Privacy Policy
I. Name and contact details of the controller and data protection officer
This privacy policy applies to data processing by Farouk Systems Inc. (250 Pennbright Dr, Houston, TX 77090, United States) (hereinafter: “We”, “Us”). We have appointed a data protection officer whom you can contact at the following contact details: Samir Arora, 250 Pennbright Dr, Houston, TX 77090, United States.
II. Collection and processing of personal data and nature and purpose of their usage
We collect and process personal data in order to offer you the Application for the Color Master. The Color Master is a color mixing machine with which you can create individual color mixes for your customers. In addition, you can create profiles for your customers and stylists in order to store relevant information and use it for your business (e.g. hair colors chosen by customers in the past).
In order to be able to offer this Application to you, we collect and process the following personal data in particular:
• Your contact details (name, address, phone number, email)
• Technical data regarding the use of the Color Master (e.g. device information).
The aforementioned data will be processed by us for the following purposes:
• Providing our service for the Color Master
• to evaluate and ensure the system security and stability of the Color Master (including maintenance and support activities), and
• for other administrative and statistical purposes.
The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. The processing is necessary for the performance of the contract between you and us regarding the use of the services associated with the Color Master.
In addition, we collect and process the following personal data of your customers and your stylists on your behalf in accordance with Art. 28 GDPR:
• Contact details of clients and stylists (name, address, telephone number, email).
• Personal data of clients and stylists (gender, date of birth, license number of stylist)
• Photographs of clients and stylists
• Salon location
• Color formula
With regard to the processing of this personal data, you are the controller within the meaning of Art. 4 No. 7 GDPR.
III. Data processing by the App Store Provider
When downloading the Application, certain personal data required for this purpose will be transmitted to the corresponding App Store Provider (e.g. Google Play).
In particular, email, user name, customer number of the downloading account, individual device identification number, payment information and the time of the download will be transmitted to the App Store Provider during the download.
We have no influence on the collection and processing of this data, which is carried out exclusively by the App Store Provider you have selected. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store Provider.
IV. Processors
We use processors for our services with whom we have concluded a data processing agreement in accordance with Article 28 of the GDPR. This concerns Farouk Systems Europe B.V. (De Brand 40 3823 LL, Amersfoort, The Netherlands) and Exonda Salon Tools GmbH (Friedländer Weg 39, 36132 Eiterfeld, Germany) for support and maintenance services as well as Amazon Web Services, Inc. (410 Terry Avenue North, Seattle, WA 98109-5210, U.S.A.) for cloud services.
V. Disclosure of data
Your personal data will not be transmitted or disclosed to third parties for purposes other than the ones mentioned above. Your data will only be disclosed to third parties in case of the following events:
• If you expressly consented to the disclosure pursuant to Art. 6 (1) sentence 1 lit. a GDPR,
• in case the disclosure is required for the establishment, exercise or defence of legal claims or is required for legal representation while there is no indication to assume that you have a prevailing legitimate interest for the non-disclosure of your data,
• in case that the disclosure is necessary for compliance with a legal obligation that the controller is subject to according to Art. 6 (1) sentence 1 lit. c GDPR, or
• if the processing of the data is legally admissible and necessary for the performance of a contract of which you are a contracting party (Art. 6 (1) sentence lit. b GDPR).
VI. Third country transfer
Data processing within the scope of the Application of the Color Master takes place partly in the United States of America. Insofar as the data processing constitutes a third country transfer, this is carried out in accordance with Chapter V of Regulation (EU) 2016/679. For this purpose, we conclude so-called European Union standard contractual clauses with you as the controller. The current version of the standard contractual clauses used by us can be viewed at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers.
VII. Exclusion of automated decision making
Automated decision making in the sense of Art. 22 GDPR does not take place.
VIII. Rights of the data objects
You are entitled to:
• obtain information and details from us as to your processed personal data pursuant to Art. 15 GDPR. In particular, you can request information on the purpose of processing, the categories of personal data concerned, the recipients or the categories of recipients to whom personal data have been or will be disclosed, the envisaged period for which the personal data will be stored. You can request rectification, erasure, restriction of processing of personal data. You have the right to lodge a complaint with a supervisory authority, in case the data has not been sourced from you. You can request to know where your personal data has been collected, if such data has not been collected by us. You can request to know if there is any existence of automated decision making (including profiling) and, in this case, you can request meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing;
• have inaccurate personal data rectified and incomplete personal data completed without undue delay pursuant to Art. 16 GDPR;
• obtain the erasure of personal data stored by us pursuant to Art. 17 GDPR, to the extent that this data is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, reasons of public interest and for the establishment, exercise or defence of legal claims.
• obtain from us restriction of processing pursuant to Art. 18 GDPR in case of the following events: if the accuracy of the personal data is contested by you; further, if the processing is unlawful, but you oppose the erasure of the personal data and you request restriction of their use instead; in case we do not need the personal data for the purpose of processing anymore and you require them for the establishment, exercise or defence of legal claims or in case you have objected to the processing pursuant to Art. 21 GDPR;
• receive the personal data concerning you pursuant to Art. 20 GDPR in a structured, commonly used and machine-readable format or to request the transmission to another controller;
• withdraw your given consent pursuant to Art. 7 (3) GDPR at any time. The withdrawal of consent does not affect the lawfulness of processing based on your consent before its withdrawal, and
• lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. This complaint can in particular be lodged with the supervisory authority in the Member State of your habitual residence, or place of work or competent for the place of our offices.
IX. Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation.
If you wish to exercise your right of objection, an email to [email protected] suffice.
X. Data security
We use appropriate technical and organizational security measures in order to protect your personal data from incidental or intentional manipulations, of partial and complete loss, destruction and unauthorized access. Our security measures are upgraded in accordance with the current and future technological developments.
XI. Actuality and change of this privacy policy
This privacy policy is currently valid and has the status August 2022. From time to time, it may become necessary to change this privacy policy. We will inform you appropriately about any changes.