EN▾
0
Ship to:
▾
English ▾
Language
We use cookies – small text files temporarily placed on the device, and similar technologies in order to support your preferences and analyze the operation of our products. Details
By continuing to use the site, you agree to the use of cookies.
By continuing to use the site, you agree to the use of cookies.
Privacy & Cookie Policy
At iColor, privacy is not a checkbox — it is a commitment.
We collect only the data we need, store it within the EU, and process it strictly in line with the GDPR. Your orders, your training and your professional growth with us are built on clarity, control and respect for your personal data.
1. GDPR & EU-based
4. Cookies & tracking tools
5. Your GDPR rights
2. What data we collect
3. Why we use your data
We process personal data strictly under GDPR and store it on infrastructure and services located in the EU/EEA wherever possible.
We use cookies and tools like Google Analytics, Meta Pixel, Google Ads, TikTok, Pinterest, Hotjar; analytics/marketing cookies are set only with your consent.
We collect only what we need: account & order data, contact and support messages, course access data, newsletter preferences, plus technical data via cookies.
You can access, correct, delete, restrict or object to processing, withdraw consent and contact the DPO or authority if needed.
We use your data to process orders, provide course access, support you, send optional marketing (with consent/opt-out) and improve our website with analytics.
Privacy & Cookie Policy
This Privacy & Cookie Policy explains how SIA iColor (“iColor”, “we”, “us”, “our”) collects, uses, stores and protects your personal data when you use https://eu.icolorpmu.com (the “Website”), purchase our products or courses, subscribe to our communications or otherwise interact with us.
We process your personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
By using the Website or providing us with your personal data, you acknowledge that you have read and understood this Policy.
If you do not agree, please do not use the Website and do not provide your personal data.
We process your personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
By using the Website or providing us with your personal data, you acknowledge that you have read and understood this Policy.
If you do not agree, please do not use the Website and do not provide your personal data.
1. Data Controller and Contact Details
The data controller responsible for processing your personal data is:
SIA iColor
Palasta 5–1, Rīga, LV-1050, Latvia
VAT ID: LV40103470230
Phone: +371 29187350
E-mail: eu@icolorpmu.com
Data Protection Officer (DPO):
Name: Jevgenijs Miscenuks
E-mail: em@icolorpmu.com
If you have any questions about this Policy or our processing of your personal data, you can contact us or our DPO using the details above.
SIA iColor
Palasta 5–1, Rīga, LV-1050, Latvia
VAT ID: LV40103470230
Phone: +371 29187350
E-mail: eu@icolorpmu.com
Data Protection Officer (DPO):
Name: Jevgenijs Miscenuks
E-mail: em@icolorpmu.com
If you have any questions about this Policy or our processing of your personal data, you can contact us or our DPO using the details above.
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
2.1. Data you provide directly
2.2. Data collected automatically (cookies & analytics)
When you visit and use the Website, we may automatically collect:
2.3. Data from third parties
We may receive certain data from:
2.1. Data you provide directly
- Account and order data
- name and surname
- billing and shipping address
- country of residence
- e-mail address
- phone number / WhatsApp
- company details (if you purchase as a business)
- order history, invoices, payment status
- Course and training data
- selected courses, access status and progress
- participation in webinars or offline practice
- information about your professional level (beginner/experienced, years of experience, equipment and materials you use), if you choose to provide it
- Communication data
- e-mails and messages you send to us
- messages via contact forms or messengers (WhatsApp, Telegram)
- feedback, reviews, survey responses
- Marketing preferences
- newsletter subscriptions and opt-ins
- topics you are interested in (e.g. lips, eyes, brows, basic courses, advanced courses)
- language preferences
- User-generated content
- photos of your work or other materials you voluntarily share with us, for example in feedback, case submissions or contests.
