PRIVACY AND COOKIES POLICY
This document sets out the conditions for the processing of personal data (hereinafter also referred to as "data") and cookies in the area of the online store sayhitobeauty.com, conducted through the website, provided at the URL: sayhitobeauty.com, hereinafter referred to as the "Store".
Table of Contents
§1. How to contact the Data Administrator
§2. On what basis we process your data
§3. Information on data processing for the purpose of concluding and performance of agreements, possible redress and defense against them
§4. Information on data processing for the purpose of sending the newsletter
§5. Information on data processing for the submission of notifications
§6. Information on data processing for direct marketing and on profiling
§7. Information on data processing for security
§8. Information on data recipients
§9. Information on the transfer of data to third countries
§10. Absolute rights of the persons whose data are processed
§11. Relative rights of the persons whose data are processed
§12. Cookies Files - Introduction
§13. Data Administrator Cookies Files
§14. Third party cookie files
§15. Permission to use and manage Cookies files
§16. Cache
§17. References to other websites or software
§18. Changes to the Privacy Policy and Cookies Files
§1. How to contact the Data Administrator
The controller of personal data processed within the Store is SAY HI Limited Liability Company, located in Warsaw (02-695) at ul. Śniardwy 8/76, registered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000911288, VAT ID: 5213934278 and REGON: 389473984.
You can contact the Data Administrator using an email address: contact@sayhitobeauty.com
§2. On what basis we process your data
When collecting personal data, we always inform you of the legal basis of their processing. It follows from the provisions of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016). on the protection of individuals with regard to the processing of personal data on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). When we inform you:
・ Article 6, point (1)(a) and) GDPR - this means that we process personal data on the basis of the received consent,
・ Article 6, point (1)(a) b) GDPR - this means that we process personal data, because they are necessary to perform the contract or to take action before it is concluded, upon request,
・ Article 6, point (1)(a) c) GDPR - this means that we process personal data in order to fulfill the legal obligation,
・ Article 6, point (1)(a) f) GDPR - this means that we process personal data in order to perform legitimate interests.
§3. Information on data processing for the purpose of concluding and performance of agreements, possible redress and defense against them
1. We may process the personal data necessary for the fulfillment of the agreement concluded with you. However, even before it is concluded, we may process the personal data necessary to take action on your request. The processing of such data shall be carried out pursuant to 6(1)(a) b) RODO.
2. During the performance of the contract and after its performance, we process the personal data of its parties for possible processing of claims, and also their recovery. For example, our legitimate interest is to be able to respond to a possible complaint, which we are obliged to do under separate civil law provisions. In such a case, we will process personal data on the basis of the legitimate interest of defending or investigating possible claims. The processing of such data shall be carried out pursuant to 6(1)(a) f) GDPR
3. We shall keep this data for the period necessary to achieve the stated objectives, not later than the time of limitation of claims under separate legal provisions.
4. You have the right of access to your data, rectification, erasure, processing restrictions, the right to data portability, and and right to lodge a complaint with a supervisory authority. In the case of processing of data for the purposes set out in point 2, you also have the right to object to their processing.
5. Providing this information is voluntary, but failure to provide this information will prevent the conclusion of the contract or its implementation.
6. The recipients of this data shall be: our hosting provider, e-mail service provider, IT service provider, shipping service providers, accounting service provider and invoice software provider, electronic payment service provider, legal, advisory and recovery service provider, and other service providers we use for the stated purpose.
§4. Information on data processing for the purpose of sending the newsletter
1. We allow you to subscribe to the list of recipients of our newsletter. If you have used this functionality, we process your personal data for the purpose of its transmission. The newsletter may contain advertising, commercial or marketing content.
2. The processing of this data is based on your consent and thus art. 6(1)(a) and) ROAD
3. You have the right to withdraw your consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the prior processing.
4. We will keep your information until your consent is withdrawn. If you never undo it, we will process your data until we stop sending the newsletter.
5. You have the right to access, rectify, erase, limit processing, transfer of data, and right to lodge a complaint with a supervisory authority.
6. Providing this information is voluntary, however, failure to provide this information will prevent sending the newsletter.
7. The recipients of this data shall be: our hoster, IT service provider, email service provider and newsletter service provider.
§5. Information on data processing for the submission of notifications
1. We allow you to sign up for the list of recipients of our notifications, displayed through a web browser. If you have used this functionality, we process your personal data for the purpose of its transmission. Notifications may include advertising, marketing or marketing content.
