PRIVACY POLICY AND DATA PROTECTION

Thank you for visiting our website. Adherence to established legal measures for personal data protection is extremely important to us. The purpose of this privacy policy is to inform the website user about the nature, scope, and purpose of personal data processing and the rights they have in case they are a data subject as defined in Article 4, Section 1 of the European General Data Protection Regulation. The privacy policy outlined below takes into account new provisions in line with the European General Data Protection Regulation (GDPR), which has been in effect since May 25, 2018.

1) Administrator

This website, domain, and the services it offers are owned and managed by: Laska ot Prirodata EOOD, UIC № 203801471, with address: Bulgaria, Sofia 1164; email: hello@yoghcosmetics.com.

2) General Information

Our website is designed in such a way as to collect the least amount of data from you. It is generally possible to visit the site without entering personal data. The processing of personal data is only necessary if you choose to use certain services (e.g., ordering a product or using the contact form). However, in these cases, we ensure that at all times, personal data processing is carried out in accordance with legal requirements or with your consent. We comply with the provisions of the European General Data Protection Regulation (GDPR), which came into effect on May 25, 2018.

3) Definitions

According to the GDPR, the terms used in this privacy policy are defined as follows:

  • ‘Personal data’ means any information related to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
  • ‘Processing’ means any operation or set of operations performed on personal data or sets of personal data by automated or other means, such as collection, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing through transmission, distributing, or otherwise making available, aligning or combining, restricting, erasing, or destroying.
  • ‘Restriction of processing’ means marking stored personal data with the aim of limiting its processing in the future.
  • ‘Pseudonymization’ means processing personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such information is kept separately and is subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable individual.
  • ‘Controller’ means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • ‘Processor’ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  • ‘Recipient’ means a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether a third party or not. Public authorities that may receive personal data in the course of a specific inquiry in accordance with Union or Member State law are not considered recipients; the processing of such data by those public authorities is subject to applicable data protection rules in accordance with the purpose of the processing.
  • ‘Third party’ means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, have the right to process personal data.
  • Consent of the data subject’ means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they, by a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.

4) Consent

Sometimes, when you visit our website, we will collect certain personal data related to you. We need your consent to do this. This information will primarily be in the contact and services section in case you contact us via the contact form, request a newsletter, make an inquiry, or use any of our services on the website (e.g., when subscribing to something).

Consent Declaration:

By using the forms on our website, you give your consent for us to collect your personal information and use it in the ways described in this privacy policy. You may withdraw this consent effectively at any time by sending us an appropriate message. However, please note that you will not be able to use our services without providing us with consent. To withdraw your consent, please contact us using the methods listed above (in this case, you will need to provide your name, email address, and residential address).

5) Purpose and Legal Basis for Processing Personal Data

We process personal data necessary for the legitimization, processing, and execution of the services we offer, using Article 6, Section 1(b) of the GDPR as the legal basis. If we need to use external service providers for authorized data processing, the legal basis for such processing will be Article 28 of the GDPR.

We collect, process, and use personal data only for the following purposes:

  • When making contact and related correspondence: Based on your consent.
  • When responding to your inquiry and providing additional advice you need: Based on your consent.
  • Sending newsletters, subscribing to services: Based on your consent.
  • To ensure our website is presented to you in the most effective and interesting way: Based on legitimate interests.
  • For the technical implementation of our services: Based on legitimate interests.
  • Registering as a user of YOGHSOAP; leaving product reviews: Based on your consent.
  • Participation in lotteries and contests: Based on your consent.

Additional purposes may be added if necessary.

6) Collection and Processing of Personal Data

We collect and process your personal data only when it is voluntarily provided by you with your knowledge, for example, when you fill out a contact form or send us an email. This initially applies to the following data in available forms for completion:

  • Contact Form: Address, First Name*, Last Name*, Phone Number, Email*, Street, House Number, Postal Code, City/Village, Inquiry*, Message.
  • Newsletter: Address, First Name*, Last Name*, Email*.
  • Subscribing to YOGH Services: Address, First Name*, Last Name*, Phone Number, Email*, Street, House Number, Postal Code, City/Village.
  • YOGH User Profile: Salutation, Address, First Name*, Last Name*, Email*, Password*.