2.2. Data collected automatically (cookies & analytics)
When you visit and use the Website, we may automatically collect:
- IP address
- device and browser type, operating system
- date and time of visit
- pages visited, actions on the site, clicks, scrolls
- referring URL (the page you came from)
2.3. Data from third parties
We may receive certain data from:
- payment providers (e.g. confirmation of payment, limited payment details – no full card numbers),
- delivery / logistics partners (e.g. delivery status),
- social media / advertising platforms (e.g. aggregated information about campaign performance),
- our e-mail sending system (e.g. open and click rates for newsletters).
3. Purposes and Legal Bases of Processing
We process your personal data only when we have a valid legal basis under the GDPR.
3.1. To process and deliver your orders
3.2. To provide access to Courses and digital content
3.3. To respond to your inquiries and provide support
3.4. To send service and administrative messages
3.5. To send marketing communications
3.6. To analyse and improve our Website and services
Legal basis:
3.7. To prevent fraud and ensure security
3.1. To process and deliver your orders
- processing and confirming orders
- handling payment and invoicing
- arranging shipping and delivery
- customer service related to your order
- performance of a contract (Art. 6(1)(b) GDPR)
- compliance with legal obligations (e.g. accounting and tax laws) (Art. 6(1)(c) GDPR)
3.2. To provide access to Courses and digital content
- creating and managing your training account
- providing access to video lessons and learning materials (via bunny.net and our platform)
- communicating about your course, progress and certificates (if applicable)
- performance of a contract (Art. 6(1)(b) GDPR)
3.3. To respond to your inquiries and provide support
- answering questions sent via e-mail, contact forms, WhatsApp, Telegram
- helping you choose products or courses
- handling complaints and requests
- performance of a contract or steps at your request before entering into a contract (Art. 6(1)(b) GDPR)
- our legitimate interest in providing good customer service (Art. 6(1)(f) GDPR)
3.4. To send service and administrative messages
- order confirmations, shipping updates, invoices
- important information about your account or course access
- notices about changes to our terms or this Policy
- performance of a contract (Art. 6(1)(b) GDPR)
- compliance with legal obligations (Art. 6(1)(c) GDPR)
3.5. To send marketing communications
- newsletters with news, promotions, product launches, course announcements
- educational content and tips related to permanent makeup
- invitations to webinars or events
- your consent (Art. 6(1)(a) GDPR) where required (e.g. for new subscribers), and/or
- our legitimate interest in promoting our products and services to existing customers (Art. 6(1)(f) GDPR) where such marketing is permitted by law.
3.6. To analyse and improve our Website and services
- understanding how visitors use the Website
- measuring the performance of pages, campaigns and content
- improving UX, product assortment and course offering
Legal basis:
- our legitimate interest in improving our business and services (Art. 6(1)(f) GDPR) for strictly necessary analytics and statistics, and
- your consent (Art. 6(1)(a) GDPR) for non-essential analytics and marketing cookies.
3.7. To prevent fraud and ensure security
- protecting our Website and systems against misuse
- detecting and preventing fraudulent transactions
- enforcing our Terms & Conditions and protecting our rights
- our legitimate interest in protecting our business and customers (Art. 6(1)(f) GDPR)
4. Marketing Communications and Your Choices
4.1. You can subscribe to our newsletters and marketing emails via:
4.3. We may segment our mailing list (e.g. by level of experience, interests, purchase history) to make content more relevant for you.
4.4. You can unsubscribe from marketing at any time by:
4.5. Unsubscribing from marketing does not affect mandatory service messages (order confirmations, invoices, important information about your account or courses).
- dedicated subscription forms (with a checkbox),
- opt-in when placing an order (soft opt-in for similar products/services),
- sign-up for free materials or lead magnets.
4.3. We may segment our mailing list (e.g. by level of experience, interests, purchase history) to make content more relevant for you.
4.4. You can unsubscribe from marketing at any time by:
- clicking the “unsubscribe” link in any marketing e-mail, or
- contacting us at eu@icolorpmu.com and asking to be removed from the list.
