Privacy Policy

Dizz Fashion (“We”) know that you, the user, care about how information about you is used, shared, and processed, and we appreciate your trust in using our services. This Privacy Policy sets out how we collect and use your data in connection with us, as a customer or a simply a user of website.

This website is not intended for use by persons under eighteen (18) years of age, and by no means do we knowingly collect personal data in relation to children.

Any processing of information gathered as a result of the use of this website by consumers or other persons is governed by the provisions of data protection legislation, in particular Regulation (EU) 2016/679 (General Data Protection Regulation) and the Maltese Data Protection Act (Chapter 440 of the Laws of Malta).

1. Data Controller
2. What is GDPR?
3. What is Personal Data?
4. What are Special Categories of Personal Data?
5. What are Controllers and Processors?
6. Data we collect
7. How we use your information
8. Legal Basis for Processing your Personal Data, how we use it and Retention periods
9. How we store and transmit Personal Data
10. Cookie Policy
11. How we use cookies
12. Types of cookies

• Our cookies

1. Strictly Necessary Cookies
2. Functionality
3. Security
4. Statistics
5. Marketing and Advertising Cookies
6. Third party cookies
7. Controlling and managing cookies
8. Your Rights
9. Transfers to Third Countries
10. Data Security Measures
11. Breach
12. Other Sites
13. Updates to this Policy
14. Contacting US

1. Data Controller

The Data Controller of our website is _______________, whose office is situated at (-).

2. What is GDPR?

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) or “GDPR” is a European regulation intended to protect Personal Data of individuals. We collect various kinds of Personal Data from you and it is thus very important that your Personal Data is managed in terms of this regulation. Personal Data is very important for us and thus we strive to ensure the highest level of its protection.

3. What is Personal Data?

Personal Data is personal information about an individual, like you. We collect such information about our customers for relationship management, statistical reasons and for marketing purposes and also on our employees or potential employees when they apply for a position with us. We may also collect some personal information from other individuals who are not our customers, for marketing purposes, subject to their consent.

Personal Data may also be of a general nature and of a special nature. Generic Personal Data refers to data such as names, surnames, contact details and similar data which can be used to identify a person. Special categories of Personal Data relate to more confidential kind of Personal Data such as health data. Information regarding the different kinds of Personal Data we collect can be found in section 3 of this document.

4. What are Special Categories of Personal Data?

Certain more sensitive kind of Personal Data is defined under law as Special Categories of Personal Data, which relates to:

• Racial or ethnic origin;
• Political opinions;
• Religious or philosophical beliefs;
• Trade union membership;
• Genetic data;
• Biometric data for the purpose of uniquely identifying a natural person;
• Data concerning health;
• Data concerning a natural person’s sex life or sexual orientation

We will not process such Personal Data unless authorized by law. In any case, we will always specify the purpose where such Personal Data shall be used and on what legal basis. We will also only use such Personal Data for the purposes that such Personal Data would be collected and not for any other purposes.

5. What are Controllers and Processors?

When you provide your Personal Data to a third party, you are passing such data to either a controller or a processor.

A Controller of your Personal Data is an individual or a company who has the power to determine the exact uses of the Personal Data you have supplied to him. On the other hand a Processor is a third party who is processing and thus utilising your Personal Data on behalf of a controller.

6. Data we collect:

We collect your personal information in order to be able to improve our products and provide you with a better quality of service.

The following is a list of the information we gather:

• Identity Data; including
• Your name;
• Your surname;
• Your date of birth;
• Your gender;

• Contact Data; including
• Your postal address;
• Your email address;
• Your telephone number;
• Your mobile number;
• Financial information includes bank account and payment card details;
• Any other information you voluntarily provide.

