Privacy Policy

1. Data Controller and Definitions

1.1 Data administrator personal data of Customers/Users of the Online Store, also referred to as Seller, is: CBD SKIN EXPERT LIMITED LIABILITY COMPANY, telephone: , Tax Identification Number 8133866978

REGON: 520018055

1.2 You can contact the Data Controller:

1. 1.2.1 at the correspondence address: CBD SKIN EXPERT Sp. z o. o., NIP 8133866978, ul. Władysława Warneńczyka 83G/4, 35-612 Rzeszów
2. 1.2.2 at the e-mail address: biuro@mariog3.pl

1.3 User – a natural person entering the website/websites of the Online Store or using the services or functionalities described in this Privacy and Cookies Policy;

1.4 Client – a natural person with full legal capacity, a natural person who is a Consumer, a legal person or an organizational unit without legal personality to which the law grants legal capacity, which concludes a Distance Selling Agreement with the Seller.

1.5 Internet shop – an internet service operated by the Seller, available at the following electronic addresses (websites): cbdskinexpert.pl, through which the Customer/User may obtain information about the Goods and their availability, as well as purchase the Goods or order the provision of a service.

1.6 Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2020, item 344) originating from the Seller sent to the Customer/User electronically; its receipt is voluntary and requires the consent of the Customer/User.

1.7 Account – a set of data stored in the Online Store and in the Seller’s IT system regarding a given Customer/User and the orders placed by him/her and the contracts concluded, with the use of which the Customer/User may place orders and conclude contracts.

1.8 GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Purposes, legal basis and duration of data processing

2.1 In order to execute the Distance Selling Agreement, the Seller processes:

2.1.1 information about the User's device in order to ensure the correct operation of the services: computer's IP address, information contained in cookies or other similar technologies, session data, web browser data, device data, data about activity on the Website, including on individual subpages;

2.1.2 geolocation information, if the User has consented to the service provider's access to geolocation. Geolocation information is used to provide more tailored product and service offers.

2.2 This information does not contain data regarding the identity of Users, but in combination with other information may constitute personal data and therefore the Administrator provides it with full protection under the GDPR.

2.3 These data are processed in accordance with Article 6, Section 1, Letter b of the GDPR, for the purpose of providing the service, i.e., the contract for the provision of electronic services in accordance with the Terms and Conditions, and in accordance with Article 6, Section 1, Letter a of the GDPR, in connection with the consent to the use of certain cookies or other similar technologies, expressed through appropriate browser settings in accordance with the Telecommunications Law, or in connection with the consent to geolocation. The data are processed until the Customer/User terminates their use of the Online Store.

3. Marketing activities of the administrator

3.1 The Data Controller may post marketing information about its products or services on the Online Store website. This content is displayed by the Data Controller in accordance with Article 6(1)(f) of the GDPR, i.e., in accordance with the Data Controller's legitimate interest in publishing content related to the services provided and promotional content for campaigns in which the Data Controller is involved. At the same time, this activity does not violate the rights and freedoms of Customers/Users. Customers/Users expect to receive similar content, or even expect it, or it is their direct purpose in visiting the Online Store website(s).

4. Recipients of user data

4.1 The Data Controller discloses users' personal data only to processors under concluded personal data processing agreements for the purpose of providing services to the Data Controller, e.g. hosting and operation of the Website, IT services, marketing and PR services.

5. Transfer of personal data to third countries

5.1 Personal data will not be processed in third countries.

6. Rights of data subjects

6.1 Every data subject has the right to:

6.1.1 access (Article 15 GDPR) – obtain confirmation from the Data Controller as to whether their personal data are being processed. If data about an individual is being processed, they are entitled to access it and obtain the following information: the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the data has been or will be disclosed, the data storage period or the criteria for determining it, the right to request rectification, erasure, or restriction of processing of personal data of the data subject, and to object to such processing;

6.1.2 to receive a copy of the data (Article 15, paragraph 3 of the GDPR) – obtain a copy of the data being processed, the first copy being free of charge, and for subsequent copies the Data Controller may impose a reasonable fee based on administrative costs;

6.1.3 to rectify (Article 16 GDPR) – request the rectification of personal data concerning him/her that is incorrect or the completion of incomplete data;