2. The processing of this data is based on your consent and thus art. 6(1)(a) and) ROAD
3. You have the right to withdraw your consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the prior processing.
4. We will keep your information until your consent is withdrawn. If you never undo it, we will process your data until we stop sending notifications.
5. You can revoke consent to the processing of data in your web browser.
6. You have the right of access to your data, rectification, erasure, processing restrictions, the right to transfer your data, and the right to lodge a complaint with a supervisory authority.
7. The provision of these data is voluntary, but failure to provide these data will prevent notifications from being sent.
8. The recipients of this data shall be: our hosting company.
§6. Information on data processing for direct marketing and on profiling
1. We may process your personal data for direct marketing purposes. This happens, for example, when we respond to your message by providing details about our offer.
2. For direct marketing purposes, we may use profiling by automated decision to display ads to you. This decision is based on the actions you take in the Store, and in particular on the basis of the agreements you have concluded or the parties you review. In practice, profiling supports the usefulness of our Store, allowing you to present to you content that may be of interest to you.
3. The processing of such data shall be carried out pursuant to 6(1)(a) f) GDPR
4. We will keep your data until the time necessary for the realization.
5. You have the right of access to your data, rectification, erasure, processing restrictions, the right to transfer data, the right to object to the processing of data, and the right to lodge a complaint with a supervisory authority.
6. You are entitled not to be profiled unless you have agreed to do so. However, then, the basis for processing your data will be consent (art. 6 item 1(and) GDPR), which you can undo at any time. Then, too, your data will be processed until your consent is revoked.
7. Providing these data is voluntary, and failure to provide these data will prevent direct marketing activities.
8. The recipients of this data shall be: our hoster, IT service provider, email service provider.
§7. Information on data processing for security
1. From the moment you start our website, in order to ensure the security of services, we process such data as:
・ the public IP address of the device from which the query came
・ browser type and language
・ the date and time of the inquiry,
・ number of bytes sent by the server,
・ the URL of the page previously visited, where visited by this link,
・ information about errors that occurred during the query.
2. Our legitimate interest in this processing is to keep server event logs and protect the Store from potential hacker attacks and other abuses. This includes the ability to determine the IP address of the person performing the illegal activity in the Store area, such as attempting to violate security, publishing prohibited content, or attempting to disallow activities using our servers.
3. The processing of such data shall be carried out pursuant to 6(1)(a) f) GDPR
4. We shall keep this data for the period necessary to achieve the stated objectives, not later than the time of limitation of claims under separate legal provisions.
5. You have the right to have access to your data, to rectify it, to erase it, to restrict processing, to object to its processing, and also to lodge a complaint with a supervisory authority.
6. Providing this information is a condition for using the Store. Failure to provide this information will prevent you from using the Store.
7. The recipient of this data is our hoster and IT service provider.
§8. Information on data recipients
When processing personal data, we use external services. Therefore, your personal data may be received by third parties. When collecting personal data, we always inform those recipients, but because of the primacy of the readability of the message, we do so briefly. Therefore, we explain here that when we inform about particular categories of recipients, they are the following:
・ Freight/courier service provider: InPost S.And, ul. Wielicka 28, 30-552 Kraków; DHL Parcel Polska Sp. z o.o., ul. Ottoman 2, 02-823 Warsaw; DPD Polska Sp. z o.o. z o.o., ul. Mineral 15, 02-274 Warsaw. ・ IT Service Provider: Shopify International Ltd, Attn: Data Protection Officer, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland; MOHI.TO Sp. z o.o., ul. Kłodzka 2 /7, 50-536 Wrocław.
・ Host: Shopify International Ltd, Attn: Data Protection Officer, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
・ Email Service Provider: Go Daddy Operating Co LLC, 14455 North Hayden Road Suite 226 Scottsdale, AZ 85260 United States.
・ Accounting service provider: GACCOUNTANCY ACCOUNTING OFFICE Sp. of o., Śniardwy 8/76, 02-695 Warsaw.
・ Invoice software provider: Invoicing sp. z o.o., ul. Juliana Smulikowski 6/8, 00-389 Warsaw.
・ Legal/advisory/recovery service provider - these service providers are established on a case-by-case basis, in case of need.