7. How we use your information

We use your information in the following ways:

• to deliver your purchases to you;
• to provide beauty treatments and/or beauty ;
• to send you service messages by email, SMS or otherwise, such as order updates;
• to create and manage your Dizz Fashion account;
• to provide customer care and support, and handle returns;
• for security and to check your identity;
• to provide you with marketing or promotional material (where you have consented for us to do so);
• to show you Dizz Fashion adverts as you browse the web;
• to direct you to the right part of the website;
• to communicate with you.

8. Legal Basis for Processing your Personal Data, how we use it and Retention periods

BROWSING
Description	Legal Basis	Retention Period
When you browse this website, we may collect data through some tracking cookies as explained in the cookie section of this Policy. Otherwise, we do not collect Personal Data unless you voluntarily and knowingly provide it to us, for example by accessing our website from a link in an e-mail that we send to you.	i) Consent, when dealing with non-essential cookies.	Kindly refer to cookie section.
Creating an Account on our website
Description	Legal Basis	Retention Period
When creating an account on the website you would be providing Personal Data which is required to be able to provide you with our services.	i) Consent	2 years of account inactivity or when account is deleted
Registering for a special marketing campaign
Description	Legal Basis	Retention Period
When you register for certain marketing campaigns, you would be providing your Personal Data which we would need to be able to perform such a campaign.	i) Consent
when you place an order
Description	Legal Basis	Retention Period
When you place an order, you would have entered into a contract of sale with us for any of our products. In this regard, we would then be required to process such personal data to be able to carry out the transaction. This data shall be used also in the event of any returns.	i) To fulfil our contractual obligations with you   ii) To comply with laws and regulations   iii) To protect our legitimate interest
signing up for our newsletter or for email promotions
Description	Legal Basis	Retention Period
If you would like to sign up to such promotions, you have the option to do so. This will however require us to process some of your Personal Data to be able to send you specific material.	i) Consent
registering of our loyalty scheme
Description	Legal Basis	Retention Period
When you register to our Loyalty Scheme, we shall be collecting Personal Data to be able to manage the loyalty scheme, the points allocated their in and any marketing provided, through the loyalty scheme itself.	i) Consent: You would be consenting to set-up to the loyalty scheme.   ii) Legitimate Interest: After subscribing to the loyalty scheme, we would send you marketing information specific to your choices and preferences. In this regard, such information is being sent to you on the legal basis of your own interest in receiving such data. In addition, should you unsubscribe from the loyalty scheme, we may need to keep some personal data for a set period of time to protect our legitimate interest.
signing up for surveys
Description	Legal Basis	Retention Period
Should you sign up for any surveys, we shall process your Personal Data as advised when collecting the survey data.	i) Consent
contacting our customer care team
Description	Legal Basis	Retention Period
Should you contact our customer care, we shall collect some Personal Data to be able to process your request.	i) To protect our legitimate interest

Should in any event, we are required to keep your Personal Data for any longer period as allowed by law, your Personal Data shall be kept secure and shall be deleted when we are allowed by law to delete such Personal Data.

9. How we store and transmit Personal Data

In addition to the required information sharing described above, we use the services of third party agents, such as e-mail service providers and mail houses for the purpose of mailing materials to our clients. These parties are contractually prohibited from using Personal Data for any purpose other than for the purpose specified in their respective contracts. We do provide non-personally identifiable information to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Personal Data to third parties for any use unrelated to our operations or use of Personal Data by third party for their own purposes.

Below is a list and description of the kinds of services providers to whom we provide your Personal Data.

IT Security	Service providers who help us in ensuring that your data remains secure
IT Backups	Service providers who assist us in relation to backups for business continuity purposes so that your data is not lost
Banking establishment and other financial institutions	Processing of data would relate to offering services in relation to assistance with banking matters.
Marketing	Service providers who assist us in relation to marketing and website
Storage	Service providers who assist us in storing and archiving data

10. Cookie Policy

Our website only uses “cookie” technology as a tracking tool. Cookies do not retain registered guests’ information provided during the online reservations. Cookies identify your browser, rather than you and cannot be used by themselves to disclose your individual identity. Cookies enable us to track the number of page visits from the same computer or browser to be aggregated for statistical purposes.