Mandatory fields are marked with an asterisk (*).

The personal data you share and their content are used only by us and the companies affiliated with us. We store and process your data only for the purposes listed in Section 5 above. Any use other than the identified purposes requires your explicit consent. The same applies to the transfer and disclosure of your data to third parties.

7) General Logs

Information about the connecting computer (IP address), which of our pages you visit, the date and duration of your visit, the identification information of the browser and operating system type, the pages that direct you to our site, and successful accesses are temporarily stored by the web server in log files. The technical administration of the web pages and the anonymous collection of statistics allow us to evaluate access to YOGHSOAP services and improve data protection and security within our company to ensure the highest level of protection for the personal data we process.

Server logs are stored separately from any other personal data you have entered within the past 12 months for analytical purposes and are then deleted.

8) Cookies

We use cookies and similar technologies to provide you with personalized online services.

Cookie Usage Declaration

On our website, information is collected and stored in the form of cookies in your browser.

What are cookies?

Cookies are small text files that are stored on the data carrier and save specific settings and data for interacting with our system via your browser. A cookie usually contains the domain name from which it was sent, the age of the cookie, and an alphanumeric identification code.

Why do we use cookies?

Cookies allow our system to recognize the user's device and activate any predefined settings. Once the user logs into the platform, the cookie is sent to the hard drive of their computer. Cookies help us improve our website and provide you with better service tailored to your needs. They enable us to recognize your computer and/or (mobile) device when you return to our site, allowing us to:

  • Retain information about your preferences on the site to tailor it to your personal interests.
  • Speed up the processing of your searches.
  • Work with third parties to make the online service and website more attractive to you.

You may adjust your cookie settings at any time to control their use. If you choose to block cookies, the functionality of the website may be limited for you.

9) Social Plugins

This website has integrated social media sharing features. YOGHSOAP does not record any personal data through the use of social plugins or in connection with their use.

10) Newsletter

When you register for email newsletters, YOGHSOAP asks for your address, name, and email address where the newsletter will be sent. Any other information is voluntarily provided and used to address you more personally, to personalize the newsletter, and to respond to your inquiries via your email address.

If you register for the newsletter on this site, YOGHSOAP will use the entered data exclusively for this purpose or to inform you about any circumstances related to the specific service or its registration.

You must enter a valid email address in order to receive the newsletter. The IP address from which you register for the newsletter and the date of the order are also stored. This data is used as proof by YOGHSOAP in case of abuse, if an unknown email address is registered for the newsletter. To ensure that the email address was entered correctly in YOGHSOAP’s mailing list, we send a confirmation email to the registered email address. Only after confirming your registration by clicking a link in this email will you begin receiving the desired newsletter. As part of the process, the ordering of the newsletter, receipt of the confirmation email, and confirmation of registration are recorded.

At any time, you can effectively withdraw your consent for storing the data, your email address, and its use for receiving the newsletter in the future. YOGHSOAP sends a link in every newsletter that you can use to withdraw your consent. You can also communicate your withdrawal in writing to the contact email provided above.

11) Product Reviews

On this page, you can leave reviews for cosmetic products. The review is published under your full name and the initial of your last name. Therefore, you must use your first name, last name, and email address to create a user profile and log into it. A pseudonym in the form of your full first name and the first letter of your last name is used when authorship of reviews is indicated. The associated identifying details are known only to the administrator.

12) YOGHSOAP Product Testers

If you are selected as a tester for YOGHSOAP products, we will store your postal address, as well as your first and last name. We will use your postal address only to send testing products and, when necessary, rewards.

