§ 1. GENERAL PROVISIONS

1. The administrator and owner of the perlaholistic.com website is PERLA HELSA EU SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw, Modlińska 6A/222, Warsaw 03-216, NIP: 5242939999, REGON: 521948135. KRS number: 0000970118.
2. This privacy policy contains information on the processing of personal data that you may provide to us when using the online store, as well as on the use of cookies in the online store.
3. The Privacy Policy is for informational purposes only, which means that it is not a source of obligations for customers of the online store and the application (it is not a contract or legal act).
4. Words, expressions and abbreviations used in this privacy policy that begin with a capital letter (e.g., seller, order form, newsletter, electronic service) should be understood in accordance with their definition contained in the regulations of the online store available in the online store.
5. Detailed information about the processing of specific personal data must be available each time the data is collected in the content of an information statement placed in a prominent and easily accessible place. This includes, in particular, information about the purpose and legal basis for processing personal data, the period of their storage and the recipients to whom they are transferred.
6. The Controller shall take all necessary measures to ensure that its contractors, subcontractors and other entities cooperating with it also ensure the application of appropriate security measures when they process personal data on behalf of the Controller. The Controller must continuously conduct risk analysis to ensure that personal data is processed in a secure manner, in particular by ensuring that only authorized persons have access to the data and only to the extent necessary to perform their tasks.

§ 2 PERSONAL DATA CONTROLLER AND CONTACT INFORMATION

1. The administrator of personal data collected through: a)  through the online store (including the use of cookies or similar technologies), obtained on the basis of the client’s actions on the Internet, b) other channels of communication with the client, for example, a call center; is PERLA HELSA EU SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ LIMITED LIABILITY COMPANY with its registered office in Warsaw, Modlinska 6A/222, Warsaw 03-216, NIP: 5242939999, REGON: 521948135. KRS number:0000970118, with a share capital of PLN 5,000.00 paid in full.
2. In matters related to the protection of personal data, you can contact: a) traditionally at the above address: 6A/222 Modlinska Street, Warsaw 03-216. b) by e-mail: [email protected] c) by phone +48 225 987 987 (9:00-21:00).
3. If: a) you want to contact the administrator in matters related to the protection of personal data, b) you have questions about your data or comments about this policy, c) if you want to exercise your rights in relation to the data concerning you and processed by the Administrator as their owner, you can contact us by e-mail or post at the contact details indicated above.

§ 3. WHAT PERSONAL DATA ARE PROCESSED BY THE CONTROLLER

1. Personal data is information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. This includes the following information: IP address, address form, name, address, email address, telephone number.
2. We process personal data of: a) users of the online store, including those who have an account, b) clients, c) contractors, d) newsletter subscribers, e) persons who have consented to marketing communications, f) contact persons, as well as persons who have provided their personal data to the controller through other communication channels, namely the website https://www.instagram.com/ and https://www.facebook.com (including mobile phone applications), the rules of which are based on the provisions available, in particular, at https://www.facebook.com/legal/terms, provided by Facebook Inc. or Facebook Ireland Limited (hereinafter also referred to as the “Facebook service”), respectively. The rules for the protection and use of personal data of Facebook and Instagram are available, for example, at https://www.facebook.com/policy.php. The Controller has no influence on the content of Facebook’s rules, including those relating to personal data.