・ Newsletter Service Provider: Shopify International Ltd, Attn: Data Protection Officer, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
・ Electronic Payment Service Provider: PayPro S.And., ul. Chancellor 15, 60-327 Poznań, PayPal (Europe) S.à r.l. et Cie, S.C.And. 22-24 Boulavard Royal L-2449 Luxembourg.
§9. Information on the transfer of data to third countries
1. As we use the services of other suppliers, your personal data may be transferred outside the European Economic Area, namely to countries: United States of America (USA) and Canada.
2. The European Commission has established that certain countries outside the European Economic Area (EEA) adequately protect personal data. Canada is one of them.
3. Since the United States of America to which we transfer personal data has not been considered a safe country, the transfer of data is based on an agreement containing standard data protection clauses, adopted by the European Commission.
§10. Absolute rights of the persons whose data are processed
When we write about the rights related to the processing of your personal data, we refer to the following rights. The possibility to exercise the following powers is independent of the legal basis for the processing of personal data.
Right of access
You have the right to obtain confirmation from us that we are processing your personal data. If this is the case, you have the right to access this data, and also to receive additional information on:
・ the purposes of the processing,
・ the categories of data concerned,
・ recipients or categories of recipients to whom the data have been or will be disclosed, in particular recipients in third countries or international organizations,
・ where possible, the planned retention period, and the criteria for determining that period,
・ the right to ask us to rectify, erase or restrict the processing of data, to object to such processing, and also to the right to lodge a complaint with a supervisory authority,
・ data sources if your data has not been collected from you,
・ automated decision-making, including profiling, and the rules for taking them, and also the importance and expected consequences of such processing for you.
Upon receipt of such a request, we are obliged to provide a copy of the personal data subject to processing. If such a request is made by electronic means and if no other objection is received, we shall also provide the information by electronic means.
Right to rectification
You have the right to request us to rectify immediately any personal data concerning you which is incorrect. Taking into account the purposes of the processing, you have the right to request the addition of incomplete personal data, including by providing an additional statement.
Right to delete data (be forgotten)
You have the right to request us to immediately delete personal data concerning you. We then have a duty to erase personal data without undue delay if one of the following applies:
・ you have revoked/revoked your consent to the processing of your personal data and we have no other basis for processing it,
・ you have successfully opposed the processing of data concerning you,
・ Your personal data has been unlawfully processed,
・ Your personal data must be deleted in order to comply with the legal obligation,
・ Your data has been collected in connection with the provision of information society services.
Right to restrict processing
You have the right to request us to restrict processing in the following cases:
・ when you question the accuracy of the data, for a period allowing us to check their accuracy,
・ the processing is illegal, and you object to the deletion of the data by requesting a restriction on their use instead,
・ we no longer need personal data for processing purposes, but they are needed for you to establish, pursue or defend claims,
・ you have objected to the processing of your data - until it is established whether the legitimate grounds on our part override the grounds of your objection.
Automated decisions including profiling
You have the right not to be subject to a decision that is based solely on automated processing, including profiling, and has legal effects on you or similarly significantly affects you.
The law shall not apply where that decision:
・ is necessary for the conclusion or execution of an agreement between you and us,
・ is authorized by Union law or by the law of the Republic of Poland and which provides for appropriate measures to protect your rights, freedoms and legitimate interests, or
・ is based on your explicit consent.
Right to bring an action
You have the right to complain about the processing of your personal data to a supervisory authority: President of the Office for Personal Data Protection, ul. Rates 2, 00-193 Warsaw, tel. 22 531 03 00, fax. 22 531 03 01, e-mail: kancelaria@uodo.gov.pl
§11. Relative rights of the persons whose data are processed
When we write about the rights related to the processing of your personal data, we refer to the following rights. The possibility of using them depends on the legal basis of the processing of personal data.
Right to withdraw consent to processing
If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. Naturally, the withdrawal of consent does not affect the lawfulness of the prior processing of personal data.
Right to data portability
You have the right to receive your personal data provided to us in a structured and commonly used machine-readable format. You also have the right to send this personal data to another administrator without any interruption on our site if the processing takes place:
・ on the basis of an agreement or a contract, and
・ by automated means.
When exercising your right to transfer your data, you have the right to request that your personal data be sent directly by us to another administrator, if technically possible. This right must not adversely affect the rights and freedoms of others.
Right to object
Where we process your personal data pursuant to Article 6(1)(a) f) GDPR, you have the right to object to the processing of this data for reasons related to your particular situation.
