This privacy statement (our statement) sets out the basis on which any personal data, within the meaning of the General Data Protection Regulation (GDPR) (EU) 2016/679, is collected and used by us.
Who we are
Registered company name: Cohar Ltd.
Registered company number: IE596402
Registered company address: Unit 7A
Ashbourne Business Park
References to “we”, “us” and “our” shall be construed accordingly.
What we do
We sell, promote and market beauty products and cosmetics.
What is personal data?
Personal data is information which relates to an identifiable natural person.
Who is the data controller?
Cohar Ltd. Is the controller of your data and is responsible for our website. We are not required to have a Data Protection Officer but have taken the step to appoint a Data Champion. This Data Champion can be contacted at email@example.com.
Do we collect personal data?
- You opt-in and provide consent to us to contact you via our website, or through our social media channels or email.
- You use your credit or debit card to pay for your purchases on our website.
- You interact with us via social media, such as Facebook, Instagram or TikTok.
- You direct message us via various social media platforms our you make an enquiry with us.
- You subscribe to our newsletter and/or other publications.
- You communicate with us via post and other correspondence.
What types of personal data do we obtain?
The data that we obtain includes but is not limited to:
- IP Address
- Telephone number
- Email address
- Social media ‘handles’
For clarity, we do not collect or process any sensitive personal data.
Categories of data that we collect.
We process personal data relating to the following categories of data subjects:
- Our employees.
- Our customers, who are natural persons.
- Our social media followers.
- Third-party employees and contractors with whom we do business or who provide us services.
How do we use your data?
We use it in order to:
- Provide products and services.
- Process your payment for your purchase.
- Protect both our interests.
- Verify credit or other charge card details.
- Manage your loyalty and reward/discount programme (if applicable).
- Identify ways that we can improve our services.
- Meet our legal and regulatory obligations.
- Provide you with marketing content that you have consented to receive.
- Answer your queries.
- Provide you with news updates and information that you have consented to receive.
Are we allowed to use your data?
Yes, provided we can identify a legitimate basis for doing so. To use your information lawfully, we rely on one or more of the following bases:
- It is necessary for the performance of a contract to which you are part of with us.
- It is necessary for purposes of the legitimate interests of third parties (except where those interests over overridden by your interests or fundamental, rights and freedoms).
- In compliance with legal obligations.
- In protecting the vital interest of you or others.
Generally, we do not rely on consent as a legal basis for processing your data other than in relation to sending you direct marketing communications. We have ensured that you “opted-in” to receive or continue to receive these services. You have the right to withdraw consent at any time by contacting us.
Do we collect sensitive personal data?
No, sensitive personal data includes certain categories of personal information, such as that about race, ethnicity, religion or health.
Our security measures
When you give us your personal information, we take steps to make sure that it’s treated securely. We use strict procedures and technical security measures to safeguard your information in our offices and across all of our computer systems, networks, websites and social media platforms. Our security measures include the following:
- Maintaining ongoing confidentiality, integrity, availability, access and resilience of processing systems and services.
- Restoring the availability of and access to personal data, in the event of a physical or technical security breach.
- Maintaining robust security measures, both IT and physical.
- Ensuring our staff are fully data security and GDPR trained.
- That our internal processes and procedures are reviewed and fit for purpose.
- That we conduct data risk impact assessments.
- That we test and evaluate the effectiveness of our technical and organisational measures.
- That we ensure our third-party service providers and/or contractors are GDPR compliant.
Non-sensitive details (your email address etc.) are sent normally over the internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Do we share personal data with third parties?
Yes, we share personal data with:
- Third parties who provide services to us in the course of our business subject that we disclose only the personal information that is necessary for the purpose of the performance of their services and we have contracts in place that guarantee the security of your data and the integrity of our service providers’ systems. These parties include:
- Software management service providers.
- Payment processor service providers.
- IT service providers.
- Data security consultants in the context of auditing our data security systems, policies and protocols.
International Transfer of Data
We do not transfer your data outside of the European Economic Area (EU members and Iceland, Liechtenstein and Norway) (EEA).
The following countries have been approved by the EU Commission as providing an adequate level of data protection for the purpose of the international transfer of data: Switzerland, Guernsey, Argentina, Isle of Man, Faroe Islands, Jersey, Andorra, Israel, New Zealand, and Uruguay have been approved in full.
Canada has been approved for certain types of personal data.
The Commission has also approved the transfer of advanced airline passenger data to the US, Canada and Australia. For clarity, we do not transfer data to these countries either.
We, Cohar Ltd., may send you direct marketing communications, product information and promotional offers. The marketing communications we send will be in relation to our own products or services, your personal data will not be used for third-party direct marketing unless separate explicit consent has been collected for that, or you are from a country where the laws permit such processing.
You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us at any time.
Customers located in certain regions, such as EES and UK, also have the right to object to their personal data being processed for direct marketing purposes at any time. If you would like to object you can contact us by email at firstname.lastname@example.org.
We will process all requests as soon as possible, but please note that due to the nature of our IT systems and servers, it may take a few days for any opt-out requests to be implemented.
For more information on the cookies which we use and the reasons why we use them, please refer to our Cookies Statement. (pages/cookies-statement).
How long will we hold your data for?
We will hold your data while you are a customer and for the minimum time period thereafter, that we are required pursuant to our legal and regulatory obligations. We will keep your data for no longer than is necessary and then securely delete your data or anonymise it so that it cannot be linked to you.
You have the right to:
- Request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please contact us using the contact details mentioned below. We will respond to your request within one month.
- Ensure that your personal information held by us is accurate and up to date. If you would like us to correct or remove information you think is inaccurate, please contact us using the contact details mentioned below.
- Object to the processing of your personal data on grounds relating to your particular situation if we claim that the processing is carried out on the basis that it is necessary for the purposes of our legitimate interests or those of your employer or a third party. We can only deny your request if we can show compelling legitimate grounds for the processing, which overrides your interest, rights, and freedoms, or if the processing is for the establishment, exercise, or defence of a legal claim.
- Receive the personal data which you have given to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
- The processing is based on consent or on a contract, and
- The processing is carried out by automated means.
- Require that we no longer contact you for marketing purposes (by means of an ‘unsubscribe’ link or ‘stop’ text message).
- Be forgotten. Should you wish for us to completely delete all information that we hold about you, please contact us using the contact details mentioned below.
- Lodge a complaint (concerning the manner and means of our processing of your personal data) with the Office of the Data Protection Commissioner.
Our contact details
Changes to our Privacy Statement
Finally, please note that we may revise or update our policy at any time, subject to the condition that we will, at all times, comply with our obligations under the General Data Protection Regulation (GDPR) (EU) 2016/679.
This Privacy Statement was updated on 24/04/23.