FOR MORE INFORMATION, E-MAIL: email@example.com
Date of publication: 10 January 2022
Effective date: 10 January 2022
1. General provisions
1.2. This Policy sets out the personal data processing rules which Self employed Olga Sukhikh, T.I.C. 05630160P Trade name: Lolly Shine Photography, CY — 4530, Limassol, Panagias Chryseleousas 52 Foinikaria, phone number: +357 9675858, e-mail: firstname.lastname@example.org (referred to in this Policy as “We”, “Us” or “Our”) may obtain from the User who accepts the Offer on the Website and while the User is on the Website.
1.3. This Policy defines the principles, scope, purposes, retention period, legal basis and procedure for processing personal data, as well as the rights of personal data subjects.
1.4. By using the Website and/or providing his/her personal data, the User consents to the automated and non-automated processing of their personal data in accordance with the objectives of the Policy and the methods provided therein.
1.5. The specified Policy is publicly available and is intended for all Users of the Website. By using the Website, the User confirms that he has read this Policy and fully agrees to all its terms and conditions.
2. Basic definitions used in the Policy
2.1. Personal data means any information relating to an identified or identifiable natural person (data subject) — User of the Website https://lollyshine.com/.
2.2. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.3. User — any visitor to https://lollyshine.com/ Website (referred to as either “You” or “Your” in this Policy).
2.4. Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
2.5. Website — a set of graphic and informational materials, design, images, photo and video materials, other results of intellectual activity, as well as programs for computers and databases, making them available on the Internet at the network address https://lollyshine.com/.
2.6. Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.7. Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
2.8. Automated processing of personal data - processing of personal data by means of computer technology.
2.9. Distribution of personal data - any actions aimed at disclosure of personal data to an indefinite range of persons (transfer of personal data) or to familiarize with personal data to an unlimited range of persons, including publication of personal data in mass media, placement in information and telecommunication networks or providing access to personal data in any other way.
2.10. Cross-border transfer of personal data - transfer of personal data to the territory of a foreign country to a foreign authority, foreign individual or foreign legal entity.
2.11. Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
2.12. Personal data depersonalization - actions, as a result of which it is impossible to determine, without using additional information, belonging of personal data to a particular User or other personal data subject.
2.13. Blocking of personal data - temporary stopping of personal data processing (except cases, when processing is necessary to clarify personal data).
2.14. Destruction of personal data - any actions, as a result of which personal data is destroyed irretrievably with impossibility of further restoration of content of personal data in information system of personal data and (or) as a result of which tangible carriers of personal data are destroyed.
3. Principles of personal data processing
3.1. The processing of personal data is based on the following principles:
3.1.1. lawfulness, fairness and transparency;
3.1.2. purpose limitation;
3.1.3. data minimisation;
3.1.5. storage limitation;
3.1.6. integrity and confidentiality.
4. Data collected
4.1. All users can visit the Website without disclosing any personal data. If the User fails to provide the required information requested in the relevant data entry sections and other sections of the Website, it may not be possible to provide the User with certain options for purchasing the products/services presented on the Website.
4.2. You can visit the Website and not provide your personal data, but at the time of the purchase of the products/services, we request Your personal information.
4.3. In order to perform our agreement obligations and for other purposes set out in this Policy, we may ask the User for their personal data. We will process some or all of the following personal data if it is necessary to fulfil our objectives:
- surname, name;
- postal address;
- telephone numbers;
- e-mail address; as well as
- cookies (location information; browser type and version; type of device used to access the Website and its screen resolution; geographical location of the User; time in the User’s region; information about the User’s navigation and activity; ip address);
- a copy of the exchanges between Us and the User.
4.4. We do not process personal data relating to special categories, such as racial or national origin, political opinions, religious or philosophical beliefs or intimate life, or criminal records.
4.5. We do not process biometric personal data.
5. Non-personal information
5.1. When entering the Website some non-personal information (such as browser type, device type for entering the Website, geographical location of the User, time in the region of the User, etc.) can be automatically recorded. This information is used to improve the query, the content and the functionality of the Website and can be further used by Us or passed on to third parties.
5.7. The information contained in the cookie is only used for the above purposes, after which the data collected will be stored on your device for a period, which may depend on the type of cookie concerned, but no longer than necessary to achieve their purpose, after which it will be automatically deleted from Your system.
5.8. You can find information on how to disable cookies or change Your browser’s cookie settings by clicking on the following links:
– Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
5.9. Blocking and deleting all cookies can negatively affect the usability of many Websites. If You block cookies, You may not be able to use certain functions on the Website (accessing content, using search functions, etc.).
