Privacy Policy

FLOWE Cosmetics SIA

Privacy Policy

Last updated on 24 November 2025

The purpose of this Privacy Policy is to explain to you (the “Data Subject”) why we process your personal data, what data we process, for how long, and how we protect it – both when we receive it and while we are using it.

Scope of this Privacy Policy

This Privacy Policy applies when FLOWE Cosmetics SIA (the “Company”) processes personal data of individuals as a data controller, so that you can use our online platform floweskin.com and we can provide different services (the “Services”) to users of floweskin.com (the “User”).

Controller and Contact Details

The data controller is: FLOWE Cosmetics SIA, registration number: 40203572046, legal address: Paparžu iela 4, Jaunmārupe, Mārupes pag., Mārupes nov., LV-2166, Latvia

For questions related to personal data processing, you can contact us at: info@floweskin.com. You may also write to our legal address with a request or question about data processing.

The owner and operator of floweskin.com is the Company. We protect the privacy and security of personal data in our possession. We only process and store data that is lawfully obtained and necessary for our business, for fulfilling legal obligations and contract commitments.

By visiting and using floweskin.com, you agree to this Privacy Policy, including our use of cookies as described in our Cookies Policy.

What this Policy Covers

“Personal data” means any information about an identified or identifiable person (the Data Subject). A person is identifiable if they can be identified directly or indirectly, for example by name, personal ID number, location data, online identifier, or by one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

This Privacy Policy applies to the protection of privacy and personal data in relation to individuals — including Customers, Customer representatives, contact persons, business partners, and other service users (current, former and potential users). It also applies to third parties who, in connection with providing services to an individual (such as Customers or business partners), give or receive any information to or from the Company (including contact persons, payers and similar parties).

We follow applicable data protection laws, including:

  • Latvian data protection laws
  • EU General Data Protection Regulation (GDPR – Regulation (EU) 2016/679)
  • Other relevant laws on privacy and data processing.

This Privacy Policy applies regardless of how and in what form you provide your personal data (through floweskin.com, by email, by phone or in another way) and which of our systems we use to process it.

Principles of Data Processing

We process personal data according to the following principles:

  • Lawfulness, fairness and transparency
    We process personal data in line with legal requirements, respecting your rights and interests and clearly informing you about how your data is used and what the consequences are.
  • Purpose limitation
    We only process personal data for specific, clearly defined purposes for which it was collected. We do not process data in a way that is incompatible with these purposes, and we do not collect data for vague future purposes.
  • Data minimisation
    We only collect and process the minimum amount of data needed to achieve a particular purpose.
  • Accuracy
    We try to ensure that personal data is accurate and, where necessary, kept up to date. We take reasonable steps to correct or delete inaccurate data without delay.
  • Storage limitation
    We do not store personal data longer than necessary for the defined lawful purpose.
  • Integrity and confidentiality
    We process personal data in a way that ensures security – protecting it from unauthorised or unlawful processing, and from accidental loss, destruction or damage, using appropriate technical and organisational measures.
  • Accountability
    We are responsible for complying with GDPR requirements and must be able to demonstrate this.

Legal Grounds for Processing Personal Data

We process personal data only when at least one of the following legal grounds applies:

  • Consent
    When you have given your consent for one or more specific purposes – such as sending your data to a third party or receiving marketing/newsletters from us.
  • Performance of a contract
    We process data when it is necessary to perform a contract with you (for example, to fulfil an order).
  • Legal obligation
    We process data where we are required to do so by law, e.g. to identify a person before providing a service.
  • Legitimate interests of the Company or a third party
    For example, to reduce business risks, protect our rights, recover debts, protect our infrastructure and assets, keep evidence of transactions, analyse usage statistics of floweskin.com, develop and improve our products, ensure quality, administer payments, etc.

Collection and Use of Personal Data

We may collect personal data:

  • directly from you when you use floweskin.com or contact us by phone or post;
  • from public registers or other legally allowed sources, where required by law (for example, to identify customers before entering into a business relationship);
  • from our business partners.

We are legally obliged to identify all our customers before starting a business relationship, so we may collect data both directly from you and from other sources.

Categories of Data and How We Obtain Them

We may process the following categories of personal data, depending on how you interact with floweskin.com and our services:

  • Identification & Contact Details

Types of data processed: name, surname, phone number, email address, delivery or billing address.

How data is obtained: provided by the customer when registering an account, placing an order, or contacting the Company.

Purpose: to create and manage customer accounts, process orders, deliver products and communicate with the customer.

  • Purchase & Payment Information

Types of data processed: order details (products, quantity, price, discounts, returns), payment method, transaction identifiers.

The Company does not store full payment card details – these are processed only by authorised payment providers.

How data is obtained: from the customer and via authorised payment services.

Purpose: to complete purchases, manage refunds and guarantees, and fulfil accounting and tax obligations.

  • Delivery Information

Types of data processed: delivery address, contact details of the recipient (if a third party is specified), shipment tracking data.

How data is obtained: from the customer and from courier service providers.

Purpose: to ensure delivery and tracking, and to communicate with delivery providers.

  • Account Login & Security Data

Types of data processed: username, encrypted password, IP address, user ID, account status, login logs.

How data is obtained: generated through the use of a floweskin.com account.

Purpose: to provide secure access, prevent fraud and maintain platform functionality.

  • Website & Cookie-Based Usage Data

Types of data processed: technical device data, browsing behaviour, anonymous analytics, marketing preferences (e.g., Google Analytics, Meta Pixel).

