GDPR information

Obligation of the operator to provide information when processing personal data
within the meaning of Art. 13 Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on protection
Individuals in relation to the processing of personal data and the free movement of data (hereinafter referred to as)
“GDPR”) and § 19 of the law. No. 18/2018 Coll. for the protection of personal data (hereinafter referred to as the “Law on the Protection of Personal Data”)

Person responsible for personal data

The company Leonidas Group, s.r.o., with its registered office at Hviezdoslavovo námestie 14, 811 02 Bratislava, SR, ID number: 53 024 001, registered in the Commercial Register of the District Court of Bratislava I. Dept. Ltd., from left no. 144547 / B (hereinafter referred to as “operator”) processes your personal data in accordance with the GDPR and the law. No. 18/2018 Coll. to protect personal data in the event that you use the services of the operator’s e-shop. With regard to the type, scope, context and purpose of the processing of personal data as well as the risks of different probabilities and degrees of severity for the rights and freedoms of natural persons, the operator has taken suitable and effective technical and organizational measures.

Principles of processing personal data

The controller declares that the processing of personal data of the data subjects is subject to the following principles:

Principle of lawfulness – the data controller processes personal data only in a lawful manner and in such a way that the fundamental rights of the data subject are not violated.

Principle of limitation of purpose – the operator receives personal data only for a specific, expressly stated and justified purpose and processes them further in a way that is not incompatible with this purpose.

Personal data minimization principle – The personal data processed is proportionate, relevant and limited to what is necessary for the purpose for which it is processed.

Principle of correctness – the processed personal data are correct and are updated if necessary.

Principle of minimizing storage – personal data is stored in a form that makes it possible to identify the data subject at the latest for as long as is necessary for the purpose for which the personal data is processed by the operator.

Principle of integrity and confidentiality – the controller processes personal data in such a way that appropriate technical and organizational measures ensure adequate security of personal data, including protection against unauthorized processing of personal data, illegal processing of personal data and accidental loss of personal data, Deletion of personal data or damage to personal data.

Purposes of processing personal data

The operator processes your personal data for the following purposes:

Maintaining a list of incoming electronic orders – purchases of goods that have been received via the order form, whereby your personal data is stored on a legal basis in accordance with Art. 6 Paragraph 1 Letter b) GDPR and Section 13 Paragraph 1 Letter b) for a period of 3 Years from the date the order was processed

Maintain a list of the operator’s registered customers in order to fulfill the contract for registered customers and to keep a customer account if your personal data is based on a legal basis in accordance with Art. 6 Paragraph 1 Letter b) GDPR and Section 13 Paragraph 1 Letter b) for a period of 3 years from the end of the business relationship

Marketing documents – for the purpose of sending marketing offers, if your personal data in accordance with Art. 6 Paragraph 1 Letter a) GDPR and Section 13 Paragraph 1 Letter a) of the Data Protection Act for the period of validity of the consent given, which you can unsubscribe at any time via a link can refuse

Records for the purpose of customer care and communication if your personal data is on a legal basis in accordance with Art. 6 Paragraph 1 Letter b) GDPR and Section 13 Paragraph 1 Letter b) for a period of 3 years from the end of the business relationship

Records for the purpose of notifying you about the availability of goods if your personal data is on a legal basis in accordance with Art. 6 Paragraph 1 Letter b) GDPR and Section 13 Paragraph 1 Letter b) for a period of 3 years from the end of the business relationship

Records for the purpose of determining customer satisfaction if your personal data has a legitimate interest in the operator being able to improve and adapt the services provided on a legal basis in accordance with Art. 6 Paragraph 1 Letter f) GDPR and Section 13 Paragraph 1 Letter f) in order to determine whether the processing of the order / complaint has been carried out to your satisfaction and to advertise the products offered more effectively for a period of 3 years the end of the business relationship

Keep incoming and outgoing e-mails if your personal data is for a period of 5 years in accordance with Art. 6 Paragraph 1 Letter c) GDPR and Section 13 Paragraph 1 Letter c) of the Data Protection Act

Proof of inquiries via info@miastilo.com, if your personal data in accordance with Art. 6 Paragraph 1 Letter a) GDPR and Section 13 Paragraph 1 Letter a) of the Data Protection Act for the period of validity of the consent given

Category of personal data processed

Personal data are considered to be a category of ordinary personal data and are included in the scope of first name, surname,
Address, bank account number, email address, phone number, etc.

