Account
Language
Currency
0
Cart

Products

Your shopping cart is empty!

Privacy Policy

Privacy Policy

PRIVACY POLICY OF THE ONLINE STORE


PNBSHOP.COM


§ 1

GENERAL PROVISIONS

  1. The Administrator of personal data collected through the online store pnbshop.com is BEAUTY GALAXY LLC, registered in the Register of Entrepreneurs by the District Court of Warsaw, XIV Economic Division of the National Court Register under the number KRS: 0000962945, registered address: ul. Solipska 3/5, 02-482 Warsaw, place of business and mailing address: ul. Słoneczna 2H, 05-270 Marki, NIP: 5223222214, REGON: 521595620, email address: [email protected], phone number: +48 574 523 423, hereinafter referred to as the "Administrator" and also as the "Provider."

  2. Personal data collected by the Administrator through the website is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), known as RODO.

  3. Any words or expressions written in capital letters in this Privacy Policy shall be understood in accordance with their definitions specified in the Rules of the pnbshop.com online store.


§ 2

TYPES OF PROCESSED PERSONAL DATA, PURPOSE, AND SCOPE OF DATA COLLECTION

  1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes the personal data of Users of the online store pnbshop.com in the following cases:

    1. during the registration of an Account in the Store to create and manage a personal account based on Article 6(1)(b) of the General Data Protection Regulation (GDPR) (performance of an agreement for the provision of electronic services in accordance with the Store's Terms and Conditions).

    2. during the placement of an Order in the Store to fulfill a sales agreement based on Article 6(1)(b) of the GDPR (performance of a sales agreement).

    3. when subscribing to the Newsletter to receive commercial messages electronically. Personal data is processed with explicit consent based on Article 6(1)(a) of the RODO.

    4. when using the Reviews System to obtain feedback from the Customer regarding a concluded sales agreement with the Administrator, based on Article 6(1)(f) of the RODO (legitimate interest of the entrepreneur),

    5. when using the Contact Form to send a message to the Administrator, based on Article 6(1)(f) of the RODO (legitimate interest of the entrepreneur).

  2. TYPES OF PROCESSED PERSONAL DATA. The User provides the following personal information:

    1. For the Account: name, surname, username, address, email.

    2. For Orders: name, surname, address, email, phone number.

    3. For Newsletter: name, surname, email.

    4. For the Reviews System: name, surname.

    5. For the Contact Form: name, email.

  3. TERM OF PERSONAL DATA RETENTION. The administrator retains the personal data of Users as follows:

    1. for data processing related to the execution of agreements, the data is retained for the time necessary to fulfill the agreement and then for a period corresponding to the statute of limitations for claims. Unless a specific law provides otherwise, the statute of limitations is six years, or three years for claims related to periodic payments and claims related to entrepreneurial activity.

    2. for data processing based on consent, the data is retained until the consent is revoked, and then for a period corresponding to the statute of limitations for potential claims against or by the Administrator. Unless a specific law provides otherwise, the statute of limitations is six years, or three years for claims related to periodic payments and claims related to entrepreneurial activity.

  4. During the use of the Store, additional information may be collected, including IP address, computer or external IP address of the Internet provider, domain name, browser type, access time, and operating system type.

  5. With the explicit consent based on Article 6(1)(a) of the General Data Protection Regulation (GDPR), the data may also be processed for sending commercial messages electronically or making direct marketing calls, including profiling, in accordance with Article 10(2) of the Act on Providing Electronic Services or Article 172(1) of the Telecommunications Law.

  6. Navigation data, including information about links Users decide to click on or other actions taken in the Store, may also be collected. The legal basis for such actions is the legitimate interest of the Administrator (Article 6(1)(f) of the General Data Protection Regulation (GDPR)), which aims to facilitate the use of electronic services and improve their functionality.

  7. The provision of personal information by the User is voluntary.

  8. The Administrator pays particular attention to protecting the interests of individuals whose data is processed. This includes ensuring that the collected data:

    1. is processed in accordance with the law,

    2. is collected for specific lawful purposes and not further processed in a manner incompatible with those purposes,

    3. is relevant and adequate in relation to the purposes for which it is processed, is kept in a form that allows identifying the data subject, is retained no longer than necessary for the purposes for which the data was collected.


§ 3

DISCLOSURE OF PERSONAL DATA

  1. Personal data of Users may be transferred to service providers used by the Site Manager in the operation of the Online Store, including:

    1. companies providing delivery services,

    2. payment system providers,

    3. accounting department,

    4. hosting providers,

    5. software providers for operational purposes,

    6. mailing system providers,

    7. software providers for the functioning of the online store.

  2. The service providers mentioned in paragraph 1 of this section, to whom personal data is transferred, either act as data processors according to the instructions of the Site Manager regarding the purposes and methods of processing this data, or independently determine the purposes and methods of their processing as data controllers.

  3. Personal data of Users is stored exclusively within the territory of the European Economic Area (EEA), except for the provisions stated in Section 5 § 5 and Section 6 of the Privacy Policy.


