PRIVACY POLICY

  1. This Privacy Policy defines the rules for processing personal data obtained through the online store kosmetyk.de (hereinafter referred to as the "Online Store").
  2. The owner of the Online Store and the data controller is Skiera Cosmetics BV with its registered office in The Hague (2544EM), Koperwerf 27, KVK72689331: KVK, BTW: NL859198819B01, hereinafter referred to as Skiera Cosmetics BV.
  3. Personal data collected by Skiera Cosmetics BV through the Online Store is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, also known as the GDPR.
  4. Skiera Cosmetics BV takes special care to respect the privacy of customers visiting the Online Store.

§ 1 Type of Processed Data, Purposes, and Legal Basis

  1. Skiera Cosmetics BV collects information about natural persons performing a legal act not directly related to their business or professional activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal entities or organizational units not being legal persons to which legal capacity is granted by law, hereinafter collectively referred to as Customers.
  2. Personal data of Customers are collected in the case of:
    1. registration of an account in the Online Store, for the purpose of creating an individual account and managing this account. Legal basis: necessity for the performance of a contract for the provision of an Account service (Art. 6(1)(b) GDPR);
    2. placing an order in the Online Store, for the purpose of executing a sales contract. Legal basis: necessity for the performance of a sales contract (Art. 6(1)(b) GDPR);
    3. subscription to the newsletter (Newsletter), for the purpose of performing a contract for the provision of an electronic service. Legal basis: consent of the data subject to the performance of a service contract for the Newsletter (Art. 6(1)(a) GDPR);
    4. using the contact form service in the Online Store, for the purpose of performing a contract for the provision of the contact form service. Legal basis: necessity for the performance of a contract for the provision of the contact form service (Art. 6(1)(b) GDPR);
    5. using the review submission service, for the purpose of performing a contract for the provision of the review submission service. Legal basis: necessity for the performance of a contract for the provision of the review submission service (Art. 6(1)(b) GDPR).
  3. In the case of registering an account in the Online Store, the Customer provides:
    1. email address;
    2. first name and last name;
    3. phone number.
  4. During the registration of an account in the Online Store, the Customer independently sets an individual password to access their account. The Customer can change the password at a later time, according to the rules described in §5.
  5. In the case of placing an order in the Online Store, the Customer provides the following data:
    1. email address;
    2. address details:
      1. postal code and city;
      2. country;
      3. street with house/apartment number;
      4. province.
    3. first name and last name;
    4. phone number.
  6. In the case of Entrepreneurs, the above scope of data is additionally expanded to include:
    1. Entrepreneur's company;
    2. Tax Identification Number (NIP).
  7. In the case of subscribing to the newsletter, the Customer provides only their email address.
  8. In the case of using the contact form service, the Customer provides the following data:
    1. email address;
    2. first name and last name;
    3. phone number.
  9. In the case of using the review submission service, the Customer provides the following data:
    1. email address;
    2. first name and last name or nickname (alias).
  10. While using the Website of the Online Store, additional information may be collected, in particular: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
  11. Navigational data may also be collected to ensure better service for Customers, analyze statistical data, adjust the Online Store to Customer preferences, and administer the Online Store. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) consisting in facilitating the use of electronically provided services and improving the functionality of these services.
  12. In order to establish, assert, and defend claims, certain personal data provided by the Customer as part of using the functionalities in the Online Store, such as first name, last name, data concerning the use of services, if the claims arise from the way the Customer uses the services, and other data necessary to prove the existence of the claim, including the extent of damage suffered, may be processed. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) consisting in establishing, asserting, and defending claims, as well as in defense against claims in proceedings before courts and other state authorities.
  13. Providing personal data to Skiera Cosmetics BV is voluntary, in connection with concluded sales contracts or the provision of services through the Online Store's Website. However, if certain data in the forms is not provided during the Registration process, it will not be possible to Register and create a Customer Account. In the case of placing an order without Registering a Customer Account, it will not be possible to place and fulfill the Customer's order.

§ 2 To whom are the data disclosed or entrusted and for how long are they stored?

