Testers For Cosmetics UK is a registered trademark of PRO Review OU.
Data protection and privacy is very important to us, PRO Review (hereinafter "PRO Review OU" or "we"), located Käära tee 32, Laiaküla Viimsi vald Harjumaa 74008, Estonia. In our position as data controller we would like to inform you of the nature, scope, and purposes of any collection, storage, transfer, and/or use of personal data, complying in the process, already at this time, with the specifications of the EU General Data Protection Regulation (GDPR). For this reason, the relevant standards are already mentioned at this time in this data protection and privacy statement. You can contact us anytime either via our postal address or by e-mail at the following address: firstname.lastname@example.org.
You can reach our data protection officer at: email@example.com.
If you utilise our offering and/or use our website by filling out the entry fields and/or contact us and/or merely visit our website, we may collect personal data as follows:
Further data – such as, in particular, local times, time zones, and usage data – may also be stored in addition to the data specified above.
Statistical data may be collected and used in the case of a visit to our website. “Statistical data” means, among other things, data regarding the use of a particular Internet browser and the browser version.
The data collected during registration to the prize draw is used to conduct the prize draw, determine the winner, handle the awarding of prizes and notify the winner and transmit the prize (Article 6(1)(b) GDPR).
If, after the conclusion of the prize draw, declarations of intent for purchase, service, or other contracts with external companies are received, the data collected, where applicable, and further data collected on a contract-specific basis will be disclosed to the external company or companies in question. Otherwise those companies cannot use the data to establish or perform a contract or contracts (Article 6(1)(b) and (f) GDPR).
Based on the participation agreement that is entered into and in the event of an online participation in a prize draw, PRO Review will collect and process your personal data. This agreement requires that you provide your personal data if and insofar as you wish to participate in our prize draw offering. The data processing takes place for both our own direct marketing (Article 6(1)(b) GDPR) as well as for our sponsors to also enable them to engage in individual, demand-driven direct marketing that is tailored to you via the channels of e-mail, mail, phone, and text message (Article 6(1)(b) GDPR).
Processing your personal data would be in accordance with declaration of consent for advertising and marketing purposes, via phone, text messages, email, mail and/or the disclosure of data for direct marketing purposes for the mentioned sponsors of the prize draw that may have been issued separately; this also takes place within the scope of our legitimate interests as established by your relevant consent (Article 6(1)(f) GDPR).
Assertion, if any, of your rights (Article 6(1)(c) and (f) GDPR) as provided in Sec. 5 of this data protection and privacy statement also leads to collection and processing of your personal data.
Disclosure of your personal data may take place in cases in which we are under a legal obligation of disclosure (Article 6(1)(c) GDPR) or to the extent that disclosure should be necessary to enforce other rights/demands or for purposes of legal defense, if and insofar as these are based on the legitimate interests of the organiser or other third parties (Article 6(1)(f) GDPR). The same applies in the event of (also partially) purchase or sale of business assets and/or other assets, in the event that our business is otherwise acquired by a third party, in the event of initiation of insolvency proceedings, or if a request for initiation of insolvency proceedings is denied for lack of sufficient assets (Article 6(1)(f) GDPR).
However, in agreement with the sponsors named in the prize draw’s sponsor list, which also shows the respective country of the establishment as the destination location for any transfer of data, it is also possible that data will be transferred to “third countries.” Third countries are countries located outside the European Union. With regard to such data transfers, we point out that with regard to all of the destination countries mentioned in the sponsor list, a secure transfer within the scope of EU specifications on data protection and privacy is ensured. The European Commission has issued corresponding adequacy decisions for the third countries of Andorra, the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, Canada (commercial organisations), and Switzerland. These decisions confirm that based on their own domestic legal provisions or international obligations, the aforementioned third countries ensure an adequate level of protection of personal data. To the extent that datasets are transferred to third countries, for which an adequacy decision has not yet been issued, we have entered into contracts based on the standard clauses issued by the EU. These standard clauses were published by the EU to ensure the relevant level of protection - with the corresponding partners that are based or headquartered in these countries. These agreements ensure adequate and uniform protection of data at the level provided by European specifications.
