PRIVACY POLICY

  1. This Privacy Policy sets out the rules for processing personal data obtained through the online store drogeria.nl (hereinafter referred to as the "Online Store").
  2. The owner of the Online Store and the data controller is Skiera Cosmetics BV with its registered office in The Hague (2544EM), Koperwerf 27, KVK72689331: KVK, VAT: NL859198819B01, hereinafter referred to as Skiera Cosmetics BV.
  3. Personal data collected by Skiera Cosmetics BV through the Online Store is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.
  4. Skiera Cosmetics BV takes special care to respect the privacy of customers visiting the Online Store.

§ 1 Type of Processed Data, Purposes, and Legal Basis

  1. Skiera Cosmetics BV collects information about natural persons performing a legal act not directly related to their business or professional activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal entities or organizational units that are not legal entities, to which the law grants legal capacity, hereinafter collectively referred to as Customers.
  2. Customer's personal data is collected in the following cases:
    1. when registering an account in the Online Store, for the purpose of creating an individual account and managing it. Legal basis: necessity for the performance of a contract for the provision of the Account service (Art. 6(1)(b) GDPR);
    2. when placing an order in the Online Store, for the purpose of performing a sales contract. Legal basis: necessity for the performance of a sales contract (Art. 6(1)(b) GDPR);
    3. when subscribing to the newsletter (Newsletter), for the purpose of performing a contract for an electronic service. Legal basis: consent of the data subject to the performance of the Newsletter service (Art. 6(1)(a) GDPR);
    4. when using the contact form service in the Online Store, for the purpose of performing a contract for an electronic service. Legal basis: necessity for the performance of the contact form service (Art. 6(1)(b) GDPR);
    5. when using the leave a review service, for the purpose of performing a contract for an electronic service. Legal basis: necessity for the performance of the leave a review service (Art. 6(1)(b) GDPR).
  3. In the case of registering an account in the Online Store, the Customer provides:
    1. email address;
    2. first name and last name;
    3. phone number.
  4. During the registration of an account in the Online Store, the Customer independently sets an individual password to access their account. The Customer may change the password later, following the rules described in §5.
  5. In the case of placing an order in the Online Store, the Customer provides the following data:
    1. email address;
    2. address details:
      1. postal code and city;
      2. country;
      3. street with house/apartment number;
      4. province.
    3. first name and last name;
    4. phone number.
  6. In the case of Entrepreneurs, the above scope of data is additionally extended by:
    1. Entrepreneur's company;
    2. VAT identification number.
  7. In the case of subscribing to the newsletter, the Customer provides only their email address.
  8. In the case of using the contact form service, the Customer provides the following data:
    1. email address;
    2. first name and last name;
    3. phone number.
  9. In the case of using the leave a review service, the Customer provides the following data:
    1. email address;
    2. first name and last name or nickname (pseudonym).
  10. While using the Online Store website, additional information may be collected, including: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
  11. Navigation data may also be collected, including information about links and references that the Customer decides to click on or other actions taken in the Online Store. Legal basis: legitimate interest (Art. 6(1)(f) GDPR), consisting in facilitating the use of electronic services and improving the functionality of these services.
  12. For the purpose of establishing, investigating, and enforcing claims, certain personal data provided by the Customer in connection with the use of functionalities in the Online Store, such as first name, last name, data concerning the use of services, if claims arise from the way the Customer uses the services, and other data necessary to prove the existence of a claim, including the size of the damage suffered. Legal basis: legitimate interest (Art. 6(1)(f) GDPR), consisting in establishing, investigating, and enforcing claims, as well as defending against claims in proceedings before courts and other state authorities.
  13. Providing personal data to Skiera Cosmetics BV is voluntary, but in connection with concluded sales agreements or the provision of services through the Online Store website, with the reservation that not providing specific data in the forms during the Registration process makes it impossible to Register and create a Customer Account, and in the case of placing an order without registering a Customer Account, it makes it impossible to place and fulfill the Customer's order.

§ 2 To Whom Data is Shared or Entrusted and How Long They Are Stored?

