Privacy and Cookie Policy for the Online Store www.4seasonsbeauty.pl
1. General Information
This document sets out the rules for the Privacy Policy in the Online Store (hereinafter referred to as the “Online Store”).
The administrator of the Online Store is Marcin Jesień, operating a business under the name 4 Seasons Beauty Marcin Jesień, entered into the register of entrepreneurs of the Central Register and Information on Economic Activity maintained by the Minister of Entrepreneurship and Technology, Tax ID (NIP): 8262030207, Statistical ID (REGON): 380083276.
Personal data collected by the Online Store Administrator are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1), hereinafter referred to as: GDPR.
The Administrator of the Online Store makes special efforts to protect the privacy and information provided to them concerning the Online Store’s Customers.
The Administrator selects and applies appropriate technical measures, including software-based and organizational measures, with due diligence, ensuring the protection of the processed data, in particular safeguarding the data against unauthorized access, disclosure, loss, and destruction, unauthorized modification, as well as against processing in violation of applicable law.
The addressees of the possibility of using the Goods and Services available on the website are not children under the age of 16. In the event that the Administrator becomes aware of the processing of personal data of a person under the age of 16, this data will be processed only if consent is given by the person exercising parental authority or guardianship over the child.
2. Personal Data Administrator
The Administrator of your personal data is:
4 Seasons Beauty Marcin Jesień
ul. Olbrachta 120/97
01-373 Warszawa
Regarding your personal data, you can contact the Personal Data Administrator via:
- Email: contact@4seasonsbeauty.pl
- Traditional Mail: Olbrachta 120/97, 01-373 Warszawa
- Phone: +48 507 925 573
3. Purposes and Legal Bases for Personal Data Processing
The Personal Data Administrator processes your personal data for the following purposes, scope, and legal bases:
| Purpose of Processing | Scope of Data | Legal Basis (GDPR) |
| Taking steps prior to entering into a contract (e.g., account creation) | Email address, established password, first and last name, shipping data. | Art. 6(1)(b) GDPR (necessity for taking steps at the request of the data subject prior to entering into a contract). |
| Performance of the sales contract for Goods (order fulfillment) | First and last name, email address, address details, payment details. | Art. 6(1)(b) GDPR (necessity for the performance of a contract to which the Customer is party). |
| Provision of Services not requiring Account creation and purchase of Goods | Data relating to activity in the Store (Goods viewed, sessions, IP, unique ID, system, browser, location). | Art. 6(1)(f) GDPR (legitimate interest of the Administrator – optimizing the functioning and customizing the content of the Store). |
| Usage statistics, facilitation, IT security | Data on activity, search history, location, IP, device ID, browser data. | Art. 6(1)(f) GDPR (legitimate interest of the Administrator – analysis, development, and ensuring IT security). |
| Establishing, pursuing, and enforcing claims and defending against claims | Data provided during purchase or Account creation and other data necessary to prove the claim. | Art. 6(1)(f) GDPR (legitimate interest of the Administrator – legal protection of interests). |
| Handling complaints, grievances, and requests | Data provided in the contact form, complaints, data from the Account, and order-related data. | Art. 6(1)(c) GDPR (to the extent necessary to comply with the Administrator’s legal obligations, e.g., resulting from warranty) and Art. 6(1)(f) GDPR (legitimate interest of the Administrator – customer service). |
| Direct marketing (of own Goods and Services, including remarketing, profiling) | Data provided during Account creation, order history, activity in the Store (if consent to marketing cookies has been given). | Art. 6(1)(f) GDPR (legitimate interest of the Administrator – direct marketing of own products and services) OR Art. 6(1)(a) GDPR (Consent – in the case of sending commercial information electronically or using marketing cookies). |
| Organization of contests | Data provided in the Account and during contest registration. | Art. 6(1)(a) GDPR (Consent – entering the contest) or Art. 6(1)(b) GDPR (Performance of a contract – contest rules). |
| Market research and opinions | Order information, data provided in the Account, email address. | Art. 6(1)(f) GDPR (legitimate interest of the Administrator – improving and developing products/services). |
4. Categories of Relevant Personal Data
The Personal Data Administrator processes the following categories of relevant personal data:
- contact data;
- identification data (first and last name, NIP/REGON – in the case of entrepreneurs);
- address and payment data;
- data on activity in the Online Store (browsing history, search);
- data on orders in the Online Store;
- data on complaints, grievances, and requests;
- data on consents to marketing communication.
