Privacy Policy

Privacy policy of 15.03.2021

 

The protection of our Clients' personal data is of key importance to us, therefore we make every effort to ensure the optimal level of security when processing your personal data. This Privacy Policy (hereinafter referred to as: Policy) sets out the rules for the processing and protection of Users' personal data by the Controller of the Personal Data. The Policy regulates the types of personal data collected by the Controller of the Personal Data, the method of using this data, the rights of Users and the categories of entities to whom the data is made available. The policy also defines the means of protection and security of personal data as well as the method of contact regarding the means and methods of personal data protection used by the Controller of the Personal Data.

 

Basic concepts

  • User - a natural person whose data is processed by the Controller of the Personal Data;

  • Customer - an entity for which the Controller of the Personal Data provides services or with whom she/he concluded a sales contract;

  • Personal data - all information relating to an identified or identifiable natural person, eg name and surname, telephone number, address, e-mail address. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific factors determining his physical, physiological, mental, economic, cultural or social characteristics. Information is not considered to enable the identification of a person if it would require excessive costs, time or activities;

  • Data processing - any operations performed on personal data, such as collecting, recording, storing, developing, changing, sharing and deleting, especially those performed in IT systems;

  • Breach of personal data protection - a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed;

 

In connection with the regulations resulting from the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general regulation on data protection) (Journal of Laws UE.L No. 119, p. 1) (hereinafter referred to as: GDPR), we would like to inform you that:

 

The Controller of the Personal Data

The Controller of your personal data is Cosibella Sp. z o.o. with its seat in Warsaw, entered into the National Court Register by the Regional Court for the Capital City of Warsaw in Warsaw - XIII Commercial Division, number 832314, address: Jutrzenki 177 Street, 02-231 Warsaw, REGON 385746050, NIP 5223180504.

 

Applicable Laws

Users' personal data are processed in accordance with the requirements of generally applicable law, in particular the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2019, item 1781, as amended) and the regulations of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR, OJ L 119, 4.5.2016, p. 1-88).

 

Data recipients

The Controller of the Personal Data, the Controller of the Personal Data's employees and contractors authorized in writing, his associates and persons providing services to her/him have access to personal data. Access to personal data by the above-mentioned persons takes place only for the purpose and scope specified by the Controller of the Personal Data.

The Controller of the Personal Data keeps a register of persons authorized to process data. Persons authorized to process data are required to keep personal data and the methods of securing it strictly confidential.

The Controller of the Personal Data and persons authorized to process this data apply technical and organizational measures to protect processing the personal data.

Your personal data may be disclosed to:

  • state authorities and other entities authorized to access data to the extent and for the purpose specified in the provisions of law;

  • other external entities providing the Controller of the Personal Data with services supporting its functioning in the scope of provided services, i.e. logistics, courier and transport companies, IT service providers, auditing entities, entities providing accounting services, entities providing marketing services, entities providing legal services, entities servicing payments, banks;

 

Automated processing, including profiling

Your personal data will not be processed in an automated manner (including the form of profiling) that may have legal effects on you or similarly significantly affect your situation, except for the following processes, the detailed rules of which are indicated in their descriptions below: "online store".

 

Your rights in connection with processing of personal data:

In connection with the processing of your personal data, in cases provided for by law, you have the following rights:

  • access to your personal data,

  • requests to limit the processing of your personal data,

  • transferring your personal data,

  • rectifying your personal data,

  • delete your personal data,

  • object to processing of your personal data,

  • withdrawal of consent to process your personal data in a situation where it constitutes the basis for data processing, which, however, does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal

  • lodging a complaint to the supervisory body, i.e. the President of the Office for Personal Data Protection - (Office for Personal Data Protection, Stawki 2 Street, 00-193 Warsaw, tel. 22 531-03-00).

In order to exercise the above-mentioned rights, please contact us at: support@timelessskincare.eu

 

Transfer of personal data to Third Countries

Your data will not be transferred to Third Countries, unless the shipping address you provide when placing the order is in a third country, in which case we transfer your data to our business partners in such a third country, i.e. entities providing transport, courier and logistics and postal services. The transfer of your data to a third country is based on the decision of the European Commission regarding the adequate level of personal data protection. If no decision of the European Commission on the adequate level of protection of personal data has been issued in relation to a given third country, then the transfer to that third country shall be made subject to the provision of appropriate safeguards referred to in art. 46 sec. 2 GDPR. Third countries are countries outside the European Economic Area. The European Economic Area includes all European Union countries and the so-called European Free Trade Association, which include Norway, Iceland and Liechtenstein.

 

Purposes of data processing

We collect your personal data:

  • when you view the website timelessskincare.eu

  • during the execution of the order,

  • when making any contact, including answering your inquiries,

  • at goods delivery,

  • when you express your will to receive the newsletter,

  • when processing your payment,

  • when we prevent the misuse of our website,

  • during the process of informing you about product re-availability.

 

Online store, timelessskincare.eu

Purpose and grounds for processing: Your personal data will be processed for the purpose of providing electronic services by:

  • setting up and maintaining an account on the website timelessskincare.eu(the basis for processing is art. 6 sec. 1 letter b) of the GDPR),

  • concluding contracts for the sale of products ordered by the user in the online store timelessskincare.eu with the user of the online store and their execution (the basis for processing is art. 6 sec. 1 letter b) of the GDPR),

  • informing about the availability of the selected product (the basis for processing is art. 6 sec. 1 letter a) of the GDPR),

  • fulfillment of legal obligations, in particular the fulfillment of the obligation to conduct financial reporting (the basis for processing is art. 6 sec. 1 letter c) of the GDPR),

  • return and exchange of products and examination of possible complaints (the basis for processing is art. 6 sec. 1 letter b) of the GDPR),

  • implementation of the legitimate interest of the Controller of the Personal Data (the basis for processing is art. 6 sec. 1 letter f) of the GDPR), which should be understood as:

  • conducting direct marketing activities - due to specific provisions, activities via e-mail or telephone are carried out on the basis of a separate consent to use the appropriate communication channel,

  • survey on the customer satisfaction of the user of the online store timelessskincare.euwith its operation - due to specific provisions, actions via e-mail or telephone are conducted on the basis of a separate consent to the use of an appropriate communication channel,

  • answers to your questions via the contact forms on the website timelessskincare.eue-mail, chatbot and by phone,

  • establishing, investigating or defending claims related to the functioning of timelessskincare.euand services provided through the online store at the address indicated.

 

Data processing time

Your data will be processed until:

  • termination of the contract for the provision of electronic services,

  • limitation of claims under the contract provided electronically,

  • limitation of claims under the sales contract,

  • expiration of the period provided for in the Regulations of the online store timelessskincare.eufor the submission and examination of complaints or replacement of goods,

  • you raise a justified objection, if the basis for the processing of personal data is the legitimate interest of the Controller of the Personal Data,

  • expiry of the obligation to store data resulting from legal provisions, in particular the obligation to store accounting documents regarding the sales contract,

 

Are you required to provide us with your personal data?

  • Providing your personal data is voluntary, but failure to provide it may prevent the Controller of the Personal Data from providing services electronically and making purchases by a potential customer in the online store timelessskincare.eu,

 

Automated processing, including profiling

  • Using the online store timelessskincare.euis related to processing of the user's personal data, which should be understood, inter alia, as IP address or other identifiers and information collected via cookies or other similar technologies. The information collected in this way, including personal data, allows, thanks to their automated processing (profiling), to provide the user of the online store with marketing content tailored to the preferences / interests of each user.

 

Direct marketing

Purpose and basis of processing: Your personal data will be processed for the purpose of:

  • Conducting direct marketing activities (requests for opinions on products and services - marketing activities via e-mail address or telephone number are carried out on the basis of a separate consent to the use of an appropriate communication channel pursuant to the Act on the provision of electronic services (art. 10 ) and the Telecommunications Law (art. 172) (legal basis for processing art. 6 sec. 1 letter a) of the GDPR),

  • Defense against possible legal claims for breach of the provisions on the protection of personal data pursuant to art. 6 sec. 1 letter f) of the GDPR,

  • Replies to your questions sent via the contact forms on the website timelessskincare.euwhich is the legitimate interest of the Controller of the Personal Data (legal basis for data processing – art. 6 sec. 1 letter f) of the GDPR).

 

Data processing time: Your data will be processed:

  • until the consent to send marketing information by electronic means is withdrawn,

  • after the consent is withdrawn for a period of up to 6 years, in order to defend against any legal claims.

 

Do you have to provide us with your personal data?

  • Providing personal data is voluntary, but without providing it, it will not be possible to receive marketing information and answer the questions presented in the contact form.

