Terms of Use

PRIVACY POLICY

Effective from: 01.01.2011
Last updated: 10.05.2023

Your personal data controller is SIA CRYSTAL ROSE, the owner of the online store onezerocosmetics.lv.
Company registration No. 42403037051
Registered address: “Annas kalns”, Jusi, Griškānu pag., Rēzeknes nov., LV-4601, Latvia.

SIA CRYSTAL ROSE has developed this Privacy Policy (“Policy”) to demonstrate our commitment to protecting your personal data and to inform you about how we process your personal information.

This Privacy Policy describes our data-processing practices in connection with the website onezerocosmetics.lv, the ONE:ZERO mobile applications, and other services we provide to users (collectively referred to as the “Services”).
We will not disclose your personal data to any third party except in the cases described in this Privacy Policy.

Your personal data in Latvia is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation — GDPR).

How to Contact Us

If you have questions about how we collect, store or use your personal data, please contact us by one of the following means:

Email: info@onezerocosmetics.lv

Mail (with the note “Regarding Privacy”):
SIA CRYSTAL ROSE
“Annas kalns”, Jusi, Griškānu pag., Rēzeknes nov., LV-4601, Latvia

ONE:ZERO Services

By using the Services, you may access information and content owned or licensed by SIA CRYSTAL ROSE, its branches and affiliated companies (“ONE:ZERO”).
The Services may also include third-party content distributed under license or other agreements with ONE:ZERO.
In this Privacy Policy, “we”, “us” or “our” refers to ONE:ZERO.

Use of Services and Provision of Information

At times you may choose to provide personally identifiable information to us — for example, when registering, making purchases, subscribing to emails, receiving event invitations, participating in discussions, previewing new services or joining special promotions.

When you register or make transactions through the website onezerocosmetics.lv or a ONE:ZERO mobile application, we collect data about your transactions and other activities.
We require certain information to register and authenticate you, process payments, and deliver goods.

Providing personal data is voluntary, but if you choose not to, we may be unable to achieve the purposes described in this Policy.
Where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing performed before withdrawal.

Scope, Purposes and Duration of Data Processing

We may collect both voluntarily provided information and website-usage data, as described below.

Personally Identifiable Information You Provide

This may include your name, surname, email address, telephone number, date of birth, billing and shipping addresses, permanent identifiers linked to you, and any other data you choose to provide.

We process such information for the following purposes:

1. Registration and Participation in the ONE:ZERO Loyalty Programme

We process your personal data to register you in the ONE:ZERO Loyalty Programme and manage your participation.
Membership enables you to place orders in the ONE:ZERO online store, receive personalised offers, permanent discounts and commercial updates about new products, and enjoy other programme benefits online and in physical stores.

Your data will be used to create or access your ONE:ZERO account, display relevant information, respond to requests, verify accuracy, confirm registration, and communicate with you when necessary (e.g. programme-rule updates).

To create your account and manage participation, we require data necessary for contract conclusion and performance — name, surname and email address.
Without this, registration is not possible.

Data-retention period depends on account activity.
If inactive for two consecutive calendar years, data will be deleted or irreversibly anonymised.

Legal basis: Performance of a contract.

2. Management of Personalised Offers and Other Benefits

Within membership, we process your data to administer personalised offers and benefits (e.g. birthday advantages), using only data necessary for each benefit.

We apply automated decision-making, including profiling, to provide you with personalised offers.
This may include analysing personal and behavioural data (e.g. purchases, account activity) using algorithms or predictive models.
These operations do not produce legal or similarly significant effects on you.

For basic benefits, automated decisions are based on general rules applying to all members (e.g. determining birthday benefits).
For personalised recommendations, algorithms analyse your shopping behaviour and preferences.

Since personalised offers are an essential feature of membership, participation is not possible if you object to such automated processing.

Required data: name, surname, date of birth, purchase history, and user activity in the ONE:ZERO online store.
Retention: deleted or anonymised after two inactive years.

Legal basis: Performance of a contract.

3. Administration of Purchases in the ONE:ZERO Online Store

We process your data to manage purchases in the ONE:ZERO online store — processing orders and payments, issuing invoices, communicating order status, arranging delivery, etc.