Cookies

Cookies stay on your device until you delete them manually. Cookies are important for the basic functionality of the website, in order to be the easiest and fastest way to log in to a customer account, to place goods in the shopping cart, to send an order and to save your login data. They increase user comfort and allow you to analyze the performance of different sales channels. We also use them to personalize ad content and target it correctly. Some cookies, including their content, may collect information that can later be used by third parties for marketing purposes, but which is anonymized for these parties. Cookies can be completely refused by your browser or only limited to the types you have selected.

Further information on the processing of cookies can be found in the data protection declaration at www.miastilo.com.

Kategorien von Empfängern, denen personenbezogene Daten zur Verfügung gestellt werden können

The operator informs the data subject that his personal data will be made available to the recipients who:

work with the operator to fulfill his contractual or legal obligations, e.g. B. Companies that operate payment services for the purpose of payment processing, transport companies for the purpose of delivering purchased goods, suppliers of goods, service companies, operators of marketing instruments, companies that conduct satisfaction surveys
between customers, cloud service providers
Companies that are legally obliged to maintain confidentiality, e. Lawyer, accountant, tax advisor
other competent authorities and institutions of the state if the provision of data is based on a legal obligation

Disclosure

Personal data will not be published. The transfer of personal data takes place only on the basis of laws or
international treaty to which the Slovak Republic is bound.

Transfer of personal data to third countries

Personenbezogene Daten werden nicht an Drittländer weitergegeben. Bei der Übermittlung personenbezogener Daten erfolgt dies nur in Übereinstimmung mit den Bestimmungen und unter den in der DSGVO und / oder im Datenschutzgesetz festgelegten Bedingungen mit ausdrücklicher Zustimmung der betroffenen Person.

Profiling

Personal data are not used for automated individual decision-making, including profiling.

Information and access to personal data

The data subject has the following rights in particular within the meaning of Art. 13 to Art. 22 and Art. 34 GDPR and according to § 19 to § 28 and § 41 of the Data Protection Act:

the right to request the data controller to have access to the data subject’s personal data. – You have the right to provide a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal information will be provided to you in writing, unless you need another method of providing it. If you have requested this information electronically, it will be made available to you electronically if this is technically possible.

– the right to correct personal data – we take appropriate measures to ensure that the information we have about you is correct, complete and up-to-date. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to change, update or add to this information.

– the right to delete (forget) personal data – you have the right to ask us to delete your personal data, for example if the personal data that we have received about you are no longer necessary for the original processing purpose fulfill. However, your right must be assessed

5 all relevant circumstances. For example, we may have certain legal and regulatory obligations that mean we cannot comply with your request.

– the right to restrict the processing of personal data – under certain circumstances you have the right to ask us to stop using your personal data. This is the case, for example, if you believe that the personal data we hold about you may be inaccurate or if you believe that we no longer need to use your personal data.

– the right to object to the processing of personal data – you have the right to object to the processing of personal data based on our legitimate legitimate interests. If we do not have a compelling legitimate legal reason for the processing and you raise objections, we will no longer process your personal data.

– the right to transfer personal data – under certain circumstances you have the right to request us to pass on the personal data you have provided to a third party of your choice. However, the right to portability only applies to personal data that we have received from you with your consent or on the basis of a contract to which you are a party. – the right to withdraw your consent at any time – in cases in which we process your personal data on the basis of your consent, you have the right to withdraw this consent at any time. You can withdraw your consent electronically at http://www.miastilo.com or in writing, by withdrawing your consent or in person with the operator. Withdrawing your consent does not affect the legality of the processing of personal data on which we have worked on your basis.

– the right to submit a request to initiate a procedure in accordance with Section 100 of the Data Protection Act and / or the right to lodge a complaint in accordance with Article 13 (2) letter d) GDPR – if you are of the opinion that we are unfair or of your personal data illegally, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava. For the submission of the proposal in electronic form, it is necessary that it meets the requirements according to Section 19 (1). 1 of Law No. 71/1967 Coll. about administrative procedures (administrative procedures)

Contact for the data subject in connection with the processing of personal data

The operator has no named responsible person. The data subject can exercise their rights under the GDPR and the law on the protection of personal data by e-mail: info@miastilo.com or in writing or in person to the address of the operator’s registered office. Your request will be processed immediately, but no later than 30 days. In exceptional cases, especially due to the complexity of your request, we are entitled to extend this period by a further two months. However, we will inform you about such a possible extension and the reason for it.

