Article 13 General Data Protection Regulation (GDPR)
I am Vesna Jugovic, owner of PhiBrows e.U. (hereinafter “PhiBrows“), and with this information I am informing you about the processing of your personal data (“Data“) as well as your Data protection claims and rights:
1. Which Data are processed and where do they come from?
I process the Data that I receive from you as visitor of my website https://vesnajugovic.com (hereinafter “Website“). You will find the Data processed by me in section 2 under the respective processing purposes. The Data that must be provided are marked with (*), the provision of not marked Data is optional.
2. For what purposes, duration and on which legal basis are Data processed?
I process your Data in accordance with applicable data protection law and for specific purposes and for a specific period. The most important purposes, duration and legal basis of the processing are listed below. If I collect Data from you for other purposes, I will inform you separately before collecting that Data.
2.1. Online/Live Courses (If you book an online or live course or if you request more information about a specific course)
Name*, telephone number*, e-mail-address*, address* (street, city, postal code, county, country), Data about your business* (only if you are an entrepreneur), chosen course*, level of experience*, Proof of experience* (if you are not a beginner), comments, payment data*, chosen starter kit*
I process your Data for the purpose of managing our contractual relationship and to provide my services to you.
After the courses are finished, I delete those Data, that I do not need any longer to provide my services. For some data (e.g. business letters) there are legal obligations to retain it, and I will delete such data as soon as these legal obligations do no longer apply.
I process this Data based on the fulfillment of my contractual and legal obligations.
2.2. Salon Appointments (if you book a salon appointment)
Name*, telephone number*, e-mail-address*, address* (street, city, postal code, county, country), chosen treatment*, chosen appointment*, comments
I process your Data supported by the external service provider Shore GmbH for the purpose of managing the booking, our contractual relationship and to provide my services to you.
After the appointment is over, I delete those Data, that I do not need any longer to provide my services. For some data (e.g. business letters) there are legal obligations to retain it, and I will delete such data as soon as these legal obligations do no longer apply.
- Legal Basis:I process this Data based on the fulfillment of my contractual and legal obligations and as long as I need them for the exercise or defense of legal claims.
2.3. Newsletter (if you subscribe to my newsletter)
Name*, e-mail-address*, address* (street, city, postal code, county, country)
I process your Data supported by PhiAcademy GmbH and the external service provider MailChimp (The Rocket Science Group LLC) for the purpose of direct marketing and advertisement. This means that I will send you personalized information by e-mail and inform you if I believe, based on your Data, that information about my offers, services and events are relevant and interesting to you.
I process this Data based on your consent. You can withdraw your consent any time by e-mail to email@example.com or if you click on the unsubscribe link in every Newsletter mail. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
As long as you do not withdraw your consent.
2.4. Marketing and direct advertisement (if you interact with my Website)
Data collected by me and third parties via cookies, tracker and pixel. For more information please go to section 4.
I will process Data you provide when you interact with my Website for my own and third-party marketing purposes, customer loyalty or direct marketing. I will share your Data with PhiAcademy GmbH.
My own and PhiAcademy’s legitimate interest in marketing and direct advertisement e.g. to enhance the user-experience of the Website and to provide better services to the user.
As long as you do not object to the processing.
2.5. Customer Service (if you contact me through my contact form on the Website)
Name*, e-mail-address*, issue or request*
I will process Data you provide when you interact with my Website for the purpose of contacting me to respond to your questions or to fulfill your issues.
My legitimate interest in processing your inquiries and requests in order to be able to provide my services even better.
I process the Data you provide only for the duration of the response or fulfillment of your requests and issues. Beyond that, I will process the Data only as long as there is a legal obligation to do so or I need Data for the exercise or defense of legal claims.
2.6. Customer Chat
Name*, issue or request*
When you contact my Chat for requests or issues, and therefore provide me and my service provider Intercom with your Data (name, e-mail address and message), these Data will be processed only to respond to your requests or fulfill your issues.
My legitimate interest in processing your inquiries and requests in order to be able to provide my services even better.
The Data that you provide for the Chat will be deleted after the end of our chat. Beyond that, I store your Data only if this is necessary due to my justified interest in the asserting and defense of legal claims and for internal administrative purposes.
3. Who receives your Data?
- In my organization and within PhiAcademy GmbH, Gartengasse 8, 1050 Vienna, Austria, and PhiAcademy d.o.o., Bulevar Oslobodjenja 137, Belgrade, Serbia, those employees will receive your Data, who need them for the purposes outlined above, e.g. administration.
- I will share your Data (interaction on the Website, registration and bookings, data from Google Analytics and Facebook Pixel) with PhiAcademy GmbH, which is responsible for my marketing (e.g. my Facebook appearance). PhiAcademy GmbH will process these Data on my behalf based on my legitimate interest in marketing and direct advertising for the purposes listed in section 2. I process the Data you provided for marketing purposes until you object to this processing.
- If you booked a live course, I will share your Data with the organizer of this live course.
