PRIVACY POLICY

1.This Privacy Policy sets out the rules for the processing of personal data obtained through the online store skin79-sklep.pl (hereinafter: "Online Store").

2. The owner of the Store and also the Personal Data Administrator is Grupa MSG Sp. z o.o. with its registered office in Piotrków Trybunalski (97-300), ul. Wojska Polskiego 118D, entered into the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister competent for economy under the tax identification number NIP 7712903630, REGON 381800573, hereinafter referred to as the Grupa MSG Sp. z o.o.

3. Personal data collected by Grupa MSG Sp. z o.o. via the Online Store are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46 / EC (general regulation on data protection), also known as the GDPR.

4. Grupa MSG Sp. z o.o. takes special care of respecting the privacy of customers visiting the Online Store.

§ 1 Type of processed data, objectives and legal basis

1. Grupa MSG Sp. z o.o. collects information on individuals conducting legal transactions not directly related to their activities, individuals running their own business or professional activity and individuals representing legal persons or organizational units that are not legal entities to which the Act grants legal capacity, conducting business or professional activity on their own behalf, hereinafter referred to jointly as Clients.

2. Customers' personal data is collected in the case of:

a) registering an account in the Online Store, in order to create an individual account and manage this account. Legal basis: indispensability to perform the contract for the provision of the Account service (Article 6 paragraph 1 letter b) of the GDPR);

b) placing an order in the Online Store in order to perform a sales contract. Legal basis: indispensability for the performance of the contract of sale (Article 6 (1) (b) of the GDPR);

c) subscribing to the newsletter in order to perform the contract, the subject of which is the service provided electronically. Legal basis - consent of the data subject to perform the contract for the provision of the Newsletter service (Article 6 paragraph 1 letter a);

d) using the contact form service in the Online Store in order to perform the contract provided electronically. Legal basis: indispensability to perform the contract for the provision of the contact form service (Article 6 (1) (b) of the GDPR);

e) using the service to provide an opinion, in order to perform the contract the subject of which is the service provided electronically. Legal basis - provide an opinion on the necessity to perform a service contract (Article 6 (1) (b) of the GDPR).

3. In the case of registering an account in the Online Store, the Customer provides:

a) email address;

b) name and surname;

c) telephone number.

4. When registering an account in the Online Store, the Customer sets the individual password for access to his account. The customer can change the password at a later time, on the terms described in

5. In the case of placing an order in the Online Store, the Customer provides the following data:

a) email address; b) address details:

a. zip code and city;

b. country;

c. street with house / flat number.

c) name and surname;

d) telephone number.

6. In the case of Entrepreneurs, the above data scope is additionally extended by:

a) Entrepreneur's company;

b) NIP number.

7. In the case of using the Newsletter service, the Customer provides the following data:

a) email address;

b) telephone number.

8. In the case of using the contact form service, the Customer provides the following data:

a) email address;

b) name and surname

9. In the case of using the service, post an opinion, the Customer provides the following data:

a) email address;

b) pseudonym / nick.

10. Additional information may be downloaded when using the Online Store Website, in particular: the IP address assigned to the Client's computer or the external IP address of the Internet provider, domain name, browser type, access time, and the type of operating system.

11. Navigational data may also be collected from customers, including information about links in which they decide to click or other activities undertaken in our Online Store. Legal basis - a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in facilitating the use of electronic services and improving the functionality of these services.

12. In order to determine, investigate and enforce claims, some personal data provided by the customer may be processed as part of using the functionality in the Online Store, such as: name, surname, data on the use of services, if claims result from the manner in which the customer uses from services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in determining, pursuing and enforcing claims as well as defending against claims in proceedings before courts and other state authorities.

13. The transfer of personal data to Grupa MSG Sp. z o.o. is voluntary, in connection with concluded sales contracts or provision of services via the Shop Website, however, failing to give specified data in the registration process prevents registration and setting up a Customer Account so in the case of placing an order without registering a Customer Account, it will prevent the submission and execution of the Customer's order.

§ 2 Who is the data entrusted to and shared with?