Policy on the protection of personal data and the use of cookies

The company Leonidas Group, s.r.o., with its registered office at Hviezdoslavovo námestie 14, 811 02 Bratislava, SR, ID number: 53 024 001, registered in the Commercial Register of the District Court of Bratislava I. Dept. Ltd., from left no 144547 / B (hereinafter referred to as “operator”) processes your personal data in accordance with the GDPR and the law. No. 18/2018 Coll. to protect personal data in the event that you use the services of the operator’s e-shop.

The principles of the processing of personal data and the use of cookies are set out in the information obligation of the person responsible for the processing of personal data, which can be found on our website in the subsection “Personal data”. There we describe the measures we take to protect data, how long we store data, and for what purpose. We process to whom we make them available and how the data subjects – our customers can exercise their rights in connection with the protection of processed personal data.

We respect your privacy concerns and our relationship with you is important to us. This privacy and cookie policy describes the types of personal information we collect about our customers and our customers’ rights with regard to our use of the data.

The data you provided

You can provide us with personal data in a number of ways, e.g. For example, when you participate in an offer or promotion, or when you shop on our website or in our stores, on our social media websites or on one of our mobile applications. We process the following types of personal data:

• Contact details (e.g. name, postal address, e-mail address, mobile phone number or telephone number of another IP address)

• Age / date of birth • Gender

• Username and password, nickname

• Payment information (e.g. your bank or debit card number, expiration date, and confirmation code)

• Data on transport and invoicing (e.g. delivery or billing address)

• Order history

• preferred products

• Your skin type / skin condition

• your hair type

• Your physical characteristics and skin care needs

• The contact details of your friends, family members, or anyone else whom you would like us to send a message to on your behalf (please ensure that you only provide the contact details of those with whom you have a personal or family relationship and whom you consent to notifications receive)

• Other information or content that you provide (e.g. photos, videos, reviews, articles, questions, answers to questionnaires and comments)

• Information that we receive through social networks or one of our mobile applications while you are visiting our social media pages or using one of our mobile applications (e.g. your name, profile photo, likes, location, friends list, etc.) that are required on login pages for social networks or applications or information about your location if you use one of our mobile applications)

What we use the data for We process your personal user data in order to be

• They can send you promotional materials or other announcements if you wish

• be able to provide you (or your company) with the required products or services and offer functions on our website;

• be able to carry out your transactions with payment cards or vouchers,

• be able to open and maintain your online account, including access to your order history on the Internet and in our stores;

• On the basis of your data, they could create your profile in order to provide you with advertising according to your interests, with your consent, to put together a tailor-made skin and hair care program and to make our marketing more effective.

• could help you choose products or replenish your warehouse,

• could chat with you and answer your questions,

• be able to publish your product reviews,

• be able to adapt an advertisement displayed on our website and elsewhere according to your interests and to adapt it to our shared history;

• be able to share with you and manage your participation in special events, contests, prize games, loyalty programs, surveys and other offers;

• They could communicate with you and operate them through social media websites or mobile applications. • You could operate, evaluate and improve our business (including the development of new products and services; expanding and improving our service; more successful communication management; analyzing our products, evaluating the data and you

accounting, controlling the activities of other internal functions)

• Be able to comply with applicable government regulations, key industry standards, and our policies. We can also process the information in other ways. In this case, we will inform you of this upon receipt. The data received are necessary for the purposes mentioned above. Without this information, you may not be able to use any of our products or services. Legal basis for the use of personal data and cookies

We use your personal user information for the above purposes when

• it is necessary

necessary for the performance of the contract to which you are a party (e.g. to process your payment or to ship the products you have ordered); or

• You have given us your consent; or

• We have a legitimate interest in processing to improve the quality of the services we provide (including a legitimate interest in carrying out marketing, research, data analysis and internal management functions, as well as processing and enforcing legal claims in) Carrying out our activities in accordance with all applicable laws, relevant industry standards and our guidelines).