- If you booked a course, I will share your Data with Craftmaster GmbH, Gartengasse 8, 1050 Vienna, Austria, for the purpose of granting you access to the “Craftmaster App”, where training Courses are held.
- If I am legally obliged to do so, I will also transfer your Data to public bodies and authorities.
- In addition, companies commissioned by me (in particular IT or payment services and back office providers) will receive your Data if they need them to fulfill their respective tasks. These providers are obliged to treat your Data confidentially, to process them only to the extent necessary for their service provision and they provide their processing activities within the European Economic Area. If these companies provide their processing activities outside the European Economic Area, there are appropriate safeguards according to Art 46 GDPR in place to ensure an adequate level of data protection.
I will transfer your Data to the following recipients:
|Company name||Located in||Appropriate Safeguards (Art 46 GDPR)|
|PhiAcademy d.o.o||Serbia||Standard Contractual Clauses|
|PayPal (Europe) S.à.r.l. & Cie||Luxembourg|
|Stripe Inc.||USA||Privacy Shield|
|The Rocket Science Group LLC (MailChimp)||USA||Privacy Shield|
|Intercom, Inc.||USA||Privacy Shield|
|Klarna Bank AB||Sweden|
|Amazon Payments Europe S.C.A||Luxembourg|
|Deutsche Handelsbank AG (Cashpresso)||Germany|
|Google LLC (GooglePay)||United States||Privacy Shield|
4. Cookies, Pixel and analytic tools
I use the Data collected through these cookies to better represent my Website and to make my offers user-friendly, for example to evaluate the use of my Website. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit. Other cookies are only stored on my Website for the duration of your visit.
For the collection of these Data I use the following technologies:
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
“Log files” track actions occurring on the Website, and collect data including your IP address, browser type, referring/exit pages, and date/time stamps.
“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Website.
Cookies necessary for the functioning of the Website:
|accept_cookies||Tracks the user acceptance of cookies processing.||10 years|
All these cookies are technically necessary for the presentation of the Website. You can deactivate the setting of cookies in the settings of your browser. Please note that a general deactivation of cookies may possibly lead to functional limitations of my Website.
Reporting and analytics:
Additionally, I use pixels and tags from the following third parties (which may in turn place cookies). These cookies are not technically necessary for the presentation of the Website and only activated with your given consent. You can withdraw your consent in the Cookie Consent Tool any time and in the settings of your browser:
|I use Google Analytics to help measure how users interact with my Website.||https://policies.google.com/privacy|
|Google Ads||I use Google Ads to deliver targeted advertisements to individuals who visit my Website.||https://policies.google.com/privacy|
|I use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit my Websites.||https://www.facebook.com/policy.php|
|PayPal||I use PayPal as one of my payment providers to process your orders and capture payments.||https://www.paypal.com/en/webapps/mpp/ua/privacy-full|
|Stripe||I use Stripe as one of my payment providers to process your orders and capture payments.||https://stripe.com/privacy-center/legal|
4.2. Google Analytics
|Google Analytics Cookie||Purpose||Storage period|
|_gat||Determined by Google Analytics to identify unique sessions||30 minutes|
|_gid||Determined by Google Analytics to identify unique sessions||30 minutes|
|_ga||Determined by Google Analytics to identify unique session||30 minutes|
4.3. Facebook Audience Pixel
I also use the Facebook Audience Pixel analysis tool from Facebook Ireland Limited or Facebook Inc. to measure the effectiveness of my advertising. The pixel collects information about Website usage, such as when the Website is used and transmits that information to Facebook’s servers in Ireland and the United States. This information may also be cross-checked with other Facebook information or our information that I have about you. All data collected by this pixel is encrypted by Facebook using “hashes”. Facebook Ireland Limited is located in the European Union; Facebook Inc. is located in the United States and has a Privacy Shield Certificate which ensures the protection of your data.
The collection of data by Facebook Pixel only takes place with your consent. This consent can be withdrawn by you at any time. The comparison of the data with the data stored by me is based on my legitimate interest in marketing and customer loyalty.
5. Are you obliged to provide Data?
If you use the services of the website, you are obliged to provide the data marked with (*). Unless you provide those mandatory Data, I will generally be unable to provide my services. You are not obliged to provide any other data.
6. Your rights in the context of the processing of your Data
You have the right
- to request information about which of your personal Data I process (Article 15 GDPR);
- to rectify or erase your Data (Article 16 GDPR);
- to restrict the processing of your Data (Article 18 GDPR);
- to withdraw your consent (Article 7 GDPR);
- to object to the processing of your Data (Article 21 GDPR);
- to Data portability (Article 20 GDPR).
If you believe that I violate your rights under the GDPR or national data protection law when processing your Data, please contact me. This is the only way I can treat your concerns as quickly as possible. You also have the right to lodge a complaint with a supervisory authority (in Austria: www.dsb.gv.at).
7. Automated decision-making
I do not use automated decision-making or profiling according to Article 22 GDPR.
8. Who can you contact?
If you have any requests or concerns, you can contact me directly by e-mail, by phone or by post to the following address:
Gartengasse 8/8, 1050 Vienna