This Privacy Policy sets forth the rules for processing data of the Users of the Website available at https://en.eveline.eu/ and accompanying services, including without limitation the eStore and the newsletter, in particular their personal data, as well as the rules of the Service Provider’s use of the data stored on User devices in connection with the provision of the services, such data being commonly known as cookies.
- Definitions
- The terms listed below will have the following meaning:
- Data Controller – Beauty Brands Ecommerce sp. z o. o. with its registered office at Żytnia 19, 05-506 Lesznowola, entered in the National Court Register (KRS) by the District Court for the Capital City of Warsaw in Warsaw, 14th Business Division of the National Court Register under number KRS 0000760609, share capital: PLN 5 000.00, REGON [statistical ID]: 381956358, NIP [tax ID]: 1231417982;
- cookies – IT data, in particular small text files, saved and stored on User devices, which can be read whenever the device connects to the Website and which enable or help Users access the Website’s functionalities;
- personal data – all information on the individual who is identified or identifiable on its basis as defined in Article 4(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; Official Journal of the European Union, L 119, 4 May 2016, pp. 1-88);
- account – a service provided on the Website in accordance with the Terms and Conditions of the Website and the Terms of Conditions of the eStore available at any time via the link titled “Terms and Conditions” located at the bottom of each subpage of the eStore;
- newsletter – a service provided on the Website in accordance with the Terms and Conditions of the Website available at any time via the link titled “Terms and Conditions” located at the bottom of each subpage of the Website;
- TL – the Telecommunications Law of 16 July 2004 (consolidated text: Journal of Laws of 2018, items 1954, 2245 and 2354);
- APOS – the Act on the Provision of Online Services of 18 July 2002 (consolidated text: Journal of Laws of 2019, item 123);
- eStore – a service provided on the Website in accordance with the Terms and Conditions of the Website and the Terms of Conditions of the eStore available at any time via the link titled “Terms and Conditions” located at the bottom of each subpage of the Website;
- Parties – the Data Controller and the User;
- Website – a variable set of services provided online by means of an IT tool connected to the Internet, in accordance with these Terms and Conditions and the terms of conditions of other services provided on the Website, as well as by means of references from other locations on the Internet, such as the eStore service;
- User device – an electronic device, in particular a computer system or a mobile phone on which the User accesses the Website;
- User – any person who uses the Website in any manner, including without limitation as an eStore Customer.
- General data processing principles
- The Data Controller fully respects the Users’ right to privacy, including without limitation every User’s right to manage their personal data. The Service Provider is committed to ensure that the User’s experience of the Website and services rendered on the Website is as enjoyable as possible, with possibly the smallest interference in the User’s privacy, and it is for these purposes that the Data Controller processes personal data, and the principles of such processing are detailed in this document.
- The Data Controller processes the data supplied by the Users on the Website in accordance with the Website Terms and Conditions, as well as the terms and conditions of other services provided on the Website, including but not limited to the eStore Terms and Conditions, or other types of data. Data supplied by the User is kept private by and secured by the Controller against unauthorised third-party access in accordance with the aforementioned terms and conditions and strictly applicable laws.
- Data provided by the Users to the Website is administered by Brands Ecommerce sp. z o.o. with registered office at Żytnia 19, 05-506 Lesznowola, entered in the National Court Register (KRS) by the District Court for the Capital City of Warsaw in Warsaw, 14th Business Division of the National Court Register under number KRS 0000760609, share capital: PLN 5 000.00, REGON [statistical ID]: 381956358, NIP [tax ID]: 1231417982.
- The Controller has appointed a Data Protection Officer, who can be contacted on any matters regarding the protection of personal data, by sending an e-mail to iod@m3mcom.pl or a letter to the address specified in Section II.3. above;
- Personal data collected by the Data Controller is processed in compliance with personal data protection regulations, in particular with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Polish regulations enacted in connection with the GDPR, including without limitation the provisions of the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000). The Data Controller keeps personal data confidential and secures it against unauthorised access by third parties on principles set forth in the aforementioned laws.