We automatically collect personal data and cookies

When you visit our website, see or click our online ad (including our ad on third party websites), or visit our social media pages or (possibly) use one of our mobile download applications, we also record certain information about yours on devices and your user behavior automatically or using technologies such as cookies, web server logs and web beacons.

For example, if you use one of our mobile applications, we can use your IP address, your unique device identification (UDI) or register other device identifiers and / or location data so that we can offer you certain features and functions for these

mobile applications. As explained below, we may also use various internet technologies to collect information about your usage and surfing behavior.

In order to increase user comfort, our mobile application may (possibly) also include a feature that allows you to remain logged in to the application so that you do not have to re-enter the password when you want to reopen the application. If you would like to log in, please note that anyone with access to your mobile device will be able to enter and execute your mobile account.If you prefer to stay logged in to the app on your mobile device, we strongly recommend using the app Activate lock on your mobile device. This security feature protects you from unauthorized access and use of your mobile device and your account in the application.

Technologies we use

Cookies are small text files that websites send to your computer or other Internet-connected device in order to uniquely identify your browser or to save data or settings in your browser. We use the following types of cookies on this website.

Internal cookies that are important for the website to function

We use cookies that we have developed so that the website works as well as possible. In your browser settings you can choose whether you want to reject and deactivate cookies. Please note that deactivating cookies can limit your user comfort. In connection with the collection of data by cookies, our web servers can save data, e.g. Which operating system or browser you are using, which domain and other system settings you have selected, as well as the language, country and time zone in which your device is located. Web server logs can also record information such as the address of the website from which you clicked on our website and the IP address of the device through which you connected to the Internet.

In order to control which web servers record this data, we can mark our websites. “Web Beacons”. These transmit computer instructions and link websites to specific web servers and their cookies.

On our website we can use web analysis services from other providers, such as Coremetrics and / or Adobe Site Catalyst and / or Google Analytics. The service providers who manage these services use technologies such as cookies, web server logs and web beacons to record and use data (such as IP addresses) to help us analyze how visitors use our website. These sellers can set cookies that target the

This website (such as Google Analytics cookies), and cookies that are placed on third-party websites (such as Google Advertising cookies) or other identifiers (recognition) from other providers are used to track them to analyze visitors to our website.

When you visit our website for the first time, you will be informed about the use of these analysis technologies via the banner.

These will only be used if you consent to their use or if you continue to use this website. Cookie settings for receipt or you can change the rejection of the analysis technologies at any time using the cookie control tool below. Changing the cookie settings can result in certain functions of this website, as described below, not working

or they will only work to a limited extent.

With these analysis services you can deactivate the possibility of analyzing your internet activities. To learn more about web analytics and record data on this website:

• For Coremetrics, please click here: https://www-01.ibm.com/software/marketing-solutions/privacy/visitor-opt-out.html

• For Adobe Site Catalyst, please click here:

• To deactivate Google Analytics, please download the browser add-on

How to deactivate the Google Analytics provided by Google at: http://tools.google.com/dlpage/gaoptout?hl=de. Further information on data protection and Google Analytics can be found in the Google Analytics report from Google: http://www.google.com/intl/en/analytics/privacyoverview.html.

• We may use certain advertising features of Google Analytics (including remarketing with Google Analytics, impression reporting for the Google Display Network, or demographic and interest reporting for Google Analytics). You can deactivate Google Analytics advertising via the Google Ad settings or at https://tools.google.com/dlpage/gaoptout/. We will use the data made available to us in this way, as described in the section “What we use the data for”.

Targeted advertising cookies from other providers

We may also enter into agreements with third-party advertising networks that collect IP addresses and other information using cookies, web server logs and web beacons on our websites and emails, as well as on third-party websites and emails, such as our advertising on the Third-party websites. You use the information to create your profile and to activate advertising for products and services that are tailored to your interests (also for companies that are not affiliated with us). You can see the relevant advertisements on our website and other websites. This process also helps us manage and monitor the effectiveness of our marketing efforts. When you visit our website for the first time, you will be informed about the use of these marketing tools via the banner. These will only be used if you consent to their use or if you continue to use the website. You can change your cookie settings at any time using the cookie control tool below or by clicking on http://www.networkadvertising.org/managing/opt_out.asp. Then follow the instructions to turn off those ad networks. To learn more about bespoke advertising, visit the Digital Advertising Alliance at www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/choices.