How data is obtained: automatically through website usage; marketing cookies only with consent.

Purpose: to improve website performance, personalise content and provide targeted advertising (with consent).

Profiling and Automated Decision-Making

To provide personalised content and tailored marketing offers, the Company uses automated data analysis and profiling. This means that the Company may analyse the Data Subject’s interaction with floweskin.com (for example, browsing and purchasing behaviour) to predict which content, offers or advertisements may be relevant to the Data Subject.

Such profiling is carried out solely for marketing and personalisation purposes and does not produce any legal or similarly significant effects for the Data Subject. The Data Subject has the right to object to profiling or withdraw consent to marketing communications at any time. The Data Subject may also change their cookie settings, which affect personalised advertising.

Sharing Personal Data

We take steps to ensure that your personal data is processed in line with the law and is not disclosed to third parties without a proper legal basis.

However, you are responsible if you allow a third party to access your floweskin.com account and the personal data stored there. If a third person uses floweskin.com by logging in with your details, we will treat this person as the User.

Who may access your data?

Your personal data may be accessed by:

  • Our employees or directly authorised persons who need it to perform their work duties;
  • Our authorised data processors (companies that process data on our behalf). In such cases, we ensure that they only process data according to our instructions, follow security and confidentiality requirements and act in line with the law;
  • State and local authorities or similar bodies, in cases provided by law (e.g. law enforcement, tax authorities, bailiffs);
  • Third parties such as payment institutions and payment service providers (including Maksekeskus AS), delivery companies, auditors, accounting service providers, legal service providers, debt collection companies.

Transfer of Data Outside the European Economic Area (EEA)

Your personal data may be transferred outside the EEA, but only if:

  • it is transferred to trusted partners who help provide floweskin.com services;
  • we have data processing agreements with those partners, based on the European Commission’s standard contractual clauses, which ensure appropriate data protection;
  • the European Commission has recognised the country in question as providing an adequate level of data protection.

Data Retention Period

We will keep your personal data only as long as necessary for the specific purpose for which it is processed. Data may be stored while at least one of the following applies:

  • It is needed to perform contract obligations – we store the data until the contract is fulfilled and any other related storage periods expire;
  • We are required by law to store certain data for specific periods;
  • Your consent to processing is still valid and no other legal ground has expired;
  • We need the data to prove performance of obligations, within the limitation periods set by law.

Once none of the above conditions apply, we delete the data in a way that it cannot be reasonably restored. We do not send a separate notice when such deletion is carried out.

Your Rights

We keep your personal data accurate based on the information we receive when you use floweskin.com, use our services, or provide us with updated details (for example, by submitting documents that show changes).

If you stop using our services and the contract is terminated or declared invalid, we start counting the retention period after which the data will be destroyed, and we do not ask you to provide updated information.

You have the right to access your personal data by sending us a request by email: info@floweskin.com.

You may request information about:

  • whether we process your personal data and which data exactly;
  • the purposes and legal grounds for processing;
  • the date when the data was last updated;
  • the source of the data;
  • whether the data is processed by automated means;
  • any other information required by law.

You also have the right to:

  • ask us to supplement or correct your personal data;
  • ask us to restrict processing;
  • object to processing;
  • ask for your data to be deleted;
  • ask for data portability (where applicable).

These rights can be exercised where they do not conflict with our legal obligations, do not prevent us from performing an existing contract, and do not limit our right to protect our legitimate interests.

You may ask for your data to be updated, corrected, stopped from being processed or deleted if it is outdated, incomplete, incorrect, unlawfully processed, or no longer needed for the purpose for which it was collected.

You have the right to data portability if the processing is carried out by automated means and is based on your consent or on a contract.

If you wish to delete or change your data, or if you have any questions about how we use personal data, you can contact us by email: info@floweskin.com.

Requests can be submitted in writing – including electronically, signed with a secure electronic signature, or by post to our legal address.

Before we provide any personal data, we must make sure that the person making the request is in fact the Data Subject.

After receiving your request and confirming your identity, we will reply within one month. We will send our reply by post (registered letter) or by email, considering your preferred method where possible.

We will do everything necessary to ensure your rights are respected in line with Latvian law. If you disagree with how we handle your request or your data, you have the right to contact the Data State Inspectorate.

When We May Refuse a Request

We may decline to fulfil a request if:

  • it is unclear or not understandable;
  • we cannot identify you;
  • we have already replied to an identical or similar request;
  • the amount of requested information is excessive;
  • the request is unfounded (not relevant to us, no explanation given why it should be fulfilled);
  • the law states that we are not allowed to provide this information, or we are obliged to keep specific data.

Changes to this Privacy Policy

Before you use floweskin.com, please take a moment to read our Privacy Policy. When you use the Website, we process your data so we can provide our services — for example, to let you place an order, receive your delivery, or get customer support.

You don’t have to agree to any optional data uses, such as personalised marketing. If you don’t want this, you can change your cookie settings or choose not to give consent for marketing.

We may update our Privacy Policy from time to time. The latest version will always be available on floweskin.com, and that version will apply when you use the Website.

Complaints

If you have any concerns about how we use your personal data, you can send a complaint to: info@floweskin.com.

If you believe that we are processing your personal data unlawfully or inappropriately, you also have the right to submit a complaint to the Data State Inspectorate (Datu valsts inspekcija):
Elijas iela 17, Rīga, LV-1050, Latvia, e-mail: pasts@dvi.gov.lv, Phone: +371 6722313, website: www.dvi.gov.lv