To fulfil your order, we need the data required to conclude and perform the contract.
For payment we require payment details; for delivery we require an address.

You may order either by creating an account or as a guest, providing only data needed for the order (name, surname, contact details, payment information).

We use your phone number and email to communicate about your order — for example, confirming receipt, notifying shipment or delivery, or resolving delivery issues.

For delivery, ONE:ZERO may use external service providers.
In such cases limited data (contact, order and delivery details) may be shared with partners acting as separate controllers or processors.
Where data is shared with another controller, ONE:ZERO will reference that controller’s privacy policy.

Required data: name, surname, contact information, order, payment, transaction and delivery details.
Inactive accounts — data deleted or anonymised after two years; order documentation kept 10 years under national law.

Legal basis: Performance of a contract.

4. Compliance with Legal Obligations

We process personal data to comply with legal requirements such as accounting, product liability and safety obligations (e.g. storing order and invoice records).

Required data: name, surname, contact information, order, payment, transaction and delivery details.
Order documentation kept 10 years; other records kept as required by law.

Legal basis: Compliance with a legal obligation.

5. Handling of Customer Claims, Complaints and Suggestions

We process your data to handle claims, complaints, suggestions and reviews of our products.

When submitting a complaint, please include: name, surname, contact details, claim description and supporting documents.
Without this information we cannot evaluate or resolve the claim.
Other categories of data mentioned in this Policy may also be processed.

Data relating to claims or suggestions is kept no longer than two years from receipt, unless still under review or litigation, in which case until resolution plus one year.
Product reviews are kept while the product remains available online.

Legal basis:
– Compliance with a legal obligation (for complaints)
– Legitimate interest (for product reviews and service improvement).

6. Surveys

We may process your data to invite you to participate in surveys collecting customer feedback to improve our services.
If you have consented to marketing communications, we may send surveys via your chosen channel; otherwise surveys may be posted on our website or in stores.
Participation is voluntary.

Surveys are anonymous unless linked to a prize draw.
For non-anonymous surveys we may need: name, surname, contact information, purchase history, opinions and feedback.
Survey data is retained up to one year after the draw ends.

Legal basis: Your consent.

7. Lotteries, Games and Contests

We process your data to administer ONE:ZERO or supplier lotteries, games or contests when you choose to participate — to identify winners, award prizes and record results as required by law.

Participation requires providing personal data; otherwise you cannot enter or receive prizes.
Identity will be verified before prize issue.

Required data: name, surname, contact information, purchase history and user activity.
Winner names appear in prize-receipt acts and protocols stored five years; other participant data retained up to two years after completion.

Legal basis: Your consent and our legal obligation to document lotteries.

8. Sending of Commercial Communications

We process your data to send marketing messages such as personalised offers, discounts, promotions, news, events and new product updates via email, SMS or browser notifications.
You may also subscribe to marketing news without joining the Loyalty Programme.

We use automated decision-making and profiling to ensure relevant communication, analysing your provided and behavioural data.
These operations have no legal or similar significant effect on you.

You may opt out at any time by emailing info@onezerocosmetics.lv
or clicking the unsubscribe link in any message.
After opting out, your settings will be updated so that no further direct-marketing messages are sent.

Required data: name, surname, date of birth, contact information, purchase history, usage of benefits, consents, shopping-cart status, device information.
Data processed until consent is withdrawn.

Legal basis: Your consent.

9. Information Security, Fraud Prevention and Legal Claims

We may process your data to establish, exercise or defend legal claims and to prevent or stop fraudulent or illegal activities, gather evidence and ensure information security.

Required data: any categories mentioned in this Policy.
In case of legal claims, data kept for the duration of investigation or proceedings and three years after closure.
Security audit logs stored up to 18 months, unless law requires longer.

Legal basis: Legitimate interests in protecting rights and ensuring information security.

10. Statistical and Market-Research Purposes

We process data for statistical analysis to observe, assess, improve and expand our online-service offerings.
For these purposes we do not process directly identifying data such as name or contact details.