13) Facebook Games

Personal data is stored only during the game to ensure the smooth sending of rewards. After the game ends, the data is deleted. In some individual cases, the data may be transferred to an external service provider. The participant can withdraw their consent for storing this data at any time by contacting us at hello@yoghcosmetics.com, thereby terminating their participation.

The participant also agrees, when applicable for the game, that their photo or product review, published with their full first name and initial of the last name, may be published in connection with the game and the won prizes, with our approval, on the YOGHSOAP website or on our Facebook and Instagram pages. The participant is responsible for the legality of the uploaded photos, especially regarding copyright. YOGHSOAP reserves the right not to approve photos or texts with obviously illegal content (these photos will not be displayed publicly and will be disqualified from the game).

14) Use of Third-Party Content and Services

Our website uses content and services from other providers. Such providers include, for example, maps and videos provided by Google Maps and YouTube. IP address data must be provided to make this information available and visible in the user’s browser. Therefore, these providers (hereinafter referred to as ‘third parties’) use the user’s IP address.

Although we try to work only with third parties who need only your IP address to provide content, we cannot influence whether this IP address will be stored. This process occurs for statistical reasons and similar purposes.

Use of Google Analytics

This site uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”).

Google Analytics also uses cookies, i.e., text files that are stored on your computer and allow the analysis of your use of the website. The information obtained by the cookie is typically transferred to Google’s server in the USA and stored there.

Google will use this information on our behalf to evaluate your use of our site, compile reports on activities on the site, provide additional services related to the use of the site or the use of the internet, and provide this information to us, the website administrator. The IP address provided by your browser as part of Google Analytics is not combined with other Google data.

You can prevent the storage of cookies by using the appropriate settings in your browser software. However, please note that in this case, the functionality of the site may be limited for you.

Also, you can prevent the data collection by Google concerning your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin from the following link: Google browser plugin.

Google LLC, headquartered in the USA, is certified under the EU-U.S. Privacy Shield Framework, ensuring compliance with personal data protection levels required by the European Union.

For more information on the use of personal data by Google Analytics, please read Google’s Privacy Policy: Google Analytics Data.

You can find Google’s Privacy Policy here: Google Privacy Policy

Use of DoubleClick

This website uses Google’s marketing tool DoubleClick, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“DoubleClick”).

DoubleClick uses cookies to create suitable ads for the user, improve campaign performance reports, or prevent the same user from repeatedly seeing the same ads. Google uses the cookie identification number to track which ads appeared in which browser and thus prevents continuous display of the same ad. The processing is based on our interest in optimal marketing of our site, in accordance with Article 6, Section 1(f) of the GDPR.

DoubleClick may also use the cookie identification number to track conversions, which are linked to ad requests. This happens when a user sees a DoubleClick ad and then uses the same browser to visit the advertiser's site and make a purchase there. According to Google, DoubleClick cookies do not contain any personal information.

Due to this marketing tool, your browser automatically establishes a direct connection to Google’s server. We cannot influence the scope and further use of the data collected through the use of this Google tool, and thus we inform you about everything we know. Integration of DoubleClick tells Google that you have visited a specific part of our site or clicked on one of our ads. If you are registered for Google services, Google will assign this visit to your profile. Even if you do not have a Google account or are not logged in, the provider may detect your IP address and store it.

If you wish to opt out of this tracking service, you can deactivate conversion tracking cookies by changing your browser settings and blocking all cookies with the domain www.googleadservices.com at https://www.google.com/settings/ads. This setting will be deactivated if you delete all cookies in your browser. Alternatively, you can learn more about the use of cookies by the Digital Advertising Alliance at www.aboutads.info and change your settings accordingly. Finally, you can set your browser to notify you whenever cookies are used and decide whether to accept them one by one, only in certain cases, or reject them entirely. If you refuse to accept cookies, the functionality of our site may be limited for you.

Google LLC, headquartered in the USA, is certified under the EU-U.S. Privacy Shield Framework, ensuring compliance with personal data protection levels required by the European Union.

