At Talent Ingredient, Lda, doing business as Cosmedesk, we take the General Data Protection Regulation (GDPR) very seriously and respect the trust you place in us in the scope of the collection and treatment of your personal data.
We guarantee the security of your data and only collect data strictly necessary for the purchase or provision of services. The collection and use of this data, for other purposes such as Marketing, requires a prior consent that we want to be always clear, informed and explicit.
The collected data will be kept for the period necessary to provide the service or during the term of the contract (if you are our customer) and will not be transmitted or transferred to any third party other than the subcontractors defined as Cosmedesk Partners and other authorized companies working in our name for the purposes described in this policy. For example, companies contracted to provide customer support services or assist in the protection and security of our services and systems may need access to personal data to perform these functions. In these cases, these companies must formally comply with our data privacy and security requirements (and these companies have entered into formal written agreements with Cosmedesk documenting their requirement to do so) and are not allowed to use the personal data that we may provide or that they may have access to.
Cosmedesk collects data on entities such as partners, suppliers, customers, potential customers and some contacts of the employees of these entities. We collect data such as name, email, company name, job title and telephone number. In the case of subscriptions, other data may be requested for billing purposes.
The data collected is intended for order processing, sending communications and notifications, processing requests for information and downloads, statistical analysis or for other purposes previously consented and requested, whose detailed information will always be provided when collecting.
Your data will only be used if one of the following conditions is met:
a) You have given your consent by signing or accepting a digital or paper form;
b) The data are necessary for the performance of a contract;
c) The data are necessary for the fulfilment of legal obligations;
d) The data are necessary for the purpose of the legitimate interests of Cosmedesk, as long as they do not prevail over the interests or rights, freedoms and guarantees of the data subject.
Cosmedesk will only use your personal data to send you information previously requested or consented. Communications can be made via email, phone or SMS.
Cosmedesk will not sell or share its databases with third parties.
Cosmedesk does not disclose any personal data to third parties without the consent of its owner, except:
a) when this is necessary so that Cosmedesk employees, suppliers or business partners can provide a product or service or perform a function on behalf of Cosmedesk that you previously requested;
b) when required or permitted by law.
Cosmedesk has already adopted measures to ensure that its employees and subcontractors, with access to personal data, receive appropriate training for its correct processing, with respect to this policy and legal data protection obligations.
Without prejudice, on a case-by-case basis, we will also take reasonable precautions to avoid any type of non-compliance, such as, for example, audits. If any non-compliance occurs, Cosmedesk will apply disciplinary sanctions to its employees and may cancel contracts with subcontractors who violate the agreed measures.
Whenever Cosmedesk makes use of any subcontractor, it will safeguard compliance with the GDPR and other applicable legislation in terms of security and data protection, namely through the provision of contractual provisions that ensure that the subcontractor uses the data received only:
a) for the specified purposes;
b) in accordance with the purposes described in this policy;
c) resorting to the use of adequate security means, in order to protect personal data against illegal or unauthorized treatments as well as against accidental loss, destruction or other harmful actions.
Cosmedesk further undertakes not to hire another subcontractor to carry out specific data processing operations on behalf of the client without the client having given, prior and written authorization in general or specifically.
Cosmedesk keeps your personal data in a data center located in the European Union territory.
These data and respective infrastructures are protected and maintained according to high security standards and in order to respect the applicable privacy laws, being periodically subjected to tests and audits by external entities.
Cosmedesk does not transfer information to a country outside the European Union's area of jurisdiction, which has not been formally designated by the European Commission as having adequate levels of information protection.
Cosmedesk has taken the necessary technical and organizational measures to adequately protect your data from unauthorized access and processing.
Cosmedesk makes every reasonable effort to prevent unauthorized or illegal use of personal data as well as its loss, destruction or damage. However, it is never possible to provide an absolute guarantee regarding the security of personal data. For this reason, Cosmedesk will promptly inform the subjects involved and the respective competent authorities (within the legally required deadlines), whenever any security breach or incident occurs.
Cosmedesk protects the security of personal data through the following means:
a) use of certified encryption in all information on websites and their cloud products.
b) implementation of an internal security policy that covers the processes of access control, configuration, storage, backup, support, transmission, audit, updating of the technological infrastructure and a strong authentication policy;
c) commitment to confidentiality on the part of its employees and subcontractors and that the latter only act in accordance with the instructions received, through the formalization of a contract or other valid regulation;
d) constant training for its employees.
Users are also responsible for fulfilling their responsibilities regarding their own safety, namely:
a) Using strong passwords;
b) Non-disclosure of the password to any other person;
c) Not using the same credentials for different services.
Although we have implemented a set of reasonable security measures to protect your information, the Internet is an open system and we cannot guarantee the security of the information you transmit to us through this means. Any transmission you make to us is done at your own risk and it is your responsibility to ensure that any personal data you send to us is done in a secure manner.
Cosmedesk may use data held by its customers when using the services to provide analytical management insights.
At Cosmedesk, we use Hotjar for our website to better understand our users’ needs. Based on their experience, we can optimize our website. Hotjar will only collect your data if you accept our cookies. This service is based in Malta. We use Hotjar to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
When using Cosmedesk products, you are introducing transactional data associated with the activities and business processes that are managed by the functionality of our products. These data may be processed by Cosmedesk to produce business analytical data that will be provided to you as part of the use of our products in different functionalities and contexts.
The analytical treatment of your business data will always be done by applying analytical, statistical and intelligent algorithms, so that we can offer you more intelligent functionalities in the products. Cosmedesk will also be able to process your analytical data together with the analytical data of other entities, to provide smarter functionalities in products to all users of the Cosmedesk community, but always guaranteeing the privacy and protection of your business data, without ever revealing or sharing it with third parties.
This data processing will only be carried out with your consent to be able to use our products. Consent for data processing can be revoked at any time, with the consequent loss of the right to use part or all of our products.
Your data will be kept for this purpose during the time of using our products, and after that for the period defined for the disconnection of use of our products, which must also include the legal provisions in force.
Cosmedesk may also use data held by its customers for security purposes, to comply with legal obligations or for the purpose of troubleshooting and support provided that they are properly aligned with the terms of service, upon request or with the consent of its customers.
The personal data of third parties entered into our systems by our customers are the sole responsibility of our customers. Cosmedesk guarantees the security and confidentiality of these data, but is not responsible for the legitimacy of processing them.
Cosmedesk reminds its customers that they also have responsibilities in terms of data protection or in fulfilling the rights of data subjects, namely through the use of the features developed in our products.
Cosmedesk cannot and will not respond to requests for rights of third-party holders whose data have been entered by our customers. In these cases, the data subject must contact the data controller (controller) directly.
Under the GDPR, you can directly update your personal information or define some of your preferences, such as receiving newsletters. You can also request some specific rights such as:
a) additional information on the use of your data;
b) a copy of the data stored in our databases;
c) limitation on the processing or forgetting of your personal data.
If you intend to exercise any of the rights presented above, we will proceed with your analysis and respond within the legally required deadlines (maximum of 30 days). We may need to verify or prove your identity before enforcing those rights.
If you have any questions regarding our use of your personal data, you can, at any time, contact our Customer Support service via email: support@cosmedesk.com .
If you are dissatisfied with our use of your personal data or with our response after exercising any of these rights, you have the right to file a complaint with the national supervisory authority (National Data Protection Commission - CNPD | Rua de São Bento, no. 148, 3º, 1200-821 Lisboa | Tel: 351 213928400 | Fax: +351 213976832 | e-mail: geral@cnpd.pt).