Privacy Policy

Article 2 – Applicable Legal Framework and Hierarchy of Norms

All personal data processing carried out by the Company is governed exclusively by:

• Monaco Law No. 1.565 of 3 December 2024, relating to the protection of personal data;
• the sovereign ordinances, ministerial orders, decisions, guidelines and recommendations of the Commission for the Control of Personal Information (CCIN);
• the relevant provisions of the Monaco Civil Code, in particular regarding civil liability and rules of evidence;
• the Monaco Criminal Code, in particular offences relating to unlawful access to automated data processing systems and violations of privacy.

Regulation (EU) 2016/679 (GDPR) shall apply only where its application is strictly mandatory, without constituting a general recognition of its applicability or any waiver of the primacy of Monaco law.

No provision of this Policy shall be interpreted as a voluntary submission to foreign law.

Article 3 – Principles Governing Personal Data Processing

In accordance with the provisions of Law No. 1.565 of 3 December 2024, the Company ensures that personal data processing complies with the following principles:

• lawfulness and fairness;
• proportionality and data minimisation;
• specified, explicit and legitimate purposes;
• reasonable accuracy of data;
• security, integrity and confidentiality.

3.1 Responsibility of the data subject

The data subject expressly acknowledges that they:

• are solely responsible for the information they provide;
• guarantee its accuracy, updating and lawfulness;
• assume all consequences arising from inaccurate, incomplete, outdated or fraudulently transmitted data.

The Company shall not be held liable for:

• identity theft;
• fraudulent transmission of data;
• unlawful use attributable to a third party or to the data subject themself.

Article 4 – Categories of Personal Data Processed

The Company may process, without limitation, the following categories of personal data:

• identification data (surname, first name, business name, position);
• postal, telephone and electronic contact details;
• contractual, commercial and accounting data;
• billing data and statutory obligations;
• connection data (IP addresses, logs, identifiers, timestamps);
• browsing data (cookies, trackers, technical parameters);
• correspondence and communications (emails, forms, interaction history);
• any data strictly necessary for:
  • evidentiary purposes;
  • security;
  • prevention of misuse or fraud;
  • defence of the Company’s legal and economic interests.

Article 5 – Purposes of Data Processing

Personal data are processed in particular for the following purposes:

• performance of contractual and commercial relationships;
• administrative, accounting, tax and legal management;
• customer relationship management and after-sales service;
• technical operation and security of the website;
• prevention of fraud, misuse and unlawful activities;
• handling of complaints, pre-litigation and litigation matters;
• establishment, retention and management of evidence;
• defence of the rights, interests and liabilities of the Company;
• compliance with legal, regulatory or judicial obligations;
• commercial communications where legally authorised.

This list is non-exhaustive and may evolve in line with the Company’s legitimate needs.

Article 6 – Legal Grounds for Processing

Processing activities are based on:

• performance of a contract or pre-contractual measures;
• compliance with legal obligations imposed by Monaco law;
• the overriding legitimate interest of the Company, in particular for:
  • system security;
  • preservation of evidence;
  • prevention and management of disputes;
  • legal defence;
• the explicit consent of the data subject where required.

Processing carried out on the basis of legitimate interest is deemed necessary and proportionate unless proven otherwise.

Article 7 – Data Recipients and Disclosure to Third Parties

Personal data may be disclosed, strictly to the extent necessary, to:

• authorised internal departments of the Company;
• processors and technical service providers acting on instructions;
• contractual partners required for service performance;
• competent Monaco administrative or judicial authorities;
• any third party where disclosure is necessary for the defence of the Company’s rights.

The Company shall not be held liable for failures attributable exclusively to independent third parties.

Article 8 – International Data Transfers

Any transfer of personal data outside the Principality of Monaco is carried out in accordance with the provisions of Law No. 1.565, subject to an adequate level of protection or appropriate legal safeguards.

As the Principality of Monaco is recognised as providing an adequate level of data protection, processing carried out in Monaco is deemed compliant and secure.

Article 9 – Data Retention and Evidence

Personal data are retained:

• for the duration strictly necessary for the purposes pursued;
• for the limitation periods applicable under Monaco law;
• as long as necessary for the establishment, exercise or defence of the Company’s rights and liabilities.

Any request for erasure shall be unenforceable where a legal, evidentiary or litigation-related interest subsists.

Article 10 – Data Security and Limitation of Liability

In accordance with Law No. 1.565, the Company implements appropriate technical and organisational security measures.

However, as no data transmission over the Internet is entirely secure, the Company declines all liability in the event of:

• hacking;
• unauthorised access;
• cyber-attacks;
• external or unforeseeable failures,

where such events are beyond its reasonable control.

Article 11 – Data Subject Rights (Strict Framework)

In accordance with Law No. 1.565, data subjects have, in particular, rights of access, rectification, legitimate objection and conditional erasure.

The Company expressly reserves the right to:

• refuse any abusive, excessive or repetitive request;
• require proof of identity;
• defer or limit its response on legitimate grounds;
• retain data necessary to defend its rights.

You may exercise your rights by sending a request by email to: orders@foreverbeauty.mc

Article 12 – Competent Supervisory Authority

• In Monaco: Commission for the Control of Personal Information (CCIN)
• In the European Union: the data protection authority of your place of residence.

Article 13 – Cookies and Trackers

13.1 Files stored on your device

Our website uses cookies (and equivalent technologies such as Web Storage), which are small files stored on your device to ensure the operation and improvement of the service. All such technologies are collectively referred to as “cookies”.

13.2 Strictly necessary cookies

Certain cookies are essential for the operation of the website, in particular to:

• remember your order preferences;
• retain website settings;
• enable authentication and access to the user account.

13.3 Other types of cookies

Subject to your consent, cookies may be used for:

• analysis of website traffic and usage (including third-party cookies);
• delivery of targeted advertising on our website or third-party websites;
• integration with social networks (including third-party cookies).

13.4 Cookie settings

You may configure cookie usage via your device settings, including blocking cookies.

In such case, you acknowledge that certain features of the website may not function properly.

Article 14 – Hypertext Links

The Company disclaims all responsibility for the content, services, practices or privacy policies of third-party websites accessible via hyperlinks on the website.

Article 15 – Enforceability, Amendment and Entry into Force

The Company reserves the right to amend this Privacy Policy at any time in order to adapt it to legal, regulatory or technical developments.

The applicable version is the one in force on the date of browsing the website.