Privacy Policy

§ 1 GENERAL PROVISIONS

Online Store Privacy Policy https://lumanails.pl/ is a set of rules regarding the processing and protection of personal data by the Administrator in the Online Store, including the basis, purposes and scope of personal data processing, the rights of data subjects, as well as information on the use of cookies and analytical tools in the Online Store.

The administrator of personal data collected via the Online Store is Luma Nails Luiza Matyjaszkiewicz, ul. Wernera 5/15, 26-610 Radom – hereinafter referred to as the "Administrator".

Personal data in the Online Store are processed by the Administrator in accordance with applicable legal provisions, in particular:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the resolution of Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR",
  
  

• The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2019, item 1781),
  
  

• Act of 14 December 2018 on the protection of personal data processed in connection with the prevention and combating of crime (Journal of Laws 2019, item 125),
  
  

• The Act of 18 July 2002 on the provision of services by electronic means (consolidated text: Journal of Laws of 2020, item 344),
  
  

• The Act of 16 July 2004 – Telecommunications Law (consolidated text: Journal of Laws of 2019, item 2460, as amended),
  
  

• The Act of 30 May 2014 on consumer rights (consolidated text: Journal of Laws of 2020, item 287),
  
  

• The Act of 23 April 1964, the Civil Code (consolidated text: Journal of Laws of 2020, item 1740).
  
  

The contact person for the protection of personal data on the part of the Administrator is Luiza Matyjaszkiewicz, to whom correspondence, including requests related to the implementation of the rights of the data subject, can be sent to the e-mail address: sklep@lumanails.pl.

The terms used in this Privacy Policy starting with a capital letter (e.g. Buyer) should be understood in accordance with their definitions contained in the Regulations of the Luma Nails Online Store, available on the Store's website.

§ 2 PURPOSE, SCOPE, BASIS AND PERIOD OF PERSONAL DATA PROCESSING

The Administrator processes personal data in the following cases:

1. For the purpose of providing marketing services relating to own products (Article 6(1)(f) of the GDPR), including:
   
   

• displaying marketing content that is not tailored to the customer’s preferences (contextual advertising),
  
  

• displaying marketing content tailored to the Client’s interests (behavioral advertising),
  
  

• sending e-mail notifications about offers or content containing commercial information,
  
  

• conducting activities related to direct marketing of goods and services,
  
  

• sending commercial information via e-mail, text messages, MMS, telephone and other advertising and telemarketing activities,
  
  

• provision of the newsletter service with the consent of the person concerned (Article 6 (1) (a) of the GDPR).
  
  

2. For this purpose, the Administrator processes the following data: name and surname, e-mail address, telephone number, until an objection is raised or in the case of the newsletter – until the consent is withdrawn.
   
   

3. In order to create a Customer account (Article 6, paragraph 1, letter a) of the GDPR) and to conclude and perform a contract, including handling claims (Article 6, paragraph 1, letter b) of the GDPR). The Administrator processes the following data: first and last name or company, e-mail address, telephone number, residential or registered office address, delivery address (if different from the residential or registered office address), Tax Identification Number, IP address, cookies, order number and bank account number. The data is processed for the period necessary to perform, terminate or expire a concluded contract or claim.
   
   

4. In order to handle messages via the contact form (Article 6, paragraph 1, letter a) of the GDPR), the Administrator processes the following data: first name and last name, e-mail address, telephone number, for the period necessary to respond and perform tasks related to the functioning of the Online Store or until the consent is withdrawn.
   
   

5. In order to provide the Online Booking service and execute the contract (Article 6, paragraph 1, letter b) of the GDPR), the Administrator processes the following data: name and surname, date of birth, e-mail address, telephone number, choice of dietetic center, type of visit, date of visit. These data are processed for the period necessary to execute, terminate or expire the concluded contract or claim.
   
   

6. For analytical and statistical purposes to improve the services provided and for security, including IT security and to prevent and combat fraud attempts (Article 6, paragraph 1, letter f) of the GDPR), the Administrator processes the following data: IP address or other identifiers and information collected via cookies or other similar technologies. This data will be processed for the period necessary to perform tasks related to the functioning of the Online Store or to clarify incidents.
   
   

7. In order to fulfill the obligations imposed on the entrepreneur by the relevant legal provisions (Article 6, paragraph 1, letter c) of the GDPR), the Administrator processes the following data: first name and last name, company name, e-mail address, telephone number, residential or registered office address, delivery address (if different from the private address or business address), tax identification number, order number and bank account number. The data will be processed for the period specified by law.
   
