1. General provisions:
1.2. The personal data controller for users of the Website within the meaning of Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR") is Flawless sp. z o.o. with registered office in Warsaw, address: Al. Komisji Edukacji Narodowej 52/89, 02-797 Warsaw, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS number: 0000632128, NIP (Tax Identification Number): 9512417736, REGON (National Business Registry Number): 365125782, e-mail address: firstname.lastname@example.org, telephone number: +48 722 797 949, Website owner, hereinafter referred to as "Data Controller".
2. Scope of data collection
2.1. The Data Controller collects Users' personal data within the scope required to complete orders placed via the Website, register within the Website or complete other services specified in the Regulations.
2.2. The scope of data collection includes: first and last name, e-mail address, telephone number, bank account number, delivery address/invoice address including: street, postal code, city, country, company name. The scope of data processing depends on the type of service chosen by the User.
3. Purpose of data processing
3.1. The Data Controller processes the personal data of Users exclusively for the purpose of:
3.1.1. enabling Users to use the Website, which should be understood as the implementation of services provided in accordance with the Regulations, including in particular orders placed in the Data Controller's online store, ensuring contact with the User, issuing invoices and handling complaints;
3.1.2. registering accounts in the Data Controller's online store, providing support for said accounts and transactions made by Users, including resolution of technical problems;
3.1.3. direct marketing of services provided by the Data Controller, primarily including the voluntary free newsletter service containing commercial information within the meaning of the Act of 18 July 2002 on the provision of services by electronic means (i.e. Journal of Laws of 2017, item 1219);
3.1.4. running competitions, loyalty programs or promotional campaigns organized by the Data Controller;
3.1.5. ensuring the safety of services provided by the Data Controller by electronic means, in particular in order to enforce Users' compliance with the Regulations and to prevent and counteract fraud and abuse;
3.1.6. performing duties resulting directly from the binding provisions of law;
3.1.7. statistics and archiving;
3.1.8. pursuing claims arising from the Data Controller's business activity.
3.2. The Data Controller processes Users' personal data only for the purposes indicated above.
3.3. Users' personal data shall not be transferred to countries outside the European Economic Area (to countries other than European Union member states, Iceland, Norway and Liechtenstein).
4. Legal basis for the processing of personal data
4.1. The Data Controller processes personal data of Users on the basis of the following regulations:
1. article 6(1)(a) GDPR - the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes;
2. article 6(1)(b) GDPR - processing is necessary for the performance of an agreement to which the data subject is a party or for taking action at the request of the data subject prior to the conclusion of the agreement;
3. article 6(1)(f) GDPR - processing is necessary for the purposes of legitimate interests pursued by the Data Controller.
5. User rights
5.1. Personal data of Users is collected in the Data Controller's office, i.e. at the address: Flawless sp. z o.o., Al. Komisji Edukacji Narodowej 52/89, 02-797 Warsaw.
5.2. The User has the right to:
5.2.1. have access to the personal data concerning him/her stored by the Data Controller;
5.2.2. request that personal data be corrected if they believe that the personal data stored by the Data Controller is outdated, incomplete or untrue;
5.2.3. request that the processing of personal data be restricted;
5.2.4. request the deletion of personal data;
5.2.5. request a copy of the personal data;
5.2.6. object to the processing of personal data in cases provided for in Article 21 of the GDPR;
5.2.7. request the transfer of the personal data to another data controller, if technically possible;
5.2.8. withdraw consent at any time (without affecting the lawfulness of any processing that was carried out on the basis of consent prior to its withdrawal),
5.3. The User may exercise the rights referred to in point 5.2 above by submitting a proper declaration of will to the Data Controller:
5.3.1. in person at the Data Controller's registered office (Flawless sp. z o.o., ul. Komisji Edukacji Narodowej 52/89, 02-797 Warsaw);
5.3.2. by mail to the address of the Data Controller's registered office indicated above;
5.3.3. by e-mail to: email@example.com
5.3.4. through the panel of the account maintained within the Website.