Please visit the page below for more information about DoubleClick and Google’s data protection measures: www.google.de/policies/privacy

Use of Retargeting Tools

On our website, https://www.yoghcosmetics.com/, we use a technology called retargeting. We use retargeting to categorize different website users into user groups. Depending on the user group, we then target visitors to the page with personalized ads for our products or services on other websites or applications.

For this purpose, we use the following products provided by service providers: ‘Facebook Custom Audience’/’Facebook Pixel’/’Google AdWords User Lists’/’Google Dynamic Remarketing’

‘Facebook Custom Audience’ and ‘Facebook Pixel’
Facebook Custom Audience and Facebook Pixel are products of Facebook Ireland Ltd., Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (“Facebook”). Our website uses Facebook’s Facebook Pixel, which creates a direct connection to Facebook’s servers. Therefore, the fact that you visited our site is transferred to Facebook’s server. Facebook attributes this information to your personal Facebook profile if you have such a profile and are logged into it. If you visit other sites that use Facebook Custom Audience/Facebook Pixel, this information is also associated with your personal profile. However, we cannot see which other pages you visit. If you are not a Facebook user or are not logged into your profile when you visit our site, your visit will not be attributed to your Facebook profile.

For more information about privacy protection on Facebook, please visit Facebook’s privacy information at www.facebook.com/about/privacy. Specifically, you can manage the content and information you share while using Facebook through the ‘Activity Log’ tool or download data from Facebook via the ‘Download your data’ tool.

‘Google AdWords User Lists’ and ‘Google Dynamic Remarketing’
Google AdWords User Lists and Google Dynamic Remarketing are products of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Our site uses a pixel provided by Google, which creates a direct connection to Google’s servers. Therefore, the fact that you visited our page is transferred to Google’s server. Google links this information with an individual identification number, which is stored on your end device as a cookie or provided by your end device (‘advertising identification number’ on smartphones). If you visit other pages using Google AdWords User Lists/Google Dynamic Remarketing, this information is also linked to your personal identification number. However, we cannot see which other pages you visit.

15) Opt-out

You can opt-out of the use of retargeting tools on our site at any time, for one or more tools. Please use the cookie settings for this purpose.

For each tool, we store an opt-out cookie on your device, which is valid indefinitely. If you access our site from different devices, you must opt-out of the use of retargeting tools on each device, as we cannot link multiple devices to individual visitors. By opting out, you will stop the integration of the described pixels and prevent data exchange with Facebook and Google.

You can also disable personalized advertising directly through the advertising networks. For more information, please visit the respective pages of Google and Facebook.

16) Data Security

Unfortunately, the transmission of information via the internet is never 100% secure, so we cannot guarantee the security of the data sent to our site over the internet.

However, we use technical and organizational measures to protect our website from loss, destruction, access, modification, or distribution of data by unauthorized persons.

Specifically, your personal data is transmitted to us in encrypted form. We use SSL/TLS (Secure Sockets Layer/Transport Layer Security) encoding system for this purpose. Our security measures are continuously improved in line with technological advancements.

17) Data Subject Rights

If you are a data subject as defined in Article 4, Section 1 of the GDPR, you have the following rights regarding the processing of your personal data under the European General Data Protection Regulation. You can find the legislative text for the rights described below here.