  1. Customer's personal data is transferred to service providers used by Skiera Cosmetics BV in running the Online Store. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, either follow Skiera Cosmetics BV's instructions regarding the purposes and methods of processing this data (data processors) or independently determine the purposes and methods of its processing (controllers).
    1. Data processors. Skiera Cosmetics BV uses providers who process personal data only on behalf of Skiera Cosmetics BV. These include, among others, providers offering hosting services, accounting services, providing systems for marketing, systems for analyzing traffic in the Online Store, and systems for analyzing the effectiveness of marketing campaigns;
    2. Controllers. Skiera Cosmetics BV uses providers who do not act exclusively on instructions and independently determine the purposes and methods of using the personal data of Customers. They provide electronic payment and banking services.
  2. Location. Service providers have their registered offices in Poland and other countries of the European Economic Area (EEA).
  3. Customer's personal data is stored:
    1. In the case where the legal basis for processing personal data is consent, the Customer's personal data is processed by Skiera Cosmetics BV until the consent is withdrawn, and after the withdrawal of consent for a period of time corresponding to the statute of limitations for claims that Skiera Cosmetics BV may raise and that may be raised against it. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to business activities, it is three years.
    2. In the case where the legal basis for processing data is the performance of a contract, the Customer's personal data is processed by Skiera Cosmetics BV for as long as it is necessary to perform the contract, and after that time for a period corresponding to the statute of limitations for claims. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to business activities, it is three years.
  4. In the case of making a purchase in the Online Store, personal data may be transferred, depending on the Customer's choice, to the following entities for the purpose of delivering ordered goods:
    1. courier company;
    2. POST NL BV with its registered office in The Hague.
  5. In the case where the Customer chooses payment via the SOFORT Banking system, their personal data is transferred to the extent necessary to process the payment to Mollie BV, Keizergracht 126, 1015CW Amsterdam.
  6. In the case where the Customer chooses payment via PayPal, their personal data is transferred to the extent necessary to process the payment to Mollie BV, Keizergracht 126, 1015CW Amsterdam.
  7. Navigational data may be used to provide Customers with better service, analyze statistical data, tailor the Online Store to Customer preferences, and administer the Online Store.
  8. In the case where the Customer subscribes to the newsletter (Newsletter) on their email address, Skiera Cosmetics BV will send electronic messages containing commercial information about promotions and new products available in the Online Store.
  9. If a request is made, Skiera Cosmetics BV may provide personal data to authorized state authorities, in particular to organizational units of the Prosecutor's Office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Cookies Mechanism, IP Address

  1. The Online Store uses small files called cookies. They are saved by Skiera Cosmetics BV on the end device of the person visiting the Online Store if the web browser allows it. A cookie usually contains the domain name from which it comes, its "expiry time," and an individual, randomly selected number identifying this file. Information collected using these types of files helps customize the products offered by Skiera Cosmetics BV to individual preferences and the actual needs of the persons visiting the Online Store. They also allow for the development of general statistics on the viewing of presented products in the Online Store.
  2. Skiera Cosmetics BV uses two types of cookies:
    1. Session cookies: after the session of a given browser or turning off the computer, the saved information is deleted from the device's memory. The session cookies mechanism does not allow for downloading any personal data or any confidential information from the Customer's computers.
    2. Persistent cookies: they are stored in the end device's memory of the Customer and remain there until they are deleted or expire. The persistent cookies mechanism does not allow for downloading any personal data or any confidential information from the Customer's computers.
  3. Skiera Cosmetics BV uses its own cookies for:
    1. authenticating the Customer in the Online Store and providing the Customer's session in the Online Store (after logging in), thanks to which the Customer does not have to enter their login and password on every subpage of the Online Store;
    2. analysis and research, as well as viewership audits, especially to create anonymous statistics that help understand how Customers use the Online Store's Website, enabling its structure and content improvement.
  4. Skiera Cosmetics BV uses external cookies for:
    1. popularizing the Online Store through the social networking site facebook.com (external cookie administrator: Facebook Inc. based in the USA or Facebook Ireland based in Ireland);
    2. collecting general and anonymous statistical data through analytical tools LiveChat (external cookie administrator: Smartsupp.com based in the Czech Republic);
    3. displaying advertisements tailored to the Customer's preferences using the online advertising tool awin.com (external cookie administrator: AWIN Limited registered in England and Wales);
    4. displaying advertisements tailored to the Customer's preferences using the online advertising tool rtbhouse.com (external cookie administrator: RTB House S.A. based in Warsaw);
    5. displaying advertisements tailored to the Customer's preferences using the online advertising tool go.pl (external cookie administrator: GO.PL Sp. z o.o. based in Warsaw);
    6. popularizing the Store through the social networking site twitter.com (external cookie administrator: Twitter Inc. based in the USA);
    7. collecting general and anonymous statistical data through Google Analytics analytical tools (external cookie administrator: Google Inc. based in the USA);
    8. presenting the Reliable Regulations Certificate via the rzetelnyregulamin.pl website (external cookie administrator: Rzetelna Grupa sp. z o.o. based in Warsaw).
  5. The cookies mechanism is safe for the Customers' computers. In particular, this way, viruses or other unwanted software or malicious software cannot get to the Customers' computers. Nevertheless, Customers have the option to limit or disable access to cookies on their computers through their browsers. If they choose this option, using the Online Store will be possible, except for functions that, by their nature, require cookies.
  6. Below, we present how you can change the settings of popular web browsers in terms of using cookies:
    1. Internet Explorer browser
    2. Microsoft Edge browser
    3. Mozilla Firefox browser
    4. Chrome browser
    5. Safari browser
    6. Opera browser
  7. Skiera Cosmetics BV may collect Customers' IP addresses. An IP address is a number assigned to the computer of the person visiting the Online Store by the Internet service provider. The IP number enables access to the Internet. In most cases, it is assigned to a computer dynamically, i.e., it changes with each Internet connection. The IP address is used by Skiera Cosmetics BV to diagnose technical problems with the server, create statistics (e.g., determining from which regions we have the most visits), as information useful for administering and improving the Online Store, as well as for security purposes and potentially identifying servers that burden, unwanted automatic content browsing programs.
  8. The Online Store contains links and references to other websites. Skiera Cosmetics BV is not responsible for the privacy policies in force on these websites.