5. Voluntary Nature of Providing Personal Data
Providing the required personal data by you is voluntary, however, it is a condition for the provision of services by the Administrator (e.g., Account creation or order fulfillment). Without providing them, the execution of these services may not be possible.
6. Data Processing Time
Personal data will be processed for the period necessary to achieve the purposes indicated above. Personal data will be deleted in the following cases:
- when the data subject requests their deletion or withdraws the granted consent;
- when the data subject does not take any actions for more than 5 years (inactive contact);
- after obtaining information that the stored data is outdated or inaccurate.
Some data, including: email address, first and last name, may be stored for a further period of 3 years for evidential purposes, handling complaints, grievances, and claims related to services provided by the Online Store – this data will not be used for marketing purposes.
Data related to orders for paid Goods and services, contests will be stored for a period of 5 years from the date of order delivery, due to applicable tax and accounting regulations.
We store data regarding non-logged-in Customers for a period corresponding to the lifecycle of the cookies saved on the devices or until they are deleted by the Customer on their device.
Your personal data regarding preferences, behavior, and the choice of marketing content may be used as a basis for automated decision-making to determine the sales opportunities of the Online Store.
7. Recipients of Personal Data
We transfer your personal data to the following categories of recipients:
- State authorities (e.g., prosecutor’s office, Police, PUODO, President of UOKiK), if they request it from us, on the basis of a legally justified obligation (Art. 6(1)(c) GDPR).
- Processors – service providers who process data on our behalf (based on a data processing agreement referred to in Art. 28 GDPR), e.g.:
- Hosting service providers,
- IT and technical support service providers,
- Accounting service providers.
- Separate Administrators – entities that independently determine the purposes and methods of data processing:
- Courier/transport companies dealing with delivery (if necessary for the delivery of the ordered Goods).
- Payment service providers for the purpose of payment processing.
- Marketing service providers (e.g., Google, Facebook) to the extent you use services that require their technology (e.g., advertising, analytical), provided you have given your consent (details in the “Cookies” section).
8. Rights of the Data Subject
Based on the GDPR, you have the right to:
- request access to your personal data (Art. 15 GDPR);
- request rectification of your personal data (Art. 16 GDPR);
- request erasure of your personal data (Art. 17 GDPR);
- request restriction of processing of personal data (Art. 18 GDPR);
- object to the processing of personal data (Art. 21 GDPR);
- request data portability of personal data (Art. 20 GDPR).
- withdraw consent (if processing is based on consent).
The Personal Data Administrator shall provide you with information on the actions taken in connection with your request without undue delay – and in any case within one month of receiving the request. Detailed information on the implementation of these rights is contained in the existing text of the Privacy Policy.
9. Complaint to the Supervisory Authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office (PUODO).
10. “Cookies” Files and Consent
10.1. General Information
When browsing the Online Store’s websites, “cookies” files are used, hereinafter referred to as Cookies, which are small text files saved on your end device in connection with the use of the Online Store.
10.2. Consent to “Cookies” and Tracking Techniques
The use of necessary (technical) cookies is required for the proper functioning of the Online Store (e.g., maintaining the session, shopping cart) and is based on Art. 6(1)(f) GDPR (legitimate interest of the Administrator).
If the Administrator wishes to use analytical, marketing, or other cookies (including those from third parties listed in point 10.5), your prior, voluntary, and explicit consent is required.
You express or withdraw your consent to the use of these files via the consent management platform (the so-called cookie banner), which appears upon the first visit to the Online Store. Failure to consent does not block the ability to use the basic functionalities of the Online Store, but it may prevent the use of functions based on these technologies (e.g., tailored advertisements).
10.3. Security
The “cookies” we use are safe for your devices.
10.4. Types of “Cookies”
We use two types of cookies:
- Session Cookies: they are stored on your device and remain there until the end of the given browser session.
- Persistent Cookies: they are stored on your device and remain there until they are deleted or their expiration date passes.
10.5. Purposes of Using Third-Party Cookies
We also use third-party “cookies” for the following purposes, provided you have given your consent via the cookie banner:
- Creating statistics (Analytics): via Google Analytics analytical tools, to understand how Customers use the pages.
- Determining the Customer’s profile (Marketing and Remarketing): to display tailored materials in advertising networks, using Google AdSense and Google Adwords tools.
- Promoting the Online Store (Social Media): using the social networking service Facebook.com (via the Facebook Pixel) and Instagram.com.
10.6. Managing Cookies via the Browser
You can independently and at any time change the settings regarding Cookies using your web browser settings or through the service configuration. However, remember that blocking all Cookies may affect the functionality of the Online Store.