Privacy Policy
This Privacy Policy is an integral part of the Beauty Boutique Online Store Regulations of 1 April 2020 (Regulations). The definitions of terms used in this Privacy Policy are included in the Regulations. The provisions of the Regulations apply accordingly.
§ 1. PERSONAL DATA
1. Personal data provided by the Customer are processed by the Seller (i.e. BEAUTY BOUTIQUE spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw at ul. Kosmatki 12 03-982 Warsaw, entered into the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS number 0000196904, NIP 1132463200, REGON number 01565661900000, share capital PLN 50,000.00, which is the controller of personal data. In accordance with the principles set out in the content of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as "GDPR"). Contact with the Controller of personal data may take place by e-mail at biuro@beautyboutique.pl or by phone at 22 245 16 66.
2. The scope of processed personal data is determined by the scope of data completed by the Customer and then sent to the Seller using the appropriate form. The processing of the Customer's personal data may concern his/her e-mail address, first and last name, telephone number, residential address and computer IP address.
Customers' personal data will be processed for a period of 5 years and then deleted, unless their further processing results from another legal basis.
3. Personal data of Customers will be processed for the purpose of: (a) implementation of legal provisions, (b) creation of an Account, execution of an Order, provision of services electronically, consideration of submitted complaints and other activities indicated in the Regulations, (c) promotional and commercial activities of the Seller.
4. Providing personal data is voluntary, but failure to consent to the processing of personal data marked as obligatory will prevent the Seller from providing services and implementing Sales Agreements.
5. The legal basis for the processing of personal data in the case referred to in paragraph 3 letter (a) is the Seller's legal obligation related to the performance of the contract to which the data subject is a party, including the obligation to act at the request of the data subject before concluding the contract; in the case referred to in paragraph 3 letter (b), the legal basis for the processing of personal data is the consent of the data subject, who has consented to the processing of his or her personal data for one or more specific purposes, and in the case referred to in paragraph 3 letter (c), the processing is necessary to fulfill a legal obligation to which the controller is subject.
6. Customers' personal data may be entrusted for processing, solely for the purpose of implementing Sales Agreements and agreements on the provision of services by electronic means by the Seller, to a hosting company, a company providing accounting services to the Seller and a courier company. The entity processing Customers' personal data, based on the Entrustment Agreement, will process Customers' personal data through another entity from the entry into force of the GDPR, exclusively on the basis of the Seller's prior consent. Personal data collected by the Seller may also be made available to: appropriate state authorities at their request on the basis of appropriate legal provisions, or other persons and entities - in cases provided for by law.
7. Disclosure of personal data to unauthorized entities under this Policy may only occur with the prior consent of the Customer whose data is being processed.
8. Customers have the right to: delete personal data collected about them both from the Seller's system and from the databases of entities cooperating with the Seller, limit data processing, transfer personal data collected by the Seller about Customers and to receive them in a structured form, file a complaint with the supervisory authority in a situation where the Customer considers that his or her data is being processed unlawfully and bring a legal remedy before a court against the supervisory authority as the entity committing the violations.
9. If the Seller receives information that the Customer is using the service provided electronically in a manner that is not in accordance with the Regulations or applicable regulations (unauthorized use), the Seller may process the Customer's personal data to the extent necessary to determine the Customer's liability.
10. The Service may store http queries, therefore some information may be saved in the server log files, including the IP address of the computer from which the query came, the name of the Client's station - identification carried out by the http protocol, if possible, the date and system time of registration in the Store and receipt of the query, the number of bytes sent by the server, the URL address of the page previously visited by the Client, if the Client entered via a link, information about the Client's browser, information about errors that occurred during the execution of the http transaction. Logs may be collected as material for the proper administration of the Store. Only persons authorized to administer the IT system have access to the information. Log files may be analyzed in order to prepare traffic statistics in the Store and errors. The summary of such information does not identify the Client.
11. Transfer of Customers' personal data to third countries will take place in accordance with the requirements introduced by the GDPR.
§ 2. INFORMATION SECURITY
1. The Seller applies technical and organizational measures to ensure the protection of processed personal data specified in art. 25, 30, 32-34, 35-39 of the GDPR, ensuring increased protection and security of processing of Customers' personal data, appropriate to the threats and categories of data subject to protection, and in particular technically and organizationally protects data against their disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of the Act and change, loss, damage or destruction, including SSL (Secure Socket Layer) certificates. The set of collected personal data of Customers is stored on a secured server and the data is also protected by the Seller's internal procedures for processing personal data and information security policy.
2. To log in to the Account, it is necessary to provide a login and password. In order to ensure an appropriate level of security, the password to access the Account exists in the Store only in encrypted form. In addition, registration and logging in to the Account takes place in a secure https connection. Communication between the Client's device and the servers is encrypted using the SSL protocol.
3. The Seller also indicates that the use of the Internet and services provided electronically may be associated with specific teleinformatic threats, such as: the presence and operation of Internet worms, spyware or malware, including computer viruses, as well as the possibility of being exposed to cracking or phishing (password fishing), and others. In order to obtain detailed and professional information on maintaining security on the Internet, the Seller recommends obtaining them from entities specializing in this type of IT services.
§ 3. COOKIES
1. In order for the Store to operate properly, the Seller uses Cookie technology, based on the provisions of the Regulation on respect for private life and protection of personal data in electronic communications (e-Privacy Regulation). Cookies are information packages saved on the Customer's device via the Store, usually containing information consistent with the purpose of a given file, by means of which the Customer uses the Store - these are usually: website address, date of placement, expiry date, unique number and additional information consistent with the purpose of a given file.
2. The Seller uses two types of Cookies: session cookies, which are permanently deleted at the end of the Customer's browser session, and, with the Customer's consent expressed through browser settings, persistent cookies, which remain on the Customer's device after the end of the browser session until they are deleted.
3. Based on Cookies, both session and persistent, it is not possible to determine the identity of the Client. The Cookies mechanism does not allow for the collection of any personal data.
4. Shop Cookies are safe for the Customer's device, in particular they do not enable viruses or other software to enter the device.
5. Files generated directly by the Store cannot be read by other services. External Cookies (i.e. Cookies placed by the Seller's partners, with prior consent from the Customer by selecting the appropriate browser settings) can be read by an external server.
6. The Customer may disable the storage of Cookies on their device, in accordance with the browser manufacturer's instructions. Failure by the Customer to enable persistent cookies and External Cookies may not result in the unavailability of part or all of the Store's functions.
7. The Seller uses its own Cookies for the following purposes: authenticating the Customer in the Store and maintaining the Customer's session; configuring the Store and adapting the content of the pages to the Customer's preferences, such as: recognizing the Customer's device, remembering the settings selected by the Customer; ensuring the security of data and use of the Store; analysis and audience research; providing advertising services.
8. The Seller uses External Cookies, subject to paragraph 5, for the following purposes: creating statistics (anonymous) that allow for optimizing the usability of the Store, via analytical tools such as Google Analytics; using interactive functions via social networking sites: Facebook, Twitter, Google+, YouTube and Instagram.
9. The Customer may independently change the settings for Cookies at any time, specifying the conditions for their storage, through the web browser settings or through the service configuration. The Customer may also independently delete Cookies stored on his device at any time, in accordance with the browser manufacturer's instructions.
10. Detailed information on the use of Cookies is available in the settings of the web browser used by the Client.