§1
GENERAL CONDITIONS
The Privacy Policy contains rules regarding the processing of personal data by the Shop, including the grounds, purposes and scope of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools.
The administrator of personal data collected via the Internet Shop is Insignia Sp. z o.o. with its registered office at Sportowa 8, 81-300 Gdynia
NIP: 5862375634, REGON: 520769459,
Phone: 887705887, E-mail: sklep@insigniacosmetics.com
hereinafter referred to as the “Administrator”.
Personal data in the Online Shop are processed by the Administrator in accordance with the applicable legal provisions, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “RODO”.
The use of the Online Shop, including making purchases, is voluntary. Similarly, the related provision of personal data by the Customer using the Online Shop is voluntary, with the exception of:
If personal data necessary for the conclusion and performance of a Sales Agreement or an agreement for the provision of an Electronic Service with the Administrator are not provided in the cases and to the extent specified on the website of the Internet Shop as well as in the Terms and Conditions of the Internet Shop and this Privacy Policy, it shall not be possible to conclude such an agreement. Providing personal data in such a case is a contractual requirement and if the data subject wishes to conclude a given agreement with the Administrator, he/she is obliged to provide the required data. Each time, the scope of data required to conclude a contract is indicated beforehand on the website of the Internet Shop.
statutory obligations – provision of personal data is a statutory requirement resulting from generally applicable provisions of law which impose an obligation on the Administrator to process personal data (e.g. processing of data for the purpose of keeping tax or accounting records), and failure to provide such data will prevent the Administrator from fulfilling those obligations.
The controller shall take special care to protect the interests of the persons whose personal data it processes and, in particular, shall be responsible and ensure that the data it collects are:
processed lawfully;
collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes;
Substantially accurate and adequate in relation to the purposes for which they are processed;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of the processing;
processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by means of appropriate technical or organisational measures.
Having regard to the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the Regulation and to be able to demonstrate this. The Administrator shall apply technical measures to prevent the acquisition and modification by unauthorised persons, of personal data transmitted electronically.
§2
GROUNDS FOR DATA PROCESSING
The controller is entitled to process personal data where, and to the extent that, one or more of the following conditions are met:
the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes;
the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary for compliance with a legal obligation incumbent on the Controller;
processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The processing of personal data by the Controller requires in each case the existence of at least one of the grounds indicated above. The specific grounds for the processing of Customers’ personal data are indicated below.
§3
PURPOSE, BASIS, DURATION AND SCOPE OF DATA PROCESSING
Each time, the purpose, basis, period and scope and recipients of the personal data processed by the Administrator results from the activities undertaken by the respective Customer in the Online Shop. For example, if the Customer decides to make purchases in the Online Shop and chooses personal collection of the purchased Goods instead of courier delivery, his/her personal data will be processed for the purpose of executing the concluded Sales Agreement, but will no longer be made available to the carrier carrying out the delivery on behalf of the Administrator.
The Administrator may process personal data in the Online Shop for the following purposes, on the following grounds, for the following periods and to the following extent:
Transaction data, including personal data, i.e. may be transferred to PayPro SA with its registered seat in Poznań Kanclerska 15, 60-327 Poznań, entered into the register of entrepreneurs kept by the District Court in Poznań – Nowe Miasto and Wilda in Poznań, 8th Economic Department of the National Court Register under KRS number 0000347935. to the extent necessary to process payment for the order. The customer has the right to access and correct his/her data. Provision of data is voluntary but necessary to use the service.
§4
RECIPIENTS OF THE DATA
For the proper functioning of the Online Shop, including the performance of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities. The Administrator shall only use the services of such processors who provide sufficient guarantees of the implementation of appropriate technical and organisational measures so that the processing meets the requirements of the RODO Regulation and protects the rights of the data subjects.
The transfer of data by the Controller does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy – the Controller transfers data only when it is necessary for the fulfilment of the given purpose of personal data processing and only to the extent necessary for its fulfilment. For example, if the Customer uses personal collection, his/her data will not be transferred to the carrier cooperating with the Administrator.
Personal data of the Customers of the Internet Shop may be transferred to the following recipients or categories of recipients:
carriers/courier brokers – in the case of a Customer who uses the method of delivery of the Goods in the Internet Shop by post or courier, the Administrator makes the collected personal data of the Customer available to the selected carrier or broker executing the shipment on the order of the Administrator to the extent necessary to execute the delivery of the Goods to the Customer.
entities handling electronic or credit card payments – in the case of a Customer who uses the electronic or credit card payment method in the Internet Shop, the Administrator makes the collected personal data of the Customer available to a selected entity handling the aforementioned payments in the Internet Shop on the order of the Administrator to the extent necessary to handle the payment made by the Customer.
suppliers of Goods sent using the dropshipping model (shipping directly from the manufacturer/importer) to the extent necessary to complete the delivery of Goods to the Customer.
service providers who supply the Administrator with technical, IT and organisational solutions enabling the Administrator to conduct its business activity, including the Internet Store and Electronic Services provided by means of it (in particular, suppliers of computer software for running the Internet Store, e-mail and hosting providers, as well as providers of business management software and technical assistance to the Administrator) – the Administrator shall make the collected personal data of the Customer available to the chosen supplier acting on its behalf only in the event of and to the extent necessary for the performance of the given purpose of data processing in accordance with this privacy policy.
providers of accounting, legal services providing accounting, legal support to the Administrator (in particular an accounting office, a law firm or a debt collection company) – the Administrator shall make the collected personal data of the Client available to the selected provider acting on its behalf only if and to the extent necessary for the performance of the given purpose of the data processing in accordance with this Privacy Policy.