 

Complaint, return or exchange of goods

 

Purpose and grounds for processing your personal data

Your personal data will be processed:

  • in the case of obtaining your data as part of the complaint process: acceptance, examination and handling of your complaint (the basis for processing is art. 6 sec. 1 letter b) of the GDPR),

  • in the case of obtaining your data as part of the process of return or exchange of purchase: acceptance and processing of your return or replacement of the purchase (the basis for processing is art. 6 sec. 1 letter b) of the GDPR)

  • for both processes, in order to:

  • fulfill legal obligations, i.e. in particular the fulfillment of the obligation to conduct financial reporting (the basis for processing is art. 6 sec. 1 letter c) of the GDPR),

  • establishing, protecting or pursuing claims related to the sales contract, which should be understood as the legitimate interest of the Controller of the Personal Data (art. 6 sec. 1letter f) of the GDPR).

 

Data processing time: Your data will be processed:

  • in relation to the complaint process - until the warranty period or the warranty period expires,

  • in relation to the process of return or replacement of the purchase - until the statute of limitation of claims under the contract, in connection with which the purchase was returned or replaced, runs out,

  • in relation to both processes: until the legal obligation to store data, in particular the obligation to keep accounting documents, expires.

 

Do you have to provide us with your personal data?

  • Providing your personal data is voluntary, but it is necessary to accept and examine your complaint or to accept and process a return or exchange of purchase in accordance with the returns and complaints policy.

 

Correspondence

Purpose and grounds for processing: Your personal data will be processed in order to implement the legitimate interest of the Controller of the Personal Data (art. 6 sec. 1 letter f) of the GDPR), which should be understood as:

  • correspondence by the Controller of the Personal Data in connection with messages sent by clients, potential clients, representatives of the Controller of the Personal Data's contractors and other persons or entities in paper or electronic form,

  • answering your questions sent via contact forms on the website timelessskincare.eu

  • determination, investigation or defense against possible claims.

 

Data processing time: Your data will be processed until:

  • completion of the exchange of correspondence or until an objection to data processing is raised, recognized by the Controller of the Personal Data as justified. In addition, the data will be processed during the period of limitation of any claims.

 

Do you have to provide us with your personal data?

  • Providing personal data is voluntary, but necessary to communicate with you as part of your correspondence.

 

Comments and opinions

Purpose and grounds for data processing: Personal data will be processed for the purpose of:

  • posting comments and opinions of Users on purchases or visits to the store (the basis for processing is art. 6 sec. 1 letter f) of the GDPR

  • implementation of the legitimate interest of the Controller of the Personal Data (the basis for processing is art. 6 sec. 1 letter f) of the GDPR), which should be understood as: establishing, investigating or defending claims related to the functioning of timelessskincare.euand services provided through the online store kept at the address indicated

 

Time of data processing

  • Personal data is processed until the Controller of the Personal Data deletes the comment or opinion of the user at the request of the User or until the User objects to the processing of personal data pursuant to art. 21 of the GDPR, recognized by the Controller of the Personal Data as justified.

 

Do you have to provide us with your personal data?

  • Providing personal data is voluntary, but necessary to post comments or opinions.

 

Contractors/partners and their representatives

Purpose and basis of processing: Your personal data will be processed for the purpose of:

  • performance of the contract concluded with the Controller of the Personal Data (in the case of personal data belonging directly to the contractor, the basis for processing is art. 6 sec. 1 letter b) of the GDPR, and in the case of personal data of the contractor's representatives, the basis for processing is art. 6 sec. 1 letter f) of the GDPR, where the Controller's legitimate interest is the need to ensure the proper performance of the contract),

  • fulfillment of legal obligations, in particular the fulfillment of the obligation to conduct financial reporting (the basis for processing is art. 6 sec. 1 letter c) of the GDPR),

  • determining, investigating or defending claims related to the performance of the contract concluded with Cosibella Sp. z o. o. (in this case the basis for processing is art. 6 sec. 1 letter f) of the GDPR - where the legitimate interest of the Controller of the Personal Data should be understood as the possibility of pursuing or defense of claims).

 

Data processing time: Your data will be processed until:

  • expiration or termination of the contract between the Controller of the Personal Data and his contractor, and after its completion within the time limits specified by law, including accounting,

  • limitation of any claims arising from the contract or activities aimed at concluding the contract.

 

Do you have to provide us with your personal data?

  • Providing personal data is voluntary, but without providing it, the performance of the contract concluded with the Controller of the Personal Data will not be possible.

 

Cookies

The following types of cookies are used as part of the website timelessskincare.eu:

  • "necessary" cookies that enable the use of services available on the website, e.g. authentication cookies used for services that require authentication on the website, cookies that are used to ensure security, e.g. used to detect fraud in the field of authentication on the website,

  • "performance" cookies that allow the collection of information on the use of pages included in the website,

  • "functional" cookies that allow you to "remember" the website settings selected by the user and personalize the interface, e.g. in terms of the selected language or region, font size, website appearance, etc.,

  • "advertising" cookies, which enable the provision of advertising content to website users more tailored to their interests.