6.1.4 to delete data (Article 17 of the GDPR) – request the deletion of his or her personal data if the Data Controller no longer has a legal basis for processing them or the data are no longer necessary for the purposes of processing;

6.1.5 to restrict processing (Article 18 GDPR) – request to limit the processing of personal data when:

6.1.5.1 the data subject questions the accuracy of the personal data – for a period enabling the Data Controller to check the accuracy of such data,

6.1.5.2 the processing is unlawful and the data subject opposes their erasure and requests the restriction of their use,

6.1.5.3 The data controller no longer needs the data, but the data subject requires it to establish, pursue or defend legal claims,

6.1.5.4 the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds for objection of the data subject;

6.1.6 to data portability (Article 20 of the GDPR) – to receive personal data concerning him/her, which he/she provided to the Data Controller, in a structured, commonly used and machine-readable format, and to request that these data be sent to another Controller, if the data are processed on the basis of the consent of the data subject or a contract concluded with him/her, and if the data are processed by automated means;

6.1.7 to object (Article 21 GDPR) – object to the processing of their personal data for the Controller's legitimate purposes, for reasons related to their particular situation, including profiling. In such a case, the Controller assesses the existence of compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subjects, or grounds for establishing, pursuing, or defending legal claims. If, according to the assessment, the interests of the data subject outweigh the interests of the Controller, the Controller will be obliged to cease processing the data for these purposes;

6.1.8 to withdraw consent at any time and without giving any reason, but the processing of personal data carried out before the withdrawal of consent will continue to be lawful. Withdrawal of consent will result in the Controller ceasing to process personal data for the purpose for which consent was given.

6.2 In order to exercise the above-mentioned rights, the data subject should contact the Data Controller using the contact details provided and inform him/her which right and to what extent he/she wishes to exercise.

7. President of the Personal Data Protection Office

7.1 The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2, who can be contacted as follows:

7.1.1 by mail: ul. Stawki 2, 00-193 Warsaw;

7.1.2 via the electronic mailbox available on the website: https://www.uodo.gov.pl/pl/p/kontakt;

7.1.3 Hotline: 606-950-0000.

8. Data Protection Officer

8.1 In any case, the data subject may also contact the Data Protection Officer of the Controller directly by e-mail or in writing to the Data Controller's address provided in section 1, point 2 of this Privacy and Cookies Policy.

9. Changes to the Privacy Policy

9.1 The privacy and cookies policy may be supplemented or updated in accordance with the current needs of the Administrator in order to provide up-to-date and reliable information to Customers/Users.

10. Cookies

10.1 The Online Store performs the functions of obtaining information about Customers, Users and their behavior in the following manner:

10.1.1 through information voluntarily entered in forms for the purposes resulting from the function of a specific form;

10.1.2 by saving cookies in end devices (so-called cookies). "cookies");

10.1.3 by collecting web server logs by the hosting operator of the Online Store (necessary for the proper operation of the website).

10.2 Cookies are computer data, specifically text files, stored on the Customer's/User's end device and intended for use with the Online Store. Cookies typically contain the name of the website they originate from, the duration of their storage on the end device, and a unique number.

10.3 The Online Store uses cookies only after the Customer/User has provided prior consent in this regard. Consent to the Online Store's use of all cookies is granted by clicking the "Close" button when the Online Store's cookie usage notification is displayed, or by closing the notification.

10.4 The consent referred to in the previous point may only cover selected cookies. In such a case, the Customer/User of the Online Store should use the "Cookie Settings" option available in the notice regarding the use of cookies by the Online Store. At the same time, the Data Controller reserves the right to disable cookies required for authentication, security, and maintaining Customer/User preferences, which may hinder, and in extreme cases, prevent, the use of the Online Store.

10.5 If the Customer/User of the Online Store does not consent to the use of cookies by the Online Store, they may use the option: "I DO NOT CONSENT", also available in the communication on the use of cookies by the Online Store, or make changes to the settings of the web browser they are currently using (however, this may result in incorrect operation of the Online Store website).

10.6 To manage cookie settings, select your web browser/system from the list below and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.

10.7 The legal basis for the processing of personal data from cookies is the legitimate interests of the Data Controller, consisting in providing high-quality services and ensuring the security of services.