  1. Customer personal data is transferred to service providers used by Skiera Cosmetics BV in operating the Online Store. Depending on contractual agreements and circumstances, service providers receiving personal data either follow the instructions of Skiera Cosmetics BV regarding the purposes and methods of processing such data (data processors) or independently determine the purposes and methods of processing (data controllers).
    1. Data Processors: Skiera Cosmetics BV uses providers who process personal data solely on the instructions of Skiera Cosmetics BV. These include hosting providers, accounting services, providers of marketing systems, systems for analyzing traffic in the Online Store, and systems for analyzing the effectiveness of marketing campaigns;
    2. Data Controllers: Skiera Cosmetics BV uses providers who do not solely act on instructions and determine the purposes and methods of using customer personal data themselves. They provide electronic payment and banking services.
  2. Location: Service providers are located in Poland and other countries within the European Economic Area (EEA).
  3. Customer personal data is stored:
    1. When the legal basis for processing personal data is consent, customer personal data is processed by Skiera Cosmetics BV until the consent is withdrawn, and for a period corresponding to the statute of limitations for claims that Skiera Cosmetics BV may raise or be raised against it. Unless a specific provision states otherwise, the statute of limitations is six years, and for claims related to periodic services and business activities, it is three years.
    2. When the legal basis for processing data is the performance of a contract, customer personal data is processed by Skiera Cosmetics BV for as long as necessary to fulfill the contract and for a period corresponding to the statute of limitations for claims. Unless a specific provision states otherwise, the statute of limitations is six years, and for claims related to periodic services and business activities, it is three years.
  4. In the case of a purchase in the Online Store, customer personal data may be transferred to the following entities, depending on the customer's choice, for the purpose of delivering ordered goods:
    1. Courier company;
    2. POST NL BV with its registered office in The Hague.
  5. If the customer chooses payment through the SOFORT Banking system, their personal data is transferred to Mollie BV, Keizergracht 126, 1015CW Amsterdam, to the extent necessary for payment processing.
  6. If the customer chooses payment through the PayPal system, their personal data is transferred to Mollie BV, Keizergracht 126, 1015CW Amsterdam, to the extent necessary for payment processing.
  7. Navigational data may be used to provide better service to customers, analyze statistical data, customize the Online Store to customer preferences, and administer the Online Store.
  8. If a customer subscribes to the newsletter on their email address, Skiera Cosmetics BV will send electronic messages containing commercial information about promotions and new products available in the Online Store.
  9. If required, Skiera Cosmetics BV will provide customer personal data to authorized state authorities, in particular, organizational units of the Prosecutor's Office, Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Cookies Mechanism, IP Address

  1. The Online Store uses small files called cookies. They are stored by Skiera Cosmetics BV on the end device of the person visiting the Online Store if the web browser allows it. A cookie typically contains the domain name from which it originates, its "expiration time," and an individually randomly selected identifying number for the file. Information collected using these types of files helps tailor products offered by Skiera Cosmetics BV to the individual preferences and actual needs of visitors to the Online Store. They also allow for the creation of general statistics on the visits of presented products in the Online Store.
  2. Skiera Cosmetics BV uses two types of cookies:
    1. Session Cookies: After the session of a particular browser or turning off the computer, stored information is deleted from the device's memory. The session cookies mechanism does not allow for the collection of any personal data or confidential information from customers' computers.
    2. Persistent Cookies: These are stored on the end device's memory and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow for the collection of any personal data or confidential information from customers' computers.
  3. Skiera Cosmetics BV uses its own cookies for the following purposes:
    1. Authenticate the customer in the Online Store and maintain the customer's session in the Online Store (after logging in), so the customer does not need to re-enter their login and password on each subpage of the Online Store;
    2. Conduct analysis, research, and viewership audits, particularly to create anonymous statistics that help understand how customers use the Online Store's website, enabling improvements in its structure and content.
  4. Skiera Cosmetics BV uses external cookies for the following purposes:
    1. Promote the Online Store via the social media service facebook.com (external cookie administrator: Facebook Inc with registered offices in the USA or Facebook Ireland with registered offices in Ireland);
    2. Collect general and anonymous statistical data using analytical tools such as LiveChat (external cookie administrator: Smartsupp.com with registered offices in the Czech Republic);
    3. Display advertisements tailored to the customer's preferences using the online advertising tool awin.com (external cookie administrator: AWIN Limited registered in England and Wales);
    4. Display advertisements tailored to the customer's preferences using the online advertising tool rtbhouse.com (external cookie administrator: RTB House S.A. with registered offices in Warsaw);
    5. Display advertisements tailored to the customer's preferences using the online advertising tool go.pl (external cookie administrator: GO.PL Sp. z o.o. with registered offices in Warsaw);
    6. Promote the Store via the social media service twitter.com (external cookie administrator: Twitter Inc. with registered offices in the USA);
    7. Collect general and anonymous statistical data through Google Analytics analytical tools (external cookie administrator: Google Inc with registered offices in the USA);
    8. Present the Reliable Regulations Certificate via the rzetelnyregulamin.pl website (external cookie administrator: Rzetelna Grupa sp. z o.o. with registered offices in Warsaw).
  5. The mechanism of cookies is safe for the computers of Store Internet users. In particular, this way it is not possible to introduce viruses or other unwanted or malicious software into users' computers. Nevertheless, users have the option to limit or disable access to cookies in their web browsers. If this option is used, using the Internet Store will still be possible, except for functions that inherently require cookies.
  6. Below, we present how you can change the settings of popular web browsers regarding the use of cookies:
    1. Internet Explorer
    2. Microsoft EDGE
    3. Mozilla Firefox
    4. Chrome
    5. Safari
    6. Opera.
  7. Skiera Cosmetics BV may collect the IP addresses of Internet Store users. An IP address is a number assigned to the computer of a person visiting the Internet Store by an internet service provider. The IP number allows access to the internet. In most cases, it is assigned to the computer dynamically, meaning it changes with each internet connection. The IP address is used by Skiera Cosmetics BV for diagnosing technical problems with the server, creating statistical analyses (e.g., determining from which regions we have the most visits), as useful information for administering and improving the Internet Store, as well as for security purposes and identifying unwanted automated programs for browsing the content of the Internet Store.
  8. The Internet Store contains links and references to other websites. Skiera Cosmetics BV is not responsible for the privacy policies in place on those websites.

