Policy and with the European Parliament Resolution EL 2016/679.

By using our Sites and providing us with your personal data, you consent to the processing of your personal data in accordance with this Policy.

1. Key Concepts

“Personal data” – any information related to a specific individual (data subject).

“Processing of personal data” – any action (operation) or set of actions (operations) performed with personal data, with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, updating, modification, retrieval, use, transmission (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2. Data We Collect

We process:

• Personal data provided by you when filling in information fields on our websites, including when filling in contact forms, subscribing to newsletters, registering for events (webinars, conferences);
• Personal data provided by you when applying for the purchase of services offered by the Company, as well as for contract conclusion;
• Personal data necessary for the quality and safe provision of cosmetic services, including information about your health status, past illnesses, pregnancy, allergies, and other information requested by the relevant specialist in a specific situation for the performance of cosmetic procedures or manipulations;
• Technical data automatically transmitted by the device you use to access our Sites, including device technical specifications, IP address;
• Information is stored in cookie files. Depending on the browser and device you use, different sets of cookie files are used, including strictly necessary, operational, functional, and analytical cookie files;
• Personal data obtained through video surveillance during your visit to our cosmetic services center.

3. Purposes of Personal Data Processing

We process your personal data exclusively for the purposes for which they were provided, including:

• Providing you with information about the Company, our services, and events, as well as directing our news materials to you. Emails are sent only with your voluntary consent. Upon receiving an email with news materials from us, you will always be provided with a link to opt out of receiving news. By choosing this option, your email address will be removed from our newsletter database, and you will no longer receive information.
• Communicating with you when you reach out to us.
• Providing you with services in accordance with the service agreement.

We conduct video surveillance for both your personal safety and the safety of our employees, clients, and property. Video surveillance is carried out in public places according to strict safety and privacy rules, using modern technologies and equipment. Information signs are placed in areas under video surveillance.

If we process personal data for purposes not informed in this Policy, we will inform you separately about the individual terms of processing these data.

We do not make decisions that have legal consequences for you or otherwise significantly affect your rights and legitimate interests based solely on the automated processing of personal data.

4. Legal Basis for the Processing of Personal Data

We process your personal data if one of the following conditions is met:

• You have given consent for the processing of your personal data.
• Processing of personal data is necessary for the performance or conclusion of a contract.
• Processing of personal data is necessary to comply with legal obligations imposed on us by regulatory acts (for example, for the transmission of information to the Tax and Customs Department).
• Processing of personal data is necessary to ensure our legitimate interests (for example, to ensure the security of property, we conduct video surveillance, and we may go to court to recover debts, etc.).
• Processing of data is necessary to protect your vital interests or the vital interests of another natural person.

5. General Principles of Personal Data Processing

The Company adheres to the processing of personal data in accordance with the following general principles:

• Limitation of the purpose of data processing: Personal data is processed only for the specified purpose of processing and use of data, or for actions to which the data subject has given consent.
• Quality and proportionality of data: Personal data is processed accurately and is updated as necessary. Personal data is current, relevant, and does not exceed the necessary volume, taking into account the purpose of processing.
• Transparency: The data subject understands the purposes for which data processing is carried out.
• Security: In processing data, we apply technical and organizational security measures corresponding to possible risk factors, such as measures against accidental or unlawful destruction of data, changes, unauthorized disclosure, or access.
• Minimization: Personal data is regularly reviewed with the aim of deleting data that is no longer needed for the purpose of processing.

6. Security of personal data

To ensure the security of your personal data during their processing, we take necessary and sufficient legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions regarding personal data.

7. Confidentiality/Transfer of personal data

Information about your personal data will not be posted in publicly available sources or disclosed to third parties, unless the Company receives your express consent, or the information is required in accordance with legal requirements. If necessary, we may disclose your personal data to government and law enforcement agencies to protect our legitimate interests.

Also, in order to fulfill our obligations to you, we may transfer your personal data to cooperation partners: data processors who perform the necessary data processing on our behalf, for example, IT infrastructure service specialists, marketing agencies, leasing companies, courier services, etc. These companies, in accordance with the current regulations of the Republic of Estonia and our cooperation agreement, are obliged to protect your personal data and process it only in accordance with the purposes specified by us.

We do not transfer your data to third countries and international organizations.

8. Rights of the subject of personal data

The Company respects your rights to review, correct, update, object to, or otherwise change, or delete, information provided to the Company. For this purpose, you can contact us by sending a request with the subject line “Request for personal data” or “Withdrawal of consent to the processing of personal data” (in case of withdrawal of consent to the processing of personal data) to the email address info@artesthetic.ee.

In the event of your request to delete information associated with you, we will immediately delete your personal data, because Respect for your rights is Our priority. Unfortunately, we will not be able to delete your personal data if regulations impose an obligation on us to retain it. 

9. Shelf life

All personal data received from you is stored for the period during which you use our services, or, if your personal data is processed on the basis of your consent until you revoke your consent. A longer retention period for personal data is permitted in order to comply with legal requirements regarding the minimum retention period for documents or information, or to protect our legitimate interests. (for example, but not limited to, for accounting or legal proceedings).

Once the purpose of processing personal data has been achieved, we will delete your personal data in a secure manner, or make it inaccessible (archiving), or unidentifiable so that it can no longer be associated with you.

10. Cookies

We use cookies. You can find out more about the policy and technical nuances related to cookies in the appropriate section.

11. Changes to the privacy policy

The policy is subject to change without prior notice. The amended version of the Policy, which is published on the Site, replaces all previous versions of the Policy. Any changes do not affect the Company’s general policy regarding respect for the rights of the subject of personal data.