This Privacy Policy explains how Beauty Store DOO (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit or shop at [website domain].

1) Who we are (Data Controller)

Data Controller: [Legal entity name / Beauty Store DOO]
Address: [4821 Blossom Avenue, San Francisco, USA]
Email: [privacy@domain.co]
Phone: [+1 (415) 555-0184]

2) What personal data we collect

Depending on how you use our website, we may collect:

• – Identity and contact data: name, email, phone number, billing/shipping address

• – Order data: products purchased, order history, returns, customer support messages

• – Payment data: we do not store full card details; payments are processed by secure payment providers

• – Account data: login credentials (stored securely/hashed), preferences, saved items

• – Technical data: IP address, browser type, device info, pages visited, cookies, and similar technologies
  
  

3) Why we process your data (purposes)

We process personal data to:

• – Create and manage your account

• – Process orders, deliver products, and handle returns/refunds

• – Provide customer support and respond to requests

• – Prevent fraud, secure our services, and enforce our terms

• – Improve our website performance and user experience

• – Send marketing messages only when permitted (e.g., with consent or where “soft opt-in” applies)
  
  

4) Legal bases under GDPR

We rely on these legal bases:

• – Contract: to fulfill your order and provide the services you request

• – Legal obligation: accounting, tax, and consumer protection requirements

• – Legitimate interests: fraud prevention, basic analytics, service improvement (balanced with your rights)

• – Consent: for optional cookies and certain marketing activities (you can withdraw consent anytime)
  
  

5) Cookies and similar technologies

We use cookies to:

• – Keep the site working (essential cookies)

• – Remember preferences (functional cookies)

• – Measure site performance (analytics cookies)

• – Support marketing (marketing cookies, where used)

You can manage cookie preferences via [cookie banner/settings link] and adjust browser settings anytime.

6) Who we share data with (processors)

We share personal data only when needed to operate our store, such as with:

• – Payment providers (to process payments)

• – Delivery/courier services (to ship orders)

• – Hosting and IT providers (website infrastructure)

• – Customer support tools (if used)

• – Analytics/marketing providers (only as configured and where lawful)
  
  

All partners must protect their data and use it only for the agreed-upon purposes.

7) International transfers

If any service providers process data outside the EEA, we use appropriate safeguards such as:

• – EU Standard Contractual Clauses (SCCs), and/or

• – other lawful transfer mechanisms recognized under GDPR.
  
  

8) Data retention

We keep personal data only as long as necessary:

• – Order and invoice data: typically retained for the period required by tax/accounting laws

• – Account data: kept until you delete your account (unless we must retain some data for legal reasons)

• – Marketing: until you unsubscribe or withdraw consent
  
  

9) Your rights (GDPR)

You may have the right to:

• – Access your data

• – Correct inaccurate data

• – Request deletion (“right to be forgotten”)

• – Restrict or object to certain processing

• – Data portability (in certain cases)

• – Withdraw consent (where processing is based on consent)
  
  

To exercise your rights, contact us at the privacy email.

10) Security

We use reasonable technical and organizational measures to protect personal data, including access controls and encryption where appropriate. No system is 100% secure, but we work to keep your data protected.

11) Children’s privacy

Our store is not intended for children under the age required by applicable law to consent to the processing of their data. If you believe a child has provided us data without appropriate consent, please contact us.

12) Complaints

If you have concerns, contact us first. You also have the right to lodge a complaint with your local data protection supervisory authority in the EEA.