- This document specifies the privacy principles applicable in the Online Shop www.4seasonsbeauty.pl (hereinafter referred to as the “Online Shop”).
- The Administrator of the Online Shop is Marcin Jesień who conducts business activity under the business name 4 Seasons Beauty Marcin Jesień, entered to the Central Registration and Information on Economic Activity (CEIDG) maintained by the Minister of Development, , Taxpayer Identification Number (NIP): 8262030207, REGON number: 380083276
- Personal data collected by the Administrator of the Online Shop are processed in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27/04/2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 /WE (general regulation on data protection) (Dz. Urz. UE L 119, s. 1), hereinafter: RODO/GDPR .
- The Administrator shall make special effort to protect the privacy and information provided to them as regards the Customers of the Online Shop.
- The Administrator selects and applies appropriate technical measures, including programming and organizational measures, that ensure protection of the data processed, in particular protection of the data from unauthorised access, disclosure, loss and destruction, unauthorized modification, as well as against their processing in violation of the applicable law. The addressee of the possibility of using the Goods and Services available on the website are not children under 16 years of age.
- The personal data administrator does not plan to collect data on children under 16 years of age.
The Administrator of Personal Data:
- The Administrator of your personal data is:
4 Seasons Beauty Marcin Jesień
- In the matter of your personal data, you can contact the personal data administrator by:
- Email: email@example.com
- Traditional post service: Olbrachta 120/97, 01-373 Warszawa
- Phone call: +48 507 925 573
Objectives and legal grounds for the processing of personal data.
The personal data administrator processes your personal data for the following purposes and scope:
- take action before concluding the contract at your request (e.g. setting up an account), i.e. data provided in the online shop registration form, i.e. e-mail address and password set, we collect your first and last name, and if you register when purchasing goods, we collect Your name and details given in order to fulfil the order, such as the shipping address; in order to provide Services that require Account creation such as: keeping order history, informing about the status of order processing, we process your data provided in the Account and when purchasing Goods.
- in order to provide Services that do not require the Account creation and purchase of the Goods, i.e. browsing the Online Shop websites, the Products search, we process personal data about your activity in the Online Shop i.e. data about the Goods you browse, data about your device session, operating system, browser, location and unique ID, IP address.
- in order to perform the Goods sale contract (e.g. delivery of ordered Goods), we process personal data provided by You when purchasing Goods, such as your name, e-mail address, address details, payment details, and if you make a purchase through an Account, additionally password You have setted.
- in order to use statistics of individual functionalities available in the Online Shop, facilitate the use of the Online Shop and ensure IT security of the Online Shop, we process personal data regarding your activity in the Online Shop and the amount of time spent on each sub-page in the Online Shop, your search history, location , IP address, device ID, data about your internet browser and operating system.
- in order to determine, investigate and enforce claims and defend against claims in court proceedings and other enforcement authorities, we may process your personal data provided when purchasing Goods or creating an Account and other data necessary to prove the existence of a claim or that result from a legal requirement, court order or another legal procedure;
- in order to resolve complaints, complaints and requests, and respond to customer inquiries, we process the personal data you provide in the contact form, complaints and requests, or to answer questions in another form and some of the personal details provided by you in the Account, as well as data regarding the order of the Goods and other services rendered by us which are the reason for the complaint, complaint or application and data contained in the documents attached to the complaints, complaints and applications.
- in order to marketing our Goods and Services and our clients and partners, including re-marketing, to this end we process personal data provided by you when you create an Account and its updates, data about your activity in the Online Shop, including orders that are registered and stored via cookies, in particular order history, search history, clicks in the Online Shop, login and registration dates, history and your activity related to our communication with you. In the case of re-marketing, we use data about your activity in order to reach you with our marketing messages outside of the Online Shop and use for this purpose the services of external suppliers. These services consist in displaying our messages on websites other than the Online Shop. Details on this subject can be found in the records regarding Cookies.
- in order to organize contests, notifications about winning and advertising our offer, we use your personal data provided in the Account and at registration in the competition. Detailed information on this subject is provided each time in the participation conditions of a given competition.