§ 4. SCOPE, PURPOSE, LEGAL BASIS AND TERM OF PROCESSING OF THE COLLECTED DATA

1. Personal data is processed by the controller on the website in order to enable the use of the functionality of the online store, including automatically when using the website, i.e. in order to: a) providing and displaying content in the online store – for this purpose, we process personal data in the form of: IP address, cookies; we process data on the basis of Article 6 (1) (f) RODO – the legitimate interest of the administrator is to manage the online store, b) provision of account services – for this purpose, we process personal data in the form of: e-mail address, password, IP address, cookies, first and last name; we process data on the basis of Article 6 (1) (b) GDPR; data for this purpose will be processed for no longer than the duration of the account service, c) conclusion of a contract via the online store – for this purpose, we process personal data in the form of: IP address, cookies, e-mail address, first and last name, address data (street, house number, city with postal code, country), billing data, payment data, contact telephone number, order number or other data provided by the service provider on the website or in the course of customer contact; we process the data on the basis of Article 6 (1) (b) RODO; the data for this purpose will be processed for no longer than 6 years. d) fulfillment of the controller’s obligations as a seller and service provider – for this purpose, we process first name, surname, order data, payment data, e-mail, telephone number, street address, house number, city with postal code, country, bank account number, data for invoicing or other document, e.g. NIP, PESEL; we process the data on the basis of Art. 6 (1) (c) RODO – in particular with regard to obligations under tax law; the data for this purpose will be processed for a maximum period of 5 years, counting from the end of the calendar year in which the tax related to the contract concluded with the administrator has expired. e) the administrator sends the ordered newsletter to the e-mail address specified by the client, as well as commercial information to the specified communication channels [email, sms, phone] – for this purpose, we process contact information: e-mail address, phone number, order data, first name, surname, address (street, house number, settlement with postal code), IP address, cookies, order data and result data – we process personal data for this purpose on the basis of the expressed consent in this regard pursuant to Art. 6 (1) (a) GDPR; the data for this purpose will be processed for a maximum period of 5 years. f) for statistical and analytical purposes, to tailor the website to your preferences – based on your consent in accordance with Art. 6(1)(a) GDPR – we process personal data for this purpose using the tools and cookies described in this privacy policy, based on your consent in accordance with Art. 6(1)(a) GDPR; the data will be processed for a maximum of 12 months. g) for the purpose of pursuing the controller’s legitimate interest pursuant to Article 6(1)(f) RODO, namely:

• – fulfillment of obligations to handle complaints regarding the online store, handling complaints regarding products,
• – management and operation of the online store and ensuring the safety of use, including for the disclosure of abuse and conducting analysis, statistics, conducting surveys, satisfaction surveys,
• – to prepare and present advertisements and offers tailored to the interests and needs of the data subjects, as well as to receive commercial information, in particular to send a newsletter ordered by the controller to the e-mail address provided by the customer;
• – establishing, protecting and defending claims, archiving data. Data for these purposes will be processed for no longer than 6 years.

2. The user’s activity in the online store, including his/her personal data, is recorded in system logs (a chronological record of electronic data containing information about events and actions related to the online store, which are used by the administrator to provide electronic services). The information collected in the logs is processed on the basis of the legitimate interest of the administrator (Article 6 (1) (f) RODO) for a period of up to 12 months, primarily for purposes related to the operation of the online store, and is processed for maintenance, technical, analytical, statistical purposes, as well as to ensure the security of the IT system and the management of this system.

3. To the extent otherwise justified by the purposes of processing, personal data will be stored for as long as there is a legal basis for processing them, unless a longer retention period is required by applicable law, for example, for use in legal proceedings to which the data subject and controller are parties.

4. After the expiration of the storage period and in the absence of other legal grounds for processing, personal data will be deleted or anonymized.

§5 RECIPIENTS

1. Data transfer by the controller does not occur in every case and not to all recipients or categories of recipients specified in the privacy policy – the controller transfers data only if it is necessary for the realization of the specified purpose of processing personal data and only to the extent necessary for its realization.
2. In connection with the provision of services, personal data will be disclosed to external entities that support the activities of the controller, including, in particular: a) suppliers responsible for the operation of IT systems [this includes support for the operation of the online store, email hosting, maintenance, server services), b) entities such as banks and payment processors that process electronic payments or payment cards – in the case of a customer who uses an electronic payment method or payment card on the website, the administrator provides the collected personal data to the selected entity that processes the aforementioned payments on the website on behalf of the administrator, to the extent necessary to process the payments, c) marketing agencies and providers of information systems used to support marketing (to the extent of marketing services), d) providers of accounting, legal or consulting services that provide accounting, legal or consulting support to the controller (in particular, an accounting office, law firm or debt collection company).

3. Data recipients may also be providers of social plug-ins, scripts and other similar tools placed on the website that allow the website visitor’s browser to receive content from the providers of the said plug-ins and transfer the visitor’s personal data to these providers for this purpose, in particular: Facebook Ireland ltd. – The Administrator uses social plugins from Facebook and Instagram on the website of the online store and therefore collects and transfers personal data of the service user who uses the website of the online store to Facebook Ireland ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy policy available here: https://www.facebook.com/about/privacy/ (this data includes information about your activities on the website – including information about your device, the sites you visit, your purchases, the advertisements you see and your use of the services – regardless of whether the user of the online store has a Facebook account and whether he or she is logged in to Facebook).
4. The recipients of data may also be state authorities and organizations performing state tasks, for example, in the case of fraud reporting, competent judicial authorities, as well as to the extent and for the purposes arising from the provisions of the law, for example, conducting control procedures with the controller, the Anti-Money Laundering Act.

