Privacy Policy and Cookies

Dear Client,

Due to the fact that from May 25, 2018. Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 applies. on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we have made changes to our Privacy and Cookies Policy.

This document defines the rules on which the personal data of persons using the "www.estetica-home.com" website are protected.

The Privacy and Cookies Policy describes the type of collected Personal Data of the Website User, the method of their collection, use as well as their storage and possible sharing, and also describes what rights you have in connection with the processing of personal data.

The Administrator is obliged to protect the privacy of Website Users. Acting for this purpose, the Administrator makes every effort to ensure that the User of the Website protects the personal data provided in connection with the use of the Website and making purchases.

CONTENTS :

  • Administrator 
  • Definitions
  • Collection of personal data
  • Types of personal data collected
  • For what purpose and on what basis we process personal data
  • Cookies policy
  • The period of personal data processing 
  • Website user rights 
  • Recipients of personal data 
  • Children's Data Processing 
  • Data transfer outside the EEA 
  • Automated decision making 
  • Using plugins
  • Security of personal data 
  • Changing the Privacy and Cookies Policy
     

I. ADMINISTRATOR

The administrator of your personal data is Wiesław Setla running a business under the name Przedsiębiorstwo Wielobranżowe Estetica Aleksandra Łesyk at ul. Allied, 14-400 Pasłęk, REGON: 365758270, NIP: 5782790130

e-mail address: info@estetica-home.com

II. DEFINITIONS

  1. Personal data - all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, online identifier and information collected via through cookies and other similar technology.
  2. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  3. Privacy and Cookies Policy - this document, hereinafter referred to as the "Policy";
  4. Website - a website run by the Administrator at www.estetica-home.pl
  5. Website User – any natural person visiting the Website or using at least one service performed by the Administrator or Website function.

III. COLLECTION OF PERSONAL DATA

The Administrator collects data of the Users of the Website located at https://www.rosanero.pl. These data are collected in accordance with the principles set out in the GDPR, only to the extent necessary for the Administrator to provide services related to the use of the Website available at www.estetica-home.com. In addition, the Administrator collects information about the Website User's activity.

IV. TYPES OF PERSONAL DATA COLLECTED

The administrator collects e.g. the following data:

  • User's name and surname,
  • NIP number and company name
  • postal address or delivery address,
  • E-mail address (e-mail),
  • contact phone number,
  • IP address,
  • Browser information.
  • Data saved in cookies and other similar technologies.

 

V. FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS PERSONAL DATA?

The personal data of the Website User are processed by the Administrator in accordance with the GDPR and Polish national legislation.

The types of collected Personal Data of Website Users, as well as the purpose and basis for their processing depend on the way the Website User uses the website maintained by the Administrator at www.estetica-home.com.

USE OF THE SERVICE

Personal data of all persons using the Website (information collected via cookies or other similar technologies, including IP address or other identifiers), are processed by the Administrator:

  1. in order to provide electronic services consisting in providing Website Users with content on the Website - the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR);
  2. for analytical and statistical purposes - then the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in conducting analyzes of the Website Users' activity, as well as their preferences in order to improve the functionalities and services provided;
  3. in order to possibly determine and pursue claims or defend against them - the legal basis is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in the protection of his rights;
  4. for the Administrator's marketing purposes, in particular related to adapting the content of the website to the individual preferences of the user and optimizing the use of the website pages - the legal basis is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in the marketing of own products.

 

CREATE AN ACCOUNT ON THE WEBSITE (REGISTRATION)

Persons setting up an account on the Website are asked in the registration form to provide the data necessary to create and operate the account. The Website User may also - in order to facilitate account management - provide additional data, thus agreeing to their processing. Such data can be deleted at any time. Providing data marked as mandatory is required in order to set up an account, as well as its maintenance, use and service, while failure to provide them results in the inability to set up an account, as well as its maintenance, use and service. Providing other data is voluntary.

Personal data provided by the person registering on the Website are processed:

  1. in order to provide services related to maintaining and servicing an account on the Website - the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR), and in the scope of data provided optionally - the legal basis for processing is consent (Article 6 section 1 letter a of the GDPR);
  2. for analytical and statistical purposes - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in conducting analyzes of Users' activity on the Website and how to use the account, as well as their preferences in order to improve the functionalities used;
  3. in order to possibly determine and pursue claims or defend against them - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR), which consists in protecting his rights.
  4. for the Administrator's marketing purposes, in particular related to adapting the content of the website to the individual preferences of the user and optimizing the use of the website pages - the legal basis is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in the marketing of own products;
  • in order to facilitate service based on voluntary consent (Article 6(1)(a) of the GDPR).

