- Website irocomb.com (the “Website”);
- Social media pages managed by us;
- Other associated services that we provide both online and offline.
About us – contact information of the data controller
We - Iro hair d.o.o., Vegova ulica 6, 1000 Ljubljana, Slovenia are the responsible party and data controller with respect to the personal information collected through the Services.
If you want to exercise any of your rights in relation to our processing of your Personal Information, Iro Hair d.o.o. shall be the responsible party. You may contact us with any questions or requests by sending us an e-mail to: firstname.lastname@example.org
Our primary goals in using your data and information are to provide Services to you, improve the Services, contact you, conduct marketing and research and create anonymous statistical reports.
For all information and privacy questions please feel free to contact us via email@example.com
How we collect and use your information
Placing an Order
When you place an order on our website, you’ll need to provide an email address, a first and last name, and a shipping and billing address and any other information you voluntarily give to us.
In order to complete your order on our website, you’ll need to provide payment information, such as your credit card, PayPal account, Apple Pay or Google Pay. This information is needed in order to process your order and is not stored on our servers but servers of our third-party providers:
Subscribing to Updates and Newsletters
You may voluntarily subscribe to receive updates and newsletters. For this purpose, you provide us with your name and an e-mail address. You may unsubscribe at any time.
Purposes of data processing
Operate and Improve our Services:
Fulfill your online orders and enable registration for the use of our Services;
Understand you and your preferences to enhance and customize your experience and enjoyment using our Services;
Respond to your comments and questions and provide support service;
Send you Service-related information, including confirmations, invoices, technical notices, security alerts and support and administrative messages;
Any other processing necessary for the performance of a contract with you.
Deliver marketing and promotional information:
Communicate with you about our offers, promotions, rewards, upcoming events, and other news about our Services and products only upon your explicit consent.
For statistical and research purposes:
We will anonymize your data and use them for our legitimate interests of processing Personal Information for research purposes, including market research, better understanding of our respective customers, and tailoring our respective products and Services to their needs.
For compliance and legal purposes:
Indicating possible criminal acts or threats to public security to a competent authority. This is necessary for our legitimate interest of promoting the success of our business, preventing crime, for compliance with legal obligations which we are subject to.
In connection with any legal or potential legal dispute or proceedings. This is necessary for our legitimate interest of promoting and ensuring the success of our business, resolving disputes and making such disclosures as are required by law or which we consider, acting reasonably, are required by law.
For business or share sale purposes:
In connection with disclosure requests and in the case of a business or share sale or sale or purchase of a business and/or assets, whether actual or potential. This is necessary for our legitimate interests of selling and/or ensuring and promoting the success of our business.
How we may share your Personal Information with third parties
We may share your data (including Personal Information) with our affiliates or Data Processing Partners, which are:
IT Services and Infrastructure Providers
Order Fulfillment Services
Deutsche Post (DHL)
Third Party Advertising Providers
This list may change from time to time. We may share information that can be used to personally identify your device (e.g. persistent identifiers such as IDFA, IDFV, advertising ID and IP address) for the purposes of delivering our Services, displaying advertisements, conducting analysis and research and for measuring our Data Processing Partners’ advertising campaign performance.
We cannot guarantee that the Data Processing Partners will adhere to the contractual obligations or acceptable business practices. We strive to protect the information provided to our Data Processing Partners. We have no direct control over their use of the collected information. Therefore you acknowledge that we are not liable for any third-party privacy breach and that our liability for Data Processing Partners is limited to the amount we are able to receive as indemnification from Data Processing Partners.
We may also release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; investigate fraud, respond to a government request, enforce or apply our rights; or protect the rights, property, or safety of us or our users, or others. This includes exchanging information with other companies and organizations for fraud protection.
Cookies and similar technologies
We and our analytics service providers use technologies such as cookies, scripts, advertising IDs and tags to identify a user's device and to remember things about your visit.
Your rights in relation to your data
You have the following rights in relation to your personal information:
- To request access to your personal information and information related to our use and processing of your personal information;
- To request the correction or deletion of your personal information;
- To request that we restrict our use of your personal information if technically viable;
- To receive the personal information which you have provided to us in a structured, commonly used and machine-readable format (e.g. an Excel spreadsheet) and the right to have that personal information transferred to another data controller (including a third-party data controller);
- To object to the processing of your personal information;
- To withdraw your consent to our use of your personal information at any time where we rely on your consent to use or process that personal information. If you withdraw your consent, this will not affect the lawfulness of our use and processing of your personal information on the basis of your consent before the point in time when you withdraw your consent.
You also have the right to lodge a complaint with a supervisory authority, which, in the case of Slovenia, is the Information Commissioner, the contact details of which are available here: https://www.ip-rs.si/
For further information about your rights in relation to your personal information, including certain limitations which apply to some of those rights, please see Articles 12 to 23 of the General Data Protection Regulation (GDPR), which is available here: https://ec.europa.eu/info/law/law-topic/data-protection_en.
We will respond to your access request within a reasonable timeframe.
We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
We may require proof of identity from any individual who requests access to personal information.
Although we make good faith efforts to store the information collected on the Services in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission. Further, while we attempt to ensure the integrity and security of the systems we use, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
We retain your information:
For any legal obligation to continue to process your information, such as any record-keeping and tax obligations imposed by applicable law or if we have any legal basis to continue to process your personal information, such as your consent;
To retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
As indicated above we will store your information for no longer than necessary. When information is no longer needed, we shall delete it using reasonable measures to protect the information from unauthorized access or use.
For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at firstname.lastname@example.org.
Our policy regarding children
Our Services are primarily aimed at businesses and professionals. We do not knowingly collect or solicit personal information from or direct or target interest-based advertising to anyone under the age of sixteen (16) or knowingly allow such persons to use our Services. If you are under 16, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 16 may provide any Personal Information. In the event that we learn that we have collected personal information from a child under the age of 16, we will delete that information as quickly as possible.
When we transfer your personal information outside the European Economic Area, the country to which it is transferred will either be subject to an adequacy decision by the European Commission, or if not (or if we transfer your personal information to an international organization), we will ensure that the transfer takes place on the basis of one or more of the following safeguards:
- Standard data protection clauses adopted by the European Commission or adopted by the Information Commissioner and approved by the European Commission in accordance with relevant law;
- A code or codes of conduct produced by an association or other body approved by the Information Commissioner;
- An approved certification mechanism (such as the EU-US Privacy Shield); or
- Where authorized by the Information Commissioner, contractual clauses between the data controller or processor and the data controller, processor or recipient of the personal information in the third country or international organization.
If you have any questions or concerns about our data privacy practices, or if you have any requests for resolving issues with your personal information, please contact us at email@example.com. Customer support is available in the English language.