- to investigate the market and opinions of us or our partners, i.e. information about the order, your data provided in the Account or when purchasing the Goods, e-mail address. Data collected in the framework of market research and opinion research are not used by us for advertising purposes. The exact tips are given in the information about the questionnaire or in the place where you enter your details.
Categories of relevant personal data:
The personal data administrator processes the following categories of relevant personal data:
- contact details;
- data regarding the activity in the Online Shop;
- data regarding orders in the Online Shop;
- data regarding complaint complaints and applications;
- data on marketing services
Voluntary personal data:
- Providing your required personal data is voluntary and is a condition for the provision of personal data by the Administrator via the Online Shop.
- Data processing time. Personal data will be processed for the period necessary to carry out orders, services, marketing activities and other services performed for the client. Personal data will be deleted in the following cases:
- when the data subject asks for their removal or withdraws their consent;
- when the data subject does not take action for over 5 years (inactive contact)
- after getting information that the stored data is out of date or inaccurate
- Some data in the scope of: e-mail address, name and surname, may be stored for the next 3 years for evidence purposes, complaint handling, complaints and claims related to services provided by the Online Shop – these data will not be used for marketing purposes.
- Data regarding orders for Goods and paid services, contests will be stored for a period of 5 years from the date of delivery of the order.
- We store data regarding non-signed customers for a period of time corresponding to the life cycle of cookies stored on the devices or until they are deleted by the Customer in the Customer’s device.
- Your personal data regarding preferences, behaviours and selection of marketing content can be used as a basis for automated decisions to determine the sales capabilities of the Online Shop.
Recipients of personal data
We pass your personal data to the following categories of recipients:
- state authorities, such as the prosecutor’s office, the Police, PUODO, the President of UOKiK, if they ask us for it,
- service providers that we use while running an online Shop, e.g. for the purpose of order processing. We provide your data to the courier company involved in the delivery, if it is necessary to deliver the ordered goods. Depending on which payment service provider you choose in the ordering process, for payment purposes we transfer the payment data collected for this purpose to the credit institution servicing the payment and possibly to the payment service provider chosen by us or by you. Depending on contractual arrangements and circumstances, these entities act on our behalf or define their goals and methods of their processing.
The rights of the data subject:
- Based on the RODO, you have the right to:
- request access to your personal data;
- request correction of your personal data;
- request removal of your personal data;
- requests to limit the processing of personal data;
- object to the processing of personal data;
- requests for moving personal data.
- The administrator of personal data without undue delay – and in any case within one month of receipt of the request – provides you with information about the actions taken in connection with the request you have made.
- If necessary, the monthly deadline may be extended by another two months due to the complex nature of the request or the number of requests.
- In any event, the Personal Data Administrator will inform you of such extension within one month of receiving the request, stating the reasons for the delay.
The right of access to personal data (Article 15 of the RODO/GDPR)
- You have the right to obtain from the Administrator personal information whether your personal data is being processed.
- If the Administrator processes your personal data, you have the right to:
- access to personal data;
- obtaining information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of this data, the planned period of storage of your data or criteria for determining this period, about your rights under the RODO/GDPR and the right to lodge a complaint with the supervisory authority data on automated decision-making, including profiling and safeguards applied in connection with the transfer of these data outside the European Union;
- obtain a copy of your personal data.
- If you want to request access to your personal data, please submit your request to: firstname.lastname@example.org
The right to rectify personal data (Article 16 of the RODO/GDPR)
- If your personal data is incorrect, you have the right to request the Administrator to rectify your personal details without delay.
- You also have the right to request the Administrator to supplement your personal data.
- If you want to request the correction of personal data or their supplementation, please submit your request to: email@example.com
- If you have registered in the Online Shop, you can correct and complete your personal data after logging in to the Online Shop
The right to delete personal data, so-called “The right to be forgotten” (Article 17 of the RODO/ GDPR)
- You have the right to request from the Administrator personal data to delete your personal data when:
- your personal details are no longer necessary for the purposes for which they were collected or otherwise processed;
- you withdrew your specific consent to the extent that personal data was processed based on your consent;
- your personal information has been processed unlawfully;
- you have objected to the processing of your personal data for the purposes of direct marketing, including profiling, to the extent to which the processing of personal data is related to direct marketing;
- you have objected to the processing of your personal data in connection with the processing necessary to perform the task carried out in the public interest or processing necessary for purposes arising from the legitimate interests of the Administrator, personal data or a third party.
