Website privacy policy
www.arwiiscalp.com
I. GENERAL PROVISIONS
1. The Data Controller of the personal data collected on the Website www.arwiiscalp.com is Arwii Scalp – Agnieszka Tarasiuk-Wilczewska NIP 6792999524, REGON 385729978
2. Contact details of the Data Controller
Arwii Scalp
Wrobela 22/U1, Kraków 30-798
Phone 534296384
E-mail biuro.arwiiscalp@gmail.com
3. This Privacy Policy lays out the rules regarding the processing of personal data on our Website, including the legal basis, purposes, and scope of personal data processing and the rights of data subjects, and the rules for the protection of the privacy of users of our Website.
4. We process your personal data in accordance with the law, in particular with the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR).
5. Personal data is collected and processed when users contact us or when they fill out the contact form or application form on our Website.
6. Personal data regarding the use of our Website is provided by the user voluntarily.
7. We take the utmost care to protect the interests of the data subjects, in particular, we ensure that the processing of data takes place for no longer than necessary to achieve the purpose of the processing, considering the security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by appropriate technical and organizational measures.
II. RIGHTS OF THE DATA SUBJECT
1. In accordance with the GDPR and in the cases specified therein, you have:
a) the right to access, rectify, limit, delete or transfer – the data subject has the right to request from the Data Controller access to personal data, rectify, delete it (the so-called ‘right to be forgotten’, in the situations specified in Art. 17 of the GDPR) or restrict the processing (in the situations specified in Art. 18 of the GDPR) and the right to object to processing (in the situations specified in Art. 21 of the GDPR), and also has the right to transfer their data (in the situations specified in Art. 20 of GDPR),
b) the right to withdraw consent at any time – the person whose data is processed by the Data Controller based on given consent has the right to withdraw consent at any time without affecting the lawfulness of the processing that was carried out based on consent before its withdrawal,
c) the right to lodge a complaint – a person whose data is processed by the Data Controller has the right to lodge a complaint with the President of the Office for Personal Data Protection (supervisory authority) if they believe that their personal data is processed unlawfully,
2. Importantly, you do not always have all the rights indicated above, and the GDPR indicates when you can exercise a given right.
3. In order to exercise the above rights, you may contact the Data Controller by sending a message in writing or by e-mail to the address indicated in Item I of the Privacy Policy or by using the contact form available on our Website.
III. LEGAL BASIS, PURPOSE, AND SCOPE OF DATA PROCESSING
1. The Data Controller is entitled to process personal data in cases where – and to the extent that at least one of the following conditions is met:
a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject before entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
d) personal data processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
2. The processing of your personal data by us requires in each case at least one of the bases indicated in section 1 above.
3. Each time the purpose, basis, period, and scope, as well as the recipients of the personal data processed by us, result from the actions taken by the user on our Website.
4. The Data Controller may process personal data for the following purposes, on the following bases, in the following periods, and the following scope:
| Purpose of Data Processing | Legal Basis for the Processing and Data Retention Period | The Scope of Processed Data |
| Performance of the contract or taking action at the request of the data subject, before the conclusion of the above-mentioned agreements | Art. 6 para 1 letter b) of the GDPR (performance of the contract). The data is stored for the period necessary to perform, terminate or reach the expiration of the otherwise concluded contract. | Maximum scope: name and surname; e-mail address; contact phone number; address of residence/business/registered office, company name, NIP, company registration data |
| Direct Marketing | Art. 6 para 1 letter f) of the GDPR (Data Controller’s legitimate interest). The data is stored for a period of the existence of a legitimate interest pursued by the Data Controller, but not longer than during the period of limitation of claims in relation to the data subject, due to the business activity conducted by the Data Controller. | Name and surname, e-mail address |
| Marketing | Art. 6 para 1 letter a) of the GDPR (consent). The data is stored until the consent of the data subject is withdrawn for further processing of their data for this purpose. | Name and surname, e-mail address |
| Keeping Tax Books | Art. 6 para 1 letter c) of the GDPR in connection with Art. 86 § 1 of the Tax Code. The data is stored for the period required by the law requiring the Data Controller to keep tax books (until the expiry of the tax liability limitation period, unless tax laws provide otherwise) | Name and surname, address of residence/business/registered office, company name, NIP |
| Determining, pursuing, or defending claims that may be raised by the Data Controller or that may be raised against the Data Controller | Art. 6 para 1 letter f) of the GDPR. The data is stored for the period of the existence of a legitimate interest pursued by the Data Controller, but no longer than for the period of limitation of claims against the data subject due to the business activity conducted by the Data Controller. | Name and surname, contact phone number, e-mail address, address of residence/business/registered office (if different from the delivery address), company name, NIP |
DATA RECIPIENTS
1. For the proper functioning of our Website, including the performance of contracts concluded with you, it is necessary for the Data Controller to use the services of third parties, such as, for example, a courier, a transport company, and online payments provider or a software provider.
