PRIVACY POLICY

eBeauty Planner

We make every effort to ensure that the processing of Personal Data by us is conducted with respect for the privacy of the individuals concerned and with care for the security of the processed data, in accordance with this Privacy Policy (hereinafter referred to as the "Policy").

We apply technical and organizational measures to ensure the protection of the Personal Data processed, appropriate to the threats and the category of data protected, and in particular, we protect data against disclosure to unauthorized persons, being taken by an unauthorized person, processing in violation of applicable legal provisions, and change, loss, damage, or destruction.

SEVERAL IMPORTANT INFORMATION AND DEFINITIONS

The data controller of Personal Data processed in connection with the use of the website https://ebeauty-planner.com is Dawid Gawłowski, conducting business under the company name DejvSoft Dawid Gawłowski, located in Opole – address: ul. Sieradzka 19/26, 45-304 Opole, NIP: 7543124313, REGON: 365096253.

Contact with the Administrator is possible at the e-mail address: [email protected].

Cookie Board - a computer program in the Application that is used to manage cookies by the User, displaying information about these files and providing the possibility for the User to consent to their use by the Administrator while using the Application.

Personal Data - information about an identified or identifiable natural person, i.e., one who can be directly or indirectly identified, in particular based on an identifier such as name and surname, identification number, location data, online identifier, or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person;

Software – for the purposes of the Policy, this means internet browsers used to access the Service;

Cookies – these are text files that the Service saves on the User's Device when they use the Application and that facilitate the use of the Application;

GDPR – refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC;

Service/Application – the WWW site located at the address https://ebeauty-planner.com available on the Internet and in a mobile application for iOS and Android software.

Device – refers to the electronic device through which the User accesses the Service, including: PC computers, laptops, tablets, smartphones;

User – refers to every user of the eBeauty Planner Application, including the Partner Salon and individuals who have been granted access to the Application by the Partner Salon.

WHAT PRINCIPLES DO WE APPLY TO DATA PROCESSING?

The Administrator adheres to the following principles when processing your Personal Data:

  1. Processes Personal Data in accordance with the law, fairly and in a manner transparent to the person concerned,
  2. Collects Personal Data for specific, explicit, and legitimate purposes and does not further process them in a manner inconsistent with those purposes,
  3. Processes Personal Data in a way that is adequate, relevant, and limited to what is necessary for the purposes of processing,
  4. Personal Data is processed by the Administrator in a correct manner and is updated as necessary,
  5. Keeps Personal Data in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the Personal Data are processed,
  6. Stores collected Personal Data only on media that are secured against access by third parties,
  7. Maintains the confidentiality of Personal Data.

WHAT DATA DO WE COLLECT?

  1. Name and surname, date of birth, email address, telephone number;
  2. The name of your business, Tax Identification Number/VAT Number;
  3. Residence address/Headquarters address;
  4. Profile picture, logo.

FOR WHAT PURPOSE DO WE PROCESS YOUR DATA?

Personal Data of Users and other individuals interacting with the Administrator or Users may be processed for the purpose of:

  1. performing the contract concluded with the Administrator for the provision of electronic services within the Application - the legal basis for processing Personal Data is the necessity of processing to perform the contract (Art. 6(1)(b) GDPR);
  2. establishing contact and enabling the use of services provided by the Administrator or within the Application - the legal basis for processing is the legally justified interest of the Administrator (Art. 6(1)(f) GDPR);
  3. fulfilling the statutory obligations incumbent on the Administrator, arising in particular from tax regulations and accounting regulations – the legal basis for processing is a legal obligation (Art. 6(1)(c) GDPR);
  4. analytical and statistical purposes, including improving the operation and usability of the Service – the legal basis for processing is the legally justified interest of the Administrator (Art. 6(1)(f) GDPR);
  5. establishing and pursuing claims or defending against them – the legal basis for processing is the legally justified interest of the Administrator (Art. 6(1)(f) GDPR);
  6. technical, administrative, for the purpose of securing the IT systems of the Administrator and managing these systems - in this respect, the legal basis for processing is the legally justified interest of the Administrator (Art. 6(1)(f) GDPR);
  7. direct marketing of the Administrator's services – in this case, the legal basis for processing is the legally justified interest pursued by the Administrator or by a third party (Art. 6(1)(f) GDPR);
  8. implementing new functionalities of the Application or developing existing ones – such processing of your Personal Data is necessary to realize the legally justified interest of the Administrator (Art. 6(1)(f) GDPR).

DO I HAVE TO PROVIDE MY DATA?

The provision of Personal Data by the User is voluntary, but necessary for the provision of electronic services by the Administrator within the Application. The User may give separate consent to receive commercial, advertising, and marketing information from the Service Provider. The User can unsubscribe from receiving them at any time (withdraw their consent).

ARE MY DATA TRANSFERRED OUTSIDE THE EEA?

The Administrator may transfer Personal Data to a third country, i.e., outside the European Economic Area (EEA), to enable Users from outside the EEA to use the services of the Application. This transfer may take place to:

  1. countries for which the European Commission has issued decisions on the adequacy of Personal Data protection (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) without the need to meet additional requirements;
  2. other countries, primarily based on Standard Contractual Clauses with the application of additional (technical and legal) safeguards or Binding Corporate Rules, or based on Art. 49(1) (c) GDPR, if the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the person whose data are concerned, between the Administrator and a User from outside the EEA.

IS MY DATA PROFILED?

