Privacy Policy

AlmaDerm Natural Cosmetic (hereinafter: "we", "our", "AlmaDerm"), based in Bosnia and Herzegovina, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal data when you use our websites (almaderm.ba) and related services.

This policy applies to all users of our website, regardless of their location — including Bosnia and Herzegovina, the European Union, the United Arab Emirates and all other countries to which we deliver our products.

We collect the following types of data:

• Personal data: name, surname, email address, phone number, shipping and billing address.
• Transaction data: order details, payments, purchase history and applied coupons.
• Technical data: IP address, browser type, operating system, device information, geolocation (for determining currency and shipping zone).
• Cookies: website usage data through cookies and similar technologies (see Cookies section).
• Communication data: messages via contact form, live chat, email correspondence regarding orders.

We process your data based on the following legal grounds:

• Contract performance: order processing, delivery, account management.
• Consent: marketing communications, newsletter, cookies (except essential ones).
• Legitimate interest: fraud prevention, service improvement, analytics.
• Legal obligation: retention of invoices and receipts in accordance with tax regulations.

We use your data for:

• Processing, delivering and tracking your orders.
• Communication regarding orders (email, SMS, WhatsApp status notifications).
• Personalizing user experience (product recommendations, currency rates).
• Marketing (with your explicit consent) — newsletters, special offers, new product announcements.
• Analytics and improvement of our website and services.
• Fraud prevention, abuse protection and ensuring the security of our website.
• Fulfilling legal obligations (tax records, accounting).

We do not sell or rent your data to third parties. We share data exclusively with verified partners who are necessary for providing our services:

• Courier and postal services: for delivering your orders (name, address, phone).
• Payment processors (Stripe): for secure card payment processing. We do not store card details on our servers.
• Analytics tools (Google Analytics, Meta Pixel): for anonymized website usage analysis.
• Marketing platforms (Mailchimp): for sending newsletters only with your consent.
• Hosting provider (Hetzner, Germany): for data storage and processing on secure servers within the EU.

All our partners are obligated to protect your data in accordance with applicable data protection laws.

Our servers are located in Germany (Hetzner, Nuremberg), within the European Union. Some of our partners (Stripe, Google, Meta) may process data outside the EU/EEA, but they use Standard Contractual Clauses (SCCs) and approved transfer mechanisms.

For customers from the UAE and other countries outside BiH: your data is processed on EU servers according to EU data protection standards, which are among the strictest in the world.

We use SSL/TLS encryption to protect all data transmitted between your browser and our website. Passwords are cryptographically protected (hashed) and we never store credit card information on our servers.

Additional security measures include: regular software updates, protection against unauthorized access, restricted access to personal data limited to authorized personnel only, and data backups.

Regardless of your location, you have the following rights regarding your personal data:

• Right of access: You can request a copy of all personal data we hold about you.
• Right to rectification: You can request correction of inaccurate or incomplete data.
• Right to erasure: You can request deletion of your data ("right to be forgotten"), except where retention is legally required.
• Right to restriction: You can request restriction of processing of your data in certain situations.
• Right to withdraw consent: You can withdraw marketing consent at any time.
• Right to portability: You can request transfer of your data in a structured, readable format.
• Right to object: You can object to processing of your data based on legitimate interest.

To exercise any of these rights, contact us at info@almaderm.ba. We will respond to your request within 30 days.

We use cookies to enable our website to function and to improve your experience.

Essential cookies (cart, session, currency, login) do not require consent as they are necessary for the website to function. Analytics cookies (Google Analytics) and marketing cookies (Meta Pixel) are used only with your consent via the cookie banner.

You can manage cookie preferences through the banner on our website or in your browser settings. Disabling certain cookies may affect website functionality.

We retain your personal data for as long as necessary to fulfill the purpose for which it was collected, or as required by law.

Order data is retained for a minimum of 6 years (legal requirement for tax documentation). User accounts remain active until you deactivate them. Marketing preferences are retained until you withdraw consent. Technical logs are automatically deleted after 90 days.

Our services are not intended for persons under 18 years of age. We do not knowingly collect personal data from minors. If we learn that we have collected data from a minor, we will promptly delete it.

We reserve the right to update this Privacy Policy. You will be notified of significant changes via email or a notice on our website. The date of the last update is indicated at the top of the page.