§ 4 Rights of Data Subjects

  1. Right to Withdraw Consent - legal basis: Article 7(3) of the GDPR.
    1. The Customer has the right to withdraw any consent given to Skiera Cosmetics BV.
    2. Withdrawal of consent takes effect from the moment of its withdrawal.
    3. Withdrawal of consent does not affect the processing carried out by Skiera Cosmetics BV in accordance with the law before its withdrawal.
    4. Withdrawal of consent does not have any negative consequences for the Customer, but it may prevent further use of services or functionalities that Skiera Cosmetics BV can provide only with consent, in accordance with the law.
  2. Right to Object to Data Processing - legal basis: Article 21 of the GDPR.
    1. The Customer has the right, at any time, to object, for reasons related to their particular situation, to the processing of their personal data, including profiling, by Skiera Cosmetics BV, if Skiera Cosmetics BV processes their data based on a legitimate interest, e.g., marketing Skiera Cosmetics BV's products and services, conducting statistics on the use of individual functionalities of the Online Store, facilitating the use of the Online Store, and conducting satisfaction surveys.
    2. Opting out from receiving marketing communications via email will be considered an objection by the Customer to the processing of their personal data for such purposes.
    3. If the Customer's objection is justified, and Skiera Cosmetics BV does not have any other legal basis for processing the personal data, the Customer's personal data will be deleted concerning which the Customer has raised an objection.
  3. Right to Erasure of Data ("Right to Be Forgotten") - legal basis: Article 17 of the GDPR.
    1. The Customer has the right to request the erasure of all or some of their personal data.
    2. The Customer has the right to request the erasure of personal data if:
      1. The personal data are no longer necessary for the purposes for which they were collected or processed;
      2. The Customer has withdrawn a specific consent regarding data processing, to the extent that the personal data were processed based on their consent;
      3. The Customer has objected to the use of their data for marketing purposes;
      4. The personal data are being processed unlawfully;
      5. The personal data must be erased for compliance with a legal obligation in Union or Member State law to which Skiera Cosmetics BV is subject;
      6. The personal data have been collected in relation to the offer of information society services.
    3. Despite the request for the erasure of personal data, Skiera Cosmetics BV may retain some personal data to the extent that processing is necessary for the establishment, exercise, or defense of legal claims or for compliance with a legal obligation requiring processing under Union or Member State law to which Skiera Cosmetics BV is subject. This particularly applies to personal data including the Customer's name, surname, email address, which are retained for the purpose of resolving complaints and claims related to the use of Skiera Cosmetics BV's services, as well as, additionally, the residential/correspondence address, order number, which are retained for the purpose of resolving complaints and claims related to concluded sales agreements or service provision.
  4. Right to Restrict Data Processing - legal basis: Article 18 GDPR.
    1. The customer has the right to request the restriction of the processing of their personal data. Submitting a request prevents the use of specific functionalities or services associated with the processing of the data subject to the request until the request is processed. Skiera Cosmetics BV will also not send any communications, including marketing, during this period.
    2. The customer has the right to request restrictions on the use of personal data in the following cases:
      1. When they contest the accuracy of their personal data – in such cases, Skiera Cosmetics BV restricts their use for the time necessary to verify the accuracy of the data, but not longer than 7 days.
      2. When the processing of data is unlawful, and instead of deleting the data, the customer requests the restriction of their use.
      3. When personal data is no longer necessary for the purposes for which it was collected or used, but the customer needs it for establishing, pursuing, or defending legal claims.
      4. When the customer has objected to the use of their data – in this case, the restriction is in place while the consideration takes place to determine whether, due to the customer's particular situation, their interests, rights, and freedoms outweigh the interests pursued by the data controller in processing the customer's personal data.
