Privacy Policy



Why do we need this document?

Regardless of whether you are a current or future customer of thebodyshop-ks.com platform or a casual user of our site, we acknowledge and respect your privacy.

Protection of your personal information throughout the process of processing your personal data is an important priority for us.

We process your personal data in compliance with its confidentiality and in accordance with legal provisions at Kosovo and European level.

In the following pages of our Privacy and Privacy Policy (Policy) we aim to introduce you to AXIOM (Axiom shpk), as a Personal Data Administrator, to provide you with contact details of the company.

With this Policy we inform you about:

  • the categories of personal data;
  • for the objectives and for the legal basis for processing;
  • for the storage period and with whom we share the data;
  • information on whether the personal data will be transferred to a third country or to an international organization;
  • the recipients or categories of recipients of personal data;
  • the rights you have under personal data protection legislation, under Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data personal data and on the free movement of such data (hereinafter "the Regulation" or "GDPR").

 

Information about the company that processes your data, or who we are:

Axiom shpk, Unique Identification Number 810102202, address of registration / correspondence Zona Industriale Veternik, Prishtina, 10000, phone +383 49 194 155, e-mailinfo@axiom-ks.com , www.thebodyshop-ks.com

Information on the personal data protection officer

If you have questions about this Policy or wish to exercise your rights, please contact the Data Protection Officer using the following contact details: Zona Industriale Veternik, Prishtina, 10000, phone +383 49 194 155, e-mailinfo@axiom-ks.com 

Information on the competent data protection supervisory authority

Agjencia Shteterore per Mbrojtjen e te Dhenave Personale (State Agency for Personal Data Protection) Address: Rr, Zejnel Salihu – Nr.22 (ish ndertesa e Gjykates Themelore); Tel: +383 38m20062959, email: info.aip@ks-gov.net, website: www.aip.rks-gov.net 

Axiom shpk (hereinafter referred to as “Administrator” or “the Company”) operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This information is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in connection with this processing.

 Reason for collecting, processing and storing your personal data

Article  1. The administrator collects and processes your personal data in connection with the use of the online store www. thebodyshop-ks.com and concluding contracts with the Company on the grounds of Article  6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

  • explicit consent received from you as a customer;
  • fulfillment of the obligations of the Administrator under a contract with you;
  • compliance with a legal obligation that applies to the administrator;
  • for the purposes of the legitimate interests of the Administrator or a third party.

 

Goals and principles in the collection, processing and storage of your personal data

Article  2.

  • We collect and process the personal data you provide to us in connection with your use of the online store www.thebodyshop-ks.com and concluding a contract with the company, including for the following purposes:
    • creating a profile and providing full functionality when using the online store;
    • individualization of a party to the contract;
    • accounting purposes;
    • statistical objectives;
    • protection of information security;
    • the right of refusal or claim by the customer for the goods in respect of which these rights may be exercised;
    • ensuring the implementation of the contract for the provision of the respective service;
    • sending newsletters and emails with special offers if you express a wish;
    • telephone calls in connection with a birthday or notification of the User for new collections or upon receipt of products exhausted in a previous period by agreement between the two parties;
    • sms for information purposes

 

  • We follow the following principles when processing your personal data:
    • legality, good faith and transparency;
    • restriction of processing purposes;
    • relevance to the purposes of processing and minimizing the data collected;
    • accuracy and timeliness of the data;
    • limitation of storage in order to achieve the objectives;
    • integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.

 

  • When processing and storing personal data, the Administrator may process and store personal data in order to protect the following legitimate interests:
  • Fulfillment of its obligations to the Kosovo Tax Administration, the Ministry of Trade and Industry and other state and municipal bodies.

 What types of personal data is collected, processed and stored by our Company 

Article  3.

  • The Company performs the following operations with the personal data provided by you as customers, for the following purposes:
    • Registration of a customer in the e-shop and execution of a contract for distance purchase- the purpose of this operation is to create a profile for using the e-shop to purchase goods and provide contact information for delivery of purchased goods. Registering and creating an account to use the online store is not a mandatory step in providing the service and it is available to a large extent without creating an account through the "Order as a guest" option.
    • Sending a newsletter- the purpose of this operation is to administer the process of sending newsletters, emails with special offers, promotions, promo codes, news and new features to customers who have stated that they wish to receive this information.
    • Exercise of the right of withdrawal or claim- the purpose of this operation is to administer the process of exercising the right of withdrawal or claim by the customer for the goods in respect of which these rights may be exercised.
  • The administrator does not collect or process personal data that relates to the following:
    • reveal racial or ethnic origin;
    • disclose political, religious or philosophical beliefs, or trade union membership;
    • genetic and biometric data, health data or data on sexual life or sexual orientation.
  • Personal data is collected by the Administrator from the persons to whom it relates.
  • Company does not collect data on persons under 16 years of age, except with the express consent of their parent or legal representative.

