At Rilevi we are committed to protecting the privacy of our clients, we assume our responsibility with the utmost rigor regarding the security of our clients’ information. We will be clear and transparent about what information we are collecting and what we will do with that information.
This policy establishes the following:
What personal data we obtain and process in relation to you as a customer, your use of our website (rilevi.com).
Where do we get that data from?
What do we do with that data?
How we store them.
To whom we transfer/disclose that data.
How we manage your data protection rights.
And how we comply with data protection regulations.
All personal data is obtained and processed in accordance with the data protection laws of Spain and the EU.
Responsible for data processing
In this policy, “Riveli” (which is referred to in this document as “we”, “us”, “our”, “Riveli” or “Riveli“) refers mainly to Cosminlab SL , the company owner of the Riveli cosmetics brand. Riveli is the “controller” of all personal data obtained and used about Riveli customers, for the purposes of the Spanish Data Protection Law of 2018. Riveli is a company registered in Spain with CIF number B-87461190 and registered in the Mercantile Registry of Madrid in Volume 34,226, Sheet M-615696, Folio 39, Section 8, first entry.
What personal data we obtain from our customers
The term “Client” will apply both to those users subscribed to Riveli, and to those users who register to purchase Riveli products.
By “personal data” of our customers we mean any information related to you that allows us to identify you.
We will obtain your personal data when you provide it during registration on the Riveli website. Specifically, we may obtain the following categories of information:
a. Contact details . Name, surnames, tax identification number, email, telephone number, address for billing purposes, shipping address.
b. Communications . The communications that you exchange with us or direct us by letter, email, chat service, calls and social networks.
For what, why and for how long we use the personal data of our clients
The data of our clients can be used for the following purposes:
a. Contact our customers to send products, recommendations for use, order management, information on resolution of incidents, sending invoices, or sending notifications regarding the use of the web. These communications are not for commercial purposes.
c. Contact our clients to notify possible changes in the conditions of the Riveliservice or sending information related to the subscription. These communications may have commercial purposes.
d. Administrative or legal purposes. We use our customers’ personal data to perform statistical and marketing analysis, test systems, conduct customer surveys, carry out maintenance and development operations, or to resolve a dispute or claim. Please note that we may carry out data profiling based on the data we have obtained from you for the purposes of statistical and marketing analysis. Any profiling activity will be carried out only with your prior consent and with reasonable efforts to ensure that all data on which it is based is correct. By providing us with any personal data, you, as a customer,
and. Communications with customer service. We use our customer data to manage our relationship with them as our customers and to improve our services and your experience with us.
F. Marketing. From time to time we will contact our customers through electronic communications to provide information regarding promotions of Riveli products or possible provision of new products. In all electronic communications we send you, you will have the opportunity to indicate that you no longer wish to receive direct marketing material from us.
g. We will only process the personal data of our clients when we have legal bases to do so. The legal bases will depend on the reasons why we have obtained them and why we need to use your personal data.
We may also process the personal data of our customers for one or more of the following reasons:
- To comply with a legal obligation that is required of us.
- Because the customer has agreed to us using their personal data (for example, for marketing-related purposes).
- To satisfy our legitimate interests in our operation as service providers, for example, for administrative purposes.
We will not keep the data of our clients for longer than is strictly necessary to fulfill the purposes for which they are being processed. In determining the appropriate retention period, we will take into account the amount, nature, and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.
We will also need to take into account the periods for which personal data may need to be retained in order to comply with our legal obligations or to resolve complaints or queries and to protect our legal rights in the event of a claim.
When we no longer need our customers’ personal data, we will securely delete or destroy it. We will also consider whether and how we can reduce the personal data we use over time, and whether we can anonymize your personal data so that it can no longer be associated with our customers or identify you, in which case we may use such information without notice.
Security of the personal data of our clients
We follow strict security procedures when storing and disclosing your personal data, as well as to protect it from accidental loss, damage or destruction. The data you provide us is protected with SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting data so that it can be transferred securely over the Internet.
Payments for Riveli products are made with the secure payment platform of Banco Sabadell ( http://www.bancsabadell.com ). Riveli does not collect any data related to payment , since both the collection of payment data and the charge is carried out by the payment platform, and to which Riveli does not have access.
International data transfer
Riveli carries out its activity only in Spain.
How our customers’ personal data is shared
a. Trusted service providers we use to conduct our business, such as legal and other professional advisers, and providers of cloud services and email marketing services, who help deliver the service to our clients.
Cookies are small identifiers that a server stores in the terminal used to access our website or our services. Cookies contain information that can be read automatically when accessing our services and that allows a more efficient and better use of our services.
What kind of cookies do we use?
Session cookies . They are temporary cookies that allow you to keep track of your movements within the pages, and are deleted when you leave the web page. These cookies serve to avoid having to request information that you have already provided us, and to avoid asking you to authenticate yourself each time you browse our website.
Permanent cookies . They are the ones that are registered and are read every time you make a new visit to our website. Permanent cookies will remain in the terminal until you delete them, but in any case, less than 60 days. These cookies help us remember your information and settings when you visit our website, so you can get faster and easier access by not having to log in again.
Here are some links that explain how to disable these cookies in different browsers:
Your data protection rights
Under certain circumstances, by law you have the right to:
Request information about whether we have personal data about you and, if so, what data it is and why we have it or are using it.
Request access to your personal data (request commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data we hold about you. This enables you to correct any incomplete or incorrect information we hold about you.
Request the deletion of your personal data. This enables you to ask us to remove or erase your personal data where there are no overriding legitimate reasons for further processing it. You also have the right to ask us to remove or erase your personal data where you have exercised your right to object to processing (see next section).
Object to processing of your personal data where that processing is based on our legitimate interests (or those of a third party) and there is something about your particular situation that makes you want to object to processing on that basis. You also have the right to object when we are processing your personal data for direct marketing purposes.
Object to automated decision-making, including profiling , meaning not to be subject to any automated decision-making by us using your personal data or profiling you.
Request the limitation of the processing of your personal data. This enables you to ask us to stop processing your personal data; for example, if you want us to determine their accuracy or the reason for processing them.
Request the transfer to you or to a third party of your personal data in an electronic and structured format (commonly known as the right to “data portability”). This enables you to take the data we hold about you in a commonly used electronic format and to be able to transfer your data to a third party in a commonly used electronic format.
Withdraw your consent. In the limited circumstances where you have consented to the collection, processing and transfer of your personal data for a specific purpose, you have the right at any time to withdraw your consent to that specific processing. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose(s) you originally agreed to, unless we have another legitimate basis for continuing to do so under law.
If you want to exercise any of these rights, please contact us at firstname.lastname@example.org or by post at the address in the “Data Controller” section of this document.
You will not have to pay any fee to access your personal data (or to exercise any of your other rights). However, we may charge you a reasonable fee if your access request is unfounded or excessive. Otherwise, in such circumstances, we may also refuse to comply with your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to anyone who has no right to receive it.