4.5. Unsubscribing from marketing does not affect mandatory service messages (order confirmations, invoices, important information about your account or courses).
5. Cookies and Similar Technologies
5.1. What are cookies?
Cookies are small text files placed on your device when you visit a website. They help us:
5.2. Types of cookies we use
5.3. Cookie banner and consent
When you visit the Website for the first time (and regularly afterwards), we display a cookie banner which:
5.4. Browser settings
Most browsers allow you to:
Cookies are small text files placed on your device when you visit a website. They help us:
- make the Website work properly,
- remember your preferences,
- analyse usage and improve performance,
- show relevant ads (where applicable).
5.2. Types of cookies we use
- Strictly necessary cookies Required for the basic functioning of the Website (e.g. shopping cart, checkout, security). These cookies do not require your consent and are always active
- Functional / preference cookies Help remember your choices (e.g. language, region). These may operate based on our legitimate interest or your consent, depending on local requirements.
- Analytics cookies Help us understand how the Website is used, which pages are popular, and where we can improve. We use tools such as Google Analytics and Hotjar. These cookies are set only with your consent, where required.
- Marketing / advertising cookies Used to show you relevant ads and measure the effectiveness of our campaigns (e.g. Meta Pixel, Google Ads tag, TikTok and Pinterest). These cookies are set only with your consent.
5.3. Cookie banner and consent
When you visit the Website for the first time (and regularly afterwards), we display a cookie banner which:
- informs you about our use of cookies;
- allows you to accept or reject non-essential cookies (analytics and marketing);
- may allow you to choose cookie categories.
5.4. Browser settings
Most browsers allow you to:
- view which cookies are stored on your device;
- delete cookies;
- block cookies or restrict them to certain websites.
6. Data Retention
We store personal data only for as long as necessary for the purposes described above or as required by law.
In particular:
In particular:
- Order and accounting data: kept for 5 years to comply with accounting and tax obligations.
- Customer accounts: kept for up to 5 years after the last activity or order, unless you request deletion earlier (subject to legal obligations).
- Newsletter subscribers:
- active subscribers – while you remain subscribed;
- after you unsubscribe – we keep limited data (e.g. e-mail, unsubscribe date) for up to 3 years to document consent and withdrawal.
- Support communications (e-mails, messages): kept for up to 3 years after the last contact, depending on the nature of the issue.
- Photos of your work and other voluntary content: kept while relevant for the purpose for which you provided it (e.g. testimonial, case study) or until you request deletion, unless we must keep it longer for legal reasons.
7. Data Sharing and Processors
We do not sell your personal data.
We may share personal data with the following categories of recipients, strictly on a need-to-know basis:
We may share personal data with the following categories of recipients, strictly on a need-to-know basis:
- IT and hosting providers
- Website and database hosting (e.g. Tilda / EU hosting)
- video streaming for courses (bunny.net)
- Payment service providers
- Stripe, PayPal, banks, Klarna and similar services that process your payments.
- Delivery and logistics partners
- UPS, Omniva and other carriers, to deliver your orders.
- E-mail sending system
- our e-mail sending infrastructure located in Latvia (EU) for newsletters and service e-mails.
- Analytics and marketing providers
- Google Analytics, Meta Pixel, Google Ads, TikTok, Pinterest, Hotjar and similar tools used strictly in line with GDPR, with consent where required.
- Professional advisers
- accountants, auditors, legal advisers, where access to data is necessary for their services.
8. International Data Transfers
Our infrastructure and main service providers are located within the European Union / European Economic Area (EU/EEA) and we aim to store and process your data in the EU.
If, in the future, your personal data needs to be transferred to a country outside the EU/EEA that does not provide an equivalent level of data protection, we will ensure that appropriate safeguards are in place, such as:
If, in the future, your personal data needs to be transferred to a country outside the EU/EEA that does not provide an equivalent level of data protection, we will ensure that appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission, and/or
- other safeguards required by the GDPR.