 

Article  4. The controller shall process the following categories of personal data and information for the following purposes and on the following grounds:

  • Your personalization data(e-mail, name, surname, telephone number, address, date of birth, etc.)
  • Purpose for which the data is collected: 1)Making contact with the user and sending information to him. 2) for the purposes of user registration in the online store. 3) to send newsletters, emails with special offers, promotions, promo codes, news and new features.
  • Grounds for processing your personal data- By accepting the general conditions and registration in the e-shop or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Administrator and you, on which basis we process your personal data - Article  . 6, para. 1, p. (b) GDPR. Your data for sending a newsletter and emails are processed after your explicit consent - Article  6, para. 1, p. (a) GDPR
  • Delivery details(names, telephone, address, etc.)
    • Purpose for which the data is collected:Fulfillment of obligations of the Administrator under a contract of sale and delivery of purchased goods.
    • Grounds for processing your personal data- By accepting the General Terms and Conditions and registering in the e-shop or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Administrator and you, on which basis we process your personal data - Article  6, para. 1, p. (b) GDPR.
  • Data from your social media accounts(publicly available information from your Google accounts , social networks (Facebook, Twitter , Instagram ), YouTube and others).
    • Purpose for which the data is collected:1) Making contact with the user and sending information to him and 2) for the purposes of registration of a user in the online store.
    • Grounds for processing your personal data- By accepting the general conditions and registration in the e-shop through a social network profile, a contractual relationship is created between the Administrator and you, on which basis we process your personal data - Article  6, para. 1, p. (b) GDPR.

Term of storage of your personal data

Article  5.

  • The administrator stores your personal data for a period not longer than the existence of your account in the online store or the execution of the order "as a guest". After deleting your account or completing the order, the Administrator takes the necessary care to delete and destroy all your data without undue delay or to anonymize it (ie to make it in a form that does not reveal your identity).
  • The Administrator stores your personal data provided in connection with online orders for a period of 7 years for the purpose of protecting the legal interests of the Administrator in legal or administrative disputes with users of the online store, and accounting documents are stored for the relevant statutory period.
  • The Administrator notifies you, in case of need to extend the period of data storage, in view of the fulfillment of a regulatory obligation or in view of the legitimate interests of the Administrator or otherwise.
  • The administrator stores the personal data, which he is obliged to keep under the applicable law for the relevant period, which may exceed the period of existence of your account in the e-shop or until the completion of the order.

Article  6. The Administrator keeps the personal data of the legal representatives of his business partners, for the term of the contract, for observance of the legitimate interests and legal obligations of the Administrator, as this term may exceed the term of the concluded contract.

Transfer your personal data for processing

Article  7.

  • The controller may, at its discretion, transfer some or all of your personal data to personal data processors for the purposes of processing you have agreed to, subject to the requirements of Regulation (EU) 2016/679 (GDPR).
  • The administrator notifies you in case of intention to transfer part or all of your personal data to third countries or international organizations.

 

Your rights in the collection, processing and storage of your personal data

Withdrawal of consent for the processing of your personal data

Article  8.

  • If you do not want all or part of your personal data to continue to be processed by the Company for specific or for all purposes of processing, you can at any time withdraw your consent to processing by requesting a free text on data @ thebodyshop-ks.com .
  • The administrator may ask you to verify your identity and the identity of the data subject.
  • By withdrawing your consent to the processing of personal data that is required to create and maintain an account in the online store, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.
  • If there is an order placed by you that is in the process of being processed, the earliest time you can withdraw your consent to processing is upon successful completion of the order.
  • You may at any time withdraw your consent to the processing of your personal data for direct marketing purposes.
  • Withdrawal of the consent does not affect the legality of the processing of personal data, which the Administrator has performed so far.

 

 

Right of access

Article  9.

  • You have the right to request and receive confirmation from the Administrator whether personal data related to you are processed, and you can at any time see in your account, if you are a registered user, the data we process for you.
  • You have the right to access data related to you, as well as information related to the collection, processing and storage of your personal data.

Right of adjustment or supplementation

Article  10. You can correct or supplement the inaccurate or incomplete personal data related to you directly by submitting a request to the Administrator, or independently - by editing your registration.

Right to delete

Article  11.

