Privacy Policy and Cookies

1. PRELIMINARY INFORMATION
Dear User/Customer/Model/Contractor! This privacy policy (hereinafter referred to as the "Privacy Policy") defines the Administrator of data collected as part of the beautywhale.pl website (hereinafter referred to as the "Website"), the rules for collecting, storing and accessing information on your devices, including using Cookies, in connection with with your use of our Website and as part of other activities undertaken in connection with your cooperation with the Administrator. The Privacy Policy specifies the types of data we collect, how they are used, and the purposes for which we use them.

2. WHO PROCESSES YOUR DATA?
The administrator of your personal data is https://beautywhale.pl/

3. PROCESSING WITHIN THE WEBSITE
3.1 Cookies and pixel tags.
3.1.1 When you use the Website, information is downloaded and saved from your web browser, some of which constitutes (or may constitute) personal data. These are mainly cookies and pixel tags. These files allow you to identify the software you use and adapt the Website to your needs. Cookies usually contain the name of the domain from which they come, the time they are stored on the Device, the assigned value, as well as data regarding activity on the Website. .
3.1.2 Cookies and pixel tags are used to collect information related to your use of the Website. Cookies enable in particular: .
a) maintaining your session (after logging in), thanks to which you do not have to re-enter your login and password on each subpage; .
b) adapting the content of websites to your preferences and optimizing the use of websites; in particular, these files allow you to recognize your device and properly display the website, tailored to your individual needs; .
c) verifying how you use the Website and creating statistics that help understand how other users also use our websites, which allows improving their structure and content. .
3.1.3 We use two types of cookies:
a) session cookies: stored on the user's device and remain there until the end of the browser session. The saved information is then permanently deleted from the device's memory. The session cookie mechanism does not allow downloading personal data or any confidential information from the user's device; .
b) persistent cookies: they are stored on the user's device and remain there until they are deleted; ending a given browser session or turning off the device does not delete them from the user's device. .
3.1.4 We use the following types of cookies on the Website:
a) "necessary" cookies enabling the use of services available on the Website, e.g. authentication cookies used for services requiring authentication on the Website and cookies used to ensure security, e.g. used to detect abuses in the field of authentication on the Website ; files of this category ensure the basic functionality of the Website and the use of services available on our websites depends on their download, which means that their support is constantly enabled; .

b) "related to functionality", allowing you to increase the functionality of the Website, at the same time enabling you to "remember" your selected settings and personalize the interface; .
c) "performance" cookies, enable us to collect information about how the Website pages are used, and help us improve the website; thanks to these files, we are often able to process your request faster and remember your settings; disabling these files may result in incorrect display of content and slower operation of the website; .
d) "advertising" and "social media", enabling us to provide you with advertising content more tailored to your interests, thanks to which advertising both on and off this website is consistent with your preferences. Disabling these cookies may result in displaying the content of the Website's pages that are not tailored to your interests. The use of the Website may then be less optimized. .
Additionally, they allow you to express your opinion, like the content and recommend us on social media, as well as chat with our consultants. .
Thanks to them, you have the opportunity to evaluate and review our products. .

3.2 Managing cookie settings
You can change your settings at any time in the section on cookie settings and limit or disable access to these files. Most popular web browsers available on the market accept cookies on your device by default. Each user can define the conditions for the use of these files using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the ability to save cookies. Remember that only saving cookies may affect some functionalities of the Website. If you want to change your current cookie settings, you can do so. Below we present how you can change the settings or disable cookies in the most popular browsers:
Internet Explorer: http://support.microsoft.com/gp/cookies/en
Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
Safari: http://support.apple.com/kb/PH5042
Opera: http://www.opera.com/browser/tutorials/security/privacy/
Adobe (flash cookies): http://www.adobe.com/security/flashplayer/articles/lso/

If you want to disable cookies on your phone or tablet, we recommend that you read the settings of a specific phone in its manual.