§5
PROFILING
The Administrator may use profiling on the Online Store for marketing purposes, but the decisions made on its basis by the Administrator do not relate to the conclusion or refusal to conclude a Sales Agreement, or the possibility of using services on the Online Store. The effect of the use of profiling in the Online Store may be, for example, to grant a person a discount, send him/her a discount code, remind him/her of unfinished purchases, send him/her a proposal of Goods that may correspond to the person’s interests or preferences, or offer better conditions compared to the standard offer of the Online Store. Despite the profiling, it is the individual who freely decides whether to take advantage of the discount received in this way or the better terms and conditions and make a purchase from the Online Store.
Profiling in the Online Store involves automatic analysis or prediction of a person’s behavior on the Online Store website, e.g. by adding a specific Item to the shopping cart, browsing the page of a specific Item in the Online Store, or by analyzing the previous history of purchases made in the Online Store. The condition for such profiling is that the Administrator has the personal data of the person in question in order to be able to subsequently send him/her, for example, a discount code.
The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects with respect to that person or in a similar manner materially affects that person.
§6
RIGHTS OF THE DATA SUBJECT
Right of access, rectification, restriction, erasure or portability – the data subject has the right to request from the Controller access to his/her personal data, rectification, erasure (“right to be forgotten”) or restriction of processing, and has the right to object to processing, and has the right to portability of his/her data. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the RODO Regulation.
The right to withdraw consent at any time – the person whose data are processed by the Administrator on the basis of expressed consent has the right to withdraw consent at any time without affecting the legality of the processing performed on the basis of consent before its withdrawal.
Right to lodge a complaint to a supervisory authority – a person whose data is processed by the Administrator has the right to lodge a complaint to a supervisory authority in the manner and mode specified in the provisions of the RODO Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
Right to object – The data subject has the right to object at any time – on grounds relating to his or her particular situation – to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. The controller in such a case shall no longer be allowed to process such personal data, unless the controller demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.
In order to exercise the rights referred to in this paragraph, the Administrator may be contacted by sending a relevant message in writing or by e-mail to the Administrator’s address indicated in paragraph 1.
§7
ONLINE STORE COOKIES, USAGE DATA AND ANALYTICS
Cookies are small text information in the form of text files, sent by a server and stored on the side of the person visiting the site of the Online Store (e.g. on the hard drive of a computer, laptop, or smartphone memory card – depending on the device used by the visitor to our Online Store). Detailed information about cookies, as well as the history of their creation can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.
The Administrator may process the data contained in Cookies when visitors use the Online Store website for the following purposes:
identifying Customers as logged in to the Online Store and showing that they are logged in;
remembering Goods added to the shopping cart for the purpose of placing an Order;
remembering data from completed Order Forms, surveys or login data to the Online Store;
adapting the content of the Internet Shop’s website to the individual preferences of the Customer (e.g. concerning colors, font size, page layout) and optimizing the use of the Internet Shop’s pages;
to keep anonymous statistics showing how the Internet Store website is used;
remarketingu, to jest badania cech zachowania odwiedzających Sklep Internetowy poprzez anonimową analizę ich działań (np. powtarzające się wizyty na określonych stronach, słowa kluczowe itp.) w celu stworzenia ich profilu i dostarczenia im reklam dopasowanych do ich przewidywanych zainteresowań, także wtedy kiedy odwiedzają oni inne strony internetowe w sieci reklamowej firmy Google Inc. oraz Facebook Ireland Ltd.;
The Administrator may process the data contained in Cookies when visitors use the Online Store website for the following purposes:
identifying Customers as logged in to the Online Store and showing that they are logged in;
remembering Goods added to the shopping cart for the purpose of placing an Order;
remembering data from completed Order Forms, surveys or login data to the Online Store;
adapting the content of the Internet Shop’s website to the individual preferences of the Customer (e.g. concerning colors, font size, page layout) and optimizing the use of the Internet Shop’s pages;
to keep anonymous statistics showing how the Internet Store website is used;
By default, most web browsers on the market accept the storage of Cookies by default. Everyone has the ability to determine the conditions for the use of Cookies through the settings of their own web browser. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the ability to save Cookies – in the latter case, however, this may affect some of the functionality of the Online Store (for example, it may not be possible to pass the Order path through the Order Form due to the failure to remember the Goods in the shopping cart during the subsequent steps of placing the Order).
The settings of your Internet browser regarding Cookies are important from the point of view of your consent to the use of Cookies by our Online Store – in accordance with the regulations, such consent may also be expressed through the settings of your Internet browser. In the absence of such consent, the browser settings for Cookies must be changed accordingly.
Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser.
The Administrator may use on the Online Store the services of Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and the Heatmap service provided by HeatMap, Inc. These services help the Administrator analyze traffic on the Online Store. The data collected is processed within the framework of the above services in an anonymized manner (this is so-called exploitation data, which prevents the identification of a person) to generate statistics to help administer the Online Store. These data are aggregate and anonymous, i.e. they do not contain identifying characteristics (personal data) of visitors to the Online Store website. When using the above services on the Online Store, the Administrator collects such data as the sources and medium of acquisition of visitors to the Online Store and the way they behave on the Online Store website, information on the devices and browsers from which they visit the website, IP and domain, geographical data and demographic data (age, gender) and interests.
It is possible for a person to easily block Google Analytics from sharing information about his/her activity on the Online Store website – for this purpose you can install a browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl