Free delivery in Lithuania starting at 20€*

  1. WHAT IS THE PRIVACY POLICY?

1.1. This privacy policy (hereinafter referred to as the Privacy Policy) sets out the terms of privacy regarding the use of the website www.dearroots.com (hereinafter referred to as the Website), particularly concerning the processing of personal data performed by us and the personal data processing rules of our Company (hereinafter referred to as the Rules).

1.2. Please read this Privacy Policy carefully to understand the practices we apply when processing your personal data. By reading this document, you will learn how we process your personal data, where we obtain it, and what rights you have as a data subject.

1.3. If you use the Website, purchase our services, or are otherwise involved in the activities conducted by our Company, it means you have read and agreed to this Privacy Policy and the purposes, methods, and procedures of personal data processing described herein. If you do not agree with the Privacy Policy or any of its terms, unfortunately, we will not be able to sell you all or any of the Company’s goods or services, collaborate with you on business or other matters, and you will not be entitled to use the Website.

1.4. In this Privacy Policy, the term “personal data” refers to any information by which you can be identified—directly or indirectly determined to be you. Personal data includes surname, name, date of birth, postal or email address, location data, internet identifiers, specific characteristics about you, and more.

1.5. The provisions of this Privacy Policy apply to our clients who have purchased, are purchasing, or intend to purchase the goods we sell or the services we provide; business partners (including their employees); individuals who contact us with requests or demands, either directly or via remote communication methods (phone, email, social media accounts, etc.). The Privacy Policy applies to everyone visiting the Website, regardless of whether you are our client, as well as to the actions you may perform on the Website. The Privacy Policy also includes information about the processing of personal data of all other individuals as part of our operations and when entering into and executing agreements.

2. WHO ARE WE?

2.1. We are Kosmetikos laboratorija, MB, legal entity code 304452130, registered office address: Gamyklų g. 9, LT-68108 Marijampolė, website www.dearroots.com (hereinafter referred to as the Company and/or the Data Controller).

3. WHAT PRINCIPLES DO WE FOLLOW?

3.1. When processing your personal data, we:

3.1.1. Comply with applicable legal requirements, including those of the GDPR;

3.1.2. Process your personal data in a lawful, fair, and transparent manner;

3.1.3. Collect your personal data for specified, clearly defined, and legitimate purposes and not process it further in a way incompatible with those purposes, except as allowed by legal provisions;

3.1.4. Take all reasonable measures to ensure that inaccurate or incomplete personal data is rectified, supplemented, processing is suspended, or the data is destroyed without delay, considering the purposes for which it is processed;

3.1.5. Store it in a form that allows your identity to be determined no longer than necessary for the purposes for which personal data is processed;

3.1.6. Do not share or disclose personal data to third parties, except in cases outlined in the Privacy Policy, the Rules, or as required by law;

3.1.7. Ensure that your personal data is processed in a manner that, through appropriate technical or organizational measures, guarantees adequate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

4. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

4.1. We process your personal data for the following purposes:

4.1.1. For the purpose of concluding, executing (product delivery), and accounting for the sale-purchase agreements of cosmetic products: the Client’s name, surname, phone number, email address, and delivery address of cosmetic products.

The Company may additionally process the following data of employees of legal entities (the Company’s business partners): work phone number, work email address, workplace address, job title, authorization (representation) data, workplace name, correspondence conducted with the Company on behalf of or in the interests of the business partner, or other data provided during the conclusion or execution of an agreement with the Company (e.g., document signing, order confirmations, etc.) or on other grounds related to business relations.

Personal data is stored for the duration of the agreement and/or collaboration and for 10 (ten) years after the end of the agreement and/or collaboration unless a different personal data retention period is prescribed by the laws of the Republic of Lithuania.

For this purpose, we obtain your personal data from you, business partners, and third parties.

4.1.2. For the purpose of submitting and preparing responses to inquiries and resolving potential or existing disputes with data subjects. When you contact us (or we contact you after receiving your inquiry), we process the information of the communication conducted via phone, email, the Website, or other methods.

