PRIVACY POLICY
Privacy Policy
This Privacy Policy is an integral part of the Terms and Conditions of the Online Store named Ekcentrik, operated by Beauty Boutique sp.z.o.o., dated February 1, 2021. Definitions of terms used in this Privacy Policy are provided in the Terms and Conditions. The provisions of the Terms and Conditions apply accordingly.
§ 1. PERSONAL DATA
-
Personal data provided by the Customer is processed by the Seller (i.e., Beauty Boutique sp. z.o.o., located at ul. Kosmatki 12 (03-982 Warsaw), registered in the National Court Register by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register, under KRS number 0000196904, NIP 1132463200, REGON 01565661900000, with a share capital of PLN 50,000.00), who is the data controller. This is in accordance with the rules set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter "GDPR"). Contact with the Data Controller can be made via email at biuro@beautyboutique.pl or by phone at 22 245 16 66 on business days from 8:00 AM to 4:00 PM, or by mail at the following address: ul. Kosmatki 12 lok. 1, 03-982 Warsaw.
-
The scope of processed personal data is determined by the data provided by the Customer through the relevant form sent to the Seller. The processing of the Customer's personal data may include their email address, first and last name, phone number, residential address, and computer IP address. Personal data of Customers will be processed for a period of 5 years, after which it will be deleted unless further processing is justified by another legal basis.
-
Customers' personal data will be processed for the purposes of: (a) compliance with legal provisions, (b) account creation, order fulfillment, provision of electronic services, handling complaints, and other activities specified in the Terms and Conditions, (c) promotional and commercial activities of the Seller.
-
Providing personal data is voluntary, but the lack of consent for processing data marked as mandatory will prevent the Seller from providing services and fulfilling Sales Agreements.
-
The legal basis for processing personal data in the case referred to in sec. 3(a) is the Seller's legal obligation related to performing a contract to which the data subject is a party, including actions taken at the request of the data subject before entering into the contract; in the case referred to in sec. 3(b), the legal basis for processing personal data is the data subject's consent for processing their personal data for one or more specific purposes; in the case referred to in sec. 3(c), processing is necessary to fulfill the legal obligation incumbent on the controller.
-
Customers' personal data may be entrusted for processing solely to the extent necessary for the Seller to perform Sales Agreements and agreements for the provision of electronic services to a hosting company, an accounting service provider for the Seller, and a courier company. The entity processing Customers' personal data based on an entrustment agreement will process the personal data from the effective date of GDPR solely through another entity based on the prior consent of the Seller. Personal data collected by the Seller may also be shared with: relevant state authorities upon their request based on appropriate legal provisions, or other persons and entities in cases provided for by law.
-
Sharing personal data with unauthorized entities according to this Policy can only occur based on the prior consent of the Customer whose data is concerned.
-
Customers have the right to: delete personal data collected about them from both the Seller's system and the databases of entities cooperating with the Seller, restrict data processing, transfer personal data collected by the Seller about Customers and receive it in a structured format, file a complaint with the supervisory authority if the Customer believes their data is processed unlawfully, and seek judicial protection against the supervisory authority in case of a violation.
In the event that the Seller becomes aware of the Customer's use of a service provided electronically in a manner inconsistent with the Terms and Conditions or applicable law (unauthorized use), the Seller may process the Customer's personal data to the extent necessary to determine the Customer's responsibility.
- The service may store HTTP requests, and therefore certain information, including the IP address of the computer from which the request was made, the name of the Customer's station - identification carried out by the HTTP protocol, if possible, the system date and time of registration in the Store and the arrival of the request, the number of bytes sent by the server, the URL of the page previously visited by the Customer if the Customer entered through a link, browser information, and information about errors that occurred during the HTTP transaction may be logged in server log files. Logs can be collected as material for proper Store administration. Only persons authorized to administer the IT system have access to the information. Log files can be analyzed to compile traffic statistics in the Store and errors. A summary of such information does not identify the Customer.
- The transfer of Customers' personal data to third countries will be carried out in accordance with the requirements introduced by GDPR.
§ 2. INFORMATION SECURITY
-
The Seller applies technical and organizational measures to ensure the protection of processed personal data specified in Articles 25, 30, 32-34, 35-39 of GDPR, ensuring increased protection and security of Customers' personal data processing, appropriate to the risks and categories of data protected, in particular securing data technically and organizationally against unauthorized access, unauthorized acquisition, processing in violation of the law, and alteration, loss, damage, or destruction, including the use of SSL (Secure Socket Layer) certificates. The set of collected personal data of Customers is stored on a secured server, and the data is also protected by the Seller's internal procedures for personal data processing and information security policy.
-
To log into the Account, it is necessary to provide a login and password. To ensure an appropriate level of security, the Account access password exists in the Store only in encrypted form. Moreover, registration and login to the Account take place in a secure HTTPS connection. Communication between the Customer's device and the servers is encrypted using the SSL protocol.
-
The Seller also indicates that using the Internet and electronic services may involve specific teleinformatic threats such as the presence and operation of internet worms, spyware, or malware, including computer viruses, as well as the risk of being exposed to cracking or phishing (password fishing), and others. To obtain detailed and professional information on maintaining security on the Internet, the Seller recommends consulting entities specializing in such IT services.
§ 3. COOKIES
-
To ensure the proper functioning of the Store, the Seller uses Cookies technology based on the provisions of the Regulation on Privacy and Electronic Communications (e-Privacy Regulation). Cookies are packages of information stored on the Customer's device through the Store, usually containing information corresponding to the intended purpose of the given file, through which the Customer uses the Store. These usually include: the service address, placement date, expiry date, unique number, and additional information corresponding to the purpose of the file.
-
The Seller uses two types of Cookies: session cookies, which are permanently deleted upon ending the Customer's browser session, and, with the Customer's consent expressed through the browser settings, persistent cookies, which remain on the Customer's device after the end of the browser session until they are deleted.
-
It is not possible to determine the Customer's identity based on Cookies, both session and persistent. The Cookies mechanism does not allow for downloading any personal data.
-
The Store's Cookies are safe for the Customer's device, particularly they do not allow for viruses or other software to enter the device. Files generated directly by the Store cannot be read by other services. External Cookies (i.e., Cookies placed by the Seller's partners, with the Customer's prior consent by selecting appropriate browser settings) may be read by an external server.
-
The Customer can disable the saving of Cookies on their device according to the browser manufacturer's instructions. Not enabling persistent cookies and External Cookies by the Customer cannot cause the unavailability of some or all functions of the Store.
-
The Seller uses its own Cookies for the following purposes: authenticating the Customer in the Store and maintaining the Customer's session; configuring the Store and adjusting the content of pages to the Customer's preferences, such as recognizing the Customer's device and remembering the settings selected by the Customer; ensuring data and Store usage security; analysis and research on viewership; providing advertising services.
-
The Seller uses External Cookies, subject to sec. 5, for the following purposes: creating (anonymous) statistics allowing the optimization of the Store's usability via analytical tools such as Google Analytics; using interactive features via social networks: Facebook, Twitter, YouTube, and Instagram.
-
The Customer can independently change the settings for Cookies at any time, specifying the conditions for their storage, through the internet browser settings or through the service configuration. The Customer can also delete Cookies saved on their device at any time according to the browser manufacturer's instructions.
-
Detailed information on handling Cookies is available in the internet browser settings used by the Customer.