9. Security of Your Data
We take appropriate technical and organisational measures to protect your personal data, including:
- access controls and role-based permissions
- secure passwords and authentication
- encrypted connections (HTTPS)
- regular updates and security patches
- secure data backup routines
- training for our team on data protection and security
10. Your Rights Under GDPR
Under the GDPR, you have the following rights (subject to conditions and legal limitations):
1. Right of access
You can ask whether we process your personal data and request a copy of the data we hold about you.
2. Right to rectification
You can request correction of inaccurate or incomplete personal data.
3. Right to erasure (“right to be forgotten”)
You can request deletion of your personal data in certain circumstances (e.g. when it is no longer needed or you withdraw consent).
4. Right to restriction of processing
You can request that we limit the processing of your data in specific cases (e.g. while we verify its accuracy or consider your objection).
5. Right to data portability
You can request to receive the personal data you provided to us in a structured, commonly used and machine-readable format and have it transmitted to another controller, where processing is based on consent or contract and carried out by automated means.
6. Right to object
Where processing is based on your consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.
8. Right to lodge a complaint
You can lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
In Latvia, the supervisory authority is:
Data State Inspectorate (Datu valsts inspekcija) – https://www.dvi.gov.lv
To exercise your rights, please contact us or our DPO using the details in Section 1. We may need to verify your identity before acting on your request.
1. Right of access
You can ask whether we process your personal data and request a copy of the data we hold about you.
2. Right to rectification
You can request correction of inaccurate or incomplete personal data.
3. Right to erasure (“right to be forgotten”)
You can request deletion of your personal data in certain circumstances (e.g. when it is no longer needed or you withdraw consent).
4. Right to restriction of processing
You can request that we limit the processing of your data in specific cases (e.g. while we verify its accuracy or consider your objection).
5. Right to data portability
You can request to receive the personal data you provided to us in a structured, commonly used and machine-readable format and have it transmitted to another controller, where processing is based on consent or contract and carried out by automated means.
6. Right to object
- You can object at any time to processing based on our legitimate interests, for reasons relating to your particular situation.
- You have an absolute right to object at any time to processing for direct marketing, including profiling related to such marketing. If you do so, we will stop processing your data for these purposes.
Where processing is based on your consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.
8. Right to lodge a complaint
You can lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
In Latvia, the supervisory authority is:
Data State Inspectorate (Datu valsts inspekcija) – https://www.dvi.gov.lv
To exercise your rights, please contact us or our DPO using the details in Section 1. We may need to verify your identity before acting on your request.
11. Children’s Privacy
The Website and our services are intended for adults (18+). We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us so that we can delete it where required.
12. Changes to this Policy
We may update this Privacy & Cookie Policy from time to time, for example when we introduce new services or when legal requirements change.
The most current version will always be available on the Website and will indicate the “Last updated” date at the top.
If we make significant changes that materially affect you, we will inform you by appropriate means (for example by e-mail or a notice on the Website). Where required by law, we will ask for your consent to the changes.
The most current version will always be available on the Website and will indicate the “Last updated” date at the top.
If we make significant changes that materially affect you, we will inform you by appropriate means (for example by e-mail or a notice on the Website). Where required by law, we will ask for your consent to the changes.
13. Contact
For any questions, requests or complaints regarding this Policy or our processing of your personal data, please contact:
SIA iColor
Palasta 5–1, Rīga, LV-1050, Latvia
Phone / WhatsApp: +371 29187350
E-mail: eu@icolorpmu.com
DPO: em@icolorpmu.com (Jevgenijs Miscenuks)
SIA iColor
Palasta 5–1, Rīga, LV-1050, Latvia
Phone / WhatsApp: +371 29187350
E-mail: eu@icolorpmu.com
DPO: em@icolorpmu.com (Jevgenijs Miscenuks)