top of page

PRIVACY POLICY

§ 1. General provisions

Privacy Policy sets out the principles of privacy and processing of personal data of persons using the service and services offered through the service conducted on the Internet at elektroepilacja.pl (hereinafter referred to as the"service"). The service is run by the company ELEKTROEPILACJA.PL SP. Z O. O. with its Registered office in Warsaw, at UL. Grzybowska 87, 00-844 Warszawa, entered into the Register of entrepreneurs of the National Court register maintained by the District Court for the city of Warsaw.  In Warsaw, XIII Commercial Division of the National Court register under KRS number 0001064299, REGON 526700960, NIP 5273080710, which is the administrator of personal data (hereinafter referred to as the "Administrator") collected, processed and used in connection with the use of the website by users (hereinafter referred to as the "users" or separately as the "user"). The administrator can be contacted by e-mail: contact@elektroepilacja.pl or by traditional mail to: ELEKTROEPILACJA.PL SP. Z O. O., ul. Grzybowska 87, 00-844 Warszawa. The controller has appointed a data protection officer, who can be contacted by e-mail: iod@elektroepilacja.pl or by traditional mail to: ELEKTROEPILACJA.PL SP. Z O. O., ul. Grzybowska 87, 00-844 Warszawa.

The Administrator acts in accordance with regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR"), including in particular: adequately protects users ' personal data from unlawful access to personal data by third parties, in particular encrypts personal data, archives personal data, evaluates personal data security measures, ensures confidentiality, integrity, availability and resilience of processing systems and services.


§ 2. Purposes and legal bases of personal data processing within the service

The use of the website functionality may involve the collection and processing by the administrator of users ' personal data. User data entered into the service are the property of the user. Information and data about users are collected in order to enable users to use the functionality of the website. The user data collected and processed by the administrator includes the following types of personal data of the user: name, surname, date of birth, contact phone number, e-mail address, in the case of the user being a natural person; company name, company address data, tax identification number – if the user wishes to receive a VAT invoice confirming the purchase of services through the service. User data is processed by the administrator for the following purposes:

in order to use the functionality of the website and provide services offered by the website, in particular to provide comprehensive electroepilation services, provide advice and cosmetic consultations and other treatments and services offered by the website, make settlements – in order to perform the agreement concluded with the user or take action at the request of the user prior to its conclusion (Article 6 (1) lit. (B) GDPR),

in order to conclude and perform an agreement for the provision of electronic services offered on the website, in particular in the field of maintaining and operating a user account, submitting and making a reservation of treatments, making settlements – in order to perform an agreement concluded with the user or take action at the request of the user prior to its conclusion (Article 6 (1) lit. (B) GDPR),

in order to fulfil the legal obligations incumbent on the administrator, in particular for accounting, accounting and tax purposes (Article 6 (1) lit. (C) GDPR),

for contact purposes, i.e. receiving and handling requests and inquiries sent via the Contact Form, e – mail, telephone, chat or other means of communication at a distance-on the basis of the legitimate interest of the administrator in the form of answering the request (Article 6 (1) lit. (F) GDPR),

in order to establish, pursue or defend claims, which is a legitimate interest of the administrator (Article 6 (1) lit. (F) GDPR),

for evidentiary and archival purposes, including for the purposes of keeping documentation of the activities carried out by the administrator and securing information in the event of a legal need to prove facts, which is the legitimate interest of the administrator (Article 6 (1) lit. (F) GDPR),

for analytical purposes, including, in particular, to study user satisfaction, to adapt the service offer to the expectations of users, to improve the quality of services provided, which is a legitimate interest of the administrator (Article 6 (1) lit. (F) GDPR),

in order to offer the administrator's own products and services directly to users (direct marketing and remarketing), including selecting them according to the needs of the user using profiling, which, however, will not significantly affect the user's situation or cause legal effects against him, which is the legitimate interest of the administrator (Article 6 (1) lit. (F) GDPR),

in order to receive commercial information about the administrator's own goods or services by electronic means or to transmit marketing content by means of telecommunications terminal devices (by telephone) – on the basis of the user's consent (Article 6 (1) lit. a) GDPR and Article 10 (2) of the act of 18 July 2002 on the provision of electronic services and Article 172 (1) of the act of 16 July 2004 Telecommunications Law).

To the extent that the user's data processed by the administrator may include data of special categories – health data – the Administrator processes data solely for the purpose of providing comprehensive electroepilation services, providing advice and cosmetic consultations and keeping personal records, the legal basis for the processing of user's data is consent in accordance with Article 9 (2) (A) of the GDPR. (a) GDPR. Providing data and consent to the processing of health data is voluntary, however, their failure or non-consent will result in the inability to perform the procedure or service. Such consent may be withdrawn at any time without affecting the lawfulness of the data processing carried out on the basis of the consent before its withdrawal.

Performing direct marketing by the administrator using end devices (in particular mobile and stationary phones, tablets, computers) and automatic calling systems, to the phone number and e-mail address provided by the user, consisting in receiving marketing messages about the administrator's products and services and marketing actions organized by him and sending commercial information about the goods or services offered by the administrator to the e-mail address indicated by the user, within the meaning of the act of 18 July 2002 on the provision of services by electronic means (i.e. Journal of Laws of 2020, item 344) or telephone within the meaning of the act of 16 July 2004 Telecommunications Law (Journal of Laws of 2024, item 34) is subject to the expression by the user of a separate consent on the basis of art. 6 para.  (a) GDPR. Providing data and consent to data processing is voluntary. Such consent may be withdrawn at any time – the user may at any time opt out of receiving further commercial information by contacting us by telephone at the hotline number provided on the website or by contacting the company at the following e-mail address: contact@elektroepilacja.pl or in writing to the address indicated in § 1 Paragraph 3 or 4 above.

