Privacy policy

Rebecca Stella Beauty Privacy Notice

Rebecca Stella Beauty is driven by Valley Beauty Brands and is part of an international chain of hair care and beauty specialists who are passionate about beauty. We understand that you care about your privacy. This Privacy Notice describes our policies and practices regarding the collection and use of your personal data as well as sets forth your privacy rights. We take your privacy seriously and will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Summary

This website is operated by Valley Beauty Brands AB, org. nr. 556933-4849, a company incorporated under Swedish law whose principal place of business is at Birger Jarlsgatan 37b, 4 tr, SE-111 45 Stockholm, Sweden.
Through this website you may learn about our products and services.
You will be able to access most of the website without registering your personal data with us. We do, however use cookies, which provide us with personal data about you. You can read more about our cookies in our cookie policy.
Certain sections of the website require that you provide us with some information about yourself. For example, if you place an order we will ask you to provide information such as, but not limited to, your name, your email and your address.
We are part of an international group of companies and share administrative systems. Because of this, we may share some or all of your personal data with affiliates for administrative purposes, or the legitimate business purposes described below.
If you have any questions or concerns, please contact us at privacy@rebeccastella.com.

Last revised: 2023-04-03

Privacy Notice Full Text

Table of Contents

Introduction
Our principles
Personal data that we collect
How and why we use your personal data
When and how we share information with others
Data subject rights
Security of your information
Data storage and retention
Data transfer to third countries
Exemptions
Additional services
Changes and updates to the Privacy Notice
Questions, concerns or complaints

Privacy Notice

1. Introduction

Welcome to rebeccastella.com! This website is operated by website is operated by Valley Beauty Brands AB, org. nr. 556933-4849, a company incorporated under Swedish law whose principal place of business is at Birger Jarlsgatan 37b, 4 tr, SE-111 45 Stockholm, Sweden. This Privacy Notice applies to rebeccastella.com and services provided by Valley Beauty Brands AB, org. nr. 556933-4849 as well as affiliates.

Through this website you may learn about our products and services.

This Privacy Notice describes our policies and practices regarding our collection and use of your personal data. It sets forth your privacy rights, for when you browse our website or use certain functions of the website. Please note that some of our sites contain links to third-party products whose personal information policies might differ from ours. If you enter personal data into any of these products, your information will be processed in accordance with their respective privacy policy.

Please Note: We understand and acknowledge that privacy is an ongoing responsibility. We will therefore from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Summary: This Privacy Notice applies to when you browse rebeccastella.com.

2. Our principles

2.1 We do our best to protect your privacy by using appropriate security technology. This means that:

We make sure that we have security measures in place to protect your information which are appropriate for the purpose for which your information is processed.
We make sure that when we ask another company to provide a service for us, they have appropriate security measures in place.
We will respect your privacy. You should receive marketing (whether by email, post, SMS or telephone) only from us and, if you agree, from other organizations we have carefully chosen.
We will make sure it is clear when you can make choices regarding our marketing to you. You will, for example, always have the option to opt out of receiving direct marketing from us.
We will collect and use your details only if we have your permission or if we have sensible business reasons for doing so, such as for example being able to deliver your ordered products to you.
We will be clear and transparent regarding what personal information we collect and how we will use it.
We will use personal information only for the purposes for which it was originally collected, and we will make sure we delete it securely.

2.2 If we or our service providers transfer any information out of the European Union and European Economic Area (EEA), it will only be done having the relevant protection measures (stated under applicable data protection legislation) in place. This includes, for example, that we will use the standard contractual clauses approved by the European Commission for data transfers to third countries (the so-called ‘SCCs’) in the agreements with our processors.

Summary: We respect your privacy and your personal information is safe with us.

3. Personal data that we collect

3.1 Collection of personal data
Rebecca Stella collects personal data about its website visitors. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our products and services. For more on this, see Section 5.

3.2 Personal data you provide to us
When using certain functions of the website, you provide us with personal information directly, e.g. if you place an order we will ask you to share your name, address, email address and payment details and additionally you might even share your phone number and information about the products you bought.

If you correspond with us by email, telephone, or any other form of communication, we may keep such correspondence and the information within (such as name, inquiry, location, and any personal identifiable information you provide in free text form). We will use it to respond to your inquiry; to notify you of publications or other services; or to keep a record of your complaint, question, request, and the like. If you wish to have Rebecca Stella Beauty “erase” your personal information or otherwise refrain from communicating with you, you are always welcome to contact us at privacy@rebeccastella.com.

Note: If you ask Rebecca Stella Beauty not to contact you by email at a particular email address, we will retain a copy of that email address on its “master do not send” list specifically to comply with your no-contact request.