- As part of its operations, the Data Controller lawfully collects and processes personal data on the following legal basis:
- the data subject’s consent to the processing of his or her personal data in connection with the provision of services on the Website (legal basis: Article 6 (1)(a) of the GDPR);
- to perform agreements concluded between the Controller and the Users with regard to the provision of services on the Website and agreements for the sale of products in the eStore, as well as agreements concluded with providers of IT services maintaining the Website and other entities performing acts in performance of the agreements (legal basis: Article 6(1)(b) of the GDPR);
- to comply with legal obligations to which the Data Controller is subject, in particular obligations with regard to financial reporting and claims or possible claims under civil law or criminal or administrative liability exercised by the Controller, the User or third parties (legal basis: Article 6(1)(c) of the GDPR);
- for the purposes of a legitimate interests pursued by the Controller to market the products and services on offer, also with the use of WebPush notifications (without the need to collect any additional data), as well as to establish, defend and exercise any potential claims (legal basis: Article 6(1)(f) of the GDPR);
- as far as the User has agreed to receive commercial information intended to advertise and promote the company’s products offered via the eStore operated by Beauty Brands Ecommerce sp. z o.o with registered office at Żytnia 19, 05-506 Lesznowola (legal basis: Article 10 of APOS and Article 172 of the TL).
- The Users’ personal data are processed voluntarily, however, depending on the circumstances, the User’s refusal to make such data available to the Controller or a request to erase the data may render it impossible for the Controller to perform the service, supply the Products or establish contact with the User. In such situations, acting in his or her own interest, the User is obliged to supply the Controller with the necessary data, which should be accurate, formally correct, complete and relevant.
- Based on personal data provisions stipulated in relevant regulations and to the extent set forth in those provisions, each User is entitled to access, correct/rectify, remove or restrict the processing of his or her personal data, as well as the right to withdraw the consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- The User has the right to lodge a complaint with the Polish Data Protection Commissioner with regard to processing his or her personal data by the Data Controller.
- Personal data will be processed, respectively, until the goals of the Controller as the controller of the specific data processed are met, until the lapse of the periods of prescription set forth in the agreement on the basis of which personal data is processed, or until the lapse of the limitation period of obligations arising from provisions of law, or until the personal data processing consent is withdrawn where such consent has been given.
- Personal data of the Users is processed by the Controller but may also be transferred to recipients with whom the Controller has concluded data processing agreements. Such recipients may include in particular:
- a hosting service provider, i.e. an entity which maintains the Website and stores its data;
- suppliers of traffic analysis tools and marketing tools for the Website, as well as tools for the distribution of its newsletter;
- for Users making purchases in the eStore, depending on the User’s selected purchase model:
- User-selected postal and courier service operators delivering orders from the eStore,
- User-selected payment system operators,
- entities processing the sending of e-mails related to order delivery.
- Users’ personal data will not be transferred outside the area of the European Union, nor will they be transferred to international organisations.
- Users’ shopping preferences and actions on the Website are examined in order to adjust the service and product offered on the Website to the actual demands of the Users at a given time. In accordance with messages appearing from time to time on the Website, the User may, at any time, object to such use of this or her data,
- The Data Controller may be contacted:
- by sending a letter to the following address: Beauty Brands Ecommerce sp. z o.o., ul. Żytnia 19, 05-506 Lesznowola;
- by sending an e-mail to: info.eu@eveline.eu
- by means of a form available at any time via the link “Contact form” located at the bottom edge of each subpage of the eStore.
- Account and Purchases made in the eStore using the Account
- The Data Controller provides the Account service in accordance with the eStore Terms and Conditions. By activating the “Open an Account” gate, the User ordering a service submits to the Controller data necessary for the performance of sales agreements in the eStore, providing his or her details such as: name and surname, e-mail address and mailing address. The data will be then processed for the performance of sales agreements concluded with the User with regard to the sale of products in the eStore, delivery of the products to the User and processing payments with regard to such transactions, also including the issue and further processing of relevant documents by the Controller.
- When setting up an Account or at a later time, the User may, in accordance with his or her informed, specific and express decision, voluntarily transfer to the Account, on the Controller’s request, additional data, in particular the User’s date of birth, information on features relevant for the selection of cosmetic products, such as skin type, hair colour, eye colour, preferred colour of clothes, style of dress in order to enable the Controller to choose commercial information of possible future interest to the User, send it to the User, and to express consent, as defined in Article 7 of the GDPR, for the use of the data for this purpose.
- The User may withdraw his or her consent at any time and remove certain data from the Account on his or her own, confirming the changes made by activating the command “Save changes”. Please note, however, that the removal of any data necessary for the performance of a sales agreement in the eStore means the User’s declaration on the removal of his or her Account.
