PRIVACY AND COOKIE POLICY
You have the right to access your data, correct it, and request its deletion.
Additionally, you have the right to object to the processing of your personal data or to request that its processing be restricted. Providing the required personal data is voluntary; however, it is a condition for us to provide certain services (e.g., maintaining an account, sending a newsletter) or to perform a contract. We do not make individual decisions based solely on automated processing (profiling) that would have legal effects or similarly significantly affect your situation. Our domain has an SSL certificate, which means that your data is encrypted. Please see below for all the most important issues related to the processing of personal data on our website.
To whom should our inquiry be directed regarding the website administrator and the handling of personal data?
The website and personal data administrator is Skinsquare spółka z ograniczoną odpowiedzialnością (limited liability company), registered at ul. Wołomińska 2, Kobyłka. Skinsquare is entered in the register of entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register under KRS number: Company number 0001133800, with tax identification number (NIP): 1251776543, with share capital of PLN 5,000.00. Contact details: e-mail address:support@skinsquare.store, tel. +48 600955000.
What is the legal basis for the processing of personal data?
Personal data is collected and processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. The General Data Protection Regulation, or GDPR, governs the processing of personal data. Additionally, the national Act of May 10, 2018, on the protection of personal data (i.e., Journal of Laws of 2019, item 1781) also regulates this process.
What data do we process?
Depending on the purpose and user preferences, we may process data such as: name and surname, address, e-mail address, telephone number, bank account number, IP address, and in the case of entrepreneurs, also the tax identification number and business address. In addition, we may process other personal data addressed to us in correspondence.
For analytical purposes, we may also process data regarding the source of the transition to the Store, the operating system and web browser used to browse the Store, data regarding the products viewed, time spent on the website, abandoned shopping carts, orders placed, and activities in response to the newsletter. The user's age range, gender, approximate location, and interests (based on online activity) are provided to us as a result of the following actions: • Using the contact form • Sending correspondence directly to our email address Sharing data during a telephone conversation • Registering an account in the Store • Placing an order in the Store • Subscribing to the newsletter • Adding a product review (if available) • Collecting other data for analytical purposes by the Store's software or tools listed in this Privacy Policy.
We process your data for specific purposes related to the operation of our business.
Specifically, we handle customer data to the extent necessary for the functioning of our store and retain it for the period permitted by law. We process data that our customers voluntarily provide when using our store.
• Conclusion and performance of a contract – in accordance with Article 6(1)(b) of the GDPR, i.e. when processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. • The creation and maintenance of accounts is covered under Article 6(1)(b) of the GDPR, specifically when processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
• We kindly ask you to get in touch with us via the contact form, e-mail or telephone call. This is based on Article 6(1)(b) of the GDPR, which states that processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract. • Adding and verifying reviews - based on Article 6(1)(a) of the GDPR, i.e. when the data subject has consented to the processing of their personal data for one or more specific purposes. • Direct marketing is based on the following: Article 6(1)(a) of the GDPR – i.e. when the data subject has given consent to the processing of their personal data for one or more specific purposes or based on Article 6(1)(f) of the GDPR. In instances where processing is required for the purposes of the legitimate interests pursued by the controller or by a third party, this is permissible except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. • Sending newsletters and operating loyalty programs - this processing of personal data is based on Article 6(1)(a) of the GDPR, i.e. when the data subject has given consent to the processing of his or her personal data for one or more specific purposes. • Ensuring compliance with legal obligations, as well as the establishment and enforcement of claims, is crucial. According to Article 6(1)(c) of the GDPR, processing is only permissible when it is necessary for compliance with a legal obligation to which the controller is subject. In addition, Article 6(1)(f) of the GDPR states that processing is also permissible when it is necessary for the purposes of the legitimate interests pursued by the controller, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject. In instances where processing is required for the purposes of the legitimate interests pursued by the controller or by a third party, this is permissible except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. • Analytical and statistical activities - Article 6(1)(f) of the GDPR specifies that processing is only permissible if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. In the interest of safeguarding personal data, especially concerning children, we employ digital marketing tools such as Facebook Ads and Google Ads. These platforms offer the capability to reach specific demographics based on interests, gender, age, and occupation. For a comprehensive overview of these tools and their functionality, please refer to our cookie policy.
With whom do we share personal data?
We only share personal data with other entities to the extent that the data subject has consented to the processing of their data, to the extent necessary for the performance of a contract, or to the extent resulting from the legitimate interests pursued by the controller. The following entities cooperate with the store:
This includes hosting providers, newsletter delivery tool providers, CRM and invoicing system providers, accounting offices, courier and transport companies, IT companies providing services to the Store, online payment operators, banks, marketing tool providers, and other subcontractors. It also includes entities to whom we are required to transfer your data under applicable law. Regarding the transfer of analytics and statistics data, it should be noted that this type of data is not considered personal data. Therefore, it may be transferred to companies that specialize in providing analytics, statistics, and optimization services. These companies may be located in the United States, such as Google LLC and Meta Platforms Inc.
Could you please clarify whether the data is transferred to third countries or international organizations?
It should be noted that some data processing operations may involve the transfer of anonymized data to third countries or international organizations in connection with the use of tools that store personal data on servers located in third countries, particularly the US.