Cookies do not corrupt or damage your computer, programs, or computer files.

The purpose for which cookies — other than those which are either exclusively intended to enable or facilitate communication by electronic means or strictly necessary for the provision of an online communication service at your express request — are used on our website is set forth in a banner appearing the first time you land on such website.

Types of Cookies

The below are different kinds of cookies including their functions that you may find on different websites.

Type of Cookies	Use of Cookies
Strictly Necessary	These cookies are essential for the proper functioning of the website and without these, the websites would not work properly.
Functionality	These cookies store specific functional data such as account name, details, location and other similar information.
Security	These cookies are used to enhance the security of the website and detect security threats.
Statistics	These cookies are used to gather statistical data about the users on the website, their activities and their preferences. Other information that may be gathered includes, website pages visited, duration of visit, what was clicked on and other similar information.
Marketing & Advertising	These cookies are used in relation to adverts on websites to properly detect and analyse the effectiveness of these ads. Information collected would include clicks on the ads, number of times the adds have been displayed, number of unique visitors and similar information. Such adds may also be used to build user profiles to gather individual preferences.
Third Party	These cookies would be generated through third parties when the website would be using third party applications. Examples would be social media pages which would have integrated functions on websites. Such activities would generate third party cookies.

How we use cookies

We use our cookies as follows:

1. To log in into your account;
2. To assist you in presenting proper site content which is relevant to your experience;

• Assist us to monitor site performance;

1. To save user input when required to insert certain data on our website pages;
2. For authentication purposes;
3. For the use and to enable the playing of multimedia files;

• For statistical purposes;
• Social Media and other third-party integration.

Our Cookies

The below is a list of cookies originating from our domain.

Strictly Necessary Cookies

Cookie Name	Use	Where	Provider	Expiry

Functionality

Cookie Name	Use	Where	Provider	Expiry

Security

Cookie Name	Use	Where	Provider	Expiry

Statistics

Cookie Name	Use	Where	Provider	Expiry

Marketing and Advertising Cookies

Cookie Name	Use	Where	Provider	Expiry

Third Party Cookies

The below is a list of cookies originating from a third party:

Cookie Name	Use	Where	Provider	Expiry

Controlling and Managing Cookies

You may set your browser to block Cookies, although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on our website. Should you wish to change your content settings in relation to cookies, this can be done by following the below links. In this regard, modern browsers provide measures to control cookie features, such as length of time saved. Kindly note however that certain functions on our website may not function properly if you disable cookies.

The below are the most popular browsers. Kindly follow the links to manage your cookies.

1. Chrome à
2. Safari à 
3. Internet Explorer à 
4. Firefox à 
5. Opera à 

You may set your browser to block Cookies, although doing so will affect your ability to perform certain transactions, use certain functionality, and access certain content on our website.

11. Your Rights

You have certain rights under law to your Personal Data.

• You have the right to access your data. You have the right to ask for a copy of your Personal Data.

• You have the right of rectification of incorrect data. If any data we have is incorrect, you have a right to ask for correction of such data.

• You have the right to be forgotten and that your data is erased after the passage of time. You may file a request, so that any data that we have on you is deleted. As stated above, due to legal requirements, your data will be held by us for the periods stated in the data retention section and then deleted.

• You have the right to restriction of procession. This can be done in the following cases:
  1. Where you are contesting the accuracy of the data, while such a claim is being checked;
  2. If we process your data unlawfully
• If we no longer need your data but are keeping the data because we need it for a legal claim;

Kindly note however the if you exercise this right, it will hinder our ability to provide you with the required services, since we may need your Personal Data to be able to provide you with our services.