§6 DATA TRANSFER OUTSIDE THE EEU

If the controller transfers personal data to a third country. If personal data are transferred outside the European Economic Area, such transfers may only take place in accordance with the principles set out in Article 46, Article 47 or Article 49 of the RODO. The Controller shall transfer personal data outside the EEA only when necessary and with an adequate level of protection, in particular, by cooperating with personal data processors in countries for which a relevant decision of the European Commission has been made; applying standard contractual clauses issued by the European Commission; applying binding corporate rules approved by the competent supervisory authority. The Administrator must always inform about the intention to transfer personal data outside the EEA at the stage of its collection.

§7 PROFILING OF PERSONAL DATA

Personal data will be processed by automated means, including profiling for the purpose of so-called routine profiling (e.g. tailoring messages, banners to interests), in order to better tailor targeted information and marketing messages about the controller, its products and services, as well as about the controller’s affiliates. We strive to make our advertising, information and marketing materials valuable to the data subject, therefore, in order to adapt marketing information to the individual preferences and interests of the respective client [presentation of advertising, offers, promotions (discounts)], information about the use of the online store is used, for example, by analyzing the frequency of visits to the online store, order data, activity in the controller’s sales channels (computer IP address, cookies, preferred purchase methods), data on interest in the offer / newsletter We strive to ensure that the information obtained as a result of profiling using automated IT systems serves as a basis for analyzing customer expectations, clarifying the administrator’s instructions, without significantly affecting customer decisions.

§8 VOLUNTARINESS OF PROVIDING PERSONAL DATA

The provision of personal data on the website is voluntary, but necessary for the fulfillment of one or more of the purposes of processing personal data specified in § 4(1) above, which the controller will not be able to fulfill if the personal data is not provided.

§9 RIGHTS OF THE DATA SUBJECT REGARDING THE PROTECTION OF PERSONAL DATA

1. If you wish to assert your rights, please send your correspondence to the address specified in § 2 of this policy. Please include all necessary information that will allow us to clearly identify the person exercising your rights.
2. Every subject whose data is processed by the controller has the right to: a)  access to the content of personal data, including a request for a copy of the data, 10 b)  to request data correction, c)  to have personal data erased (right to be forgotten), d)  restrict the processing of personal data, e)  the right to have your personal data transferred to another controller if the processing is based on a contract [Article 6(1)(b) GDPR] or consent [Article 6(1)(a) GDPR], f)  the right to object to the processing of personal data, in particular to direct marketing, based on Article 6(1)(f) GDPR. The right to object to the processing of personal data for the purposes set out in Article 6(1)(f) GDPR on grounds relating to your particular situation, g)  the right to lodge a complaint with the President of the Data Protection Authority, h)  withdraw consent, which can be done at any time. The withdrawal of consent does not affect the processing that was carried out before it was withdrawn. Consent may be withdrawn by them at any time without affecting the lawfulness of the processing.
3. If the processing of personal data is considered to be in violation of applicable law, any subject has the right to lodge a complaint with a supervisory authority. For this purpose, you may contact the data protection authority with jurisdiction over your place of residence. You can also contact the data protection authority that has local jurisdiction over our company. You can find the contact details below: Office for Data Protection, Stawki 2 00-193 Warsaw, [email protected]