   

§3 RECIPIENTS OF DATA PROVIDED TO THE CONTROLLER

Buyers’ personal data may be transferred to the following recipients or categories of recipients:

1. Carriers, forwarders, couriers, postal operators – in the case of a Buyer who uses the method of delivery of the Product by post or courier in the Online Store. The Administrator makes the collected personal data of the Buyer available to the selected carrier, forwarder, intermediary or postal operator carrying out shipments on behalf of the Administrator, to the extent necessary to deliver the Product to the Buyer.
   
   

2. Entities handling electronic payments - Przelewy24 (provided by PayPro SA, ul. Kanclerska 15, 60-327 Poznań) in the case of a Buyer who uses electronic payments or a payment card in the Online Store. The Administrator makes the collected personal data of the Buyer available to the selected entity handling payments in the Online Store at the request of the Administrator, to the extent necessary to handle the payment made by the Buyer.
   
   

3. Service providers supplying the Administrator with technical, IT and organizational solutions enabling the Administrator to conduct business activities, including the Online Store and electronic services provided through it (in particular, suppliers of computer software, e-mail and hosting, and suppliers of software for managing the company and providing technical support to the Administrator). The Administrator makes the collected personal data of the Buyer available to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with the Privacy Policy.
   
   

4. Accounting, legal and advisory service providers providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company). The Administrator makes the collected personal data of the Buyer available to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with the Privacy Policy.
   
   

The transfer of personal data by the Administrator always requires the existence of at least one of the grounds indicated in the Privacy Policy. The Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.

§4 TRANSFER OF PERSONAL DATA TO OTHER ENTITIES, INCLUDING OUTSIDE THE EUROPEAN ECONOMIC AREA

1. The Administrator does not transfer the processed personal data to third parties, with the exception of entities processing personal data on behalf of the Administrator and in the event that such transfer is required by law (e.g. at the request of authorized state authorities). In such a case, the scope of the data made available is limited solely to the data necessary to achieve this purpose.
   
   

2. The entities with which the Administrator cooperates with your consent (Article 6 paragraph 1 letter a of the GDPR), including Google and Facebook, are based in the countries of the European Economic Area (EEA) or in Switzerland, which has been recognized as a country ensuring an adequate level of personal data protection. This means that the level of data protection in these countries is comparable to the level of personal data protection in Poland.
   
   

3. In the case of entities whose registered office is located outside the EEA, regardless of your consent (Article 49 paragraph 1 letter a of the GDPR), the Controller shall verify before starting cooperation whether these entities ensure an adequate level of protection of the processed personal data. This verification is carried out in accordance with Commission Decision (EU) 2010/87/EC of 5 February 2010 concerning standard contractual clauses for the transfer of personal data to entities processing data in third countries under Directive 95/46/EC, as well as based on the recommendations of the European Data Protection Board of 10 November 2020 (Recommendations No. 1/2020) regarding supplementary measures to ensure compliance with the level of protection of personal data in the EU.

§5 RIGHTS OF THE PERSON WHOM THE DATA SUBJECTS

The data subject has the following rights:

1. The right of access to personal data relating to an individual.
   
   

2. The right to rectify personal data if it is incorrect or incomplete.
   
   

3. The right to have personal data deleted (the so-called right to be forgotten), in cases provided for by law.
   
   

4. The right to restrict the processing of personal data in certain cases.
   
   

5. The right to transfer personal data provided to the Administrator in a format that enables them to be read and transferred to another administrator.
   
   

6. The right to withdraw consent to the processing of personal data, if the processing is based on consent. Withdrawal of consent affects the admissibility of processing personal data after their transfer, but does not affect the lawfulness of processing before the withdrawal of consent.
   
   

7. The right to object to the processing of personal data, including profiling, if the Controller bases the processing on legitimate interests, in accordance with Article 6 paragraph 1 letter f of the GDPR. The data subject has the right to explain the reasons for which he or she does not want his or her data to be processed. The Controller will analyze the notification and make an appropriate decision, ceasing or adapting the processing, or presenting important and legitimate reasons for continuing the processing.
   
   

8. The right to object to the processing of personal data for direct marketing purposes.
   
   

The data subject also has the right to lodge a complaint with the supervisory authority if he or she believes that the processing of his or her personal data violates the provisions of the GDPR.

In order to exercise the above rights, please contact the Administrator by sending an appropriate message to the Administrator's e-mail address indicated in § 1 section 2 or by using the contact form available on the Online Store website.