5.10. We have the right to use the Google Analytics service. The User is obliged to acquaint him/herself with the terms and conditions of this service at the address: https://policies.google.com/technologies/cookies?hl=en https://policies.google.com/privacy?hl=en
6. Purposes of processing of personal data
6.1. We will only use Your personal data if it is permitted by law.
6.2. All information received from Users is used by Us for the following purposes:
— to fulfil contractual obligations (Personal information We collect for these purposes might include: surname, name; postal address; telephone numbers; e-mail address);
— establishing feedback with the User, processing of enquiries and orders from the User (Personal information We collect for these purposes might include: name; postal address; telephone numbers; e-mail address);
— providing customer support to the User (Personal information We collect for these purposes might include: name; telephone numbers; e-mail address);
— receiving feedback — reviews and recommendations — from Users (Personal information We collect for these purposes might include: name; telephone numbers; e-mail address);
— compliance with the law, as well as the consideration of claims and lawsuits (correspondence between Us and the User: message and request details, time and date, content of messages; log files of actions performed by You within the use of the Website);
— analytics of the User’s actions on the Website and the functioning of the Website (cookies).
6.3. The anonymised User data collected through Internet statistics services are used to collect information about the User’s activities on the website and to improve the quality of the Website and its contents.
7. Legal basis for processing personal data
The processing of the User’s personal data is based on the following legal grounds:
7.1. The European Union General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, Directive (EU) 2016/680) https://gdpr-text.com/, which came into effect May 25, 2018;
7.2. Article 16(1) of the Treaty on the Functioning of the European Union (TFEU);
7.3. Article 8(1) of the European Union Charter of Human Rights;
7.4. Legislation of the Republic of Cyprus aimed at protecting individuals with regard to the processing of their personal data;
7.5. User’s consent to the processing of personal data;
8. User rights
8.1. You has the right to access and download personal information and the right to receive information concerning the processing of Your personal data, by sending a written request to email@example.com (Article 15 GDPR).
8.2. A User who voluntarily provides his personal data and uses the Website gives his consent to the processing of personal data. The User may withdraw this consent at any time and request the deletion/blocking of their personal data ((“right to be forgotten”) by sending a written notice of withdrawal to firstname.lastname@example.org. Deleted data can be stored in third party systems: in cache memory, search engines, interconnected proxy servers, etc. (Article 17 GDPR).
8.3. You have the right to request Us to restrict the processing of Your personal data, subject to the conditions specified in Article 18(1) of the European Union General Data Protection Regulation (GDPR) https://gdpr-text.com/read/article-18/.
8.4. The User has the right to data portability. You have the right to receive the personal data you have provided to Us in a structured, commonly used and machine-readable format and You have the right to request that We transfer some of Your data to another controller by sending Your request in writing to email@example.com. We will comply with Your request, if possible, within 30 days of receiving it (Article 20 GDPR).
8.5. You is entitled to rectify (update, complete) the personal information provided by You or part of it by sending a written notification of changes to firstname.lastname@example.org. (Article 16 GDPR).
8.6. You have the right to object, on grounds relating to Your particular situation, at any time to the processing of Your personal information based on Article 6 (1) (e) or (f) of the GDPR https://gdpr-text.com/read/article-6/. (Article 21 GDPR).
8.7. The User (data subject) has the right to lodge a complaint with a supervisory authority, in particular in a Member State of his or her habitual residence, place of work or place of alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the European Union General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, Directive (EU) 2016/680) https://gdpr-text.com/. However, We would appreciate the chance to deal with Your concerns before You make a complaint, so please contact Us in the first instance at email@example.com (Article 77 GDPR).
9. Processing of personal data
9.1. The processing of personal data of the Website User (data subject) is carried out with his consent. The subject of personal data decides for himself/herself to provide his/her personal data and gives consent freely, of his/her own free will and in his/her own interest.
9.2. Consent to the processing of personal data of the subject is expressed by providing personal data by filling out forms on the Website and accepting the terms of the relevant agreements.
9.3. The User’s personal data is processed on the Website only if they are filled in and/or sent by the User independently through special forms located on the Website. By filling in the relevant forms and/or sending his personal data on the Website, the User expresses his consent to this Policy. The user is deemed to have consented to the processing of their personal data when they click on the “Order” button on the order form.
9.4. In some cases We may ask for Your written consent to process certain confidential personal data. If We do so, We will give You full details of the personal data that We would like and the reason We need it, so that You can carefully consider whether You wish to consent.
9.6. The security of personal data, which We process, is ensured by implementing the legal, organisational and technical measures necessary to comply fully with the requirements of current legislation in the area of personal data protection.
9.7. We ensure the safety of personal data and take all possible measures to exclude access to the personal data of unauthorized persons.
10. Disclosure of information
10.1. We do not disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise stipulated by law, an agreement with the personal data subject, is specified in the consent received from the personal data subject to process the personal data, or the personal data is made publicly available by the subject himself.