 

§ 3. User Permissions

The user has the right to:

access to your data and receive a copy of it,

rectification (correction) of your data,

deletion of data-if, in the opinion of the user, there is no reason for the Administrator to process his data,

restriction of data processing – if, in the opinion of the user, the Administrator has incorrect data about him or processes them unreasonably; or the user does not consent to the deletion of data due to the need to establish, exercise or defend claims; or at the time of the user's objection to data processing,

to object to the processing of data for the purpose of direct marketing, including profiling, and the right to object to the processing of data on the basis of legitimate interest for purposes other than direct marketing,

data transfer-the user has the right to receive from the controller in a structured, commonly used and machine-readable format his / her personal data, which he / she has provided to the controller on the basis of a contract or consent, the user may also instruct the controller to transmit this data directly to another entity,

lodge a complaint with a supervisory authority – if the user believes that the Administrator processes his / her data unlawfully, he / she may file a complaint with the president of the Office for Personal Data Protection or another competent supervisory authority,

the right to withdraw consent to the processing of personal data – at any time, the user has the right to withdraw consent to the processing of personal data that the Administrator processes on the basis of his consent; the withdrawal of consent will not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

The user provides all data voluntarily and knowingly.

§ 4. Data recipients and transfers to third countries or international organisations

The following categories of entities may have access to your personal data:

authorized employees and associates of the administrator,

partners cooperating with the administrator and partners of the administrator, operating under a separate agreement under the administrator's brand electroepilation salons, who, depending on the nature of cooperation, may also be separate data administrators,

service providers providing the administrator with technical and organizational solutions enabling the provision of functionality services (in particular, entities providing courier and postal services, IT services, marketing, legal and advisory service providers and their authorized employees and associates),

entities that perform data analytics for the purpose of advertising personalization and are separate controllers in this regard, in particular Google LLC, more information on data protection law can be found on the website at: https://policies.google.com/privacy,

competent public authorities – on the basis of relevant legislation, in particular in the fight against fraud and abuse.

Except as otherwise indicated, the controller will not transfer or permit the transfer of personal data provided by the user outside the EEA, unless it takes the necessary measures to ensure that the transfer complies with the GDPR. Such measures may include, in particular, the transfer of personal data to a recipient in a country which, in accordance with a decision of the European Commission, ensures adequate protection of personal data or the transfer of personal data will take place on the basis of Standard Contractual Clauses approved by the European Commission.

As part of the operation of the website, the Administrator uses Google services, where Google is a separate administrator of users ' personal data. The Administrator promotes the services using Google AdWords. The data collected about users helps to better target ads and promotions of the Website Owner, as well as to develop remarketing campaigns. The Administrator makes special efforts to encourage users to visit the service. Therefore, in order to improve its services and improve the service, it collects information about the technical profile of the user in an impersonal form using Google Analytics.

The Administrator may also collect statistical data on the popularity and use of individual services offered by the website, sharing them with other entities. These data will be shared only anonymously and in groups, without the possibility of extracting personal data of users on their basis. The Administrator may also use the collected statistical data for marketing, informational, statistical purposes and publications in such media as the Internet, the press, radio, television, mobile and fixed-line telephony.

 

§ 5. Processing of data of minors

The service is not designed or addressed to persons under the age of 16.

§ 6. Data retention period

Personal data provided by the user will be processed for as long as necessary to achieve the purposes for which they were collected. The period of data storage is not strictly defined and depends on a number of factors, including the user's decisions regarding the use of the services of the website. However, this period will not be longer than:

for data processed as part of the performance of contracts concluded with the administrator-for the duration of these contracts and after their termination for the period resulting from the law on Limitation of claims, which means a maximum of 6 years from the date of termination of the contract,

in the case of data processed in order to fulfill legal obligations incumbent on the administrator, including in the field of tax and accounting law – for a period and to the extent required by law, no longer than 5 years from the date of termination of the agreement,

for data processed on the basis of the legitimate interest of the administrator - until the implementation of these interests or until the user objects to the processing of data in this way,

for data processed on the basis of the user's consent-until the withdrawal of this consent by the user.


§ 7. Cookies

The website automatically collects only the information contained in the cookies referred to below. As a result of using the website, text files (so – called cookies) may be stored on the user's devices, which are designed to facilitate the user's access to and use of the website. Cookies are also used to study the preferences and behavior of the user, which makes it possible to provide personalized content on the site and improve its functioning. The data collected by cookies are also used for statistical purposes.

The user can disable the placement and storage of cookies using the Internet Browser used by him. The method of disabling cookies depends on the browser used by the user. Detailed information about the possibilities and methods of handling cookies is available in the settings of the software (web browser).

Information on the management of cookies in individual browsers can be found on the dedicated pages of these browsers. The company may collect cookies in two types: as "session" files and "persistent" files. "Session" files are temporary files that remain on the user's device until you log out of the website or turn off the browser. "Permanent" files remain on the device for the time specified in the parameters of cookies or until they are manually deleted by the user.

Cookies placed on the end device of the Website User may also be used by advertisers and partners cooperating with the administrator. Cookies can be used to display advertisements tailored to the way the user uses the service. The user can view and edit the information resulting from cookies using the available online tools.

The Administrator reserves that limiting the use of cookies may affect some of the functionalities available on the website, and in extreme cases may prevent the use of the website.

 


§ 8. Changes to Privacy Policy

The Administrator reserves the right to update and modify this Privacy Policy, especially in the event of the evolution of internet technologies, changes in personal data protection laws or the development of the website. Users will be informed of any changes in a clear and understandable manner so that they are aware of the modifications being made.

bottom of page