For this purpose, we process the following personal data: name, surname, email address, phone number, the content of the complaint and/or inquiry, phone number, date and time of contact, and communication details.

For this purpose, we obtain your personal data from you and may create personal data ourselves while handling the inquiry or analyzing the complaint (e.g., by contacting third parties for factual information and recording it, etc.).

For this purpose, your data is stored for 3 years from the date of recording unless there is reason to believe that a crime or other unlawful actions have been recorded or an internal investigation has been initiated, in which case it will be retained until the investigation and/or case review is concluded.

4.1.3. For the purpose of submitting inquiries about collaboration agreements and becoming an ambassador for “Dear Roots” cosmetic products. When you contact us (or we contact you after receiving your inquiry), we process the information of the communication conducted via phone, email, the Website, or other methods.

For this purpose, we process the following personal data: name, surname, email address, phone number, the city where you work, the address where beauty services are provided, job description, date and time of contact, communication details, and the content of the desired comment to be published.

For this purpose, we obtain your personal data from you while handling the inquiry.

For this purpose, your data is stored for 3 years from the date of recording unless there is reason to believe that a crime or other unlawful actions have been recorded or an internal investigation has been initiated, in which case it will be retained until the investigation and/or case review is concluded.

4.1.4. For the purpose of creating accounts and using the loyalty program. For this purpose, we process your username, password, email address, and date of birth.

For this purpose, we obtain your personal data from you.

Please note that when you log into your account, cookies are stored on your device to save your login information and screen settings. Login cookies are retained for 2 (two) days, while screen settings cookies are retained for 1 (one) year. However, if you select “Remember Me,” your login information will be stored for 2 (two) weeks. Login cookies will be deleted immediately when you log out of your account.

4.1.5. For the purpose of direct marketing. For this purpose, we may process your name, surname, email address, and contact information of clients (legal entities), business partner representatives (employees), or other contact persons: work phone number, work email address, workplace address, and job title.

For this purpose, we obtain your personal data from you.

For this purpose, your data is retained during the validity of your consent and for 5 (five) years from the date of consent withdrawal.

Consent can be withdrawn at any time.

4.1.6. For the purpose of debt administration. For this purpose, we process your name, surname, residential address, payment information, debt basis and amount, phone number, and email address.

For this purpose, we obtain your personal data directly from you, from publicly available sources (e.g., the Population Register, data provided by third parties, etc.), and from third parties.

For this purpose, your data may be provided or transferred to (1) law enforcement authorities and/or (2) entities providing debt collection services.

For this purpose, your data is retained until the end of debt administration (debt repayment) and in accordance with the statute of limitations set by the Civil Code of the Republic of Lithuania, which is 10 years.

5. HOW DO WE COLLECT AND PROCESS YOUR PERSONAL DATA?

5.1. We process your personal data obtained in the following ways:

5.1.1. When you provide it to us.

5.1.2. When you use the Website operated by us, certain information (e.g., IP address, etc.) is collected automatically.

5.1.3. When we receive your personal data from other persons in accordance with legal regulations and/or the terms outlined in this Privacy Policy.

5.2. You provide us with your personal data and other information when using the Website, writing to us, communicating with our customer service team, submitting inquiries and/or complaints about the Website, our services, or products, or when subscribing to our newsletter. When you contact us in writing or by email, we retain the correspondence data.

5.3. The information you provide may include your or your representative’s name and surname, email address, phone number, message content (e.g., when registering for a consultation), and other data.

5.4. When you use the Website, certain non-personal information (e.g., the type of internet browser used, the number of visits, pages viewed on the Website, time spent on the Website, etc.) is collected automatically. This information is used to improve the content, functionality, and attractiveness of the Website.

5.5. We may combine the personal data received from you with data collected from other public and/or available sources (e.g., the personal data you provide may be combined with data collected through Website cookies or lawfully obtained from third parties, etc.).

5.6. You always have the right to request the correction of inaccurate personal data and to exercise other rights as a data subject, as described in this Privacy Policy and applicable legal regulations.