§ 10 COOKIES AND SIMILAR TECHNOLOGIES

1. The administrator collects information about each visitor to the online store by means of cookies (or a similar function). The website uses so-called cookies, and detailed information on this subject is provided below. Obtaining and storing information through cookies is possible on the basis of the user’s consent. By default, web browsers or other software installed on your computer or other network-connected device allow cookies to be placed on such device.
2. Cookies are small text files that are placed on a user’s device when they browse a website. Cookies collect information that facilitates the use of the website, for example, by remembering the user’s visits to the website and their actions. The cookies used by the administrator are safe for the user’s device. In particular, this method makes it impossible for viruses or other unwanted software or malware to enter the user’s device. These cookies allow us to identify the software used by the user and customize the service for each individual user. Cookies usually contain the name of the domain from which they originate, the time they are stored on the device, and the value assigned to them.
3. The administrator uses so-called service cookies primarily to provide the user with the services provided electronically and to improve the quality of these services. In this regard, the Administrator and other entities that provide analytical and statistical services to the Administrator use cookies to store information or access information that is already stored on the User’s telecommunications end device (computer, phone, tablet, etc.). The cookies used for this purpose include a)  cookies with data entered by the user (session ID) for the duration of the session; b)  session cookies of the media player (for example, flash player cookies) for the duration of the session; c) persistent cookies for personalization of the user interface for the duration of the session or slightly longer.
4. The user has the option to restrict or disable the access of cookies to their device. If this option is exercised, the use of the website will be possible, except for functions that by their nature require the use of cookies. Cookies are stored for secondary purposes, including marketing purposes, based on the user’s consent (Art. 6(1)(a) RODO). Therefore, these cookies are only activated if the user consents to their storage by checking the appropriate box in the “Cookies” window on the website. The settings selected during the first visit in response to the message (window) about cookies will be saved. You can change the selected setting at any time in the privacy settings. Wybrane ustawienia można w dowolnym momencie uregulować w ustawieniach prywatności.
5. The Administrator uses administrative cookies for the following purposes: a) configuring the website and performing the processes necessary for the full functionality of the online store – to recognize the device and display the website accordingly, adapted to its individual needs; to remember the data necessary for the use of the online store, b) analysis and research, as well as audience audit – creation of anonymous statistics that helps to understand how users of the online store use it, which allows to improve the structure and content, functionality of the online store, c) ensuring the security of the online store.The basis for processing the data obtained in this way is the legitimate interest of the administrator, which is the need to ensure the highest quality of the content presented by the administrator by adapting it to the preferences of users and marketing – including direct marketing – of products and services of the administrator or its partners, in which case the partners do not participate in the processing of the client’s data. To the extent that the administrator’s partners who provide tools that support the operation of the online store may have direct access to this information, the legal basis for such processing is the client’s voluntary consent.
6. The user can independently and at any time change the settings regarding cookies, determining the conditions for storing and accessing cookies on the user’s device. The user can change the settings referred to in the previous sentence by using the settings of his/her Internet browser or by using the configuration of the service. These settings can be changed, in particular, in such a way as to block the automatic processing of cookies in the settings of the web browser or to inform about their placement on the user’s device every time. Detailed information about the possibility and methods of using cookies is available in the settings of your software (web browser). In addition, the user may object to the actions taken by the administrator for the purposes described above. In the case of consent, including to the presentation, creation, provision and execution of special advertisements, offers or promotions (discounts) based on his/her preferences, it can be withdrawn at any time – however, this will not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
7. The user can delete cookies at any time using the functions available in the web browser he/she uses.
8. Restricting the use of cookies may affect some of the functions available on the website.
9. Each user of the services must take care of the security of their devices used to access the Internet. Such a device must have an antivirus program with an up-to-date virus detection database, an up-to-date and secure version of the Internet browser and a firewall enabled. In addition, the user should periodically check for the latest updates to the operating system and programs installed on the device, as attacks exploit bugs found in the installed software. Software manufacturers try to eliminate such threats through updates.
10. The use of cookies to collect data for marketing purposes or for purposes other than those necessary to display the website, including access to data stored on the user’s device, requires the user’s consent. This consent may be withdrawn at any time. Consent is not required only in the case of cookies whose use is necessary for the provision of a telecommunications service (data transmission for displaying content). You can delete or block the storage of cookies and withdraw your consent to the use of cookies using your browser settings. For more information, please follow the following links: Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647 Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka Internet Explorer: https://support.microsoft.com/pl‑pl/help/17442/windows‑internetexplorer‑delete‑manage‑cookies Opera: http://help.opera.com/windows/12.10/pl/cookies.html Safari: https://support.apple.com/kb/ph5042?locale=en‑gb
11. Data from cookies will be stored until you withdraw your consent or object. The administrator may delete personal data if it is not used for marketing purposes for 3 years, unless the law obliges the administrator to process personal data for a longer period of time.
12. The Administrator applies various solutions and tools used for analytics and marketing purposes. We only work with processing partners who are able to ensure an adequate level of protection of your personal data. We disclose your personal data to third parties or government officials when we are required to do so by law. We may disclose your personal data to third parties if you have consented to this or if we have other legal grounds.

§ 11 CHANGES TO THE PRIVACY POLICY

1. The policy is constantly reviewed and, if necessary, updated. If the policy is updated, the user will be notified by displaying a notice or by sending an email. In some cases, the user may be notified in advance that the policy has been updated, and the fact that the user uses the services of the online store will mean acceptance of the updated version of the policy.
2. A user who does not accept the terms and conditions of the Online Store after the new version of the policy comes into force may stop using the services of the Online Store.