10.2. In order to fulfil contractual obligations to Users, We may transfer their data to third parties. We may transfer Users' data to these third parties for certain limited purposes, provided that You have given Us Your permission. In doing so, We will be required to enter into confidentiality and non-disclosure agreements with the relevant parties in accordance with the terms and conditions set out in this Policy. These third parties must take appropriate security measures and will be liable directly to You for the way in which they process and protect Your personal data.
10.3. We transmit Your data to the shipping company to the extent necessary for the delivery of the products You have ordered. Provided You have given Us Your consent, We will give Your postal address, name and surname and telephone number to the chosen delivery service provider so that they can contact You to notify You of shipment, coordination prior to shipment and further receipt of the Product.
11. Retention periods for personal data
11.1. The personal data of the User will be processed until the purposes for which the data was originally obtained by any lawful means, including for the purposes of satisfying any legal, accounting, or reporting requirements, as well as during the period necessary to comply with current legislation, including in personal data information systems with or without the use of automation or until the data subject withdraws consent to processing.
11.2. Your information is deleted as soon as it is no longer needed for the purposes stated in this Policy. However, We must sometimes continue to store Your personal information until the retention periods and deadlines set by statute, regulation, or supervisory authorities. We may also retain Your personal information until the statutory limitation periods have expired (usually three years), provided that this is necessary for the establishment, exercise or defense of legal claims. After that, the relevant personal information is routinely erased.
11.3. You may withdraw Your consent to the processing of personal data at any time by sending Us a notice by e-mail to firstname.lastname@example.org with the subject line “Withdrawal of consent to the processing of personal data”. However, this will not affect the lawfulness of any processing carried out before You withdraw Your consent. If You withdraw Your consent, We may not be able to provide certain products or services to You. If this happens, We will let You know.
12. Cross-border transfer of personal data
12.1. Before cross-border transfer of personal data outside the European Union, We will ensure that the foreign country to whose territory the transfer of personal data is supposed to be carried out provides adequate protection of the rights of personal data subjects. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
12.2. The cross-border transfer of personal data on the territories of the foreign countries, which do not meet the above requirements, can be made only if the personal data subject consents in written form to cross-border transfer of his/her personal data and / or fulfillment of the agreement, to which the personal data subject is a party. Where We use certain service providers, We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
13.1. We reserve the right to change the terms of this Policy without prior notice to the Website User.
13.2. The Website User is advised to reread the terms and conditions on their next visit to the Website and to pay attention to possible changes or amendments.
13.4. A new version of the Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy.
13.5. By further using the Website and making purchases on the Website, the User agrees to the new terms of the Policy.
13.6. This document will reflect any changes to the personal data processing Policy.
13.7. The Policy is valid indefinitely until it is replaced by a new version.
13.8. The current version of the Policy is freely available on the Internet at www.lollyshine.com.
14. Applicable law
14.1. All matters relating to the User’s access to and use of the Website must be regulated and interpreted in accordance with the laws of the Republic of Cyprus, and the parties submit to the exclusive jurisdiction of the Cypriot courts.
15. Final provisions
15.1. We recommend that You use the Website only if You are of legal age. We do not collect personal data of minors. Any individual submitting Personal Data to the Website must confirm that he or she is an adult. If We find out that the User is a minor, we will immediately delete their data.
15.2. We do not verify the accuracy of the personal data provided by the Users and does not monitor their legal capacity. We assume that the User provides correct and sufficient personal information on the questions offered in the order/feedback form and keeps this information up to date. The risk of providing inaccurate personal data is the responsibility of the User.
15.3. This Policy only applies to information processed in the course of using the services of the Website. We have no control over and are not responsible for the processing of information by third party Websites that the User can access through the links available on the Website.
15.4. Website content may not be used, in particular copied, published, reproduced, modified, distributed, sold or otherwise used in part or in whole without the written consent of the Self employed Olga Sukhikh, T.I.C. 05630160P Trade name: Lolly Shine Photography, CY - 4530, Limassol, Panagias Chryseleousas 52 Foinikaria, phone number: +357 9675858, e-mail: email@example.com.
15.5. We are not responsible for any loss of data caused by the actions of third parties, including the website hosting provider, software errors, unreliable communication channels, or the illegal actions of hackers and other unauthorised persons. In the event that a security breach of personal data is discovered, We undertake to notify Users, as well as the relevant data protection supervisory authority, of the discovery of the relevant personal data security breach and to make every effort to reduce the negative consequences for Users and identify those responsible.
Controller and responsible for the processing of Your personal data: Self employed Olga Sukhikh, T.I.C. 05630160P Trade name: Lolly Shine Photography, CY — 4530, Limassol, Panagias Chryseleousas 52 Foinikaria, phone number: +357 9675858, e-mail: firstname.lastname@example.org
Self employed Olga Sukhikh,
Unique TAXISnet registration number 05630160200912292
Phone +357 96758580
Country: the Republic of Cyprus