Privacy Policy

Table of contents
– I. Personal data controller
– II. Scope of the Regulations, Seller’s identification data
– III. Purpose and basis of personal data processing
– IV. Data recipients. Transfer of data to third countries
– V. Retention period of personal data
– VI. Rights of the data subject
– VII. Automated Decision Making. Profiling
– VIII. Cookie policy
I. Personal data controller
(1) The Administrator informs that it entrusts the processing of personal data to the following entities:
(a) Edrone Sp. z o.o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197 – in order to use the edrone.me mailing system for sending newsletters,
b) MISKY Alexander Misky”, ul. Warszawska 40/2A, 40-008 Katowice; NIP: 9691624824, REGON: 36798733 (e-mail: office@wordcare.eu, tel. +48 513-306-396, URL: www.wordcare.eu) – site support, responsible for store security, data processing for the purposes of operation and administration of the online store
c) GRUPA ALTER REMIGIUSZ SLIWKA ul. Dębowa 6A 56-400 Spalice NIP: PL9111078576 (e-mail: kontakt@weblo.pl, tel. +48 571 201 007, URL: www.weblo.pl) – site support, responsible for store security, data processing for the purposes of operation and administration of the online store

(2) The Administrator informs that it uses the following technologies to track the actions taken by the user/customer within the Store website:
a) edrone tracking code – for the purpose of analyzing the statistics of the Store’s website, as well as for marketing purposes only for the purposes of an e-mail campaign launched or indicated by the Administrator using the edrone system.
3 The administrator pursuant to Art. 32 paragraph. 1 of the RODO observes the principle of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data processed in connection with its operations.
(4) Providing personal data is voluntary, but necessary in order to execute the Agreement in accordance with the Rules and Regulations of the MED&BEAUTY GROCHOLEWSKI SPÓŁKA JAWNA. online store, which can be found at the following link: www.medandbeauty/regulaminy (hereinafter, Rules and Regulations).
(5) Customer of the Store is understood as any person who uses the Store in the manner and to the extent indicated in the Regulations.
6 The Data Controller processes the following personal data of Customers:
(a) Name,
(b) residential address,
(c) address for service,
(d) e-mail address,
(e) telephone number.
II. Scope of the Regulations, Seller’s identification data
(1) These Regulations set out the rules for the use of the Online Store www.medandbeauty.com and the placement and processing of orders placed under the MED&BEAUTY GROCHOLEWSKI SPÓŁKA JAWNA Online Store MED&BEAUTY GROCHOLEWSKI SPÓŁKA JAWNA. operates at: www.medandbeauty.com
2. the Seller and the operator of the Med&Beauty Internet Store is MED&BEAUTY – GROCHOLEWSKI SPÓŁKA JAWNA KRS 0001071883 NIP 7882040978 REGON 527048220, e-mail address for contact: shop@medandbeauty.com, telephone number for contact: 736 630 825
III. Purpose and basis of personal data processing
(1) The Administrator processes personal data for the following purposes:
a) to enable Customers to place Orders in accordance with the Terms and Conditions,
b) in order to carry out the Orders in accordance with the Regulations,
(c) for the purpose of fulfilling customer complaints,
d) for tax purposes – only for the purpose of accounting settlements in accordance with the binding legal regulations,
(e) for marketing purposes, i.e. in order to send customers current information about the Store’s activities. Marketing consent is given voluntarily and is not a condition of the Customer’s use of the Store.
(2) The Administrator processes Customers’ personal data on the basis of their voluntary consent (Article 6(1)(a) of the RODO), for the purpose of executing a contract for the sale of certain items (Article 6(1)(b) of the RODO), and in terms of tax obligations – to fulfill the obligations incumbent on the Administrator (Article 6(1)(c) of the RODO). In terms of marketing consent, the Administrator processes data only on the basis of the Customer’s voluntary consent (Article 6(1)(a) of the RODO).
IV. Data recipients. Transfer of data to third countries
(1) Recipients of personal data processed by the Data Controller may be entities cooperating with the Data Controller when it is necessary for the performance of the contract concluded with the data subject in accordance with the Regulations.
(2) Recipients of personal data processed by the data controller may also be subcontractors – entities whose services are used by the data controller for data processing, e.g. accounting offices, law firms, IT service providers (including hosting services).
(3) The data controller may be obliged to make personal data available on the basis of applicable laws, in particular to make personal data available to authorized state authorities or institutions.