Third-party cookies to improve the interactivity of the website

This website may also support certain external services of third parties, including social sharing symbols on Facebook, Twitter, Pinterest and Instagram, tweet lists (Twitter) and videos published on the website (YouTube). These functions use cookies from other providers, which are stored directly on your device via these services. When you visit our website for the first time, you will be informed about the use of these cookies via the banner. Cookies are only used if you consent to their use or if you continue to use the website. You can change your cookie settings to accept or reject these cookies at any time by using the cookie control tool below.

Targeted advertising

In order to show you advertisements that are tailored to your interests, we may use third-party platforms, including those operated by social networks such as Google, Facebook and Pinterest. We may convert your email address, phone number, or other information into a unique code that these other providers may compare to the user on their platform or other data they have recorded about you. Point

Give it to the user. With this assignment, you can also place advertisements on these platforms that are tailored to your interests. To opt out of this ad, you must use your settings via the cookie control tool below and select the “Targeting” setting. Third-party platforms have their own guidelines or. Privacy statements; We recommend that you check them carefully.

The information we provide below

Except for the information listed here, we do not rent lists or We do not sell or share any personal information we collect about you. We can also pass on your personal data to the following people:

• Our affiliates for the purposes described in this Privacy Policy.

• Service providers who provide services to us in accordance with our instructions. These service providers are not authorized to use or provide information unless this is necessary to provide services on our behalf and to comply with legal requirements. Examples of such providers are companies that implement

They accept credit card payments and orders, and offer web hosting and marketing services.

• another provider with your consent. In addition, we and our affiliated companies as well as other service providers provide further information:

(i) if such an obligation arises from us by law or we are obliged to do so by a court,

(ii) law enforcement or other authorities or

(iii) if we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with investigations into suspected or actual fraudulent or unlawful conduct.

In addition, we reserve the right to provide information that applies to you and that we have in the event that we sell or transfer all or part of our business or assets. In the event of such a sale or transfer, we will use reasonable efforts to ensure that the acquirer uses the personal information you provide in accordance with our privacy policy.

If you have any questions about the processing of this data after such a sale or transfer, you can contact the place where we will share your personal data.

Text messaging

You can enter your mobile phone number to receive SMS notifications with information about products and events, cosmetic tips or promotions (“Text Messages”). Sending our text messages is free, but your operator may charge you fees for sending and / or receiving text messages and the time of sending in addition to the applicable standard rates. If you decide now that you want to receive these text messages and later decide that you no longer want to receive text messages, please read the “Your rights and options” section below.

We send text messages through cellular network operators and therefore we may or may not control certain factors related to the delivery of messages or guaranteed availability. Provision of this service, including liability for late delivery or failure of messages.

If you need help with the subject of a text message, please send us the email listed under “Contacts” on our website.

While using text messages, we may also record the date, time and content of your messages. We will use the information we receive in connection with our text messages in accordance with this privacy policy.

Push notifications and in-app alerts and updates

If you download one of our mobile applications (if required), you have the option of receiving push notifications from us on your mobile device in connection with this mobile application. These push notifications may contain advertisements for our products and services.

After downloading the appropriate mobile application, you can cancel push notifications by adjusting the settings on your mobile device. Declining push notifications will not affect any other notifications you receive from us, such as: Emails. You may also receive notifications and updates about our products and services or our mobile applications

Your accounts with us. If you want to opt out of receiving these notifications and updates, you can uninstall the mobile application on your mobile device

ren.

Web push notifications We will send you push notifications when you have allowed these notifications to be sent. With these push notifications we inform you about the current offers from Estée Lauder. We use Insider’s web push opt-in provider. If you allow push notifications, an identifier will be added to your browser. Further information on data protection from Insider can be found here: https://useinsider.com/product-privacy-policy

Your rights and options

You have certain rights and options in relation to the personal information we collect from you. To update your settings, ask us to remove your information from our email lists, or send us a question, please contact us as follows:

• Unsubscribe from email

You can at any time ask us not to email you advertising by clicking the opt-out link in the marketing emails you receive from us or by contacting us as described below. In addition, you can unsubscribe from receiving marketing emails by sending us an email. • Check out by email

Let us know that you would like to stop receiving promotional and marketing communications in the mail by following the instructions in the promotion. You can also request that we stop sending you advertising by mail by contacting us as described below.