  5. Right to Access Data - legal basis: Article 15 GDPR.
    1. The customer has the right to obtain confirmation from the data controller whether personal data concerning them is being processed. If so, the customer has the right to:
      1. Access their personal data;
      2. Receive information about the purposes of processing, the categories of personal data processed, recipients or categories of recipients of this data, the planned storage period of the customer's data, or the criteria for determining this period (when determining the planned data processing period is not possible), the customer's rights under the GDPR, and the right to lodge a complaint with a supervisory authority, the source of this data, automated decision-making, including profiling, and the safeguards applied in connection with transferring this data outside the European Union;
      3. Obtain a copy of their personal data.
  6. Right to Rectify Data - legal basis: Article 16 GDPR.
    1. The customer has the right to request the immediate rectification of inaccurate personal data concerning them by the data controller. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data by providing additional statements, by sending a request to the email address as indicated in §6 of the Privacy Policy.
  7. Right to Data Portability - legal basis: Article 20 GDPR.
    1. The customer has the right to receive their personal data, which they provided to the data controller, and then transmit it to another chosen data controller. The customer also has the right to request that the data controller transmit their personal data directly to such a data controller, provided that it is technically feasible. In this case, the data controller will transmit the customer's personal data in a CSV file format, which is commonly used, machine-readable, and suitable for transmitting the received data to another data controller.
  8. If the customer exercises any of the above rights, Skiera Cosmetics BV will fulfill the request or deny it promptly, but no later than one month after receiving it. However, if, due to the complexity of the request or the number of requests, Skiera Cosmetics BV cannot fulfill the request within one month, it will do so within the following two months, informing the customer in advance within one month of receiving the request of the intended extension of the deadline and the reasons for it.
  9. The customer can submit complaints, inquiries, and requests regarding the processing of their personal data and the exercise of their rights to the data controller.
  10. The customer has the right to request from Skiera Cosmetics BV a copy of the standard contractual clauses by sending a request in the manner specified in §6 of the Privacy Policy.
  11. The customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding the violation of their rights to personal data protection or other rights granted under the GDPR.

§ 5 Security Management - Password

  1. Skiera Cosmetics BV provides customers with a secure and encrypted connection when transmitting personal data and when logging into their customer account on the website. Skiera Cosmetics BV uses an SSL certificate issued by one of the leading global security and data encryption companies for data transmitted over the Internet.
  2. In the event that a customer with an account in the online store loses their access password in any way, the online store allows for the generation of a new password. Skiera Cosmetics BV does not send password reminders. Passwords are stored in an encrypted form, making it impossible to read. To generate a new password, the customer should provide their email address in the form available at the "Forgot your password?" link provided on the login form to the customer account on the online store. The customer will receive an email to the email address provided during registration or in the last profile change, containing a link to a dedicated form on the store's website, where the customer can set a new password.
  3. Skiera Cosmetics BV never sends any correspondence, including electronic correspondence, requesting login information, especially login passwords, from customers.

§ 6 Changes to the Privacy Policy

  1. The Privacy Policy may change, and Skiera Cosmetics BV will inform customers in advance with a notice period of 7 days.
  2. Questions related to the Privacy Policy should be directed to: [email protected]
  3. Last modification date: September 8, 2021.
group_work Cookie consent