§ 4 Rights of Data Subjects

  1. Right to Withdraw Consent - legal basis: Art. 7(3) GDPR:
    1. The customer has the right to withdraw any consent granted to Skiera Cosmetics BV.
    2. Withdrawal of consent takes effect from the moment of withdrawal.
    3. Withdrawal of consent does not affect processing carried out by Skiera Cosmetics BV in accordance with the law prior to withdrawal.
    4. Withdrawal of consent does not have any negative consequences for the customer, but it may prevent further use of services or functionalities that, in accordance with the law, Skiera Cosmetics BV may provide only with consent.
  2. Right to Object to Data Processing - legal basis: Art. 21 GDPR:
    1. The customer has the right, at any time, to object - for reasons related to their particular situation - to the processing of their personal data, including profiling, by Skiera Cosmetics BV if Skiera Cosmetics BV processes their data based on a legitimate interest, e.g., marketing of Skiera Cosmetics BV's products and services, conducting statistics on the use of individual functionalities of the Internet Store, facilitating the use of the Internet Store, and customer satisfaction surveys.
    2. Opting out of receiving marketing communications via email will constitute an objection by the customer to the processing of their personal data, including profiling, for these purposes.
    3. If the customer's objection is justified and Skiera Cosmetics BV does not have another legal basis for processing the personal data, the customer's personal data will be deleted, to which the customer objected.
  3. Right to Erasure ("Right to be Forgotten") - legal basis: Art. 17 GDPR:
    1. The customer has the right to request the deletion of all or some of their personal data.
    2. The customer has the right to request the deletion of personal data if:
      1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
      2. The customer withdraws their consent on which the processing is based, and there is no other legal ground for the processing;
      3. The customer objects to the processing of their personal data for marketing purposes;
      4. The personal data have been unlawfully processed;
      5. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Skiera Cosmetics BV is subject;
      6. The personal data have been collected in relation to the offer of information society services.
    3. Despite the request for erasure of personal data, due to an objection or withdrawal of consent, Skiera Cosmetics BV may retain certain personal data to the extent that processing is necessary to establish, exercise, or defend legal claims, as well as to fulfill a legal obligation requiring processing under Union or Member State law to which Skiera Cosmetics BV is subject. This applies, in particular, to personal data including: first name, last name, email address, which are retained for the purpose of handling complaints and claims related to the use of Skiera Cosmetics BV's services, as well as, additionally, the address of residence/correspondence, order number, which are retained for the purpose of handling sales agreements or service provision.
  4. Right to Restrict Processing - legal basis: Art. 18 GDPR:
    1. The customer has the right to request restriction of the processing of their personal data. Submitting such a request, until its consideration, prevents the use of specific functionalities or services that involve the processing of data covered by the request. Skiera Cosmetics BV will also not send any communications, including marketing.
    2. The customer has the right to request the restriction of the use of personal data in the following cases:
      1. When they question the accuracy of their personal data – in this case, Skiera Cosmetics BV limits their use for the time needed to verify the accuracy of the data, but not longer than 7 days;
      2. When data processing is unlawful, and instead of deleting the data, the customer requests their use to be restricted;
      3. When personal data are no longer necessary for the purposes for which they were collected or used, but the customer needs them to establish, exercise, or defend legal claims;
      4. When the customer has objected to the use of their data – in this case, the restriction is applied for the time needed to consider whether, due to the customer's particular situation, their interests, rights, and freedoms outweigh the interests pursued by Skiera Cosmetics BV, as the data controller.
  5. Right to Access Data - legal basis: Art. 15 GDPR:
