GDPR Privacy Statement

Privacy statement

This statement was created for the purpose of informing website users about the methods of collecting and processing personal data at and informing users about the way in which we take care of their privacy.

Please read this Statement carefully to learn how we collect, process, protect or otherwise use your personal information.


Data collection

Personal data is any data relating to an individual whose identity is known or can be identified. An identifiable individual is a person who can be identified directly or indirectly, in particular by means of identifiers such as name, identification number, location data, online identifier or by one or more factors specific to physical, physiological, genetic, mental, economic cultural or the social identity of that individual.

We collect your personal data only when you voluntarily provide it to us. We collect data about you when you fill out the registration form or when you sign up for the newsletter.

You should be aware that non-personal information and data may be collected automatically through our Internet servers or through the use of cookies. 

Examples of information about your use of the site include: the most visited and most viewed subpages and links on our website, the number of completed forms, time spent on the page, the most popular keywords that lead users to our site, your IP address, information collected through cookies, information about your device such as hardware settings, system activity, browser type, etc.

Data processing

We use the data obtained about you for one or more of the following purposes:

- to respond to the request or requests,
- to process your offer,
- to fulfill our obligations from the contractual relationship with you through our web store or physical store.
- enable submission of complaints and return of goods
- enable replacement of goods under warranty
- enable different payment methods
- enable booking and collection of goods

Depending on the purpose, we may collect and process your following data:

- name and surname
- address
- Email address
- telephone number
- bank details (account number, IBAN, bank) 

  • Your collected data will be available to the employees of COSMETIC BEAUTY LIMITED as well as to other persons if this is necessary for the purpose for which the data was collected. If you are interested in who can have access to your personal data, continue reading this text.
  • name and surname, delivery address and phone number, which we received from you with the order confirmation, we deliver to our logistics partner (General Logistics Systems Croatia doo and DHL International doo), and since this is the only way to deliver the requested package to your home address. Business partners are authorized to use this data exclusively for the purpose of contacting when delivering packages.
Recipient of personal data:
Within legally permitted limits and depending on the type of processing, we may share your data with the following categories of data recipients:
- storage services -> GLS, DHL, HP
- software storage -> Shopify.
- payment service providers and banks> CorvusPay - CorvusInfo doo, Zagrebačka banka dd,
- we require the aforementioned business partners to always comply with applicable laws, prescribed rules for the protection of personal data, and to take care of the confidentiality of personal data received by our users.
- then stop third parties in the following way:
- if necessary for the protection of COSMETIC BEAUTY LIMITED
- compliance with the law, at the request of public authorities, court decisions, court proceedings, obligations to report and inform competent authorities, etc.
- checking or controlling compliance with rules and contracts COSMETIC BEAUTY LIMITED
- protection of the rights, property or security of COSMETIC BEAUTY LIMITED or its clients
- in connection with corporate transactions: in the context of the transfer or sale of all or part of the business or in some other way in connection with mergers, acquisitions, changes of control, reorganization or liquidation of all or part of COSMETIC BEAUTY LIMITED business


Protect your data

To protect the personal information you submit through this website, we use physical, technical and organizational security measures. We are constantly upgrading and testing our security technology. We limit access to your personal data only to those employees who need this data in order to be able to provide you with our services or certain benefits. In addition, we educate our employees about the importance of data confidentiality and privacy and the protection of your data. 

We keep and protect your personal data for the duration of your business relationship with us. Lalotre web shop stores your personal data until the purpose of the processing is achieved, i.e. until the moment when your registration is active. After deactivation of your registration (unsubscribing from your WEB shop profile, unsubscribing from the newsletter or request to delete the profile by sending a request to the e-mail address, COSMETIC BEAUTY LIMITED will delete the data immediately and without delay, except in case of outstanding debt or appeal in progress, where we will wait until you are not harmed, and then we will delete the profile.Individual


If you want to know whether we own and process your personal data or if you want to access the personal data we hold about you, please contact us at

You can also request information on: purpose of data processing, categories of personal data that are processed; who else outside of our company received your personal data from us; what is the source of the personal data (if you have not provided it to us directly); and how long we will keep the data. You have the right to correct the personal data we hold if it is incorrect. You can also, with certain exceptions, request that we delete your data or stop processing it. You can request that we stop using your personal information for direct marketing purposes. In many countries, you have the right to lodge a complaint with a data protection authority if you are not satisfied with the way we handle your personal data. If technically feasible, we will send you your personal data based on your request or transfer it directly to another controller.

If you submit a request to us to send your personal data to , we will comply with that request free of charge. If we are unable to comply with your request within a reasonable time, we will notify you of the date on which we will comply with your request. If for some reason we are unable to fulfill your request, we will send you an explanation as to why we did not fulfill your request.

Notification of personal data breach

In the event of a personal data breach, we will notify you and the competent supervisory authority by e-mail within 72 hours of the extent of the breach, the data involved, the possible impact on our services and our planned data protection measures and limiting any adverse effects on individuals.

We will not send you a breach notification if:

  • if there are technical and organizational protection measures (such as encryption) that have been applied to the personal data affected by the personal data breach, and which make the data unintelligible to any person who is not authorized to access it;
  • if we have taken follow-up measures to ensure that there is no longer a significant risk to the rights and freedoms of individuals;
  • if this would require a disproportionate effort (in which case we will notify you via the media or similar equally effective measures).

Personal data breach means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored and processed in connection with the provision of our services.

Your consent

By using this website, you agree to this privacy policy.

Changes to our privacy policy

In the event that our privacy policy changes, we will notify you on this page and update the privacy policy change date below as follows.

This privacy policy was last modified on January 1, 2023.

The right to appeal to competent authorities

At any time, you can submit a complaint to a supervisory authority regarding our collection and processing of your personal data. In the Republic of Croatia, you can submit a complaint to the Agency for the Protection of Personal Data (AZOP)