6. DO WE USE YOUR PERSONAL DATA FOR DIRECT MARKETING?

6.1. Yes, we may use your personal data for direct marketing purposes to offer you information and proposals about our services that we believe might interest you. However, we will only use your personal data for this purpose if you have given your explicit consent.

6.2. For this purpose, we process the following personal data: name, surname, phone number, email address, and contact details of clients (legal entities), representatives of business partners (employees), or other contact persons: work phone number, work email address, workplace address, and job title.

6.3. You can choose whether to allow us to use your personal data for direct marketing purposes. You can do this by providing your consent.

6.4. By granting us permission to process your data for direct marketing purposes, you also allow us to contact you via communication channels (e.g., email) or other communication tools (e.g., social media accounts).

6.5. We may combine the information we have about you with information from third parties to provide you with tailored proposals.

6.6. If you consent to the use of your personal data for direct marketing purposes, we may use your data to analyze and improve the effectiveness of our websites, advertising, and market research, as well as for other marketing and sales purposes of the Company. In such cases, we will use anonymized data.

6.7. Even if you have given consent to process your personal data for direct marketing purposes, you can easily withdraw this consent at any time, either fully or partially. You can do this in the following ways:

6.7.1. Notify us by following the instructions provided in the electronic messages and/or offers you receive (e.g., clicking the “unsubscribe” link in the newsletter, etc.); or

6.7.2. Visit us in person and submit a corresponding request. The request must clearly indicate your name and surname. If you choose to withdraw your consent this way, we may ask for identification documents to verify your identity; or

6.7.3. Send us a request by email to pagalba@dearroots.com. The request must clearly state your name, surname, and other registration details (if applicable). If you choose to withdraw your consent this way, we may ask for identification documents to verify your identity.

6.8. Your personal data processing for direct marketing purposes will be terminated no later than 3 days after we receive your request.

6.9. The withdrawal of consent does not automatically obligate us to delete your personal data or provide you with information about your personal data processed by us. To request these actions, you must specify this separately.

7. TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?

7.1. We guarantee that your personal data will not be sold, disclosed, or otherwise transferred to third parties without a legitimate basis, nor used for purposes other than those for which the data was originally collected. We will only disclose your personal data as outlined in this Privacy Policy and in accordance with legal regulations. However, we reserve the right to provide information about you if we are legally required to do so or if it is requested by lawfully operating authorities or criminal prosecution institutions.

7.2. We may disclose the personal data we collect about you to the following third parties:

7.2.1. Third-party service providers (e.g., technical service providers for the execution of our agreements with these providers, including services for sending newsletters or conducting other marketing activities).

7.2.2. Third-party service providers whose services we typically use for data storage, telecommunications, and website hosting purposes.

7.3. The ability of the above-mentioned service providers to use your data is restricted—they are not allowed to use this data for any purpose other than providing services to us.

8. HOW DO WE PROTECT YOUR PERSONAL DATA?

8.1. The data we collect from you will be stored within the EU but may also be transferred to or stored outside the EU. It may also be processed by our staff or the staff of our suppliers working outside the EU. When transferring your data outside the EU, we will take all necessary steps to ensure that your data is processed securely and in compliance with this Privacy Policy.

8.2. Unfortunately, the transmission of information over the internet is not entirely secure. While we strive to protect your personal data, we cannot guarantee the security of your data when transmitted to the Website—you assume the risk associated with data transmission to the Website. Once we receive your data, we will apply strict procedures and security measures to protect your data from unauthorized access.

8.3. In the unlikely event that we become aware of a security breach involving your personal data that could pose a significant threat to your rights or freedoms, we will promptly inform you as soon as we learn about and identify which information was accessed.