 

PLACING ORDERS BY USERS

If the Website User places an order to purchase goods or provide a service, it involves the processing of his personal data. Providing data marked as mandatory is required in order to accept and service the order, while failure to provide them results in the inability to accept and execute the order.

Personal data of the Website User obtained via the order form are processed:

  • in order to fulfill the order placed, e.g. delivery of goods, contact in connection with the need to perform the order - the legal basis is the necessity of processing in order to perform the contract (Article 6(1)(b) of the GDPR),
  • in order to fulfill the statutory obligations incumbent on the Administrator, resulting in particular from tax and accounting regulations - the legal basis is the legal obligation imposed on the Administrator (Article 6(1)(c) of the GDPR);
  • in order to fulfill the legal obligations incumbent on the Administrator in connection with concluded contracts, such as consideration of complaints, guarantees, warranty for physical defects of goods, return of goods - the legal basis is a legal obligation (Article 6(1)(c) of the GDPR);
  • in order to pursue claims or defend against them - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in the protection of his rights;
  • for analytical and statistical purposes - then the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in conducting analyzes of the activity of people visiting the Website, as well as their preferences in order to improve the functionalities and services provided;

PLACING ORDERS "FABRIC SAMPLES"

The Website User has the right to place an order for fabric samples via the Website. Placing an order involves the processing of personal data. Providing personal data indicated in the form for ordering fabric samples is voluntary, but necessary to send fabric samples.

Personal data is processed:

  • in order to fulfill placed orders and provide additional services related to placed orders, contact the Website User in connection with the placed order - the legal basis is the necessity of processing in order to perform the contract (Article 6(1)(b) of the GDPR);
  • in order to fulfill the legal obligations incumbent on the Administrator in connection with concluded contracts - the legal basis is a legal obligation (Article 6(1)(c) of the GDPR);
  • in order to pursue claims or defend against them - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in the protection of his rights;

CONTACT FORMS

The Administrator also enables contact with Website Users using electronic contact forms. The contact forms available to the Website User are as follows:

  1. Livechat 

Personal data provided during Livechat are processed on the basis of art. 6 sec. 1 lit. a) GDPR (User's consent). The Website User decides what personal data he will provide during the conversation. Personal data is processed in order to conduct the conversation and answer the questions asked. The conversation and the personal data provided in it may be deleted after the end of contact or may be archived on the basis of the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) in order to demonstrate the course of the conversation in the future.

  1. contact window 

Using the form in the form of the Contact Window requires providing personal data necessary to contact the Website User and answering the inquiry in the scope covered by the form fields (telephone number, e-mail address depending on the preferred form of contact. The content of the conversation and provided in it personal data may be deleted after the end of contact or may be archived on the basis of the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) in order to demonstrate the course of the conversation in the future

Personal data is processed:

  • for the purpose of direct marketing of our products and services and contacting the Website User and handling his inquiry sent via the provided form - the legal basis for processing is the Administrator's legitimate interest consisting in direct marketing of his products and services, as well as contact and answering the question (art. 6(1)(f) GDPR);

NEWSLETTER

The User who provides his e-mail address in order to send him the Newsletter, in which commercial information will be sent, may use this functionality provided by the Administrator. Providing the data indicated when subscribing to the newsletter is voluntary, but necessary in order to send the newsletter.

Personal data is processed:

  • in order to receive commercial information electronically, to the e-mail address indicated by the Website User - based on voluntary consent (Article 6(1)(a) of the GDPR)
  • in order to possibly determine, pursue or defend against claims - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in defending the Administrator's rights

VI. COOKIES POLICY

The administrator uses cookies on the website www.estetica-home.com.

A cookie is small text information sent by the server and saved on the device of the person visiting our Website (usually on the hard drive of a computer or mobile device). It stores information that the Website may need to adapt to the way the visitor uses it and to collect statistical data about the Website.

What cookies do we use?

The Website uses two basic types of cookies: "session" (session cookies) and "permanent" (persistent cookies). "Session" cookies are temporary files that are stored on the Website User's end device until logging out, leaving the website or turning off the software (web browser). "Permanent" cookies are stored on the Website User's end device for the time specified in the cookie file parameters or until they are removed by the Website User.