10.8 The Online Store uses two basic types of cookies: "session cookies" and "persistent cookies." "Session" cookies are temporary files that are stored on the User's end device until logging out, leaving the Online Store, or disabling the software (web browser). "Persistent" cookies are stored on the Customer/User's end device for the time specified in the cookie parameters or until they are deleted by the Customer/User.

10.9 Cookies are used for the following purposes:

10.9.1 creating statistics that help understand how Customers/Users of the Online Store use websites, which allows for the improvement of their structure and content;

10.9.2 maintaining the Customer/User session (after logging in), thanks to which the Customer/User does not have to re-enter the login and password on each subpage of the Online Store;

10.9.3 defining the Customer/User profile in order to display product recommendations and tailored materials in advertising networks, in particular the Google network.

10.10 Website browsing software (web browser) typically allows cookies to be stored on the Customer/User's end device by default. Customers/Users can change their settings in this regard. The web browser allows cookies to be deleted. It is also possible to automatically block cookies.

10.11 Restrictions on the use of cookies may affect some of the functionalities available on the Online Store websites.

10.12 Cookies placed on the Customer/User's end device may also be used by advertisers and partners of the Online Store cooperating with them.

10.13 Cookies may be used by advertising networks, particularly the Google network, to display advertisements tailored to the way the Customer/User uses the Online Store. For this purpose, they may store information about the Customer's navigation path or the duration of their stay on a given page.

10.14 We recommend that the Customer/User read the privacy policies of these companies to learn about the rules for using cookies used in statistics: Google Analytics Privacy Policy.

10.15 Cookies may be used by advertising networks, particularly the Google network, to display advertisements tailored to the way the Customer/User uses the Online Store. For this purpose, they may store information about the user's navigation path or the duration of their stay on a given page.

10.16 In terms of information about the Customer/User's preferences collected by the Google advertising network, the Customer/User may view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/.

10.17 The Online Store website contains plug-ins that may transmit Customer/User data to Administrators such as: Facebook, Google, Instagram, LinkedIn, YouTube, Salesmanago, Gemius.

10.18 In order to properly implement the Distance Selling Agreement, the Data Controller may make Customer/User data available to courier entities.

10.19 In order to properly implement the Distance Selling Agreement, the Administrator may make Customer/User data available to online payment systems.

11. Newsletter

11.1 The Customer may consent to receiving commercial information electronically by selecting the appropriate option in the registration form or later in the appropriate tab. If such consent is granted, the Customer/User will receive information (Newsletter) from the Online Store, as well as other commercial information sent by the Seller, to the email address provided.

11.2 The Customer may at any time unsubscribe from receiving the Newsletter by unchecking the appropriate box on the Account page or by going to the form, clicking the appropriate link contained in the content of each Newsletter or via the Customer Service Office.

12 Account

12.1 The Customer/User may not post any content in the Online Store or provide the Seller with any content, including opinions and other data of an unlawful nature.

12.2 The Customer/User obtains access to the Account after registration.

12.3 During registration, the Customer/User provides their account type or gender, first name, last name, company name, Tax Identification Number (NIP), sales document issuing information, shipping information, email address, and selects a password. The Customer/User warrants that the information they provide in the registration form is accurate. Registration requires careful review of the Terms and Conditions and acknowledgment on the registration form that the Customer/User has read the Terms and Conditions and fully accepts all their provisions.

12.4 Upon granting the Customer/User access to the Account, an agreement for the provision of electronic services relating to the Account is concluded between the Seller and the Customer for an indefinite period. The Consumer may withdraw from this agreement under the terms set out in the Terms and Conditions.

12.5 Registering an Account on one of the pages of the Online Store also means registration enabling access to other pages where the Online Store is available.

12.6 The Customer/User may terminate the contract for the provision of services by electronic means at any time with immediate effect by informing the Seller by e-mail or in writing to the address of the Data Controller, provided in section 1, point 2 of this Privacy and Cookies Policy.

12.7 The Seller has the right to terminate the service agreement for the Account in the event of discontinuation or transfer of the Online Store service to a third party, violation of the law or the Terms and Conditions by the Customer/User, or in the event of inactivity by the Customer/User for a period of six months. Termination of the agreement is subject to a seven-day notice period. The Seller may stipulate that re-registration of the Account will require the Seller's consent.