1. The Customer's personal data is transmitted to service providers used by Grupa MSG Sp. z o.o.while running the Online Store. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are subject to instructions of Grupa MSG Sp. z o.o. regarding the purposes and methods of processing these data (processing entities) or independently determine the purposes and ways of processing (administrators) .

a) Processing entities Grupa MSG Sp. z o.o. uses suppliers who process personal data only at the request of Grupa MSG Sp. z o.o. These include suppliers providing hosting services, accounting services, marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns;

b) Administrators Grupa MSG Sp. z o.o. uses suppliers who do not act solely on command, they set the goals and methods of using personal data of clients. They provide electronic and bank payment services.

2. Location. Service providers are based mainly in Poland and other countries of the European Economic Area (EEA).

3. Customers' personal data is stored:

a) If the basis for the processing of personal data is consent then the personal data of the client is processed by Grupa MSG Sp. z o.o. until the consent is canceled, and after the consent is canceled for a period of time corresponding to the period of limitation of claims that may be incurred by Grupa MSG Sp. z o.o. as well as by the client. Unless a special rule provides otherwise, the period of limitation is six years, and for claims for periodic benefits and claims related to running a business - three years. b) If the basis for data processing is performance of the contract, then the client's personal data is processed by Grupa MSG Sp. z o.o. as long as it is necessary to perform the contract, and after that time for the period corresponding to the period of limitation of claims.

4. In the event of a purchase in the Online Store, personal data may be transferred, depending on the choice of the Customer, to the following entities to deliver the ordered goods: a) a courier company; b) Polish Post Office inc. with its headquarters in Warsaw.

5. If the Customer chooses a payment through the DotPay system, his personal data is transferred to the extent necessary for the payment of DotPay ltd. based in Krakow (30-552), at Wielicka 72, entered in the Register of Entrepreneurs kept by the District Court for Kraków-Śródmieście, XI Commercial Division of the National Court Register under the number KRS 0000700791.

6. The navigation data may be used to provide customers with better service, statistical data analysis and adaptation of the Online Store to customer preferences, as well as the administration of the Online Store.

7. If the Customer subscribes to the newsletter, Grupa MSG Sp. z o.o. will be sending electronic messages containing commercial information about promotions and new products available in the Online Store at his email address. 8. In the case of a demand, Grupa MSG Sp. z o.o. shares personal data with authorized state authorities, in particular to the organizational units of the Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Mechanizm cookies, adres IP

1. The Online Store uses small files, called cookies. They are saved by Grupa MSG Sp. z o.o. on the final device of the person visiting the Online Store, if the web browser allows it. A cookie file usually contains the name of the domain it originates from, its "expiration time" and an individual, randomly selected number identifying the file. Information collected using such files helps adjust the products offered by Grupa MSG Sp. z o.o.to individual preferences and real needs of people visiting the Online Store. They also provide the opportunity to develop general statistics of visits to the presented products in the Online Store.

2. Grupa MSG Sp. z o.o. uses two types of cookies:

a) Session cookies: after completing a session of a given browser or turning the computer off, stored information is removed from the device's memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the Clients' computers.

b) Persistent cookies: they are stored in the memory of the Customer's end device and remain there until they are deleted or expired. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the client's computer.

3. Grupa MSG Sp. z o.o. uses own cookies for:

a) customer authentication in the Online Store and ensure Customer's session in the Online Store (after logging in), thanks to which the Customer does not have to enter the login and password on each subpage of the Online Store on and on;

b) analysis, research and audience audits, in particular to create anonymous statistics that help to understand how customers use the Store Website, which allows improving its structure and content.

4. Grupa MSG Sp. z o.o. uses external cookies for:

a) popularization of the Online Store using the facebook.com social network service (external cookie administrator: Facebook Inc with its registered office in the USA or Facebook Ireland based in Ireland).

5. The mechanism of cookies is safe for the customers of the Online Store. In particular, it is not possible to get viruses, unwanted or malicious software onto Clients' computers this way. However, in their browsers, Customers have the option of limiting or disabling access of cookies to computers. If you use this option, the use of the Online Store will be possible, except the functions which, because of their nature, require cookie files.