10. WHAT RIGHTS DO YOU HAVE?

10.1. In processing personal data, we ensure your rights under the GDPR and the Law on Legal Protection of Personal Data of the Republic of Lithuania. As a data subject, you have the following rights:

10.1.1. To know (be informed) about the processing of your personal data;
10.1.2. To access your personal data that we process;
10.1.3. To request the correction, supplementation, or clarification of inaccurate, incorrect, or incomplete personal data;
10.1.4. To request the deletion of personal data when it is no longer needed for the purposes for which it was collected;
10.1.5. To request the deletion of personal data if it is processed unlawfully, or if you withdraw your consent for data processing and no other legal basis exists;
10.1.6. To object to the processing of personal data or withdraw previously given consent;
10.1.7. To request the suspension (except for storage) of personal data processing actions in the event of disputes or verification of the lawfulness of processing or data accuracy, as well as when the data is no longer needed by us, but you do not wish for it to be destroyed;
10.1.8. To request that your personal data collected based on consent or for the performance of a contract be provided in a readable format or transferred to another data controller, where technically feasible.

10.2. We will make every effort to guarantee and facilitate the effective exercise of your rights as a data subject. However, we reserve the right not to fulfill your requests in the following circumstances:

10.2.1. To comply with legal obligations imposed on us;
10.2.2. To ensure state security or defense;
10.2.3. To maintain public order, prevent, investigate, or prosecute criminal offenses;
10.2.4. To protect significant state economic or financial interests;
10.2.5. To prevent, investigate, or detect violations of professional or workplace ethics;
10.2.6. To protect your rights and freedoms or those of others.

10.3. Requests related to the exercise of your rights may be submitted to us in person, by mail, or electronically. Upon receiving your request, we may ask for identity verification documents and any additional information required to process the request.

10.4. We will respond to your request no later than 30 calendar days from the date of its receipt and the submission of all documents necessary to provide a response.

10.5. If necessary, we will suspend the processing of your data, except for storage, until your request is resolved. If you lawfully withdraw your consent, we will immediately, but no later than within 30 calendar days, terminate the processing of your personal data, except in cases specified by this Privacy Policy and applicable laws, i.e., when we are obligated to continue processing your data due to legal regulations, legal obligations, court rulings, or mandatory instructions from authorities.

10.6. If we refuse to comply with your request, we will clearly indicate the reason for such refusal.

10.7. If you disagree with our actions or response to your request, you may appeal our actions and decisions to the competent national authority.

11. WHERE CAN YOU FILE A COMPLAINT?

11.1. If you wish to file a complaint regarding our data processing, please submit it in writing, providing as much information as possible, using the contact details provided at the end of this Privacy Policy. We will work with you to address and resolve any concerns promptly.

11.2. If you believe that your rights under the GDPR or other applicable personal data protection laws have been violated, you may file a complaint with our supervisory authority—the State Data Protection Inspectorate of the Republic of Lithuania. More information and contact details can be found on the Inspectorate’s website (https://vdai.lrv.lt/). However, we aim to resolve any disputes with you directly first.

12. HOW WILL THIS PRIVACY POLICY BE AMENDED?

12.1. Any changes to this Privacy Policy will be published on our Websites. In the event of significant changes and/or necessity, we will inform you about them. New terms of the Privacy Policy may also be presented on the Websites, and you may need to read and accept them to continue using the Website and/or our services, purchase goods, or access provided services.

13. COOKIES

13.1. The Website uses Cookieyes cookies.

13.2. We use third-party software, such as “Google Analytics,” to collect statistical data on the Website. This software places cookies on your device. The collected information is anonymous and does not allow identifying which specific visitor performed certain actions on the Website. This information helps us improve the Website’s functionality by analyzing visitor browsing habits and monitoring our performance. For more details about “Google Analytics” cookies and data storage, see: Google Privacy & Terms.

13.3. When using “Google Analytics,” we have configured the service to anonymize your IP address before it is saved or processed by the Analytics Collection Network. For more details, see: Google Support.

13.4. If you wish to opt-out of “Google Analytics” tracking on all websites, visit Google Analytics Opt-Out.

14. CONTACT INFORMATION

For any privacy-related inquiries, you can contact us at:

Email: help@dearroots.com

Postal address: Kosmetikos laboratorija, MB, Gamyklu g. 9, LT-68108 Marijampole, Lithuania, EU.