PRIVACY POLICY

PRIVACY / COOKIES POLICY of this store (online wholesale)

§ 1. General provisions

 

  1. This privacy policy of the Online Wholesale is purely informative, meaning that it is not a source of obligations for Service Recipients or Customers of the Online Wholesale.

  2. The Controller of personal data collected via the Online Wholesale is Grażyna Turek, entered into the Republic of Poland's Central Register and Information of Business Activity maintained by the minister with responsibility for economy, with the following business address and address for service: street: Brzoskwiniowa 2, postal code 42130 Wreczyca Wielka, Poland, VAT-EU PL5741785669, email address: info@beautynight.pl, wholesaler's warehouse: phone +48 34 321 70 53, mobile: +48 530 920 752, cooperation: +48 515 987 341, hereinafter referred to as the "Controller", who is at the same time the Online Wholesale Service Provider and Seller.

  3. Personal data of the Customer is processed in accordance with the Regulation No. 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (Journal of Laws of EU No. 119, p.1) (hereinafter also referred to as: "GDPR") and other provisions of personal data protection law that are applicable during the whole period of data processing. Personal data means information about an identified or identifiable individual (hereinafter referred to as: "Personal Data"). An identifiable individual is an individual that can be directly or indirectly identified, in particular on the basis of such identifier as full name, identification number, localisation data, Internet identifier or one or more unique factors defining the physical, physiological, genetic, psychic, economic, cultural or social identity of an individual. Personal Data is also processed in accordance with the Act on provision of electronically supplied services of 18 July 2002 (Journal of Laws 2002 No. 144, item 1204 with amendments).

  4. The Controller protects the interests of data subjects with due care, in particular she assures that the data she collects is processed lawfully; is collected for indicated, legitimate purposes and not subject to further processing non-compliant with such purposes; is substantively accurate and adequate to the purposes for which it is processed, and stored in the form enabling identification of data subjects for not longer than necessary for achieving the purpose of its processing. 

§ 2. Purpose and scope of data collection and data recipients

 

  1. Each time, the purpose, scope and recipients of the data processed by the Controller are determined by actions taken by the Service Recipient or Customer in the Online Wholesale. For instance, should the Customer choose personal collection instead of shipment by a courier when placing their Order (provided that the Online Wholesale offers such an option), their personal data will be processed for the purpose of concluding and performing an agreement, but it will not be shared with the carrier delivering shipments on order by the Controller.

  2. Potential purposes of collection of personal data of Service Recipients or Customers by the Controller include:

    • concluding and performing a Sales Agreement or an Agreement for provision of an Electronic Service (e.g. account) or taking actions at the request of a future Customer prior to conclusion of an agreement (we process your data to maintain your account so that you can enjoy its benefits, e.g. placing orders without the need to fill in forms each time, access to your history of purchases, managing your consents in the service, etc., and to allow you to use other services available at our website);

    • taking actions at the request of a future Customer prior to conclusion of an agreement (we need your personal data to deliver your order and perform the agreement concluded between us - specifically, to confirm that you have placed the order and to reserve or send you the selected product, as well as to contact you in that matter if needed);

    • receiving and considering complaints or returns of purchased goods;

    • direct marketing of the Controller's own products or services;

    • Customer's expression of their opinion about the Sales Agreement concluded;

    • meeting legal obligations arising from regulations, e.g. tax and accounting regulations, especially in the case of agreements for pecuniary interest;

    • conducting correspondence with Customers, including replies to Customers' emails;

  3. Potential recipients of personal data of Customers of the Online Wholesale include:

    • with reference to the Customer who selects delivery by post mail or courier in the Online Wholesale, the Controller shares the personal data collected from the Customer with the courier of choice or an intermediary that delivers shipments on order by the Controller;

    • with reference to the Customer who selects electronic payment or payment by card in the Online Wholesale, the Controller shares the personal data collected from the Customer with the selected operator of the above payments in the Online Wholesale;

    • with reference to the Customer who agreed to express their opinion about the Sales Agreement concluded with them, the Controller shares the personal data collected from the Customer with the selected entity operating the system of surveys of the opinions about Sales Agreements concluded in the Online Wholesale.

  4.  The Controller may process the following personal data of Service Recipients or Customers using the Online Wholesale: full name; email address; phone number; address for the delivery (street, house number, flat number, postal code, place, country), address of residence / business address / legal address (if other than the address for the delivery). For Service Recipients or Customers other than consumers, the Controller may additionally process the company name and tax payer identification number (NIP) of the Service Recipient or Customer. When an order is placed or an opinion about a product is written, the IP number of the computer from which the connection was made with the Wholesale is recorded automatically (without the Customer's participation).

  5. The provision of personal data specified above may be necessary for conclusion and performance of a Sales Agreement or an agreement for provision of an Electronic Service in the Online Wholesale. Each time, the scope of the data required for conclusion of an agreement is indicated prior to the conclusion on the website of the Online Wholesale and in the Rules of the Online Wholesale.

