Privacy Policy

§1
Personal data processing

General information

  1. The administrator of the personal data provided to the Seller by the Site (including the Online Shop) is GABRIELA WESOŁOWSKA STUDIO FRYZUR GABRIELLA, Grabiszyńska Street, no. 212, premises U7, 53-235 Wrocław.
  2. Personal data collected by the Administrator are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1) (hereinafter: RODO) and the currently applicable regulations of Polish law. Translated with www.DeepL.com/Translator (free version)
  3. The basis for the processing of personal data by the Administrator is the consent of the data subject. The processing is also lawful if it is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
  4. The Administrator makes every effort to protect privacy and information provided to him and concerning the Website Users (including Shop Clients).
  5. The administrator shall apply appropriate technical and security measures to ensure the protection of the processed data, in particular to protect them against unauthorized access, disclosure, loss and destruction, unauthorized modification, as well as against processing in violation of applicable laws.
  6. The User has the right to access their personal data, obtain a copy of it, the right to rectify the data, the right to erase the data, the right to restrict the processing of the data, the right to object to the processing of the data, the right to transfer the data, the right to lodge a complaint to the supervisory authority (General Inspector for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw) and the right to withdraw consent to the processing of personal data. Translated with www.DeepL.com/Translator (free version)
  7. To exercise your rights, you may submit your request to: studio.gabriella@gmail.com
  8. Providing personal data is voluntary, however, it is a condition for using the Website (including the Store).
  9. The Administrator does not knowingly process data of persons under the age of 16. The Administrator does not process sensitive personal data.

 

Purposes of personal data processing

  1. In order to enable the User to use the Website, to browse its content, to make use of the newsletter available on the Website, to conclude and perform the contract of sale of the Goods (including delivery of the ordered Goods), to process the order form and to handle complaints and returns – in accordance with the information displayed on the website of the Store – the Administrator processes the following personal data: name, surname, address data, e-mail address, telephone number, data concerning payments, data provided by the User in purchase forms, in withdrawal from the contract, in complaint applications. Purposes of personal data processing
  2. For statistical and analytical purposes regarding the use of particular functionalities available on the Website, to facilitate the use of the Website and to ensure IT security, the Administrator processes such data as: data on the User’s activity on the Website, time spent on each subpage, location, IP address, device ID, search history on the Website, web browser data and operating system.

 

Categories of personal data processed

  1. The controller processes the following categories of personal data:
    1. address information,
    2. contact information,
    3. activity data on the Website,
    4. data on orders in the Shop
    5. data concerning complaints, returns,
    6. device data,

 

Data processing time

  1. Users’ personal data will be processed for the time necessary to carry out orders, marketing activities and other services provided to the User.
  2. Deletion of data may occur when:
    1. the data subject requests the Controller to erase the data or withdraws the consent for the processing of the data,
    2. the data subject does not take action on the Site or contact the Controller for more than 3 years.
  3. Such personal data as: name and surname, e-mail address, communication with the User, order history, may be stored for a further period of 3 years to secure claims, for evidence purposes, and to process complaints.
  4. User data collected using cookies will be stored for a period corresponding to the life cycle of cookies stored on devices or until they are deleted from the device by the User.

 

Transfer of personal data to third parties

  1. The Administrator may transfer personal data to third parties whose services the Administrator uses to operate the Site.
  2. You agree that the Administrator may transfer your personal information to the following categories of recipients:
    1. to service providers used by the Administrator in running the Website (including the Shop), including entities from outside Poland, the European Union and the European Economic Area. Third parties to which the Users’ personal data may be transferred include: Google LLC (support of communication and advertising), Facebook Inc. based in the USA or Facebook Ireland LTD based in Ireland (support of the Store’s fanpage), PayPro S.A. based in Poland, (support of payments – Przelewy24), InPost S.A. based in Poland (support of deliveries), Zenbox sp. z o.o. based in Poland (server provider); Translated with www.DeepL.com/Translator (free version)
    2. to state authorities, including but not limited to courts, prosecutor’s office, public administration authorities, the Police, the President of UODO, the President of UOKiK and other institutions – upon request.
  3. When necessary for the proper and lawful processing of personal data, the Controller will enter into personal data entrustment agreements with the third party to whom it transfers personal data, ensuring an adequate level of data security.
  4. The controller transfers personal data to a third party observing the data minimization principle (i.e. transfers only data which are necessary for the purposes for which the data are processed). The controller transfers personal data outside the European Union and the European Economic Area only if:
    1. the countries or organizations to which the personal data is transferred provide an adequate level of protection for that data,
    2. these countries or organizations have enforceable data subject rights and effective remedies.

§2
Cookies Policy

  1. When browsing the Site, cookies, hereinafter referred to as Cookies, are used. These are small text information that are stored on the User’s terminal device in connection with the use of the Site. Their use is intended to enable proper operation of the Site.
  2. These cookies allow us to identify the software used by a Site user and to customize the Site to the user’s individual needs.
  3. The internal Cookies used on the Site are safe for the User’s devices. In particular, it is not possible for viruses or malware to enter through Cookies.
  4. Cookies may be used by advertising networks, in particular the Google network, to display advertisements. For this purpose, information about the User’s navigation or the time of use of the Website may be stored.
  5. You may, at any time, change your settings regarding the storage, deletion and access to the stored cookies.
  6. The Seller is not responsible for the safety of external Cookies from Website partners. List of external services that may place cookies on your device:
    1. Google LLC. based in the USA,
    2. Facebook Inc. with headquarters in the USA or Facebook Ireland LTD with headquarters in Ireland.

 

The following types of Cookies are used on the Site:

  • Internal cookies – files placed and read from the User’s device by the Site’s data communications system.
  • External cookies – files placed and read from User’s device by IT systems of external services.
  • Session cookies – are stored on the User’s device and remain there until the end of a given browser session. The stored information is then permanently deleted from the device memory. This type of cookies does not allow you to collect any personal data or any confidential information from your device.
  • Persistent cookies – are stored on the User’s device and remain there until deleted by the User. Ending the session of the browser or switching off the device does not delete them from the device. This type of cookies does not allow you to collect any personal data or any confidential information from your device.

 

Purposes of cookies

We use third party cookies for the following purposes:

  • to compile statistics in order to understand how Customers use the Site so that it can be improved through analytical tools,
  • determine customer profiles and then display tailored content in advertising networks using Google’s online advertising tools,
  • Analyze customer activity to tailor the content you see to your profile so that you can better manage your advertising campaigns through Google’s analytics tools,
  • popularization of the Site in social media.