  • You have the right to request the Administrator to delete some or all of your personal data, and the Administrator has the obligation to delete it without undue delay when any of the following reasons exist:
    • personal data are no longer needed for the purposes for which they were collected or otherwise processed;
    • you withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
    • you object to the processing of personal data relating to you, including for the purposes of direct marketing, and there are no legitimate grounds for processing to take precedence;
    • personal data have been processed illegally;
    • personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State (including for Kosovo in this case) that applies to the Controller;
    • personal data have been collected in connection with the provision of information society services.

 

  • The administrator is not obliged to delete personal data if it stores and processes them:
    • to exercise the right to freedom of expression and the right to information;
    • to comply with a legal obligation requiring processing provided for in EU law or the law of the Member State applicable to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him;
    • for reasons of public interest in the field of public health;
    • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
    • for the establishment, exercise or defense of legal claims.
  • In case of exercising your right to be forgotten, the Company will delete all your data, except for the following information:
    • information needed to verify that your right to be forgotten has been exercised - email, IP address;
    • technical information about the functioning of the online store, which information cannot be connected in any way with your personality;
    • e-mail with which you have registered in the online store.

 

  • To exercise your right to be forgotten, you need to take the following steps:
    • to submit an application by email info@axiom-ks.com;
    • to identify yourself as an account holder.
  • After verifying the identity of the requester and the data subject in accordance with the above steps, we will delete all data we process about you.
  • If you have an order that is being processed, the earliest time you can ask to be "forgotten" is when the order is successfully completed.
  • By deleting your personal data, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.
  • The administrator does not delete the data that he has a legal obligation to store, including for protection in court claims against him or to prove his rights.

Right of restriction

Article  12.

  • You have the right to ask the Administrator to restrict the processing of data related to you when:
    • challenge the accuracy of personal data for a period that allows the Administrator to verify the accuracy of personal data;
  • The processing is illegal, but you do not want the personal data to be deleted, only their use to be restricted;
  • The controller no longer needs the personal data for the purposes of processing, but you require them to establish, exercise or defend your legal claims;
    • you have objected to the processing, pending verification of whether the legal grounds of the Administrator take precedence over your interests.
  • In the event that you exercise your right of restriction, the Company will suspend the processing of your data, but will not remove the publications you have made in the online store.

 

Right of portability

Article  13.

  • If you have consented to the processing of your personal data or the processing is necessary for the performance of the contract with the Administrator, or if your data is processed in an automated manner, you may, after identifying yourself with the Administrator:
    • to ask the Administrator to provide you with your personal data in a readable format and to transfer them to another Administrator;
    • to ask the Administrator to directly transfer your personal data to an administrator designated by you, when this is technically feasible.
  • You may at any time download or receive in machine-readable format the data stored and processed for you in connection with the use of the Administrator's services, directly through your account through the data export option or by request by email.

 

Right to receive information

Article  14. You may request the Administrator to inform you of all recipients whose personal data for which correction, deletion or restriction of processing has been requested has been disclosed. The administrator may refuse to provide this information if this would be impossible or would require a disproportionate effort.

 

Right to object

Article  15. You may object at any time to the processing of personal data by the Administrator relating to him, including if they are processed for the purposes of profiling or direct marketing.

 

Your rights in the event of a breach of the security of your personal data

Article  16.

  • If the Administrator finds a breach of the security of your personal data, which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach and of the measures that have been taken or are to be taken.
  • The administrator is not required to notify you if:
    • has taken appropriate technical and organizational protection measures with regard to the data affected by the security breach;
    • has subsequently taken measures to ensure that the infringement does not lead to a high risk to your rights;
    • notification would require a disproportionate effort.

 

Persons to whom your personal data is provided

Article  17. For the purposes of processing your personal data and providing the service in its full functionality and in view of your interests, the Administrator may provide your data to the following personal data processors:

  • personal data processor - for the purpose of personal data processing;
  • supplier for the purpose of delivery to an address.

The specified processors of personal data comply with all requirements for legality and security in the processing and storage of your personal data.

 

Article  18. The administrator does not transfer your data to third countries.

Article  19. In case of violation of your rights under the above requirements or the applicable legislation on personal data protection, you have the right to file a complaint to the State Agency for Data Protection as follows:

Agjencia Shteterore per Mbrojtjen e te Dhenave Personale (State Agency for Personal Data Protection) Address: Rr, Zejnel Salihu – Nr.22 (ish ndertesa e Gjykates Themelore); Tel: +383 38m20062959, email: info.aip@ks-gov.net, website: www.aip.rks-gov.net 

Article  20. The Company may amend the Privacy Policy by posting a notice to that effect on its website.