3.3 Personal data we collect when you visit our website – use of cookies
When you visit our website, we collect certain information about you, for the purposes described in section 4.

Like many other websites, rebeccastella.com collects certain information automatically and stores it in log files, to generate statistics and measure site activity. This information may include IP addresses, web beacons, the region or general location of your computer or device, browser type, operating system and other usage information about the use of our website, including a history of the pages you view. Read more about the use of cookies in our Cookie Policy.

3.4 What happens if you do not provide us with your data
You can use our website without providing us with your personal information. However, you will not be able to place an order within providing Rebecca Stella Beauty with essential data for the performance of the contract.

You can choose only to enter the minimal amount of mandatory information when making a purchase.

Summary: You do not have to provide us with your data to only browse rebeccastella.com.

4. How and why we use your personal data

4.1 We use your personal data for the purposes described below.

4.2 When you place an order at rebeccastella.com:

When placing an order in our webbshop we will process your details such as your name, address and email address and maybe even your phone number in order to complete your order and to be able to deliver your ordered products to you. In addition, we will process your data in order to provide you with relevant information and order to be able to contact you with regards to your order(s) if necessary. Information regarding your orders may, for example, include information about when your shipment has been dispatched from our warehouse, when it is available for collection at a pick-up point or any technical problems or delays.

Legal basis: We use your personal data in order to fulfill our contract with you (Art.6.1 (b) GDPR).

4.3 Statistics, analytics, and service improvement:

We collect and store IP addresses, device location, browser type, operating system and other usage information about the use of our website, to help us design our site to better suit your needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyse trends, track visitor movements, and gather demographic information which assists us in identifying visitor preferences. For statistical purposes we store information about how many individual visitors to our website we have, and how often these individual users visit our website. We collect and

store this information to better understand our customers’ needs and interests, so that we can develop and improve our services. For more information about the use of cookies, please read our cookie policy.

Legal basis: We carry out this processing because it is necessary for our legitimate interest to improve our services and to develop our business. As applicable, we also rely on your consent to our use of cookies under the e-Privacy directive.

4.4 Direct marketing;

We process your personal data to be able to give you personalized offers based on your purchases with us. If you have consented and registered to receive newsletters, we process your personal data. You can withdraw your consent at any time by contacting us.

Legal basis: Our legitimate interest, Art. 6.1(f) GDPR. The processing is motivated by our legitimate interest in being able to offer you related products and services similar to those you were previously interested in. If you have signed up for our newsletter, our legal basis is your consent, Art. 6.1.(a) GDPR.

4.5 Showing you relevant marketing when you visit our website:

When you browse our sites, we may store certain cookies to analyse your browsing preferences, so that we can show you relevant marketing when you come back to our site. This means that we store information about what we think you are interested in and adjust the marketing you see when you visit our website accordingly. For more information on exactly what type of cookies we use, what type of information they gather, why they gather this information, and how you can manage, inactivate or delete cookies, please visit our Cookie Policy.

Legal basis: We only use marketing cookies if you have consented to this, which is required by the ePrivacy Directive and is a legal basis according to Art. 6.1(a) GDPR.

4.6 Providing you with relevant marketing from our affiliates and business partners:

We work with our affiliates and several other businesses which we have carefully selected. When you provide us with your email and/or your billing/shipping address, you may receive marketing from our affiliates and other companies you might be interested in. We will also provide our business partner you’re your e-mail address when you make a purchase through our website, to ask for your review of you experience with us. You may always choose to unsubscribe to such messages or emails, should you not wish to receive these marketing messages. When unsubscribing, you must contact the sender in question, to opt-out from marketing communication.

Legal basis: We only send our newsletter and marketing from our affiliates and other companies if you have consented to this (Art. 6.1.(a) GDPR).

4.7 Security:

We use visitor data to protect the security of our products, services and customers, to detect and prevent fraud and to resolve disputes and to enforce our agreements.

Legal basis: We carry out this processing because it is necessary for our legitimate interest to protect our systems and services (art. 6.1(f) GDPR).

4.8 Customer support/Communication with you:

As is mentioned above in section 3, certain information that you provide to us when you contact us is stored and processed in order to best manage your inquiry with us and manage any customer complaints.

Legal basis: This processing is carried out to reply to your requests and to fulfill our contract obligations and legal obligations (Art. 6.1(b) GDPR).

4.9 Third party payment services:

If you choose to pay your purchase later with an invoice, we will use and transfer your personal data to the selected third party payment service provider. Our purpose is to transmit our claim and for us to complete the purchase with you. Please note that the terms and privacy policies of such third payment service providers will apply to the use of your personal data for processing your payment.

Legal basis: This processing is carried out to provide you with the products you have purchased and to fulfill our contract with you (Art. 6.1(b) GDPR).