- The Account service agreement may be terminated by the User at any time at 14 days’ notice by activating the command “Delete account”, which can be accessed by the Customer on his or her Account after logging into the Account or by submitting a statement on his or her resignation from the service by means of the form available at any time via the link “Contact form” located at the bottom edge of each subpage of the eStore.
- Purchases made in the eStore without the use of the Account
- The Controller allows the User to make purchases in the eStore without an Account as long as the User submits to the Controller data necessary for the performance of the sales agreement, such as name and surname, e-mail address and postal address.
- The User’s data submitted on conditions set forth in the section above will be processed by the Controller in accordance with separate provisions of this Privacy Policy.
- Newsletter
- The Data Controller provides the newsletter service in accordance with the Website Terms and Conditions. When ordering the service, the User:
- by activating the gate “Subscribe to newsletter”, submits his or her e-mail address to the Controller, thus expressly consenting to the newsletter sent to the e-mail address, or
- selects the newsletter service by activating access to it from his or her Account with the use of the e-mail address stored in the Account.
- The User may at any time unsubscribe from the newsletter by means of an “unsubscribe” link located at the bottom of any message received or by using the Account service provided on the basis of the eStore Terms and Conditions, unchecking the relevant box and selecting “Submit”.
- Other services provided on the Website
- The Controller may process the Users’ personal data for the performance of loyalty programs, competitions and other similar forms of product and service marketing pursued from time to time by the Controller on the basis of the Controller’s legitimate interest (legal basis: Article 6(1)(f) of the GDPR) or in cooperation with other entities, having notified the Users of such activities in the relevant invitation, if the Users consent to their data being processed for these purposes.
- Cookies
- Cookies used by the Controller are safe for User devices; in particular, no viruses or any other undesirable software or data can be transferred to the User devices in this way. Cookie files enable the identification of the software ran by the User and customize the Website to each User’s individual needs, subject to the constraints of available technical capabilities. Cookies usually contain source domain information, time for which they have been store on the device and other data value assigned to them.
- The Controller uses two types of cookies:
- session cookies, which are stored on the User device and remain there until the end of the browsing session, at which point they are permanently removed from the device memory. The operating principle of session cookies does not enable collecting any personal data from or any confidential information from the User device;
- persistent cookies, which are stored on the User device and remain there until they are removed. Closing the specific browsing session or powering off the User device does not cause persistent cookies to be deleted from the device. The operating principle of persistent cookies does not enable collecting any personal data from or any confidential information from the User device.
- They User may restrict or even disable the use of cookie files on his device. If the User chooses to do so, he or she will be able to use the Website, including the eStore, to the extent unaffected by the choice, except for the functionalities of the Website and the eStore, which inherently require the use of cookies.
- The Controller uses its own cookie files for the following purposes:
- Website configuration – in particular, to adjust the content of its pages to the User’s preferences; to optimize page display according to the User’s individual needs; to store the settings made by the User and personalize the interface, e.g. in terms of his or her choice of language or place of residence, to store the history of pages visited on the Website, font size, page settings, etc.;
- User authentication and session maintenance on the Website – in particular, to maintain the User’s session on the Website (after logging in) so as to avoid having to enter the login and password on every subpage of the Website;
- performance of processes required to keep the Website’s subpages fully functional – in particular, to customize the content of the pages to the User’s preferences and to optimize the User’s experience of the pages of the Website;
- storing the User’s location – to ensure the correct configuration of selected functions of the Website, in particular to supply to the User information customized to his or her place of residence;
- analyses, studies and viewing activity audits – to create anonymous statistics, which help understand how the Users use the Website’s pages, which enables constant improvements to the Website’s architecture and content;
- ensuring the Website’s security and reliability – in particular, to ensure that certain information is processed in line with the purpose for which it was collected.
- The User may, at any time and personally, change his or her browser settings in terms of cookie files, specifying the conditions on which they are stored and on which they access the User device. In particular, the settings may be modified so as to disable automatic cookie management in the browser’s configuration or notify the User each time a cookie enters the User device. Detailed information on cookie file management capabilities and methods is available in software (Internet browser) settings.
- The User may at any time remove cookie files from the User device by means of the functions available in his or her Internet browser.
- Miscellaneous
- These Terms and Conditions become effective on 5.02.2024