§7 COOKIES, OPERATIONAL DATA AND ANALYTICS

Cookies are small text information files that are sent by the server and saved on the user's device (e.g. computer hard drive, smartphone memory card), depending on the device used by the user. They usually contain the name of the website they come from, the time they are stored on the end device and a unique number. They may also contain personal data, such as the IP address and the unique identifier of the device saved in the file.

Cookies are used for the following purposes:

1. Enabling the use of specific website functions.
   
   

2. Creating statistics and analyses that help us understand how users use websites in order to improve their structure and content, which translates into a better user experience.
   
   

3. Adjusting the content of websites to the individual preferences of the user. Cookies allow the user's device to be recognized and the page to be displayed appropriately, tailored to their needs.
   
   

The Administrator may process data contained in cookies when users use the Online Store website for the following purposes:

1. Identification of Buyers as logged in users on the Customer Account and displaying that they are logged in.
   
   

2. Remembering products added to your shopping cart to place an order.
   
   

3. Remembering data from completed order forms or login details to the Customer Account.
   
   

4. Adjusting the content of the Online Store website to the individual preferences of the Buyer and optimizing the use of the website.
   
   

5. Maintaining anonymous statistics showing how the Online Store website is used.
   
   

6. Studying the behavior of visitors to the Online Store by anonymously analyzing their activities in order to create a profile and deliver advertisements tailored to their anticipated interests.
   
   

The Online Store uses two types of cookies:

• Session cookies – files that are deleted when you close the web browser window.
  
  

• Persistent cookies – files that are saved for a specified period of time on the device used by the user.
  
  

The following types of cookies are used in the Online Store:

1. Essential – basic cookies that enable the website to function properly and use its key features, such as logging in, browsing products and adding them to the basket, comparing purchase history. Without these files, we cannot provide services.
   
   

2. Functional – cookies that enable a more personalized use of the website. They allow for remembering selected settings and personalizing the user interface, e.g. language, region, appearance of the page. They can also be used to provide specific services, e.g. watching video content or leaving comments. Disabling these files may affect the functionality of the site.
   
   

3. Marketing cookies – these cookies enable us to deliver more relevant advertising to users, based on their interests. They may be used by us and/or our advertisers who combine information collected on our site with data collected as a result of your online activities. Deleting or deactivating these cookies will mean that advertising will still be displayed, but it may no longer be tailored to your preferences.
   
   

4. Analytical – cookies that collect information that helps analyze website traffic and usage. These cookies help us understand which pages users visit and how long they stay on them, which helps us improve our website.
   
   

Each user has the option to adjust cookie settings through their web browser settings, including limiting or completely disabling them. However, it should be remembered that disabling cookies may affect some of the site's functionalities. To read information about cookies used by the site, click the icon (usually a padlock) next to the site address and select "Cookies". After clicking, a list of cookies will appear, on which you can take action, e.g. block or delete selected files.

Changing cookie settings in popular browsers:

• Chrome: “Settings” > “Privacy & Security” > “Cookies and other site data.”
  
  

• Edge: “Settings” > “Privacy, Search, and Services.”
  
  

• Firefox: "Options" > "Privacy & Security".
  
  

• Safari: "Preferences" > "Privacy".
  
  

§8 PERSONAL DATA PROTECTION

The Administrator undertakes to protect the processed personal data in accordance with applicable law, including not disclosing them to third parties and to process them only for the purposes specified in this Privacy Policy. An exception is the situation in which personal data is made available to entities authorized to receive them under applicable law.

The Administrator declares that it makes every effort to provide the Buyer with a high level of security when using the Online Store. For this purpose, it applies appropriate technical and organizational measures, in particular:

• Ensuring the ongoing confidentiality, integrity, availability and resilience of data processing systems and services.
  
  

• Ensuring the ability to quickly restore the availability of and access to personal data in the event of a physical or technical incident.
  
  

• Regularly testing, measuring and evaluating the effectiveness of technical and organizational measures aimed at ensuring the security of data processing.
  
  

Any events affecting the security of the transmission of information and personal data, including suspicion of a security breach or disclosure of data to unauthorized persons, must be immediately reported to the Administrator at the following e-mail address: sklep@lumanails.pl.

§9 CHANGES TO PRIVACY POLICY

Due to changes in technology, law, including privacy law, online activity and the offer of the Lumanails.pl Store, the Administrator may introduce changes to the Privacy Policy. Each change will be published on the website with a new effective date. The current version of the Privacy Policy is effective from 26.05.2022.