  • Right to Confirmation and Access:
    According to the provisions of Article 15 of the GDPR, you have the right to request confirmation from the controller at any time and free of charge as to whether your personal data is being processed, to access the personal data stored about you, and to receive a copy of the confirmation.
  • Right to Rectification:
    According to the provisions of Article 16 of the GDPR, you have the right to request rectification of any inaccurate personal data concerning you without undue delay. Considering the purpose of the data processing, you have the right to request the completion of incomplete personal data – including by providing a supplementary statement.
  • Right to Erasure:
    According to the provisions of Article 17 of the GDPR, you have the right to request that the controller delete personal data related to you without undue delay, provided that one of the reasons listed in Article 17 of the GDPR applies, and the processing of the data is no longer necessary.
  • Right to Restriction of Processing:
    According to the provisions of Article 18 of the GDPR, you have the right to request the restriction of the processing of personal data if one of the conditions of Article 18 of the GDPR applies.
  • Right to Data Portability:
    According to the provisions of Article 20 of the GDPR, you have the right to receive the personal data related to you and provided by you to us in a structured, commonly used, and machine-readable format, and you have the right to transfer these data to another controller without hindrance from us, provided that the additional conditions in Article 20 of the GDPR are met.
  • Right to Withdraw Consent:
    You have the right to withdraw your consent for the future processing of your personal data at any time. Please direct your refusal to us using the contact methods listed above.
  • Right to Object:
    According to the provisions of Article 21 of the GDPR, you have the right to object to the processing of personal data related to you at any time. If the conditions for an effective objection are met, we will no longer have the right to process your personal data.
  • Right to File a Complaint with a Supervisory Authority:
    Regardless of other measures regarding administrative or legal proceedings, you have the right to file a complaint with a supervisory authority, especially in the EU Member State where you live, work, or where the alleged violation occurred, if you believe that the processing of personal data concerning you violates the requirements of the GDPR.

18) Transfer of Your Personal Data

Your personal data is transferred in the following cases:

This is necessary for the operation of the website as well as for the execution, functioning, and fulfilment of this consent for use, and may occur even without your consent.

Data may be transferred if we are required to do so for legal reasons/or by order of authorities or courts. This includes, in particular, disclosures for criminal investigations, emergencies, or enforcement of intellectual property rights.

If the data is transferred to a service provider to the necessary extent, they will only have access to your personal data to the extent necessary to fulfill their obligations. These service providers are required to process your personal data in accordance with applicable data protection laws, in particular the GDPR.

Apart from the cases described above, we will not disclose your data to third parties without your consent. Specifically, we will not transfer any personal data to individuals and organizations in third countries or international organizations.

19) Retention Period for Personal Data

With respect to the retention period, we delete all personal data as soon as we no longer need it to fulfill its original purpose, and all legally established retention periods are no longer applicable. The legally established retention periods are the leading criterion for the specific duration of the retention of personal data. Upon the expiration of this period, the relevant data is routinely deleted. If the retention period still applies, processing is restricted by blocking the data.

20) Information on Providing Personal Data by the Data Subject

We would like to take this opportunity to inform you that providing personal data is mandatory in some cases (for example, payment data when paying for services that are charged) or may arise from contractual agreements. To fully benefit from the services on our website, you must conclude the corresponding consent for use with us (Terms and Conditions) by registration. To establish consent, you must provide us with certain personal data (e.g., username, email address), which we process for the purpose of concluding the consent. If you do not provide us with this personal data, it will be impossible for us to conclude the consent with you or, if you only provide some data, you will not be able to use all our services.

21) References and Links

When you visit web pages linked to by our website, you may be asked to re-enter your name, address, email address, browser properties, etc. This privacy policy does not cover the collection, disclosure, and processing of personal data by third parties.

Third parties may have their own measures for collecting, processing, and using personal data. Therefore, our advice is, when visiting third-party websites, to familiarize yourself with their privacy practices before entering your data.

22) Changes to the Data Protection Policy

We are continuously developing our website to offer you better services. We will keep this privacy policy up to date and adapt it as necessary.

Of course, we will inform you promptly about any future changes to this policy. We may do so, for example, by sending an email to the address you provided to us. If we need you to give additional consent for the processing of your data, we will contact you to provide it before the relevant changes take effect.

At any time, you can find the most current version of our data protection policy online at www.Yoghsoap.bg/privacy-policy.

23) Data Protection Officer

If you have any questions regarding the data protection law, please contact our Data Protection Officer at privacy@yoghsoap.com.