Your Personal Data may be profiled, involving the improvement of offers, advertising services, reminders, or recommendations for Users who visit the Service. However, the Administrator does not make automated decisions against you that have legal effects or similarly significant effects. You can object to this type of data processing by sending an email to: [email protected].

WHO IS THE RECIPIENT OF MY DATA?

Your Personal Data may be used by some third parties with whom the Administrator cooperates and who assist in fulfilling his tasks. These entities are both service providers with whom the Administrator concludes data processing outsourcing agreements and separate administrators, such as:

  1. Hosting provider (stores data on its server);
  2. Mailing service provider (who stores your data if you subscribe to the newsletter);
  3. Accounting/Bookkeeping office, which processes your data appearing on invoices;
  4. Legal Advisor or Attorney, who provides legal services for the Administrator;
  5. Service provider that provides technical support for the website if the support covers areas where data is located;
  6. Other subcontractors/service providers if the subject of their activity requires access to Personal Data. Due to the use by the Administrator of services provided by suppliers using servers located in third countries, particularly in the United States (services such as Google, or programs used for online meetings) - there is a possibility of transferring your Personal Data outside the European Economic Area. However, we only cooperate with companies participating in the U.S./EU Data Privacy Framework, which guarantees compliance with high standards of Personal Data protection, in accordance with European regulations. Personal Data may also be transferred to authorized state bodies in connection with the proceedings conducted by them, upon their request and after meeting the conditions confirming the necessity of obtaining this data, in accordance with applicable legal provisions.

WHAT RIGHTS DO I HAVE IN RELATION TO DATA PROCESSING?

The GDPR provides you with a range of possible rights regarding the handling of your Personal Data, which you can exercise. You have the right to:

  1. access your data and receive a copy of it;
  2. request rectification of the data, their deletion, or restriction of their processing;
  3. withdraw consent to the processing of your Personal Data, to the extent that the basis for processing your Personal Data is consent given earlier (withdrawing the consent does not affect the legality of the processing that was applied based on the consent before its withdrawal);
  4. transfer Personal Data;
  5. object to the processing of data for marketing purposes, if the processing is related to the legally justified interest of the Administrator, and for reasons related to your particular situation - in other cases, when the legal basis for data processing is the legally justified interest of the Administrator;
  6. lodge a complaint with the supervisory authority dealing with the protection of Personal Data (if you believe that the processing of your Personal Data is not in accordance with the law, you have the right to file a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).
  7. The rules related to the exercise of the rights mentioned above are described in detail in Articles 15 - 21 of the GDPR. If you have questions related to your rights or want to exercise them, contact the Administrator.

HOW LONG IS MY DATA PROCESSED?

Your Personal Data is processed by the Administrator for the period necessary to achieve the purposes for which the data is processed or until the objection is taken into account, if the basis for processing is the legally justified interest of the Administrator or withdrawal of consent, if the basis for processing is expressed consent. The period of data processing may be extended if the processing is necessary to pursue possible claims and defend rights (for a period of limitation of claims up to a maximum of 6 years), or until the obligation to store data resulting from legal provisions expires (usually this period results from tax laws and is 5 years). After the expiration of the processing period, the data is irreversibly deleted or anonymized.

ARE COOKIES USED IN THE SERVICE?

In our Application, we use necessary cookies to ensure smooth and convenient use of the Application. Our cookies are solely to facilitate your navigation through the Service and tailor it to your needs. Thanks to them, the Service can remember your settings. We ensure that all cookies used in the Application are safe for your device. In the Service, we use cookies for statistical purposes (including counting visits to the Page/Tabs) and analytical purposes (e.g., checking the average length of a visit to the Application). On the Site, we use both our own cookies and those of third parties. Types of cookies used include: session, persistent, and those set by other services such as Google Analytics. The specific types of cookies used within the Service have been defined in the Cookie Board. You can change cookie settings at any time. These settings can be changed in such a way as to block the automatic handling of cookies in the settings of your Internet browser or device or to inform you about their placement in your browser or device each time. In case of restriction or disabling of access to cookies on your device, the use of the Service may be difficult and may disable some functionalities that require cookies. Detailed information on the possibilities and ways of handling cookies is available in the settings of your Internet browser and in the Cookie Board. You can manage cookie settings, blocking them or receiving notifications, by changing the settings in your Internet browser on your Device.

WHAT ARE SERVER LOGS?

Server logs are records of information about what happens on the server. They collect data such as:

  1. page requests: when you visit the Application, the server records your request. It stores information such as your IP address, the type of action you are taking (e.g., opening a page), the address of the page you are visiting, and the time when you do it,
  2. error information: if there are any errors in the Application (e.g., the Service was not found), the server also records this. This allows the Administrator to fix problems and improve the Application,
  3. security issues: logs help detect dangerous attempts to access the server or other troubling activities. Server logs are used, among other things, to maintain the security of the Application, analyze how it is used, and improve its operation. Data recorded in server logs are not associated with specific individuals using the site and are not used by the Administrator to identify specific individuals. Server logs are usually used for administrative purposes, such as analyzing traffic on the site, diagnosing technical problems, ensuring security, and optimizing the operation of the Application. We respect your privacy, so this data is protected and used in accordance with applicable legal regulations.

POLICY CHANGES

The Policy is continuously verified and updated as necessary. This may be due to changes in regulations or new technological solutions we implement. As soon as anything changes, we will let you know through the Application so you are always up to date. The Policy is effective from 01/05/2024.

Thank you for reviewing the Policy. If you have any questions about how we protect your data or want to share your comments with us, write to [email protected]. We will try to help as soon as possible!