5.4. The User also has the right to lodge a complaint with the supervisory authority for personal data protection, i.e. the President of the Office for Personal Data Protection (PUODO).
5.5. The Data Controller reserves the right to refuse to remove the User's data if it is necessary to satisfy claims or if it is required by applicable law.
6. Cookie mechanism
6.1. The Website uses text files called Cookies.
6.2. Cookies are saved by the server on the User's computer.
6.3 In order to use the Website, it is necessary to allow cookies to be stored on the User's computer. Lack of such permission may prevent or impede using the Website.
6.4. Cookies are not used to collect personal data of the User.
6.5. Cookies do not change the configuration of the User's computer, are not used to install or uninstall any computer program, do not interfere with the integrity of the system or User data.
6.6. The Data Controller reserves the right to use the services of third parties in the scope of developing statistics concerning the use of the Website. The Data Controller declares that in such a case, no data identifying the Users will be made available to such entities.
6.7. Three types of cookies are used by the Website: "session" (session cookies), "permanent" (persistent cookies) and "analytic". Session cookies are temporary files that are stored in the User's terminal equipment until the User logs out (leaves the website). "Permanent" cookies are stored in the User's terminal device for a period of time specified in the cookie settings or until they are deleted by the User. "Analytical" cookies allow us to better understand how the User interacts with the content of the Website. They collect information about the manner of using the website, the type of website from which the User was redirected, the number of visits and the duration of the User's visit to the website. This information does not record specific personal data of the User, but is used to compile statistics on the use of the Website.
6.8. In accordance with the applicable provisions of the Act of 16 July 2004 on telecommunications law (i.e. Journal of Laws of 2017, item 1907), the User has the right to decide on the access of Cookies to their computer by prior selection in the window of the browser.
6.9. How to manage cookies - instructions from web browser developers:
Internet Explorer: https://support.microsoft.com/pl-pl/products/windows?os=windows-7
Mozilla Firefox: https://support.mozilla.org/pl/kb/ciasteczka
Google Chrome: https://support.google.com/chrome/answer/95647?hl=pl
7. IP address
7.1. The Data Controller reserves the right to collect IP addresses of visitors to the Website, which may be helpful in diagnosing technical problems with the server, creating statistical analyses (e.g. determining which regions have the most visitors). In addition, these addresses may be useful for administering and improving the Website.
8. Access to the database of third parties
8.1. Personal data of Users shall not be made available by the Data Controller to other entities or third parties except in cases when:
8.1.1. The User agrees to this;
8.1.2. it is necessary for the purpose of providing services by the Data Controller through the Website, i.e. personal data of Users may be made available to entities such as Poczta Polska S.A. with registered office in Warsaw, courier companies (DPD), payment operators (PayU, PayPal), etc. In such a case, the Data Controller provides only the personal data that is necessary for the provision of the above mentioned services. For more information on how these entities use Users' personal data, please refer to their privacy and cookie policies;
8.1.3. it is necessary in order to detect and prevent fraud and to solve other fraud or security related issues and technical problems;
8.1.4. it is required by applicable law or a justified demand by state institutions and judicial authorities.
8.2. In addition, the Data Controller may make Users' personal data available to entities which have been authorized or entrusted with the processing of personal data, i.e:
8.2.1. to providers of legal and advisory services in the event of the Data Controller pursuing claims related to the conducted business activity;
8.2.2. to providers of technical and organizational services enabling the Data Controller to provide services through the Website;
9. Retention period of personal data
9.1. Users' personal data shall be stored no longer than it is necessary for the proper provision of services within the Website, as well as for the period of limitation of civil law claims to which the Data Controller is entitled against the User.
10. Safeguards and protection of personal data
10.1. The Data Controller declares that it processes Users' personal data in accordance with the requirements of the GDPR and other applicable regulations on personal data protection, which supplement and/or implement the GDPR, including in particular that it applies technical and organizational measures to ensure the protection of processed data appropriate to the risks and categories of data to be protected, and in particular protects Users' personal data against unauthorized disclosure, loss or damage.
12. Contact us