  6. Personal Data may be stored for as long as the Online Wholesale is used (however, it may be removed after three years from the last activity of the Customer in the Online Wholesale), and in the case of marketing activities - until the Customer raises an objection, and if it is related to the technology of cookies and similar, depending on technical issues, until such cookies are removed using browser / device settings (however, removal of cookies does not always entail removal of Personal Data obtained using such cookies, thus there is the objection option).

  7. If Personal Data processing depends on the Customer's consent, it can be processed until the consent is withdrawn.

  8. In each case:

    • Personal Data will also be processed when legal regulations (e.g. accounting or tax regulations) will oblige the Controller to do so.

    • We will store Personal Data longer in case the Customer has any claims towards the Controller, for the purpose of enforcing claims by the Controller or for the purpose of enforcing or defending against the claims of third parties, for the period of limitation specified by law, in particular by the civil code.

  1. Thus, depending on the scope of Personal Data and purpose of its processing, the periods of storing Personal Data may vary. In each case, the longer period of Personal Data storage will prevail.

     

§ 3. Cookies and operating data

 

  1. Cookies are small pieces of text information in the form of text files that are sent by the server and saved on the side of the visitor of the Online Wholesale website (e.g. on the hard drive of the computer, laptop or on the smartphone's memory card - depending on the device used by the visitor of our Online Wholesale).

  2. The Controller may process the data contained in Cookies while visitors use the Online Wholesale website for the following purposes:

    • to identify Service Recipients as logged in the Online Wholesale and show that they are logged in;

    • to remember Products added in the shopping cart in order to place an Order;

    • to remember the data from filled-in Order Forms or surveys, or the login data for the Online Wholesale;

    • to customise the content of the Online Wholesale website to the preferences of the Service Recipient (e.g. related to colours, font size, website layout), and to optimise the use of the Online Wholesale website;

    • to collect anonymous statistics showing how the Online Wholesale website is used.

  3. As a rule, most internet browsers available on the market accept the saving of Cookies by default. Everyone can decide how Cookies will be used by means of settings of their own Internet browser. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the saving of Cookies - note, however, that the latter may affect some features of the Online Wholesale (for example it may prevent the completion of the Order path using the Order Form, as Products in the shopping cart will not be remembered in the subsequent steps of placing an Order).

  4. Internet browser settings for Cookies are relevant in terms of the consent to the use of Cookies by our Online Wholesale - in accordance with regulations, such a consent may also be expressed through the settings of an Internet browser. If you don't express such a consent, you should change the settings of your Internet browser for Cookies accordingly.

  5. Detailed information about how to change the settings concerning Cookies and how to remove them on your own in the most popular Internet browsers is available in the help section of the Internet browser.

  6. The Controller also processes anonymized operating data related to the use of the Online Wholesale (IP address, domain) for generating statistics to help in managing the Online Wholesale. Such data is aggregate and anonymous, i.e. it does not contain attributes identifying the visitors of the Online Wholesale website. Such data is not shared with third parties.

     

§ 4. Basis for data processing

 

  1. Provision of personal data by the Service Recipient or Customer is voluntary. Note, however, that failing to provide the Personal Data that is indicated on the Online Wholesale website and in the Rules of the Online Wholesale and necessary for conclusion and performance of a Sales Agreement or an Agreement for provision of an Electronic Service prevents conclusion of such an agreement.

  2. The basis for the processing of the Customer's Personal Data is basically the necessity of performing the agreement to which the Customer is a party or the necessity of taking actions at the Customer's request prior to its conclusion (Art. 6(1)(b) of GDPR). This mainly applies to Personal Data provided in a form during registration of an Account, placing Orders and concluding Sales Agreement or making Reservations in the Online Wholesale, as well as signing for a newsletter. Also, in the case of Personal Data provided to us with regard to the Customer's complaint, the legal basis for the processing of such data is its necessity for performing / processing the sales agreement for the goods covered by the complaint.

  3. In the case of the operations of data processing for marketing purposes, except for those related to the newsletter that is governed by the rules, the legal basis for such processing of data is fulfilment of the objectives arising from legitimate interests pursued by the Controller or her business partners (Art. 6(1)(f) of GDPR), however in this case such partners do not participate in the processing of the Customer's data. On the other hand, to the extent that the Controller's partners may also have a direct access to such information - the legal basis for such processing of data is the Customer's voluntary consent (Art. 6(1)(a) of GDPR). In the case of presenting, creating, granting and executing ads, offers or promotions (discounts) dedicated to a specific Customer, which are based exclusively on automated processing, including profiling, and are customised to the Customer's preferences to the extent possible and may substantially impact the Customer consumer decisions, the legal basis is the Customer's voluntary consent (Art. 6(1)(a), Art. 22(2)(c) of GDPR). This, however, only applies to adult Customers.