6. Below we present how you can change the settings of popular web browsers with respect to the use of cookies:

a) Internet Explorer browser;

b) Microsoft EDGE browser;

c) Mozilla Firefox browser;

d) Chrome browser;

e) Safari browser;

f) Opera browser.

7. Grupa MSG Sp. z o.o. may collect IP addresses of clients. An IP address is a number assigned to the computer of the visitor of the Online Store by the ISP. The IP number enables access to the Internet. In most cases, it is assigned dynamically to the computer, i.e. it changes every time you connect to the Internet and is therefore commonly regarded as nonpersonal identifying information. The IP address is used by Grupa MSG Sp. z o.o. when diagnosing technical problems with the server, creating statistical analyzes (eg determining in which regions we note the most visits), as information useful in administering and improving the Online Store, as well as for security purposes and possible identification of server-burdening, undesired automatic programs for browsing the contents of the Online Store.

8. The Online Store contains links to other websites. Grupa MSG Sp. z o.o. is not responsible for their rules of privacy protection.

§ 4 The rights of people whom the data concern

1. The right to withdraw the consent - legal basis: art. 7 par. 3 GDPR.

a) The customer has the right to withdraw any consent granted by Grupa MSG Sp. z o.o.

b) Withdrawal of the consent has its effect since the withdrawal of the consent.

c) Withdrawal of the consent does not affect the processing performed by Grupa MSG Sp. z o.o. in accordance with the law before its withdrawal.

d) Withdrawal of the consent does not entail any negative consequences for the customer, but it may prevent further use of services or functionality which, according to the law, Grupa MSG Sp. z o.o. can only provide with the consent.

2. The right to object to data processing - legal basis: art. 21 GDPR.

a) The customer has the right to object at any time - for reasons related to his special situation - to the processing of his personal data, including profiling, if Grupa MSG Sp. z o.o. processes its data based on a legitimate interest, such as marketing of products and services. Grupa MSG Sp. z o.o. , keeping statistics on the use of individual functionalities of the Online Store and facilitating the use of the Online Store, as well as a satisfaction survey.

b) Opting out in the form of an e-mail from receiving marketing messages regarding products or services will mean the Customer's objection to the processing of his personal data, including profiling for these purposes.

c) If the Customer's objection proves to be justified and Grupa MSG Sp. z o.o. has no other legal basis for the processing of personal data, the Customer's personal data will be removed, to which the Customer has lodged an objection.

3. The right to delete data ("the right to be forgotten") - legal basis: art. 17 GDPR.

a) The customer has the right to demand the removal of all or some personal data.

b) The customer has the right to demand the deletion of personal data if:

a. personal data are no longer necessary for the purposes for which they were collected or processed;

b. withdrew his specific consent to the extent to which personal data were processed based on his consent;

c. he objected to the use of his data for marketing purposes;

d. personal data are processed unlawfully;

e. personal data must be removed in order to comply with the legal obligation provided for by Union law or the law of the Member State to which Grupa MSG Sp. z o.o. is subject to;

f. personal data have been collected in connection with the offering of information society services.

c) Despite the request to delete personal data, in connection with opposition or withdrawal of consent, Grupa MSG Sp. z o.o. may retain some personal data to the extent that processing is necessary to establish, investigate or defend claims, as well as to meet from a legal obligation requiring processing under Union law or the law of a Member State to which Grupa MSG Sp. z o.o.is subject to. This applies in particular to personal data including: name, surname, e-mail address, which data is retained for the purpose of handling complaints and claims related to the use of the services of Grupa MSG Sp. z o.o., or additionally of the residence address / mailing address, the order number, which data is retained for the purpose of handling complaints and claims related to concluded sales contracts or provision of services.