 

The Controller of the Personal Data uses cookies in order to:

  • maintaining the User's session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website,

  • adapting the website to the User's needs,

  • creating viewing statistics for the Website's subpages,

  • developing aggregated statistical data, measurement data and general trend data to enhance and optimize marketing, promotional and analytical activities.

  • The Controller of the Personal Data informs that the User may, by changing the browser settings, disable the use of "cookies". Most often, the appropriate option is in the privacy or settings tab of a given program.

 

The Controller of the Personal Data informs that she/he will process, in accordance with the provisions of the law in force on the territory of the Republic of Poland, data regarding the number (including IP) and type of the User's end device, as well as the time of connection with the Website and other operational data regarding the User's activity on the Website. These data are processed for technical purposes. The Controller of the Personal Data declares that she/he will make every effort to provide the User with a high level of security in the use of the Website by applying appropriate administrative, technical and physical data protection measures against accidental or unlawful destruction, loss, unauthorized disclosure or disclosure. Unfortunately, no way of transmitting data via the Internet is completely secure. All events affecting the security of information transmission, including, for example, the suspicion of sharing files containing malicious software, should be reported to: support@timelessskincare.eu

 

Newsletter

  • Purpose and basis of processing: Your personal data will be processed in order to: provide you with the possibility of subscribing to our newsletter by providing your e-mail address and consenting to the processing of your personal data for the purpose of sending commercial and marketing information by e-mail. Through the newsletter, we inform you about our latest offers (for example, new products, promotions or information about products from the Cosibella.pl store offer). (the basis for processing is art. 6 sec. 1 letter a) of the GDPR).

 

Data processing time: Your data will be processed:

  • until the consent to send the newsletter is withdrawn. You can unsubscribe from the newsletter at any time by clicking on the link included in the newsletter received or by sending an e-mail to the following address: support@timelessskincare.eu

  • after the consent is withdrawn for a period of up to 6 years, in order to defend against any legal claims.

 

Do you have to provide us with your personal data?

  • Providing personal data is voluntary, but without providing it, subscription to the newsletter will not be possible.

 

Information on the Cosibella.pl profile on social networking sites

Cosibella Sp. z o. o. has profiles on social networks: Facebook, Instagram, YouTube, TikTok (hereinafter referred to as "social networks"), where it publishes posts also relating to the products of individual product brands. Controllers of the Personal Data of social networking sites register the behavior of their users on their own using cookies and other similar technologies, including each interaction with Cosibella Sp. z o. o. profiles. The full scope and purposes of processing personal data on social networking sites are determined by their Controllers of the Personal Data.

Cosibella Sp. z o. o. as the profile operator has access to general statistics generated by Controller of the Personal Data of social networking sites regarding the interests and demographic data (such as age, gender, region) of users visiting the Cosibella Sp. z o. o. profile.

Cosibella Sp. z o. o. as the profile operator, is responsible for the content posted therein, as well as for communication with users of social networking sites - as part of these profiles.

Facebook and Instagram are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

YouTube is administered by Google Inc. 1600 Amphitheater Parkway, Mountain View, California, USA.

TikTok is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

 

Plugin of websites: Facebook, Instagram, YouTube

Our website includes a plugin for social networks Facebook, Instagram, YouTube. Social network plugins are marked with their logos. These plugins will directly connect you to our profile on the selected website. Social networks can then obtain information that you have visited our website from your IP address. The indicated social networking sites do not provide us with information about the collected data and the method of their use. The purpose and scope of the data collected by them are unknown to us. For additional information on privacy on these websites, please refer to the privacy policy available on them, which specifies the rules for the processing of personal data on these websites.

 

Policy changes and updates

  • The policy may be modified from time to time. The modifications are intended to take into account changes in the Controller of the Personal Data's practices regarding the handling of personal data and to strengthen the personal data protection system.

  •  Significant changes to the Policy will be signalled by clearly visible messages posted on the website timelessskincare.euAt the top of the page with the content of the Policy, there will be information about the date of its latest update.

 

Contact

The User may contact the Controller of the Personal Data at any time at support@timelessskincare.eu in order to obtain information on whether and how the Controller of the Personal Data uses or intends to use her/his personal data, as well as in case of any questions or comments regarding this Policy.

 

pixel