§ 4

RIGHT TO CONTROL, ACCESS TO PERSONAL DATA, AND THEIR CORRECTION

  1. The individual to whom the data relates has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

  2. Legal bases for User's requests:

    1. Access to data - Article 15 of the General Data Protection Regulation (GDPR)

    2. Rectification of data - Article 16 of the General Data Protection Regulation (GDPR)

    3. Erasure of data (the so-called "right to be forgotten") - Article 17 of the General Data Protection Regulation (GDPR)

    4. Restriction of processing - Article 18 of the General Data Protection Regulation (GDPR)

    5. Data portability - Article 20 of the General Data Protection Regulation (GDPR)

    6. Objection - Article 21 of the General Data Protection Regulation (GDPR)

    7. Withdrawal of consent - Article 7(3) of the General Data Protection Regulation (GDPR)

  3. To exercise the rights mentioned in point 2, you can send a relevant email to the following address: [email protected]

  4. If a User submits a request based on the aforementioned rights, the Administrator shall fulfill the request or deny it immediately but no later than within one month from the receipt of the request. However, if for any reason the Administrator cannot fulfill the request within one month due to its complexity or a large number of requests, the Administrator will fulfill it within the next two months, informing the User about the intended timeframe and the reasons for the extension within one month from the receipt of the request.

  5. In case of identifying a breach of personal data processing, the individual to whom the data relates has the right to lodge a complaint with the Head of the Ukrainian Data Protection Commission.


§ 5

"COOKIES" FILES

  1. The Administrator's page uses "cookies".

  2. The installation of "cookies" is necessary for the proper provision of services on the Shop's website. "Cookies" contain information necessary for the proper functioning of the page and provide the ability to collect general statistical data about website visits.

  3. There are two types of "cookies" used on the page: "session cookies" and "persistent cookies".

    1. "Session cookies" are temporary files that are stored on the User's device until they leave the page.

    2. "Persistent cookies" are stored on the User's device for a specified period of time determined by the parameters of the "cookies" or until the User deletes them.

  4. The Administrator uses their own cookies to better understand how Users interact with the page's content. These cookies collect information about the User's use of the website, the type of page from which the User was redirected, as well as the number of visits and duration of the User's stay on the website. This information does not record specific personal data of the User but is used for statistical analysis of page usage.

  5. The Administrator also uses external cookies to collect general and anonymous statistical data through the analytical tools of Google Analytics (external administrator of cookies: Google LLC with headquarters in the USA).

  6. Cookies may also be used by advertising networks, including the Google network, to display ads tailored to the User's use of the Shop. For this purpose, they may store information about the User's navigation path or the time spent on a particular page.

  7. Users have the right to decide on the access of "cookies" to their computer by selecting them in the appropriate window of their web browser. Detailed information about the capabilities and methods of managing "cookies" is available in the settings of the software (web browser).



§ 6

ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE SHOP

  1. The shop uses so-called social plugins ("plugins") from social media services. When displaying a web page on pnbshop.com that contains such a plugin, the User's browser establishes a direct connection to the servers of Facebook, Instagram, and YouTube.

  2. The content of the plugin is transmitted directly from the respective service provider to the User's browser and integrated into the page. Through this integration, the service providers receive information that the User's browser has accessed the pnbshop.com page, even if the User does not have a profile with the respective service provider or is not logged into it. This information (along with the User's IP address) is transmitted directly through the browser to the server of the respective service provider (some servers are located in the USA) and stored there.

  3. If the User is logged into one of the above-mentioned social media services, the respective service provider can directly associate the visit to the pnbshop.com page with the User's profile in the respective social network.

  4. If the User uses a specific plugin, such as clicking the "Like" button or the "Share" button, the corresponding information is also transmitted directly to the server of the respective service provider and stored there.

  5. The purpose and scope of data collection, as well as their further processing and use by service providers, and the User's ability to communicate and exercise rights in this regard, as well as the possibility of configuring settings to ensure User confidentiality, are described in the privacy policies of the respective service providers:

    1. https://www.facebook.com/policy.php

    2. https://help.instagram.com/519522125107875?helpref=page_content

    3. https://policies.google.com/privacy?hl=pl&gl=ZZ

  6. If the User does not want social media networks to directly associate the collected data during visits to the pnbshop.com page with their profile in the respective social network, the User should log out of that social network before visiting the pnbshop.com page. The User can also completely prevent the loading of plugins on the page by using appropriate browser extensions, such as blocking scripts with "NoScript".

  7. The Administrator uses remarketing tools on their website, including Google Ads, which involves the use of cookies from Google LLC for the Google Ads service. Within the cookie settings management mechanism, the User has the ability to decide whether the Administrator can use Google Ads (external cookie provider: Google LLC with headquarters in the USA) concerning them.


§ 7

FINAL PROVISIONS

  1. The administrator implements technical and organizational measures to ensure an appropriate level of protection for processed personal data against potential threats, depending on the categories of data that require protection. Data security entails preventing their disclosure to unauthorized individuals, unauthorized data theft, processing in violation of applicable laws, as well as alteration, loss, damage, or destruction.

  2. The administrator ensures the use of appropriate technical means to prevent unauthorized access and modification of personal data transmitted electronically.

  3. In cases not covered by this Privacy Policy, the relevant provisions of the General Data Protection Regulation (GDPR) and other applicable legislative acts of Poland shall apply.