4. personal data will not be transferred to entities located outside the European Economic Area
V. Retention period of personal data
(1) The controller shall keep personal data for the duration of the contract concluded with the data subject and after the termination of the contract for purposes related to the assertion of claims related to the contract, the performance of obligations under applicable laws, but for a period not exceeding the statute of limitations under the provisions of the Civil Code. In the case of a Customer with a Customer Account, as defined in the Regulations, the Administrator shall store the Customer’s data for the period indicated in the preceding sentence, or for the duration of the Account’s existence, whichever is later.
(2) The data controller shall store personal data contained in billing documents (e.g., invoices) for the period indicated by the provisions of the Law on Value Added Tax and the Law on Accounting.
(3) The data controller shall keep personal data processed for marketing purposes for a period of 10 years, but no longer than until you withdraw your consent to the processing or object to the processing.
VI. Rights of the data subject
(1) Every data subject has the right to:
(a) access to data-to obtain confirmation from the controller as to whether its personal data is being processed. If data about a person is processed, he or she is entitled to access it and obtain the following information: the purposes of the processing, the categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data are kept or the criteria for determining them, the data subject’s right to request rectification, erasure, or restriction of the processing of personal data, and to object to such processing (Article 15 RODO);
(b) to obtain a copy of the data – to obtain a copy of the data being processed, with the first copy being free of charge, and for subsequent copies the controller may charge a reasonable fee based on administrative costs (Article 15(3) RODO);
(c) to rectify – to request the rectification of personal data concerning him that is incorrect or the completion of incomplete data (Article 16 of the RODO);
(d) to erasure – to request the deletion of her personal data if the controller no longer has a legal basis for processing or the data are no longer necessary for the purposes of processing (Article 17 of the DPA);
(e) to restrict processing – to request the restriction of the processing of personal data (Article 18 RODO) when:
the data subject questions the accuracy of the personal data – for a period that allows the Administrator to verify the accuracy of the data,
processing is unlawful, and the data subject objects to the erasure of the data by requesting restriction of its use,
The controller no longer needs the data, but it is needed by the data subject to establish, assert or defend a claim,
the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds of the data subject’s objection;
(f) to object – to object to the processing of her personal data for the legitimate purposes of the controller, on grounds related to her particular situation, including profiling. Then the Administrator shall assess the existence of valid legitimate grounds for the processing, overriding the interests, rights and freedoms of the data subjects, or grounds for establishing, asserting or defending claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the controller will be obliged to stop processing the data for these purposes (Article 21 of the DPA).
(2) In order to exercise the aforementioned rights, the data subject shall contact, using the contact details provided, the Controller and inform him/her of which right and to what extent he/she wishes to exercise it.
(3) The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection, ul. Stawki 2, Warsaw.
VII. Automated Decision Making. Profiling
– Personal data will not be processed by automated means, including profiling.
VIII. Cookie policy
1 The store does not automatically collect any information, except for the information contained in cookies.
(2) Cookies (so-called “cookies”) are computer data, in particular text files, which are stored on the Customer’s terminal equipment and are intended for the use of the Store’s websites. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.
(3) The entity placing cookies on the Customer’s end device and accessing them is the Administrator of the Store.
4 Cookies are used for:
a) adapting the content of the Store’s websites to the Customer’s preferences and optimizing the use of the websites; in particular, these files allow the Store to recognize the Customer’s device and appropriately display the website, tailored to its individual needs;
b) to create statistics that help to understand how customers use the websites, which allows to improve their structure and content;
(c) maintenance of the Client’s session.
5 The following types of cookies are used within the Store:
(a) “session” (sessioncookies) and “permanent” (persistentcookies). “Session” cookies are temporary files that are stored on the customer’s terminal device until the customer logs out, leaves the website or shuts down the software (web browser). “Permanent” cookies are stored on the Client’s terminal device for the time specified in the parameters of the cookies or until they are deleted by the Client;
b) “necessary” cookies, enabling the use of services available in the Store, e.g. authentication cookies used for services requiring authentication in the Store;
(c) cookies used to ensure security, such as those used to detect abuse of authentication within the Store;
d) “performance” cookies, which allow collecting information about the use of the Store’s websites;
(e) “functional” cookies, which allow “remembering” the Customer’s selected settings and personalizing the Customer’s interface, e.g. with regard to the chosen language or region from which the Customer comes, font size, website design, etc;
(f) “advertising” cookies, enabling the delivery to customers of advertising content more tailored to their interests.
(6) In many cases, web browsing software (web browser) allows cookies to be stored on the Client’s terminal device by default. Customers can change their cookie settings at any time. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the settings of the Internet browser or inform about their placement on the Client’s device each time. Detailed information about the possibility and methods of handling cookies is available in the settings of your software (web browser).
7 The Administrator informs that restrictions on the use of cookies may affect some of the functionality available on the Store.