• You have the right to data portability. Your data may be requested in a machine-readable format and you may also request that your data is transferred directly to another person or service provider directly.
• You may object to the processing of your data. You may at any time inform us that you are objecting to the use of your data for direct marketing and after which we shall stop using your data for such purposes.
• If you have provided consent for the processing of your data you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

In making your request in relation to the above, please not that:

• We will analyse your request and provide you with a reply within 1 month, except in extreme situations as allowed under law. In such a case we will provide information as to why your request was not acceded to within the 1 month period.
• We have the right to refuse your request, if your request is not justified. In this case we shall inform you as to the reasons of why your request was refused.
• We have the right to charge a fee or refuse your request in extreme situations where your requests are manifestly repetitive or excessive.
• When you are making a request, we may request documentation to identify the person making the request.

You have the right to lodge a complaint to the data protection authority of your habitual residence if you believe that we have not complied with the requirements of the law.

In order to protect your Personal Data, we will require that you prove your identity to us in relation to your request to access your Personal Data, which may consist of a copy of a government-issued identification, your signature and correspondence address so we can check them against our records and satisfy ourselves as to your identity. The above information is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Personal Data.

12. Transfers to Third Countries

We shall strive to send your data only to other EU countries or other countries which ensure proper protection for your data. When transferring your data to countries which are not deemed as such, proper measures in terms of the law shall be applied to ensure the protection of your Personal Data. In cases where such measures cannot be achieved, Personal Data shall only be sent to these countries if necessary, to perform our services and also subject to your prior consent. Some of the recipients referred to above are located in or process Personal Data outside of your country. The level of data protection in another country may not be equivalent to that in your country. However, we only transfer your Personal Data to countries where the EU Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients provide an adequate level of data protection. We do this for example by entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EC -Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of Personal Data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council and/or 2004/915/EC- Commission Decision of 27 December 2004 amending Decision 2001/497/EC as regards the introduction of an alternative set of standard contractual clauses for the transfer of Personal Data to third countries).

13. Data Security Measures

We shall take all the necessary measures as required by law to ensure proper security and protection to your Personal Data. Such measures may include encryption, use of firewalls, anti-virus software and specialized security software, access restrictions and limitations, strict enforcement of policies and any other measures that we may enforce from time to time. Our measures shall strive to ensure that:

• There is no unlawful destruction of your Personal Data;
• That your Personal Data is not subject to unauthorized access;
• That your Personal Data is not subject to unauthorized disclosure;
• That your Personal Data is not subject to unauthorized modifications.

Despite our best efforts however, we cannot provide a 100% guarantee in relation to our system security.

14. Breach

In the event of a Data Breach following your Personal Data, we shall always abide by the law and inform you and the competent authorities as required.

15. Other Sites

Our website contains hyperlinks to websites operated by other companies or businesses which are not related to us in any way. These websites are managed by companies who have their own data protection policies and procedures in place on which we have no control over. Therefore, we are not be responsible for the way the owners of these websites process your Personal Data.

16. Updates to this Policy

This data privacy statement was last updated on the _________ in line with the last EU legislation to meet the GDPR requirements. In the future, we may need to make additional changes. All additional changes will be included in the latest data privacy statement published on this website, so that you will always understand our current practices with respect to the information we gather, how we might use that information and disclosures of that information to third parties. You can tell when this privacy statement was last updated by looking at the date at the top of the statement. Any changes to our statement will become effective upon posting of the revised statement on this site. We will seek your express consent to any changes to how we use or disclose your Personal Data if requested by law but otherwise use of this site or our services following such changes constitutes your acceptance of the revised statement then in effect. 

17. Contacting Us

If you wish to make any inquiry regarding your personal data, wish to have any of your data corrected or request access to your personal data, you may contact us on the below details. Please note that we may charge a fee or refuse requests which are manifestly repetitive or excessive.

Any request must be in writing and must also include your name, address and a description of the information or correction required. We may also ask for other identification documentation. Such information is essential so that we can identify you properly.

Email: [email protected]

Telephone number: (+356) 2122 5589

Address: Dizz Buildings, 5, Carob street, Santa Venera