Please note that the providers of these tools guarantee an adequate level of personal data protection. In particular, they achieve this by joining the Data Privacy Framework program or by using standard contractual clauses. This applies in particular to the services of Google Ireland Limited.
In accordance with current legislation, individuals have the following rights regarding the processing of their personal data:
The right to request access to their personal data The right to request the rectification of their personal data The right to object to the processing of their personal data The right to request the erasure of their personal data The right to request the restriction of the processing of their personal data The right to request the transfer of their personal data • Obtain information regarding automated decision-making, including profiling and the safeguards applied in connection with the transfer of such data outside the EU • Obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data • Obtain information regarding your rights under the GDPR, your right to lodge a complaint with the PUODO, the planned period of storage of the data or the criteria for determining that period, and the source of the data. • Obtain a copy of your personal data. Should you wish to exercise any of the aforementioned rights, please notify us accordingly. We will promptly provide you with all information regarding the actions taken in connection with your request. You may withdraw your consent to the processing of your personal data at any time. To do so, please contact us.
Cookie policy
Cookies are small text files used to identify the software you are using, tailor content to your needs, and ensure that websites function properly. They are stored on the device you are using and contain a domain name, storage time, and a specific value.
The cookies employed in our establishment are secure and are classified as either session cookies or persistent cookies. Session cookies are only stored until the end of the browser session, while persistent cookies are stored on the device until they are deleted. You have the option to modify your cookie preferences or delete them (persistent cookies) at any time by using your web browser. The use of cookies is essential for ensuring the proper functioning of our electronic services. We utilize cookies to the extent necessary to provide these services, and we use additional cookies with your consent. Your consent is based on your web browser settings, other software used to manage cookies, or the settings of the cookie manager if available on the website. It is possible to disable cookies, as well as specific types of cookies. However, we must emphasize that if you choose to disable or restrict the use of cookies, you may lose access to some of the features available on our website. This is because consent to the use of specific cookies is necessary for these features.
The entities whose cookies we use include:
Google tools, such as Google Analytics, Google Ads, Google Adsense, Google Tag Manager, and YouTube, which is owned by Google and provided by Google Ireland Limited (Registration Number: 368047 / VAT Number: IE6388047V), Gordon House, Barrow Street, Dublin 4, Ireland.
Our activities related to the use of these tools are based on our legitimate interest in marketing using commonly used tools. From our perspective, the data collected in connection with the use of these tools is not personal data due to anonymization. Should you require further information regarding the tools we employ, we kindly request that you refer to Google's Terms of Service and Privacy Policy. Google Analytics We utilise Google Analytics for analytics and statistics purposes in order to optimise the performance of our website. In accordance with the anonymization process, the data collected in connection with the use of the tool is not considered personal data. This data includes the analysis of user traffic on the website, such as information about the operating system, browser, visited pages and subpages, time spent on the website and subpages, and source of transition to the website. Google Ads Please note that when you visit our website, remarketing cookies are placed on your device to collect information about your activity on our website. The information collected is used to display ads on the Google network that correspond to your activities and interests. Should you have given your consent to Google, this data may be subject to further processing by Google, for example, for the creation of target groups. If you prefer not to receive personalized advertisements, you can adjust your settings at myadcenter.google.com. Google AdSense As part of the AdSense network, our website may display personalized ads. Cookies are used to display ads based on visits and activity on our website or other websites. Google Tag Manager This tool allows us to analyze user traffic and activity using tags, providing us with valuable information on the effectiveness of our advertisements. This contributes to the ongoing optimization of our website and our offer. MailChimp We use MailChimp, operated by Intuit Global Privacy Statement, to distribute our newsletter. MailChimp is a service that allows us to organize the sending of newsletters and their subsequent analysis, among other things. The Instuit Global Privacy Statement privacy policy is available at this address. Meta Pixel We use marketing tools available on Facebook and provided by Meta Platforms Ireland Limited. Meta Pixel is a short code placed on a website that allows businesses to measure the effectiveness of ads based on an analysis of user activity on the website and to personalize ads. The purpose of the code is to display ads to the right audience, increase sales, and measure ad performance. Meta Pixel utilizes cookies to record activities on the website, such as traffic, visits to specific subpages, products added to the shopping cart, and purchases made. The analysis of these activities is used to optimize the website's functionality and our offer. For more information, please refer to Meta's Privacy Policy. Hotjar We use the Hotjar tool to improve the Online Store and your experience when using the Online Store. The tool is provided by an external entity, Hotjar Limited, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta. If you are interested in details related to data processing within Hotjar, we encourage you to read Hotjar's privacy policy. Social Media In the event that we place a plugin for a given social media platform (e.g., Facebook or Instagram) on our website, the administrator of that service will receive information about visits to our website using the user's ID.
The platform administrator collects information about the browser used, the date and time of the visit. This information is used to ensure the full functionality of plugins and to improve services, as well as to personalize advertisements. Please refer to Meta's Privacy Policy for more information.
Server logs
Visiting and using the website involves sending queries to the server, which are recorded in so-called server logs. These logs contain a variety of information, including the user's IP address, the date and time of the query, the browser used, and the operating system.
Server logs are saved and stored on the server. However, they are not linked to specific individuals using the website and are not intended for identification purposes. Rather, they are used solely for website administration. The content of these logs is not disclosed to unauthorized persons.