3.2 Purposes of data processing on the Website
We use your data to optimize the operation of our Website. Some of the data we collect from you is necessary to use it (necessary cookies).
Using the full functionality of our Website often requires providing us with additional data and consenting to its processing by us. Thanks to this data, we are able to provide you with personalized advertising of our products.
This data is also collected to improve our products and display information about them, adapt our offer to your preferences and enable you to use functionalities offered by external suppliers (e.g. adding comments on Facebook or reviewing products).
All this information helps us improve our offer addressed to you, verify errors appearing in the functionality of the Website and respond to them.
3.3 Tools we use
In order to enable us to use the information contained in the collected cookies, we use analytical tools that enable advertising and marketing management of the services and products provided.
These tools process your data in an automated manner (profiling).
These are tools such as those provided by Google (Google Tag Manager, Google AdWords and others), tools enabling remarketing of our products and recording your traffic on the website.
All this information helps us improve our offer addressed to you, verify errors appearing in the functionality of the Website and respond to them.
If you have previously been interested in receiving our marketing messages sent by electronic means (e-mail, telephone), you will continue to receive them unless you unsubscribe.
We respect your decisions, so you can always change your mind if you do not want to receive any marketing information from us in the future. You can do this by clicking on the appropriate link available in the marketing information you recently received.

4. PROCESSING OF PERSONAL DATA IN THE BEAUTYWHALE.PL STORE FOR THE PURPOSES OF HANDLING ORDERS AND CONTACTING THE CUSTOMER SERVICE OFFICE WITHIN THE CALL CENTER
4.1 Personal data processed in the Beautywhale.pl store:
4.1.1 Customers: name, surname, delivery address, e-mail address, telephone number, company, registered office address, NIP (tax identification number), bank account number, computer IP address, as well as data regarding profession or education obtained, among others, to verify the Customer (Article 6(1)(7) of the GDPR), as well as for the performance of the contract (Article 6(1)(b) of the GDPR);
4.1.2 people contacting the Seller via LiveChat available from the Beautywhale.pl home page in order to answer your questions (Article 6(1)(b) of the GDPR).
4.2 We also process your data in the Store for the following purposes:
4.2.1 creating an account and maintaining an account enabling the execution of the contract, implementation of the contract concluded with the Administrator - pursuant to Art. 6 section 1 letter b GDPR,
4.2.2 sending marketing information - pursuant to Art. 6 section 1 letter a of the GDPR, if you have given the Administrator consent to send the newsletter to the e-mail address provided or on the basis of the Administrator's legitimate interest;
4.2.3 contact the Customer Service Office - at your request (Article 6(1)(b) of the GDPR) or on the basis of the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).
4.3 Providing personal data by the Customer is voluntary, however, it is necessary to create an Account and subsequently conclude and implement the contract.
4.4 The recipients of personal data are entities cooperating with the Administrator and only to the extent entrusted by the Administrator on the basis of an agreement entrusting the processing of personal data in connection with the agreement concluded with the Personal Data Administrator and to the extent necessary for: implementation of the terms of the agreement, fulfillment of statutory obligations by the Personal Data Administrator. , e.g. In the case of a customer who uses online shopping and delivery by post or via a courier company, the Administrator provides the customer's personal data to the extent necessary to complete the delivery, in the case of a customer who uses electronic payments or a payment card, the Administrator provides the data the customer's personal data to the extent necessary to process the payment.
4.5 Personal data will be processed for the period of being an account user in the Beautywhale.pl online store, and in the event of deleting the account, for the time necessary to perform the contract, until the expiry of the terms resulting from the guarantee/warranty. If you use the online store without registration, personal data will be stored for the period necessary to exercise all rights of the seller under the conclusion of the sales contract, including pursuing claims. All data processed for accounting and tax purposes will be processed by the Administrator for 10 years counted from the end of the calendar year in which the tax obligation arose. If it is necessary to process personal data in connection with the Administrator's pursuit of claims against you resulting from non-performance or improper performance of the contract, the Administrator will be entitled to store your personal data until the limitation period for these claims in accordance with the relevant provisions of law and /or until the final conclusion of the proceedings and/or for the duration of the proceedings pending before the Supreme Court conducted on the basis of a cassation appeal and/or until the expiry of the right to resume court proceedings. After the above-mentioned deadlines, personal data will be deleted.
4.6 Your personal data is stored on a secured server. Selected employees have access to the data.
4.7 Your personal data provided in connection with granting consent to sending marketing information will be processed until this consent is withdrawn.
4.8 Providing personal data is the result of concluding an agreement with the Personal Data Administrator and is voluntary. Failure to provide this data will result in the inability to perform the contract. When providing data is the result of consent to sending marketing information, it is voluntary. Failure to provide this data will result in the inability to receive marketing information.
5 PROCESSING OF PERSONAL DATA IN CONNECTION WITH TRAINING