We must no longer process this personal data unless we show the existence of:
・ valid legitimate grounds for processing, which must override the interests, rights and freedoms of your person, or
・ grounds for the determination, recovery or defense of claims.
Also, if you object to the processing of your personal data for direct marketing purposes, we will not be able to process it for such purposes.
§12. Cookies Files - Introduction
The Store website uses cookies. These are commonly used, small files that contain a string of characters that are sent and saved to the end device (e.g. PC, laptop, tablet, smartphone) used when visiting the Store. This information is sent to your browser's memory, which sends it back at the next entrance to the website. We can categorize cookies using three methods of division.
In terms of the purpose of using cookies, we distinguish between three categories:
・ Necessary files - these files allow the website to function properly, as well as its functionality, e.g. security or authentication cookies. Without saving them on your device, you will not be able to use the website.
・ Analytical files - these files allow you to monitor the websites you open, traffic sources, time you stay on the website. Without saving them, the use of the website functionality will not be restricted.
・ Ad Files - These files allow you to view personalized ads inside or outside the web page. Without saving them, the use of the website functionality will not be restricted.
In terms of their validity, we distinguish between two categories of cookies:
・ session files - existing until the end of a given session,
・ persistent files - existing after the session is completed.
In terms of distinguishing between the operator of cookies, we distinguish:
・ our cookies,
・ third party cookies.
§13. Data Administrator Cookies Files
Cookies we administer allow you to:
・ Protecting the Store from hacker attacks
・ browser "memorizing" the contents of form fields (optional),
・ browser "memorizing" items added to the cart.
This makes it easier and more enjoyable to use Store functionality.
§14. Third party cookie files
The use of third party cookies is subject to the privacy and cookie policy applied by these third parties.
We use cookies administered by Google Inc. 1600 Amphitheater Pkwy, Mountain View, CA 94043, United States as part of the following services:
・ Google Ads - advertising files used to run and evaluate the quality of advertising campaigns conducted using Google Ads,
・ Google Analytics - Analytics files used to study user behavior and movement and to produce traffic statistics,
Collected by Google Inc. are anonymous and collective. In particular, they do not contain features identifying (understood as personal data) Store users. By using these services, we collect data such as sources of acquisition for users visiting the Store, and and how they are preserved on the Store's website, information about the devices and browsers they use, IP address, domain, demographic data (age, gender), interests and geographical data.
For more information, see here: https://policies.google.com/technologies/cookies?hl=pl
We use advertising pixel tags, used by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. These are elements published in digital content and allow for the recording of information, e.g. about the activity of the website, and also assess the effectiveness of advertising. Manage pixel tag Facebook Inc. is possible via Facebook, in its user panel
For more information, see here: https://www.facebook.com/policies/cookies/
The use of third party cookies is subject to the privacy and cookie policy applied by these third parties. The current third party rules in this regard can be found on the following websites and here: https://www.e-regulaminy.pl/biuletyn/polityki-prywatnosci-i-plikow-cookies/
§15. Permission to use and manage Cookies files
Excluding the necessary cookies, their processing is based on user consent.
The consent to the processing of cookies is voluntary and can be revoked at any time. However, it should be remembered that the lack of consent to the use of certain cookies may result in restrictions on the use of the Store and its functionality, and even prevent this use.
Permission to process cookies may be granted:
・ by means of the software settings installed in the telecommunications terminal equipment used by the user,
・ by using a button containing a statement of consent to the processing of cookies or confirmation of familiarization with its terms,
・ using the settings available in the web page area.
§16. Cache
When you use the Store website, we can use the cache installed on your device automatically. Within local memory, data can be stored intersessively, i.e. between consecutive visits to the Store website. The purpose of using the cache is to speed up the use of the Store by eliminating the multiple downloads of the same data from the Store, thereby overloading the user's internet connection. The cache can also store data such as the login password.
§17. References to other websites or software
The store may contain links to other websites or software. We are not responsible for the privacy policy and cookie processing policies that apply to these websites or software. We recommend that you read the privacy policy and cookies of these websites or software after entering them or before installing them.
§18. Changes to the Privacy Policy and Cookies Files
1. Privacy and cookies policy comes into force on the date of publication on the website of the Store.
2. The change of the Privacy Policy and cookies occurs by publishing its new content on the Store website.
3. Information on the change of the Privacy Policy and cookies shall be published in the area of the Store's website, not later than 3 days before the date of the start of the new wording.