4.10 Other Purposes:

If we intend to use any personal data in any manner that is not consistent with this Privacy Notice, you will be informed of such anticipated use prior to or at the time the personal data is collected, or we will obtain your permission subsequent to such collection but prior to such use.

Summary: We only process your data for specific purposes, and we do at least have one legal basis for each processing.

5. When and how we share information with others

5.1 We share your personal data when it is necessary for the completion of any transaction or for the performance of any contract, or when we have sensible business reasons for doing so. If you choose to pay later by invoice, we will share your personal data with our third-party payment service provider.

5.2 For the purpose of managing your subscription, or managing the functioning of our website, we may disclose your personal information to our affiliates and service partners (i.e. companies we've hired to provide customer support, assist in protecting and securing our systems, or assist us in the administration of our newsletter or reports) that are

entrusted to process your information on our behalf and in accordance with our instructions, this Privacy Notice and other appropriate measures for privacy and security. We will also share your information with our service partners if you review the product you purchase from us or your shopping experience with us.

5.3 We may also disclose your personal information to third parties if we have good reasons to believe that access, use, retention or disclosure of such information is reasonably necessary to:

comply with any court order, governmental order or decision, or other legal obligation,
enforce or apply our agreements,
manage and maintain the security of our products, including preventing or stopping an attack on our computer system or network, and
protect the rights, property, or safety of Rebecca Stella Beauty, its customer, its franchisees, or others.

Please note that the terms and privacy policies of such third party service providers will apply for the use of your personal data for processing your requests.

Summary: We only share your data when necessary.

6. Data subject rights

General information

6.1 Rebecca Stella Beauty complies with current data protection laws in the European Union, which, when applicable, include the following rights:

You are free to request access to a record of your processing (as defined in the law), and you have the right to information about the processing and access to a copy of your personal data, request a correction and, in certain circumstances, deletion of your personal data.
You are entitled to request restriction, and object to the processing, of your personal information which has as its basis our legitimate interests.
You are entitled to request that we provide your personal information to another organization responsible for processing your personal data (controller) in cases where our right to process your personal data is based either on your consent or performance of an agreement with you.
Right to object. In cases where we process your personal data with legitimate interest as a legal basis or for marketing purposes, you have the right to object to the processing at any time. If you object, we will no longer process your personal data for such purposes.
Profiling and automated decision-making: You have the right to object to decisions made through automated processing, including profiling.
You have the right to file a complaint with a data protection authority. The Swedish Authority for Privacy Protection (Sw. ‘Integritetsskyddsmyndigheten’) is the authority in Sweden that oversees how we as a company comply with relevant data protection legislation.
If the processing of personal data is based on your consent, you are entitled to withdraw your consent for future processing of your personal information at any time.

6.2 To exercise your rights, you can contact us at privacy@rebeccastella.com. If we cannot provide you with this within a reasonable time frame, we will give you a date when the information can be provided. If such access is denied, we will explain why.

6.3 Note: If you ask Rebecca Stella Beauty not to contact you by email at a particular email address, we will retain a copy of that email address on its “master do not send” list specifically to comply with your no-contact request.

Summary: We respect your rights regarding your personal data.

7. Security of your information

7.1 To help protect the privacy of data and personally identifiable information you transmit through the use of our website, we maintain physical, technical and administrative safeguards. We regularly update and test our security technology. 7.2 We restrict access to your personal data to those employees who need to know this information to provide services to you or to administer our systems. We train our employees about the importance of confidentiality, privacy and security. 7.3 We commit to taking appropriate measures to ensure that your personal data is processed safely.

Summary: Your personal information is safe with us.

8. Data storage and retention

8.1 Rebecca Stella Beauty only retains your personal data for as long as is necessary to fulfill the purpose for which it was collected.

8.2 We apply the following criteria to determine how long we store your personal data:

How long is the personal data needed for us to be able to provide you with the functions of our website?

This includes, among other things, maintaining and improving the website, managing your subscriptions or other agreements we have with you, protecting our systems, and administering necessary business and accounting information. This is the general rule underlying the calculation of most storage periods.

Is the personal data considered sensitive?
In these cases, the storage period is usually shorter.
Have you, as a data subject, consented to a more extended storage period?
In these cases, we store the information longer, with your consent.
Do we have legal, contractual or other similar obligations to store the data?

Examples of this may include mandatory legislation on retention of information, such as for accounting reasons, government orders to store data which is relevant for surveys or data that must be retained for resolving a possible dispute.

8.3 For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact Rebecca Stella Beauty’s privacy team at privacy@rebeccastella.com.

Summary: We only keep your data for as long as it is necessary considering the purpose it was collected for.