Despite the request to remove personal data, the Personal Data Administrator may process your data further to determine, assert or defend claims, about which you will be informed / informed.
- If you want to request removal of your personal data, please submit your request to: firstname.lastname@example.org
The right to submit a request to limit the processing of personal data (Article 18 of the RODO/GDPR)
- You have the right to request a restriction on the processing of your personal data when:
- you question the accuracy of your personal data – the personal data administrator will limit the processing of your personal data for a period of time to check the correctness of this data;
- if the processing of your data is against the law, and instead of deleting personal data, you request to limit the processing of your personal data;
- your personal information is no longer needed for processing, but it is needed to establish, assert or defend your claims;
- when you have filed an objection to the processing of your personal data – until it is determined whether the legitimate interests of the Administrator of personal data override the grounds indicated in your objection.
- If you want to request a restriction on the processing of your personal data, please submit your request to: email@example.com
The right to object to the processing of personal data (Article 21 of the RODO/GDPR)
- You have the right to object at any time to the processing of your personal data, including profiling, in connection with:
- processing necessary to perform a task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Administrator, personal data or a third party;
- processing for direct marketing.
- If you want to object to the processing of your personal data, please submit your request to: firstname.lastname@example.org
The right to request the transfer of personal data (Article 20 of the RODO/GDPR)
- You have the right to receive from the Administrator personal data of your personal data in a structured, commonly used machine-readable format and send them to another administrator of personal data.
- You can also request that the Personal Data Administrator send your personal data directly to another administrator (if it is technically possible).
- If you want to request the transfer of your personal data, please submit your request to: email@example.com
The right to withdraw consent
- You can withdraw your consent to the processing of your personal data at any time.
- The withdrawal of consent to the processing of personal data does not affect the legality of the processing made on the basis of your consent before its withdrawal.
- If you want to withdraw your consent to the processing of your personal data, please submit your request to: firstname.lastname@example.org or use the appropriate functionalities in the Account.
Complaint to the supervisory authority
If you believe that the processing of your personal data violates the RODO/GDPR, you have the right to submit a complaint to the supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged infringement was committed.
In Poland, the supervisory body within the meaning of the RODO/GDPR is the President of the Office for Personal Data Protection (PUODO).
“Cookies” General information:
- While browsing the websites of the Online Shop, “cookies” are used, hereinafter referred to as Cookies, i.e. small text information that is stored in your terminal equipment in connection with the use of the Online Shop. Their use is aimed at correct operation of the Online Shop websites.
- These files allow you to identify the software used by you and adapt the Online Shop individually to your needs.
- “Cookies” usually contain the name of the domain from which they originate, their storage time on the device and the assigned value.
The “cookies” we use are safe for your devices. In particular, it is not possible to get into your devices through “cookies” viruses or other unwanted software or malicious software.
Types of “cookie” files:
We use two types of cookies:
- Session cookies: they are stored on your device and remain there until the end of the browser session. The saved information is then permanently deleted from the memory of your device. The mechanism of session cookies does not allow you to download any personal data or any confidential information from your device.
- Persistent cookies: they are stored on your device and remain there until they are deleted. Ending the session of a given browser or turning off the device does not delete them from your device. The mechanism of persistent cookies does not allow you to download any personal data or any confidential information from your device
- We also use third-party “cookies” for the following purposes:
- Configuration of the Online Shop;
- In order to learn the rules of using Cookies, we recommend that you read the privacy policies of the above-mentioned companies.
- Cookies can be used by advertising networks, in particular the Google network, to display ads tailored to your preferences. For this purpose, information about how you navigate the network or when you use the website can be preserved.
- To view and edit information about your preferences collected by the Google Display Network, you can use the tool found at https://www.google.com/ads/preferences/.
- By using the web browser settings or by using the service configuration, you can change your Cookie settings at any time by specifying the conditions for their storage and access to your device via Cookies. These settings can be changed to block the automatic handling of Cookies in your web browser settings or to inform about them each time you place on your device. Detailed information about the possibilities and ways of handling Cookies are available in the settings of your software (web browser).