    1. The customer has the right to obtain from the Data Controller confirmation of whether personal data is being processed, and if so, the customer has the right:
      1. to access their personal data;
      2. to obtain information about the purposes of processing, the categories of personal data processed, recipients or categories of recipients of this data, the planned period of storage of the customer's data, or the criteria for determining this period (when determining the planned period of data processing is not possible), the customer's rights under the GDPR, and the right to lodge a complaint with the supervisory authority, the source of this data, automated decision-making, including profiling, and the safeguards used in connection with the transfer of this data outside the European Union;
      3. to obtain a copy of their personal data.
  6. Right to Rectify Data - legal basis: Art. 16 GDPR:
    1. The customer has the right to request from the Data Controller the immediate rectification of their inaccurate personal data. Taking into account the purposes of processing, the customer whose data is concerned has the right to request the completion of incomplete personal data, including by providing an additional statement, by sending a request to the email address in accordance with §6 Privacy Policy.
  7. Right to Data Portability - legal basis: Art. 20 GDPR:
    1. The customer has the right to receive their personal data provided to the Data Controller and then transmit it to another data controller of their choice. The customer also has the right to request that personal data be transmitted by the Data Controller directly to such a data controller, provided that this is technically feasible. In such a case, the Data Controller will transmit the customer's personal data in a CSV file format, which is a commonly used format suitable for machine-readable and transferable data to another data controller.
  8. In the event of the customer exercising the rights arising from the above rights, Skiera Cosmetics BV fulfills the request or refuses to fulfill it immediately, but no later than within one month of receiving it. However, if - due to the complex nature of the request or the number of requests - Skiera Cosmetics BV is unable to fulfill the request within one month, it will do so within the next two months, informing the customer in advance within one month of receiving the request of the intended extension and the reasons for it.
  9. The customer can submit complaints, inquiries, and requests regarding the processing of their personal data and the exercise of their rights to the Data Controller.
  10. The customer has the right to request from Skiera Cosmetics BV a copy of standard contractual clauses by directing the request in the manner indicated in §6 Privacy Policy.
  11. The customer has the right to lodge a complaint with the President of the Personal Data Protection Office, in the event of a breach of their rights to personal data protection or other rights granted under the GDPR.

§ 5 Security Management - Password

  1. Skiera Cosmetics BV provides customers with a secure and encrypted connection when transmitting personal data and when logging into the customer's account on the Website. Skiera Cosmetics BV uses an SSL certificate issued by one of the world's leading security and data encryption companies for data transmitted over the Internet.
  2. In the event that a customer with an account in the Internet Store has lost their access password in any way, the Internet Store allows for the generation of a new password. Skiera Cosmetics BV does not send password reminders. The password is stored in encrypted form in a way that prevents its reading. To generate a new password, the customer should provide their email address in the form available under the "Forgot your password" link provided on the login form to the customer's account in the Internet Store. The customer will receive an email at the email address provided during registration or last profile change, containing a redirect to a dedicated form available on the Internet Store's Website, where the customer will have the opportunity to set a new password.
  3. Skiera Cosmetics BV never sends any correspondence, including email correspondence, requesting login details, especially access passwords to the customer's account.

§ 6 Changes to the Privacy Policy

  1. The Privacy Policy may be changed, and Skiera Cosmetics BV will inform customers in advance, at least 7 days before such changes take effect.
  2. Questions related to the Privacy Policy should be directed to: [email protected]
  3. Last modification date: September 8, 2021.
group_work Cookie consent