After you have revoked any consent to the processing of data that may have been issued and/or have objected thereto, we will put you on our “blocking list.” This means that we will no longer use your personal data for marketing purposes, nor will we disclose them any longer. We will then only store your data for legal purposes (e.g. documentation obligations, defending against and asserting claims, etc.), and will erase the data after a further period of four years unless compelling reasons argue against our doing so or the processing of this data is permitted for other reasons, for example by way of new consent.
Furthermore, we will proceed in the same manner if we have not used your personal data for a period of 24 months, meaning that we have not used the data for our own marketing purposes or disclosed them to sponsors.
We take corresponding precautions – administrative/organisational, technical, and physical – to protect your personal data against loss, theft, abuse, unauthorised access, unauthorised disclosure, unauthorised modification, and destruction. For example, your data is protected in particular within the scope of physical access control (secure location of servers, to which physical access is granted only following to a defined security procedure), systems access control (128-bit encryption of data transfers, individual assignment of passwords, menus, and authorisations for employees, up-to-date virus software), information access control (individual access authorisation for employees through personal accounts, identification and authentication requirements), transmission control (ongoing monitoring and notifications to authorised parties, no local storage of data, logging of all data exports and transfers), input control (account-linked reviews, logging with time stamps and host), job control (continuous monitoring by managing director(s) and data protection officer, clear drafting of contracts with regard to the specifications pursuant to Art. 28 GDPR in coordination with the data protection officer and executive management) and availability control (general safeguarding measures by the hoster constant power supply (UPS), halon gas system, etc.], backup streaming involving other general safeguarding measures by the hoster [e.g. UPS, halon gas system, etc.], backup streaming at another location [with all security precautions; see physical access control] every night, mirroring on two additional hard drives, virus protection programs).
Despite these precautions, the insecure nature of the Internet means that we cannot guarantee the security of your data transfer to our website. Therefore, any and all transfers of data by you to our website take place at your own risk.
You have the right to obtain information regarding the personal data stored regarding you, including the origin and recipients of your data and the purpose of data processing, at any time pursuant to Article 15 GDPR.
You also have the right to demand, at any time, that we correct inaccurate personal information concerning you (Article 16 GDPR). You can restrict the processing of data if any of the prerequisites mentioned in Article 18(1) GDPR are met, e.g. in the event of a dispute concerning the accuracy of your personal data.
Moreover, you have the right to revoke any declaration(s) of consent to the processing of your personal data that may have been issued, with effect for the future (Article 7 GDPR). Such a revocation does not, however, affect the legality of the processing that has taken place up until then.
In addition, you are entitled to demand that we provide the personal data transferred to us in a format that permits the transfer thereof to another body (Art. 20 GDPR).
Subject to the prerequisites set out in Article 21(1), (2), and (3) GDPR, you can object to the processing of data for reasons that arise from your particular personal situation.
Furthermore, you have the right to demand the erasure of your data and assert your right to be forgotten pursuant to Article 17 GDPR. If the statutory prerequisites are met, we will proceed in this regard even without such a request having been issued on your part and will erase your personal data.
To assert your rights as enumerated above in this section, please contact us at PRO Review, Käära tee 32, Laiaküla Viimsi vald Harjumaa 74008, Estonia. Or write to us by e-mail at firstname.lastname@example.org.
If you have a complaint, you can contact the supervisory authority with jurisdiction over PRO Review or any other supervisory authority.
The data subject shall have the right to obtain from PRO Review (the controller) the erasure of personal data concerning him or her without undue delay.
The controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
Withdrawal of consent for data communications from PRO Review can we achieved as easily as giving consent. Data subjects can unsubscribe from communications via the following channels:
You can view our Internet pages without providing personal information. However, certain technical data, known as "usage data", are generated whenever our pages are visited. In addition, we may use one or more cookies and integrate social media plugins in some cases. The text below is intended to provide you with information regarding this as well.
Social media plugins
As a user, you can decide for yourself– at any time – which cookies you wish to accept or delete. You can adjust your individual settings for this yourself, right in your Internet browser settings. You can either delete all of your cookies ("clear history") or limit yourself to cookies from our website and/or the cookies with the names ceng_cache, ceng_etag, ceng_png and gcr. For further information, please contact the provider of your Internet browser.