9. Data Transfer to third countries

9.1 We aim for the personal data we process to be stored within the EU by us or our subcontractors. If we were to transfer your personal data to a third country, i.e. countries outside the EU/EEA, we will enter into agreements and take other measures in accordance with applicable legal requirements and Article 46 GDPR, including the European Union Standard Contractual Clauses. We aim to follow the legal developments in the EU and the US following the ECJ ruling in the Schrems II case and will take appropriate measures to implement the security measures recommended.

We use subcontractors and have partners outside the EU/EEA regarding the following functions:

Analysis of customer behaviour in our digital channels – Google Universal Analytics (USA), servers are in the EU.

9.2 To protect your personal data, we apply technical and organizational safeguards, which we update and test at regular intervals.

9.3 However, no information system can be completely secure and we therefore cannot guarantee the absolute security of your information. We are in addition not responsible

for the security of the networks, such as the Internet and wireless networks, that are used when you transmit information to us.

10. Exclusions

10.1 Aggregated data

Aggregated data is collected and processed to monitor and evaluate user trends on the website. This means that information about your actions on our website is collected and then anonymised in a way that means we cannot link the information back to you any longer. We use this anonymous information about how our users use our website and services for statistics, service improvement and product development. This data will be completely anonymous and does not constitute personal data. It may, therefore, be stored a longer time than your personal information.

Anonymisation means that data which was once personal information is stripped away of anything that may connect it to an individual, as well as being severed from anything that in the future might make it possible to reconnect this data to an individual. This de-personalisation treatment of data is one step further than the process of pseudonymisation, which means keeping certain information apart, to make it harder to identify an individual using this data.

10.2 Third-Party Links:

This Privacy Notice does not apply to any personal data that you provide to another user through the website or through any other means. Any third-party links you click on via our website may be subject to these third parties’ privacy policies, terms or different rules. Please make sure you read the respective privacy information for each third-party whose links you click on, to keep yourself up to date about the processing of your personal data.

10.3 Children:

Rebecca Stella Beauty does not knowingly collect personal data from children under the age of thirteen (13). If you are under the age of thirteen (13), please do not submit any personal data through our website. We encourage parents and legal guardians to monitor their children’s Internet usage and to instruct their children never to provide personal data through the website without the permission of the parent/legal guardian. If you have reason to believe that a child under the age of 13 has provided personal data to us through the website, please email us at privacy@rebeccastella.com and we will endeavour to delete that information from our databases.

Summary: This Privacy Notice does not apply to aggregated, anonymized data. Nor does it apply to third party links. Lyko tries not to process personal data of children.

11. Additional services

11.1 Payment service providers
We offer you additional payment solutions through a third-party payment service. You can use this payment method when you purchase products online. We collect your personal data for the purpose of transferring our payment collection to the third-party payment service provider. We collect your personal data such as name, e-mail, phone number, address, social security number and information about your order.

Legal basis: The processing of your personal data is necessary for performance of the contract (Art. 6.1(b) GDPR).

Through the third-party payment service provider you can pay later by invoice. The third-party payment service provider offers you to pay within a certain number of days, or to split your payment.

Shopify is a Payment Service Provider, which you can choose as payment method when you make a purchase from us. If you choose Shopify as payment method, we will transfer personal data necessary for the fulfillment of your order, such as name, e-mail, phone number, address, social security number and information about your order.

Legal basis: The collection of your personal data is necessary for performance of the contract (Art. 6.1(b) GDPR). For complete terms, please visit their website, shopify.com. Shopify Privacy policy

12. Changes and updates to the Privacy Notice

12.1 To reflect customer feedback and changes to the Service, we might from time to time change this Privacy Notice. The latest update date will be shown at the top of the Notice, and the changes are described on the Change History page. If there are significant changes to the Privacy Notice or how Rebecca Stella Beauty uses your personal information, you will be notified via web or email before the changes come into force to the extent required by law. Please read this Privacy Notice from time to time to keep you informed about how Rebecca Stella Beauty protects your personal information and privacy.

Summary: We will update this Privacy Notice as we update how we process your personal data.

13. Questions, concerns or complaints

Responsibility for customers and users lies with:

Valley Beauty Brands AB
org. nr. 556933-4849
Birger Jarlsgatan 37b, 4 tr
111 45 Stockholm Sweden

To ask questions or comment about our Privacy Notice and our privacy practices, contact our group privacy team at: privacy@rebeccastella.com

You are also welcome to contact our data protection officer at:

Sharp Cookie Advisors AB

with lead attorney Sofia Edvardsen

P.O. Box 45411,
SE-104 31 Stockholm
Sweden

dpo@rebeccastella.com

+46 281-714 90

Change History:

April 2023: Privacy Notice published on the website.