4. The right to limit data processing - legal basis: art. 18 GDPR.

a) The customer has the right to demand the restriction of the processing of his personal data. Submission of a demand, pending its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the demand. Grupa MSG Sp. z o.o. will not send any messages, including marketing messages.

b) The customer has the right to request a restriction of the use of personal data in the following cases:

a. when it challenges the correctness of its personal data - at that time Grupa MSG Sp. z o.o. limits their use for the time needed to check the correctness of data, but no longer than for 7 days;

b. when data processing is unlawful, instead of deleting data, the Customer will demand to limit their use;

c. where personal information is no longer necessary for the purposes for which it was collected or used, but is needed by the Customer to establish, assert or defend claims;

d. when he objected to the use of his data - then the restriction takes place for the time needed to consider whether - due to the special situation - protection of the client's interests, rights and freedoms outweighs the interests that the Administrator performs while processing the client's personal data.

5. Right of access to data - legal basis: art. 15 GDPR.

a) The Customer has the right to obtain the confirmation from the Administrator whether he processes personal data, and if so, the Customer has the right to:

a. get access to his personal data;

b. obtain information about the purposes of processing, categories of personal data being processed, recipients or recipients' categories of this data, the planned period of customer data storage or criteria for determining this period (when it is not possible to determine the planned data processing period) about the rights of the Customer under GDPR and the right to lodge a complaint with the supervisory body, the source of this data, about automated decision-making, including profiling and about safeguards applied in connection with the transfer of these data outside the European Union;

c. obtain a copy of his personal data.

6. The right to rectify data - legal basis: art. 16 GDPR.

a) The Customer has the right to demand from the Administrator that he or she corrects his / her personal data, which are incorrect. Taking into account the purposes of processing, the Customer whom the data concern has the right to request supplementing incomplete personal data, including by submitting an additional statement, directing the request to the e-mail address in accordance with § 6 of the Privacy Policy.

7. The right to data transfer - legal basis: art. 20 GDPR.

a) The Customer has the right to receive his personal data, which he provided to the Administrator, and then send them to another personal data administrator of his choice. The Customer has also the right to demand personal data to be sent by the Administrator directly to such an administrator, if it is technically possible. In this case, the Administrator will send the Customer's personal data in the form of a file in csv format, which is a widely used, machine-readable format that allows sending the received data to another personal data administrator.

8. In the event of a Client exercising the rights arising from the above rights, Grupa MSG Sp. z o.o. fulfills the demand or refuses to meet it promptly, but no later than within month after receiving it. However, if - due to the complicated nature of the demand or the number of demands - Grupa MSG Sp. z o.o. will not be able to meet the demand within a month, it will meet them within the next two months by informing the customer within one month of receiving the demand - about the intended extension and its causes.

9. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.

10. The Customer has the right to demand from Grupa MSG Sp. z o.o. to provide a copy of standard contractual clauses by directing the request in the manner specified in § 6 of the Privacy Policy.

11. The Customer has the right to lodge a complaint to the President of the Office for Personal Data Protection in the scope of violation of his rights to the protection of personal data or other rights granted under GDPR.

§ 5 Safety management - password

1. Grupa MSG Sp. z o.o. provides Clients with a secure and encrypted connection when sending personal data and when logging in to the Customer Account on the Website. Grupa MSG Sp. z o.o. uses an SSL certificate issued by one of the world's leading companies in the field of security and encryption of data transmitted via the Internet.

2. In the event that the Customer who has an account in the Online Store has lost any access password in any way, the Online Store allows the generation of a new password. Grupa MSG Sp. z o.o. does not send a password reminder. The password is stored in an encrypted form in a way that prevents its reading. To generate a new password, please enter your e-mail address in the form available under the link "Forgot your password" provided at the login form for the account in the Online Store. The customer will receive an e-mail containing a redirection to a dedicated form provided on the Store Website to the e-mail address provided during registration or saved in the last change of the account profile, where the customer will be able to set a new password.

3. Grupa MSG Sp. z o.o.never sends any correspondence, including electronic correspondence, with a request to provide login data, in particular an access password to the Customer's account.

§ 6 Changes to the Privacy Policy

1. The Privacy Policy may be subject to change, about what Grupa MSG Sp. z o.o. will inform the customers 7 days in advance.

2. Questions related to the Privacy Policy should be sent to: [email protected]