2. We use only the services of processors who provide sufficient guarantees to implement the appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.
3. Importantly, the transfer of data does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy – we transfer data only if it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
4. We may transfer the personal data of users of our Website to the following recipients or categories of recipients:
a) Couriers, carriers, transport companies, and companies participating in the shipping process – if it is necessary to send a postal parcel or courier parcel to the user of our Website, the Data Controller makes the collected personal data of the user available to a selected entity processing the shipping on our request to the extent necessary to complete the order for the user;
b) IT and technical service providers for the Data Controller – in such cases, we provide the collected personal data of the user to a selected provider acting on our behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this Privacy Policy;
c) Providers of accounting, legal and advisory services – providing the Data Controller with accounting, legal or advisory support. In such cases, we only provide the collected personal data of the user to a selected provider acting on our behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this Privacy Policy.
V. ANALYTICAL TOOLS
1. Cookies are small pieces of data in the form of text files, sent by the server and saved on a device of a visitor to our Website (e.g. on the computer’s hard drive or on the memory card of a mobile device). A cookie file usually contains the domain name of its origin, its ‘expiration time’ and an individual, randomly selected number identifying this file. The information collected with these types of files helps to adapt our Website to the individual preferences and real needs of its visitors. It also allows the development of general statistics on visits.
2. The Data Controller uses cookies to make sure the Website functions properly, and in particular to save the history of the visited pages. Moreover, the Data Controller uses external cookies for collecting general and anonymous statistical data with analytical tools (Data Controller of external cookies: Google Inc. with its registered office in the USA).
3. The cookie mechanism is safe for computers visiting the Website. In particular, viruses and other malicious or unwanted software cannot be transferred through this channel to the user’s device. However, Clients have the option of limiting or disabling the access of cookies to their computers in the browser. If this option is selected, the use of the Website will be possible, except for functions that by their nature require cookies.
4. Considering that cookie settings are made in web browsers regardless of the web page you are browsing, we recommend reading the information provided by the browser you are using.
5. When using the Website, additional information may be collected including in particular the domain name, browser type, access time, and operating system type, as well as collected navigation data, including information about links used by users or other activities undertaken on our Website.
6. We may collect users’ IP addresses. The IP address can be used to diagnose technical problems with the server, create statistical analyses (determining the regions we receive the most visits from, etc.), and as information useful in administering and improving our Website, as well as for security and identification of programs causing server overload or unwanted automatic programs for browsing the content of the Website.
7. If the Website contains links to websites administered by other entities, the Data Controller is not responsible for the privacy policy applicable to them.
8. The user can specify the conditions of using cookies with the web browser (limiting or disabling the saving of cookies).
VI. CHANGE OF PRIVACY POLICY AND CONTACT
1. This Privacy Policy is subject to change, and we will notify the users whenever changes are made to our Website.
2. If you have any questions, comments, or concerns regarding the Privacy Policy or the functioning of our Website, please contact us at biuro.arwiiscalp@gmail.com