• Location information

When using one of our mobile applications, you may be asked for your location. You can hide your location information by adjusting your mobile device’s location settings. Follow the instructions on your phone to deny access to your location

Equipment for changing the relevant settings; Otherwise, please contact your service provider or manufacturer.

• Revocation of consent

When using one of our mobile applications, you may be asked for your location. You can hide your location information by adjusting your mobile device’s location settings. Follow the instructions on your mobile device to deny access to your location and change the appropriate settings. Otherwise, please contact your service provider or manufacturer.

• Review, update and deletion of personal data as well as restriction or denial of use

According to applicable law, you are entitled to request access to the personal data we have stored about you as well as their correction or deletion or restriction of the use of this data. In addition, you have the right at any time to refuse the use of your personal data for direct marketing purposes, including profiling in connection with direct marketing. You can refuse the use of your personal data for personal reasons at any time in accordance with applicable law for all other purposes. These rights may be limited in certain circumstances under applicable law. Before we grant you access or make corrections, we or we will take reasonable steps to verify your identity. To exercise your rights, please contact us as follows.

• Other rights

Under applicable law, you are entitled to receive the personal data that you have provided about yourself with your consent or on the basis of a contract with you in a structured, commonly used and machine-readable format. You also have the right to have this information transferred to another operator if this is technically feasible. Please contact us as described below to exercise this right. You can file a complaint with the data protection office.

Data transfer

We may transfer the personal information we collect about you to our affiliates, as well as to other providers in countries other than the country in which the information was originally collected (including the United States), if this is to comply with the requirements of this policy purposes described is required. Your personal data can be processed and stored in countries outside your country of residence. In certain circumstances, these countries may not be subject to the same personal data protection regulations as your country of residence, and your personal data will then be subject to the laws in force in that country. Under US law, the European Commission has not determined an adequate level of protection of personal data. When data is transferred to other countries, we protect the data in accordance with this data protection guideline. In order to guarantee such a level of protection for the transmission of your personal data, we have also gee

ren.

Web push notifications We will send you push notifications when you have allowed these notifications to be sent. With these push notifications we inform you about the current offers from Estée Lauder. We use Insider’s web push opt-in provider. If you allow push notifications, an identifier will be added to your browser. Further information on data protection from Insider can be found here: https://useinsider.com/product-privacy-policy

Your rights and options

You have certain rights and options in relation to the personal information we collect from you. To update your settings, ask us to remove your information from our email lists, or send us a question, please contact us as follows:

• Unsubscribe from email

You can at any time ask us not to email you advertising by clicking the opt-out link in the marketing emails you receive from us or by contacting us as described below. In addition, you can unsubscribe from receiving marketing emails by sending us an email. • Check out by email

Let us know that you would like to stop receiving promotional and marketing communications in the mail by following the instructions in the promotion. You can also request that we stop sending you advertising by mail by contacting us as described below.

• Location information

When using one of our mobile applications, you may be asked for your location. You can hide your location information by adjusting your mobile device’s location settings. Follow the instructions on your phone to deny access to your location

Equipment for changing the relevant settings; Otherwise, please contact your service provider or manufacturer.

• Revocation of consent

When using one of our mobile applications, you may be asked for your location. You can hide your location information by adjusting your mobile device’s location settings. Follow the instructions on your mobile device to deny access to your location and change the appropriate settings. Otherwise, please contact your service provider or manufacturer.

• Review, update and deletion of personal data as well as restriction or denial of use

According to applicable law, you are entitled to request access to the personal data we have stored about you as well as their correction or deletion or restriction of the use of this data. In addition, you have the right at any time to refuse the use of your personal data for direct marketing purposes, including profiling in connection with direct marketing. You can refuse the use of your personal data for personal reasons at any time in accordance with applicable law for all other purposes. These rights may be limited in certain circumstances under applicable law. Before we grant you access or make corrections, we or we will take reasonable steps to verify your identity. To exercise your rights, please contact us as follows.

• Other rights

Under applicable law, you are entitled to receive the personal data that you have provided about yourself with your consent or on the basis of a contract with you in a structured, commonly used and machine-readable format. You also have the right to have this information transferred to another operator if this is technically feasible. Please contact us as described below to exercise this right. You can file a complaint with the data protection office.