Required data: membership information (e.g. duration, registration year), orders, deliveries, payments, purchase history, preferences, activity within the Loyalty Programme and feedback.
Data retained only as long as necessary to fulfil legitimate interests.

Legal basis: Legitimate interest in improving and expanding our services.

Information Sharing

ONE:ZERO will not disclose your personally identifiable data to third parties without your consent, except in the following cases:

To service providers (e.g. payment processors, couriers) acting for or on behalf of ONE:ZERO, who must handle data in accordance with this Policy and use it only to perform their services.
Current provider: OMNIVA SIA (Reg. No. 40103527192).

Where disclosure is required by law to supervisory or law-enforcement authorities.

To entities acquiring all or part of ONE:ZERO in a merger, acquisition or reorganisation.

To insurers or professional advisers for risk management or legal purposes.

With your consent, to marketing partners providing promotional services.

ONE:ZERO strives to process personal data within the EU/EEA.
If transferred outside the EU/EEA, adequate safeguards (e.g. EU Commission adequacy decisions or Standard Contractual Clauses) will be applied.
Information on such safeguards is available upon written request.

ONE:ZERO is not responsible for data you provide on other websites.
If you voluntarily disclose information elsewhere, others may collect and use it, possibly resulting in unsolicited communications.

Data Storage and Business Transactions

In case of corporate restructuring — such as sale, purchase, merger or joint venture — personal data may be disclosed to or received from involved parties under confidentiality and appropriate protection measures.

Your Rights

Under data-protection laws you have the following rights:

Right to be informed about processing of your personal data;

Right of access to your personal data we hold;

Right to request rectification of inaccurate or incomplete data (most data can be edited in your account);

Right to request erasure (“right to be forgotten”);

Right to restrict processing;

Right to object to processing;

Right to object to direct-marketing processing;

Right to data portability;

Right to withdraw consent at any time;

Right to lodge a complaint with a supervisory authority.

To exercise these rights or ask questions, contact info@onezerocosmetics.lv
.
Clients can also manage settings directly in their profile on onezerocosmetics.lv.

Access to Your Data

You have the right to obtain confirmation whether we process your data and, if so, access a copy together with information about purposes, categories, recipients, etc.
We may refuse access where permitted by law.

Rectification

You have the right to correct inaccurate or incomplete personal data.

Restriction of Processing

You may request restriction where:

accuracy is contested;

processing is unlawful but you oppose erasure;

data is no longer needed but required for legal claims; or

you have objected pending verification.

During restriction, we may store but not further process your data except with consent or for legal claims, protection of others’ rights, or important public interest.

Objection

You may object to processing based on legitimate interests.
We will cease processing unless we demonstrate compelling legitimate grounds overriding your interests or for legal-claim purposes.
You may also object to direct marketing (including profiling) at any time, after which such processing will stop.

Data Portability

You may request to receive your data in a structured, commonly used and machine-readable format, or transmit it to another controller, where processing is based on consent or contract and carried out by automated means.

Withdrawal of Consent

Where processing is based on consent, you may withdraw it at any time; this does not affect processing prior to withdrawal.

Right to Complain

If you believe we have infringed data-protection laws, you may lodge a complaint with the Data State Inspectorate
(Datu valsts inspekcija, Elijas iela 17, Rīga, LV-1050, https://www.dvi.gov.lv/lv/
).
We encourage contacting us first to resolve any issue amicably.

Data Deletion

As stated above, you have the right to request deletion of your personal data.

To request deletion, please email info@onezerocosmetics.lv
.
Upon receipt, we will act in accordance with the GDPR.
Data must be erased when:

no longer necessary for the purposes collected;

consent is withdrawn and no other legal basis applies;

you object to processing based on legitimate interests;

data is processed for direct marketing;

data has been unlawfully processed; or

erasure is required by applicable law.

Certain exceptions apply — for example, where processing is necessary to exercise freedom of expression or information, fulfil legal obligations, or establish, exercise or defend legal claims.
We will assess applicability in each case.
Where erasure is required, data will be deleted.

Note that data will not be deleted if processing is necessary to comply with legal obligations or defend legitimate claims.