Data Privacy

1. Data Administrator

The administrator of personal data is the owner of the DermaWłosy brand (usually a registered business entity in Poland). You can find the specific company name and NIP (Tax ID) in the "Kontakt" or "Regulamin" section of their website.

2. Scope of Data Collection

DermaWłosy collects data necessary to provide services and fulfill orders, including:

  • Identification Data: First and last name.
  • Contact Data: Email address and phone number.
  • Delivery Data: Shipping address (street, house number, city, postal code).
  • Technical Data: IP address, browser type, and cookie identifiers (for website functionality and analytics).

3. Purpose of Processing

Your data is processed for the following purposes:

  • Order Fulfillment (Art. 6(1)(b) GDPR): To process purchases, ship products, and handle payments.<
  • Legal Obligations (Art. 6(1)(c) GDPR): For issuing invoices and maintaining accounting records.
  • Communication: To answer inquiries sent via contact forms or email.
  • Marketing (With Consent): Sending newsletters or promotional offers if you have explicitly opted in.
  • Security: To detect and prevent fraud or unauthorized access.

4. Data Retention Period

  • Order Data: Stored for 5 years from the end of the year the purchase was made (as required by Polish tax law).
  • Account Data: Stored as long as you maintain an active account on the platform.
  • Marketing Data: Stored until you withdraw your consent or object to the processing.

5. Sharing of Data (Recipients)

DermaWłosy shares your data only with trusted third-party providers necessary for business operations:

  • Delivery Companies: (e.g., InPost, DPD, Poczta Polska) to deliver your package.
  • Payment Providers: (e.g., PayU, Przelewy24, Blik) to process transactions.
  • Hosting & IT: To maintain the website and server infrastructure.
  • Accounting Services: For tax and financial settlements.

6. Your Rights (RODO/GDPR)

Under the GDPR, you have the following rights regarding your data:

  • Right of Access: To know what data is being held about you.
  • Right to Rectification: To correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): To request deletion of your data when it is no longer needed.
  • Right to Withdraw Consent: You can opt-out of marketing communications at any time.
  • Right to Lodge a Complaint: You can report concerns to the President of the Personal Data Protection Office (UODO) in Poland.

7. Cookies and Tracking

The website uses Cookies to:

  • Remember your login session and cart contents.
  • Analyze traffic (using tools like Google Analytics).
  • Provide social media features. You can manage or disable cookies via your browser settings, though this may affect the functionality of the online store.