Data transfer

We may transfer the personal information we collect about you to our affiliates, as well as to other providers in countries other than the country in which the information was originally collected (including the United States), if this is to comply with the requirements of this policy purposes described is required. Your personal data can be processed and stored in countries outside your country of residence. In certain circumstances, these countries may not be subject to the same personal data protection regulations as your country of residence, and your personal data will then be subject to the laws in force in that country. Under US law, the European Commission has not determined an adequate level of protection of personal data. When data is transferred to other countries, we protect the data in accordance with this data protection guideline. In order to guarantee such a level of protection for the transmission of your personal data, we have also gee

ren.

Web push notifications We will send you push notifications when you have allowed these notifications to be sent. With these push notifications we inform you about the current offers from Estée Lauder. We use Insider’s web push opt-in provider. If you allow push notifications, an identifier will be added to your browser. Further information on data protection from Insider can be found here: https://useinsider.com/product-privacy-policy

Your rights and options

You have certain rights and options in relation to the personal information we collect from you. To update your settings, ask us to remove your information from our email lists, or send us a question, please contact us as follows:

• Unsubscribe from email

You can at any time ask us not to email you advertising by clicking the opt-out link in the marketing emails you receive from us or by contacting us as described below. In addition, you can unsubscribe from receiving marketing emails by sending us an email. • Check out by email

Let us know that you would like to stop receiving promotional and marketing communications in the mail by following the instructions in the promotion. You can also request that we stop sending you advertising by mail by contacting us as described below.

• Location information

When using one of our mobile applications, you may be asked for your location. You can hide your location information by adjusting your mobile device’s location settings. Follow the instructions on your phone to deny access to your location

Equipment for changing the relevant settings; Otherwise, please contact your service provider or manufacturer.

• Revocation of consent

When using one of our mobile applications, you may be asked for your location. You can hide your location information by adjusting your mobile device’s location settings. Follow the instructions on your mobile device to deny access to your location and change the appropriate settings. Otherwise, please contact your service provider or manufacturer.

• Review, update and deletion of personal data as well as restriction or denial of use

According to applicable law, you are entitled to request access to the personal data we have stored about you as well as their correction or deletion or restriction of the use of this data. In addition, you have the right at any time to refuse the use of your personal data for direct marketing purposes, including profiling in connection with direct marketing. You can refuse the use of your personal data for personal reasons at any time in accordance with applicable law for all other purposes. These rights may be limited in certain circumstances under applicable law. Before we grant you access or make corrections, we or we will take reasonable steps to verify your identity. To exercise your rights, please contact us as follows.

• Other rights

Under applicable law, you are entitled to receive the personal data that you have provided about yourself with your consent or on the basis of a contract with you in a structured, commonly used and machine-readable format. You also have the right to have this information transferred to another operator if this is technically feasible. Please contact us as described below to exercise this right. You can file a complaint with the data protection office.

Data transfer

We may transfer the personal information we collect about you to our affiliates, as well as to other providers in countries other than the country in which the information was originally collected (including the United States), if this is to comply with the requirements of this policy purposes described is required. Your personal data can be processed and stored in countries outside your country of residence. In certain circumstances, these countries may not be subject to the same personal data protection regulations as your country of residence, and your personal data will then be subject to the laws in force in that country. Under US law, the European Commission has not determined an adequate level of protection of personal data. When data is transferred to other countries, we protect the data in accordance with this data protection guideline. In order to guarantee such a level of protection for the transmission of your personal data, we have also gee

Ignite security measures taken. Among other things, we have concluded data transfer agreements that contain standard contractual clauses of the European Commission, or our providers in the USA have an “EU-US Privacy Shield” certificate adopted by the US Department of Commerce and the European Commission with regard to the collection, use and storage of personal data transferred from the European Economic Area to the USA or the attestation of other applicable mechanisms for the transfer of personal data. We will send you a copy of these personal data transfer mechanisms upon request by contacting us as follows.

Purpose of processing and retention period

The purposes of processing your personal data are explained in more detail in the “Operator’s obligation to provide information on the processing of personal data” published on our website.

