PROTECTION OF PERSONAL DATA

​Personal Data Controller

​

The administrator of your personal data is ELEKTROEPILACJA.PL SP. Z O. O. with its Registered office in Warsaw at UL. Grzybowska 87, 00-844 Warsaw, entered into the Register of entrepreneurs of the National Court register maintained by the District Court for m.st in Warsaw, XIII Commercial Division of the National Court register under KRS number 0001064299, REGON 526700960, NIP 5273080710 ("Administrator").

​

The administrator can be contacted by e-mail: contact@elektroepilacja.pl or by traditional mail to: ELEKTROEPILACJA.PL SP. Z O. O., ul. Grzybowska 87, 00-844 Warszawa. The controller has appointed a data protection officer, who can be contacted by e-mail: contact@elektroepilacja.pl or by traditional mail to the address of the Registered office: ELEKTROEPILACJA.PL SP. Z O. O., ul. Grzybowska 87, 00-844 Warszawa.

​

​​

Purpose and legal basis of data processing

​

In the field of data such as name, surname, date of birth, contact phone, e-mail (and in the case of expressing the desire to receive a VAT invoice confirming the purchase of services – we process your data only for the purpose of providing comprehensive services in the field of electroepilation, providing advice and cosmetic consultations and other services, as well as for billing for purchased services, contact, keeping personal records, establishing, investigating or defending against claims, evidentiary, analytical, archival, accounting and accounting purposes, as well as for offering you our products and services directly (marketing direct) , selecting them according to your needs with the help of profiling, which, however, will not have a significant impact on your situation or cause legal consequences. The data will be processed on the basis of Article 6 (1) lit. (b), (c) and (f) regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L 119, P. 1), i.e. GDPR, when: the processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract; the processing is necessary for the performance of a legal obligation incumbent on the controller; processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or Fundamental Rights and freedoms of the data subject require the protection of personal data to be overridden. With regard to special categories of data, such as health data, we process your data solely for the purpose of providing services in the field of electroepilation, providing advice and cosmetic consultations and keeping personal records, and the legal basis for processing is your consent in accordance with art. 9 (2) lit. (a) GDPR.

​

The provision of data and consent to the processing of health data are voluntary, but their absence or lack of consent will prevent the performance of the electroepilation service.

​

Data recipients

​

The following categories of entities may have access to personal data:

authorized employees and associates of the administrator, 

service providers who provide the administrator with technical and organizational solutions enabling the provision of services (in particular, courier and postal companies, IT service providers, marketing, legal and advisory services and their authorized employees and associates). 

Data may also be transferred to recipients in third countries, i.e. outside the European Economic Area, such as Google LLC and the Rocket Science Group LLC d / b / a MailChimp, which are certified under the EU-US Privacy Shield, which can be checked at any time at: https://www.privacyshield.gov/list.

Except as indicated, the controller will not transfer or permit the transfer of personal data outside the EEA unless it takes appropriate measures to ensure compliance with the GDPR. This may include the transfer of personal data to a recipient in a country that, in accordance with a decision of the European Commission, ensures an adequate level of data protection, or to a recipient in the United States that is certified under the EU-US Privacy Shield program.

​

Rights of the data subject

​

You have the right to:

access to your data and receive a copy of them; rectification (correction) of your data; deletion of data if you believe that there are no grounds for the processing of your data by the administrator; restriction of data processing if you believe that the data are incorrect or are processed unreasonably, and you do not want them to be deleted, because they are needed to establish, pursue or defend claims, or for the time of objecting to the processing; object to processing for direct marketing purposes, including profiling, as well as to processing based on legitimate interest for purposes other than direct marketing, and when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in US;  receive from the controller in a structured, commonly used and machine-readable format your personal data that you have provided on the basis of consent or contract, as well as the possibility to order the transmission of these data directly to another entity; lodge a complaint with the supervisory authority if you believe that the processing of personal data violates the provisions of the GDPR; withdraw consent to the processing of personal data at any time if the data are processed on the basis of consent. The withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal. 

​

Data retention period

​

The personal data provided by you will be processed for the period necessary to achieve the purposes for which they were collected. This period is not permanent and depends on the decisions regarding the use of the administrator's services. In the event of termination or termination of the contract, the period of processing of personal data by the administrator is determined by the limitation periods for claims arising from the Civil Code and legal obligations in the field of taxes and accounting. This means that the Administrator will not process the data for more than 6 years from the end of the contract. Personal data processed on the basis of consent will be processed until it is withdrawn.