5.2 The Administrator, as a training organizer, processes the following personal data of Customers and Participants:
5.2.1 when you use the training offer, as their Participant, we collect data such as name and surname, e-mail address, telephone number, signature, profession, billing data, operator ID and contract data (in the case of using subsidies), because it is necessary to perform the contract concluded with you, settle it (Article 6(1)(b) of the GDPR), defend against possible claims, and speed up communication with you (Article 6(1)(f) of the GDPR),
5.2.2 when you undergo treatments or are a training model, we process data such as name and surname, e-mail address or telephone number, signature, PESEL number, residential address, billing data, health data provided by you in the pre-treatment interview; they are necessary for us to perform the contract concluded with you (Article 6(1)(b) of the GDPR), contact you to provide the most important information related to the contract, possible changes, etc., as well as defend or pursue claims (Article 6(1)(f) of the GDPR) and for the proper performance of the procedure (Article 6(1)(b) in conjunction with Article 9(2)(h) of the GDPR);
5.2.3 when you sign up for our training/treatments via the Umownik.pl platform, we may have access to your IP address to verify your identity (Article 6(1)(f) of the GDPR);
5.2.4 if you are a model during the training, we will also process data regarding your image in order to verify the correctness of the procedure, its effectiveness and effects (Article 6(1)(bw) in conjunction with Article 9(2)(h) of the GDPR) as well as to defend against claims (Article 6(1)(f) of the GDPR) and, if you consent, also for marketing purposes related to the promotion of our training and treatments;
5.2.5 if you have consented to sending commercial information to you, including information about our training, our store's offer or you have subscribed to our newsletter, we will process your data in the form of telephone number and/or e-mail address for the purpose of sending you this information (Article 6(1)(bif) of the GDPR).
5.3 The processing of your personal data in order to properly perform the contract is necessary for us to:
5.3.1 enable the use of training services provided by the Organizer,
5.3.2 carrying out and making payments for the Training,
5.3.3 considering and handling complaints regarding the Training,
5.3.4 contact in matters related to the Training,
5.3.5 storing data for archival purposes.
5.4 In some situations, we will process data because it is required by law, in particular tax and accounting regulations (i.e. pursuant to Article 6(1)(c) of the GDPR).
5.5 The Administrator, as the organizer of the training, processes personal data of Customers and Participants also in the pursuit of its legitimate interests (i.e. pursuant to Article 6(1) (f) of the GDPR), for the purposes of:
5.5.1 conducting marketing activities regarding the Organizer's services and products (direct marketing),
5.5.2 conducting court, arbitration and mediation proceedings in connection with the Agreement,
5.5.3 ensuring the security and integrity of the services we provide to you electronically, including counteracting fraud and abuse and ensuring traffic safety,
5.5.4 storing data to ensure accountability (including demonstrating that the Organizer has met the obligations arising from the GDPR).
5.6 If necessary, the Organizer will transfer the personal data obtained for the proper performance of the Agreement to two groups:
5.6.1 persons authorized by the Organizer, its employees and collaborators who must have access to the data to perform their duties,
5.6.2 processing entities to which the Organizer entrusts this task, e.g. companies operating ICT systems or providing ICT tools to the Organizer, courier companies, payment operators, companies providing consulting services.
5.7 The Administrator, as the organizer, stores personal data obtained in connection with the conclusion of the Agreement for the duration of its validity and after its termination, if there is a risk of claims in connection with its performance, but in principle no longer than for a period of 10 years from the date of its termination.
5.8 Personal data that the Administrator processes on the basis of consent may be processed only until its withdrawal.
5.9 Providing personal data of the Customer or Participant is voluntary, however, failure to provide them will prevent the conclusion of the Agreement, including participation in the Training.
5.10 Personal data provided for the purposes of the Training will not be subject to automated processing.

6 PROCESSING OF PERSONAL DATA – NEWSLETTER
6.2 If you subscribe to the newsletter, we process your personal data on the basis of your consent, i.e. pursuant to Art. 6 section 1 (b) of the GDPR or in a situation where you are our customer or a customer of our store based on our legitimate interest (Article 6(1)(f) of the GDPR) related to maintaining and building a relationship with you and providing you with information about our products, services or substantive information related to our industry.
6.3 If you use our website, we also process your personal data for the purposes of our legitimate interests (i.e. pursuant to Article 6(1) (f) of the GDPR), including for the purposes of:
6.3.1 analyze and manage your activity on the website in order to adapt services and content to your individual preferences,
6.3.2 performing technical activities and solving technical problems related to the administration of Beautywhale.pl servers,
6.3.3 conducting marketing activities regarding our services and products (direct marketing),
6.3.4 compile general statistics regarding your and other users' use, including collecting general demographic information (e.g. the region from which you are connecting);
6.3.5 ensuring the security and integrity of the services we provide to you electronically, including counteracting fraud and abuse and ensuring traffic safety,
6.3.6 storing data to ensure accountability (including demonstrating our compliance with our obligations under the GDPR);
6.3.7 providing full service, including solving technical and organizational problems,
6.3.8 contacting you, in particular for purposes related to permitted marketing and advertising activities;
6.3.9 defense against possible claims;
6.3.10 conducting research and analyzes to improve the operation of available services and the Customer Service department;
6.3.11 statistical.