We store your personal data for the duration of our business relationship, including a reasonable period that enables deletion. to comply with statutory limitation periods or if required by law. If you would like to receive marketing communications, we will keep the information necessary to send you the relevant communications until we terminate our relationship or after we receive it if you are a prospective customer. You can find more detailed information on the point in time at which personal data is processed in the “Operator’s obligation to provide information for the processing of personal data” published on our website.

How we protect personal data

We take technical and organizational measures to ensure adequate protection of your personal data, in particular to protect your personal data from accidental, illegal or unauthorized destruction, accidental loss, modification, access, unauthorized transfer or use. However, there is no such thing as a perfect security system and we cannot promise that your data will remain secure in all circumstances, including the security of your data in transit to us as well as the data on your mobile devices.

List of safety precautions

Technical measures of a physical nature

Provision of the operator’s premises in which personal data is subsequently processed

by means of mechanical restraint devices and by means of technical safety devices (e.g. electrical security system of the building, electrical fire alarm)

Securing the server room by separating it from other parts of the building.  Secure storage of printed media of personal data (paper documents) in lockable cabinets or safes

Prevention of accidental reading of personal data from the display units of the information system  Use of the device to destroy documents  Measures against unauthorized access – controlled entry, login passwords for the system

Encryption of the contents of data carriers and encryption of data transmitted over computer networks  Apply the rules for third party access to the information system if such access occurs

Identification, authentication and authorization of authorized persons in the information system  Recording of entries of individual authorized persons in the information system  Protection against malicious code  Detection of the presence of malicious code in incoming e-mails and other files received from publicly accessible computers network or Disk

Protection against unwanted email

Use of legal software according to the manufacturer’s instructions

Document the rules for downloading files from a publicly accessible computer network and the rules for accessing a publicly accessible computer network

Control, restriction or prevention of the connection of the information system in which personal data is processed with a publicly accessible computer network

Use the protection of the external and internal environment provided by the network security tool – firewall

Use protection against other threats that originate from a publicly accessible computer network (e.g. hacker attack).  Apply a backup policy with a selected periodicity

Perform a test to restore the information system from a backup

Thorough disposal of personal data and data carriers, secure deletion of personal data from data carriers

Regular updates of the operating system and software application measures. Organizational measures

a list of the rights and obligations of workers by job title and job title in order to vert

lay down rules of rescue on the horizontal and vertical planes; Assignment of access rights and access levels (roles) to authorized persons  Ensuring that authorized persons are instructed before the first processing of personal data is carried out

Instruction on the rights and obligations of authorized persons and on liability for their breach, instruction on liability in the event of breach of obligations in the processing of personal data

the definition of the personal data that a specific authorized person should have access to in order to carry out their duties or tasks

Establishing the procedures that the authorized person is obliged to use when processing personal data

Identify prohibited procedures or operations with personal data.  Written approval from the responsible person, if appointed

Training of authorized persons in the form of regular training (e.g. legal area, information technology area)

Document the procedure for terminating the employment relationship of the authorized person (e.g. transfer of assigned assets, revocation of access rights, instruction on the consequences of a breach of statutory or contractual confidentiality obligations)

Maintain a list of assets and update them regularly

Application of the policy for managing the access of authorized persons to personal data  Implementation of key management (individual key assignment, secure storage of spare keys)

Password management  Establishing procedures for the disposal of personal data  Establishing the type of maintenance and cleaning of protected areas

Rules for handling physical media of personal data, portable data carriers and rules for the use of automated processing means outside of protected areas and definition of liability

Maintain records of security incidents (identification, recording and resolution of consequences) and solutions used; Document the procedure for reporting

Carry out regular inspections in order to comply with the security measures adopted and to determine the nature, form and frequency of their implementation

Introduction of the periodicity of the information of authorized persons about the control mechanism in the form of IT security training and rules for the protection of personal processing, introduction of the periodicity of audits in these areas

Links to other websites

For reasons of user convenience and for informational purposes, our website contains links to other websites. Such websites are operated independently from us. These linked sites have their own guidelines or guidelines. Privacy statements; We recommend that you check these carefully when visiting the linked websites. Unless we own or control the linked websites you visit, we are not responsible for their content or the use or privacy practices of those websites.

Yes.

Contact

If you have any questions or comments about this privacy policy or would like to exercise your rights, please send a letter or an email:

Leonidas Group s.r.o.

Hviezdoslavovo námestie 14, 811 02 Bratislava

Email: info@miastilo.com