Cookies used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the Website is used by the Website User, to create statistics and reports on the functioning of the Website). Google does not use the collected data to identify the User, nor does it combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners .

For what purpose do we use cookies?

Cookies are used for the following purposes:

  1. provide access to the website,
  2. creating statistics that help to understand how customers use the websites
  3. websites, which allows improving their structure and content;
  4. maintaining the Customer's session (after logging in), thanks to which the Customer does not have to re-enter the login and password on each subpage of the Website;
  5. adapting the Store's website to the needs of Website Users.
  6. for marketing purposes, including profiling and displaying content tailored to your needs,

Legal basis for processing

In the case of data processing operations for marketing purposes, the basis for such processing is the fulfillment of the purposes resulting from the legitimate interests pursued by the Administrator (Article 6(1)(f) of the GDPR), which is direct marketing of its services.

Changing cookie settings

As a rule, web browsers, as well as other software installed on a computer or other device that has been connected to the network - by default allow cookies to be placed on such a device. As a consequence, they enable the collection of information about people visiting the Website. However, by changing the web browser settings, the consent given to the use of cookie technology may be modified or revoked by the Website User at any time. This means that the Website User may, for example, partially restrict the saving of cookies on his device or completely disable this option. The Administrator informs, however, that limiting or preventing the use of cookies may affect some of the functionalities available on the Store's website

Detailed information on changing the settings for Cookies and their self-removal in the most popular web browsers is available in the help section of the web browser and on the following websites:

Profiling

The Administrator uses profiling, which is a process of automatic processing of information about Website Users, including their personal data, such as age, interests, address, gender or preferences for specific products or services that the Administrator conducts marketing. The administrator uses data obtained by means of cookies for profiling purposes.

Using the profiling process, the Administrator builds a profile of the System User and then analyzes it.

The purpose of these operations is the best possible adjustment of the products or services offered by the Administrator to the needs of the Website Users. The profiling process conducted in this way does not affect your legal situation.

The period of personal data processing

We process the data collected as part of profiling from the moment you start using the Website www.rosanero.pl (entering our website) until you object to profiling

 

VII. PERIOD OF PROCESSING PERSONAL DATA

The period during which the Administrator processes personal data depends on the type of service provided and the purpose of processing.

Data processed in order to perform the contract are processed until its performance, and after its performance - up to the time of limitation of claims arising from it.

On the other hand, personal data is processed on the basis of the Administrator's legitimate interest - until its implementation or objection.

The conversation via Livechat and the personal data provided in it may be deleted after the end of contact or may be archived on the basis of the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) in order to demonstrate the course of the conversation in the future.

The content of the conversation via the contact window and the personal data provided in it may be deleted after the end of contact or may be archived on the basis of the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) in order to demonstrate the course of the conversation in the future

Personal data entrusted for processing on the basis of voluntary consent regarding data other than those provided via Livechat will be processed until the consent is withdrawn, unless there is another legal basis for further processing.

Personal data processed in connection with the obligation incumbent on the Administrator will be processed until its implementation.

After the end of the processing period, the data is irreversibly deleted or anonymized.

VIII. SERVICE USER RIGHTS

We inform you that you are entitled to:

  1. the right to access your data and receive a copy thereof
  2. the right to rectify (correct) your data
  3. the right to delete data .
    If in your opinion there are no grounds for us to process your data, you can request that we delete it.
  4. data processing restrictions
    You can request that we limit the processing of your personal data only to their storage or performance of activities agreed with you, if in your opinion we have incorrect data about you or we process it unjustifiably; or you do not want us to remove them because you need them to establish, pursue or defend claims; or for the duration of your objection to data processing.
  5. the right to object to data processing:
    "Marketing" objection. You have the right to object to the processing of your data for the purpose of direct marketing, including profiling. If you exercise this right, we will stop processing data for this purpose.