  4. In the case of data processing for the purpose of the Customer's expression of their opinion about the Sales Agreement concluded with them, the basis for such processing is the consent of the Service Recipient or Customer.

  5. For the remaining (other) purposes, the Customer's Personal Data may be processed on the following bases:

    • voluntarily expressed consents - e.g. by individuals entering competitions (Art. (6)(1)(a) of GDPR);

    • applicable legal regulations - when data processing is necessary for compliance with a legal obligation to which the Controller is subject, e.g. when pursuant to tax or accounting provisions, the Controller settles concluded sales agreements (Art. (6)(1)(c) of GDPR);

    • necessity for other than the above purposes arising from legitimate interests pursued by the Controller or a third party, in particular for establishing, enforcing or defending claims, conducting correspondence with the Customers, including via contact forms (including replies to the Customer's emails), for market and statistical analyses (Art. (6)(1)(f) of GDPR) .

       

§ 5. Recipients of Personal Data

 

  1. Each time, the list of the Recipients of Personal Data processed by the Controller is mainly determined by the scope of the services used by the Customer. The list of the Recipients of Personal Data is also determined by the Customer's consent and by legal regulations and is specified as a result of the Customer's actions in the Online Wholesale or Application.

  2. Personal Data may be processed to a limited extent by the Controller's partners, in particular those who technically help to operate the Online Wholesale or Application in an efficient way, including conducting communication with our Customers (e.g. those who support us in sending emails, and in the case of advertising activities - also in marketing campaigns), providers of hosting services or communication and information services, carriers or intermediaries delivering the Orders, entities handling electronic payments or card payments in the Online Wholesale, companies that service software, support the Controller in marketing campaigns as well as legal and advisory service providers.

  3. To the extent that the Controller uses tools for supporting her current activity that are made available by e.g. the company Google, the Customer's Personal Data may be transferred to a country outside of the European Economic Area, in particular to the United States of America (USA) or other country, where an entity cooperating with that company maintains tools for processing Personal Data in cooperation with the Controller. The Controller ensures that the Personal Data it shared was properly secured by using standard data protection clauses adopted pursuant to a decision of the European Commission and agreement to entrust data for processing, in compliance with GDPR. In the case of transferring data from Europe to the USA, some entities located there may additionally ensure appropriate degree of data protection in accordance with the so-called Privacy Shield (more information on this is available at: https://www.privacyshield.gov/).

  4. The Customer has the right to obtain a copy of the protection means used by the Controller with regard to the transfer of Personal Data to a third country by contacting us.

     

§ 6. Right to control, access the content of personal data and correct it

  1. The Service Recipient or Customer has the right to access their personal data and to correct it.

  2. Every person has the right to control the processing of data to which they are subject, and which is contained in the Controller's data collection, in particular to: request the complementing, updating or correcting of personal data, temporary or permanent stopping of its processing or its deletion, if the data is incomplete, out-of-date, incorrect or has been collected in violation of a law, or is no longer needed for the achievement of the objective for which it has been collected.

  3. In the case when the Service Recipient or Customer expressed a consent to the processing of data for the purpose of direct marketing of the Controller's own products or services, the consent may be withdrawn at any moment.

  4. In the case when the Controller intends to process or processes the data of Service Recipient or Customer for the purpose of direct marketing of her own products or services, the data subject is also entitled to (1) file a written, substantiated request to stop the processing of their data due to their specific situation, or to (2) raise objection to the processing of their data.

  5. In order to exercise the rights referred to above, you may contact the Controller by sending an appropriate message by letter or electronic mail at the Controller's address indicated at the beginning of this privacy policy.

  6. Moreover, at any time every Customer has the right to:

    • file a complaint with the Chairman of the Agency for Personal Data Protection;

    • transfer the Personal Data that was provided to the Controller and that is processed in an automated way based on a consent or an agreement e.g. to another controller.

       

§ 7. Final provisions

  1. The Online Wholesale may contain links to other websites. The Controller encourages the user to learn about the privacy policy of other websites after clicking such links. This privacy policy only applies to this Online Wholesale.

  2. The Controller uses technical and organisational means to ensure that the personal data she processes is protected adequately to the threats to and category of the data covered by protection, in particular she secures data against its disclosure to unauthorised persons, interception by an unauthorised person, processing in violation of the provisions in force, and against its change, loss, damage or destruction.

  3. The Controller makes available the following technical means for preventing unauthorised persons from obtaining and modifying personal data sent electronically.

    • protection of the data collection from unauthorised access;

    • access to an Account only upon providing an individual login and password;

    • access to the current order status based on the link sent to the email address indicated by the Customer. The link contains a unique number assigned to a given order;

    • SSL certificate.

 

 

 

pixel