Privacy policy

GENERAL PROVISIONS

  1. The administrator of personal data collected through the website https://chemika-carcosmetics.pl/ is the company CHEMIKA Marek Gajewski, registered at: 117c Zebrzydowicka St, Rybnik, 44-200, VAT ID: 647-051-29-18, REGON: 271808048. Contact with the administrator is possible via email: info@chemika.pl.
  2. Personal data collected by the Administrator through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and the Polish Personal Data Protection Act of May 10, 2018.

TYPE OF PERSONAL DATA PROCESSED, PURPOSE, AND SCOPE OF DATA COLLECTION

  1. PURPOSE OF PROCESSING AND LEGAL BASIS

    The administrator processes personal data via the website https://chemika-carcosmetics.pl/ in the case of:

    1. User’s use of the contact form. Personal data is processed based on Article 6(1)(f) GDPR as the Administrator’s legitimate interest.
  2. TYPE OF PERSONAL DATA PROCESSED

    The administrator processes the following categories of user personal data:

    1. Name and surname;
    2. Email address;
    3. Phone number.
  3. PERIOD OF PERSONAL DATA STORAGE

    Users’ personal data is stored by the Administrator:

    1. In cases where the basis for processing is the performance of a contract, for as long as necessary to execute the contract, and after that for the period corresponding to the limitation period of claims. Unless a specific provision states otherwise, the limitation period is six years, and for periodic claims and claims related to business activities – three years.
    2. In cases where the basis for processing is consent, until the consent is withdrawn, and after withdrawal for a period corresponding to the limitation period of claims that may be raised by or against the Administrator. Unless a specific provision states otherwise, the limitation period is six years, and for periodic claims and claims related to business activities – three years.
  4. Additional information such as the user’s IP address or the external IP address of their Internet provider, domain name, browser type, access time, and operating system type may be collected when using the website.
  5. Navigation data, including information about links and referrals clicked by users or other actions taken on the website, may also be collected. The legal basis for such activities is the Administrator’s legitimate interest (Article 6(1)(f) GDPR) in facilitating the use of electronic services and improving their functionality.
  6. Providing personal data by the user is voluntary.
  7. Personal data will also be processed automatically, including through profiling, if the user consents based on Article 6(1)(a) GDPR. Profiling involves assigning a profile to a person to make decisions about them or analyze or predict their preferences, behaviors, and attitudes.
  8. The Administrator takes special care to protect the interests of the data subjects, ensuring that the data collected:

    1. Are processed lawfully;
    2. Are collected for specified, lawful purposes and not subjected to further processing inconsistent with these purposes;
    3. Are substantively correct and adequate to the purposes for which they are processed, and stored in a manner that allows identification of the individuals concerned, no longer than necessary to achieve the purpose of processing.

SHARING PERSONAL DATA

  1. Users’ personal data is shared with service providers used by the Administrator to operate the website. Depending on contractual arrangements and circumstances, these service providers either act on the Administrator’s instructions regarding the purposes and methods of processing the data (data processors) or independently determine the purposes and methods of processing (data controllers).
  2. Users’ personal data is stored exclusively within the European Economic Area (EEA).

RIGHT TO CONTROL, ACCESS, AND CORRECT PERSONAL DATA

  1. Data subjects have the right to access their personal data, rectify it, delete it, restrict its processing, transfer it, object to its processing, and withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  2. Legal grounds for user requests:

    1. Access to data – Article 15 GDPR;
    2. Data rectification – Article 16 GDPR;
    3. Data deletion (right to be forgotten) – Article 17 GDPR;
    4. Restrict processing – Article 18 GDPR;
    5. Data transfer – Article 20 GDPR;
    6. Objection – Article 21 GDPR;
    7. Withdrawal of consent – Article 7(3) GDPR.
  3. When a user exercises their rights, the Administrator fulfills the request or refuses to fulfill it promptly, but no later than one month after receiving the request. If, due to the complexity or number of requests, the Administrator cannot fulfill the request within one month, it will be fulfilled within the following two months. The user will be informed within one month of receiving the request about the extension and the reasons for it.
  4. If data processing violates GDPR, data subjects have the right to file a complaint with the President of the Personal Data Protection Office.

COOKIES

  1. The Administrator’s website uses cookies.
  2. The installation of cookies is necessary for the proper provision of services on the website. Cookies contain information essential for the proper functioning of the website and enable the development of general visit statistics.
  3. The Administrator uses their own cookies to better understand user interactions with the content of the website. Cookies collect information on how the user uses the website, the type of website from which the user was redirected, the number of visits, and the time spent on the website. This information does not record specific personal data of the user but serves to compile usage statistics.
  4. Users have the right to decide on cookie access to their computer or mobile device by selecting this option in their browser window. Detailed information about cookie management is available in the software settings (web browser).

FINAL PROVISIONS

  1. The Administrator applies technical and organizational measures ensuring the protection of processed personal data appropriate to the threats and category of data protected, especially protecting the data from unauthorized disclosure, unauthorized acquisition, processing in violation of applicable laws, as well as alteration, loss, damage, or destruction.
  2. The Administrator provides appropriate technical measures to prevent unauthorized persons from acquiring and modifying personal data sent electronically.
  3. In matters not covered by this Privacy Policy, the relevant provisions of GDPR and other applicable provisions of Polish law shall apply.