    Opposition due to a special situation. You also have the right to object to the processing of your data on the basis of a legitimate interest for purposes other than direct marketing, including profiling, and when processing is necessary for us to perform a task carried out in the public interest or to exercise public authority entrusted to us. You should then indicate to us your particular situation, which in your opinion justifies us ceasing the processing covered by the objection. We will stop processing your data for these purposes, unless we demonstrate that the grounds for processing your data by us override your rights or that your data is necessary for us to establish, pursue or defend claims.
  6. the right to transfer data :
    You have the right to receive from us in a structured, commonly used machine-readable format (e.g. ".csv" format) personal data concerning you, which you provided to us on the basis of a contract or your consent. You can also instruct us to send this data directly to another entity.
  7. the right to lodge a complaint with the supervisory authority
    If you believe that we process your data unlawfully, you can submit a complaint to the President of the Office for Personal Data Protection.
  8. the right to withdraw consent to the processing of personal data
    You have the right to withdraw your consent to the processing of personal data that we process based on your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on your consent before its withdrawal.

If you want to exercise the above rights, please contact us personally, via traditional mail or via e-mail using the following data:

Aleksandra Łesyk running a business under the name Przedsiębiorstwo Wielobranżowe Estetica Aleksandra Łesyk at ul. Allied, 14-400 Pasłęk, REGON: 365758270, NIP: 5782790130

e-mail:
info@estetica-home.com
(Monday to Friday 8:00 - 16:00).

The application regarding the willingness to exercise the rights by the Website User should, if possible, include such elements as:

  1. specifying which right the data subject wants to exercise
  2. what purposes of processing the request concerns (e.g. receiving a newsletter, performance of a contract),
  3. how your application is expected to be handled.

 

IX. DATA RECIPIENTS

The administrator will transfer personal data to entities with whom he cooperates in their processing to the extent necessary to perform a specific service or provide functionalities, i.e. e.g. suppliers responsible for the operation of IT systems, entities such as banks and payment operators, accounting and legal companies, courier and transport companies, marketing agencies, IT companies, hosting companies.

We may also transfer data to other entities when we are legally obliged to do so.

X. PROCESSING OF CHILDREN'S DATA

The services offered by the Administrator as part of the Website are addressed to persons over 18 years of age. Therefore, the Administrator does not knowingly process children's personal data.

XI. TRANSFER OF DATA OUTSIDE THE EEA

Our partners are mainly based in the countries of the European Economic Area (EEA) or in Switzerland, recognized as a country that meets an adequate level of personal data protection.

Some Partners, such as Google LLC or Facebook, are based in different countries outside the EEA. In connection with the transfer of your data outside the EEA, your data will be transferred to these entities based on appropriate legal safeguards, which are standard contractual clauses for the protection of personal data, approved by the European Commission.

Such transfer will take place provided that an adequate level of protection of your data is ensured, which will be determined in particular by:

  • cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued;
  • the use of standard contractual clauses issued by the European Commission;
  • application of binding corporate rules approved by the relevant supervisory authority;
  • in the event of data transfer to the USA - cooperation with entities participating in the Privacy Shield program, approved by the decision of the European Commission.

At your request, we will provide you with a copy of your data that will be transferred outside the EEA.

XII. AUTOMATED DECISION MAKING

The administrator collects information in an automated manner via cookies on how the System user uses websites, which allows to customize own products displayed on its website to the preferences and habits of users. Based on this information, you can create, for example, general user profiles (including age, gender, interests). This means that the Website User is subject to profiling, but this profiling does not affect his rights.

Decisions regarding the display of the product on the website may be made automatically based on criteria such as gender, addresses of websites where purchases were made, the number and frequency of purchases made. After determining that the criteria are met, the IT system automatically displays products that the Website User may be interested in.

XIII. USING PLUGINS

The website uses plugins of the Facebook social networking site. There are links on the website of the website ("like" and "buy now" buttons). By pressing them, the User logs in to Facebook. The rules for the protection and use of Personal Data by Facebook are available, for example, at: https://www.facebook.com/policy.php . The Administrator has no influence on the legal regulations of the Facebook Website, including those concerning Personal Data.

XIV. SECURITY OF PERSONAL DATA

The administrator conducts risk analysis on an ongoing basis to ensure that personal data is processed by him in a secure manner - ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform . The administrator makes sure that all operations on personal data are registered and performed only by authorized employees and associates.

The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data at the request of the Administrator.

XV. CHANGE OF PRIVACY AND COOKIES POLICY

The Administrator may change the Policy in the future, e.g. in connection with changes in the applicable provisions on the processing of personal data or other legal provisions, changes in the scope of services or functionalities offered through the Website, technological and technical solutions that may affect the provisions set out in the Policy.