7 PROCESSING OF PERSONAL DATA – CONTRACTORS

7.1 If you are our contractor, we process your data for the following purposes:
7.2.1 reply to your message sent to us (Article 6(1)(b) of the GDPR),
7.2.2 continue and properly perform legal relations between us and you or the entities you represent or act on the bodies of these entities (Article 6(1)(b) of the GDPR),
7.2.3 establishing or maintaining business relations between us or entities that you represent or act on the bodies of these entities (Article 6(1)(f) of the GDPR),
7.2.4 if the processing of your data is required by law, we process data on the basis of Art. 6 section 1 letter c GDPR,
7.2.5 conducting direct marketing of our products and services (Article 6(1)(f) of the GDPR),

7.2.6 storing data to ensure accountability (including demonstrating our compliance with our obligations under the law) (Article 6(1)(f) of the GDPR),
7.2.7 determining, protecting and pursuing possible claims (Article 6(1)(f) of the GDPR),
7.2.8 storing data for archival or statistical purposes (Article 6(1)(f) of the GDPR).
7.3 To explain what data we collect, we point out that:
7.3.1 Your personal data, i.e. name, surname, company, NIP, business address, bank account number, pursuant to Art. 6 section 1 (b) GDPR, in order to fulfill contractual obligations,
7.3.2 Your personal data such as e-mail or telephone number pursuant to Art. 6 section 1 (f) GDPR, for purposes arising from our legitimate interests, i.e., among others: constant contact,
7.3.3 Your personal data such as name, surname, NIP, address, bank account number, PESEL pursuant to Art. 6 section 1 (f) GDPR of April 27, 2016 for purposes arising from our legitimate interests, including: debt collection, maintaining business relations, for statistical purposes, archiving documentation,
7.3.4 data of persons who are partners, employees, statutory representatives, proxies or your representatives, i.e. name, surname, telephone number, e-mail address, job position, pursuant to Art. 6 section 1 (f) GDPR, in order to ensure constant contact during the implementation of the contract and maintain business relations.
7.4 If necessary, we will share your personal data in order to provide our services. We will share data with two groups:
7.4.1 persons authorized by us, our employees and associates who need to have access to data to perform their duties,
7.4.2 processing entities to which we commission this task, e.g. companies handling our IT systems or providing us with ICT tools, companies providing consulting services to us,
7.4.3 public entities, if this results from the obligation imposed by law.
7.5 The personal data we process was obtained directly from you or the entity you represent. In some situations, we could obtain this data from publicly available registers, in particular from the Register of Entrepreneurs.
7.6 As part of the relevant data, we have categories such as contact details and, in some situations, identification data (e.g. NIP, PESEL number).
7.7 Personal data will be stored by us until the limitation period for claims relating to you or the entity on whose behalf you act or are a member of its bodies expires or until the obligation to store data resulting from legal provisions expires, in particular the obligation to store documents accounting regarding the legal relations between us.
7.8 Failure to provide your data may prevent us from providing services to you, including the implementation of the concluded contract or the payment process.

8. YOUR RIGHTS
We make every effort to secure your data and protect it against unauthorized actions by using the necessary security measures. However, the actions we take may not be sufficient if you do not follow the safety rules yourself. In relation to the data processed by us, you have the right to rectify your data, limit the processing of your data, transfer your data, delete data processed without a legal basis, access to data (for this purpose, contact us to obtain a copy of your data processed by us ), to object to the processing of your personal data, providing the appropriate legal basis relating to a specific factual situation, including the option to opt out of the use of the above-mentioned data. data for direct marketing purposes, the right to withdraw consent at any time if we obtain consent to the processing of your personal data. If you believe that the processing of your personal data violates applicable law, you have the right to lodge a complaint with the President of the Data Protection Office (from May 25, 2018).

9. CONTACT
Our goal is to provide you and other Users with the greatest possible protection. The development of technology and changes in regulations mean that the Privacy Policy may change.

You can send any questions and reservations regarding the Privacy Policy to us at: [email protected]