top of page

Privacy policy

§ 1. General provisions
 

This Privacy Policy sets out the privacy rules and the principles for processing personal data of persons using the website and the services offered via the website operated on the Internet at elektroepilacja.pl (hereinafter: the “Service”). The Service is operated by ELEKTROEPILACJA.PL SP. Z O.O., with its registered office in Warsaw at ul. Grzybowska 87, 00-844 Warsaw, entered in the register of entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number 0001064299, REGON 526700960, NIP 5273080710, which is the controller of personal data (hereinafter: the “Controller”) collected, processed and used in connection with users’ use of the Service (hereinafter: “Users” or individually a “User”). The Controller can be contacted by e-mail: contact@elektroepilacja.pl or by traditional mail at: ELEKTROEPILACJA.PL SP. Z O.O., ul. Grzybowska 87, 00-844 Warsaw. The Controller has appointed a Data Protection Officer who can be contacted by e-mail: iod@elektroepilacja.pl or by traditional mail at: ELEKTROEPILACJA.PL SP. Z O.O., ul. Grzybowska 87, 00-844 Warsaw.
 

The Controller operates in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”), including in particular: adequately securing Users’ personal data against unlawful access by third parties, in particular encrypting personal data, archiving personal data, assessing security measures for personal data, and ensuring the confidentiality, integrity, availability and resilience of processing systems and services.

 

§ 2. Purposes and legal bases for processing personal data within the Service
 

Use of the Service’s functionalities may involve the Controller collecting and processing Users’ personal data. User data entered into the Service is the User’s property. Information and data about Users is collected to enable Users to use the Service’s functionalities. User data collected and processed by the Controller includes the following types of personal data: first name, last name, date of birth, contact phone number, e-mail address — in the case of a User who is a natural person; company name, company address details, NIP number — if the User expresses the wish to receive a VAT invoice confirming the purchase of services via the Service. The Controller processes User data for the following purposes:

  • to use the Service’s functionalities and provide the services offered by the Service, including in particular comprehensive electrolysis services, providing cosmetic advice and consultations as well as other treatments and services offered by the Service, and to make settlements — in order to perform a contract concluded with the User or to take steps at the User’s request prior to concluding it (Article 6(1)(b) GDPR);

  • to conclude and perform an agreement for the provision of services by electronic means offered in the Service, in particular to maintain and operate the User’s account, submit and execute treatment bookings, and make settlements — in order to perform a contract concluded with the User or to take steps at the User’s request prior to concluding it (Article 6(1)(b) GDPR);

  • to fulfil legal obligations incumbent on the Controller, in particular for accounting and tax purposes (Article 6(1)(c) GDPR);

  • for contact purposes, i.e., receiving and handling submissions and enquiries sent via the contact form, e-mail, phone, chat or other means of distance communication — on the basis of the Controller’s legitimate interest in responding to an enquiry (Article 6(1)(f) GDPR);

  • to potentially establish, pursue or defend claims, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR);

  • for evidentiary and archival purposes, including for maintaining documentation of the Controller’s business activity and safeguarding information in case facts need to be proven for legal purposes, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR);

  • for analytical purposes, including in particular examining User satisfaction, adjusting the Service’s offer to Users’ expectations, and improving the quality of services provided, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR);

  • to offer the Controller’s own products and services directly to Users (direct marketing and remarketing), including selecting them to match User needs by means of profiling, which, however, will not significantly affect the User’s situation nor produce legal effects concerning them — which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR);

  • to receive commercial information regarding the Controller’s own goods or services by electronic means or to transmit marketing content via telecommunications terminal equipment (by phone) — on the basis of the User’s consent (Article 6(1)(a) GDPR and Article 10(2) of the Act of 18 July 2002 on the provision of services by electronic means and Article 172(1) of the Act of 16 July 2004 Telecommunications Law).
     

To the extent that the User’s data processed by the Controller may include special categories of data — health data — the Controller processes such data solely for the purpose of providing comprehensive electrolysis services, providing cosmetic advice and consultations, and maintaining personal files; the legal basis for processing the User’s data is consent pursuant to Article 9(2)(a) GDPR. Providing such data and consenting to the processing of health data is voluntary; however, failure to provide such data or to give consent will result in the inability to perform the procedure or provide the service. Such consent may be withdrawn at any time, without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
 

Direct marketing by the Controller using terminal equipment (in particular mobile and landline phones, tablets, computers) and automated calling systems, to the phone number and e-mail address provided by the User, consisting in receiving marketing messages about the Controller’s products and services and marketing campaigns organized by the Controller, as well as sending commercial information regarding goods or services offered by the Controller to the e-mail address indicated by the User, within the meaning of the Act of 18 July 2002 on the provision of services by electronic means (consolidated text: Journal of Laws of 2020, item 344) or by phone within the meaning of the Act of 16 July 2004 Telecommunications Law (Journal of Laws of 2024, item 34), requires the User’s separate consent under Article 6(1)(a) GDPR. Providing data and granting consent are voluntary. Such consent may be withdrawn at any time — the User may at any time resign from receiving further commercial information by phone using the hotline number provided on the website, or by contacting the company by e-mail: contact@elektroepilacja.pl or in writing to the address indicated in § 1(3) or (4) above.

 

§ 3. Users’ rights
 

The User has the right to:

  • access their data and obtain a copy of it;

  • rectify (correct) their data;

  • erase data — if, in the User’s opinion, there are no grounds for the Controller to process their data;

  • restrict processing — if, in the User’s opinion, the Controller holds incorrect data about them or processes it without grounds; or the User does not consent to the erasure of data due to the need to establish, pursue or defend claims; or for the period of the User’s objection to processing;

  • object to processing for direct marketing purposes, including profiling, and object to processing based on legitimate interest for purposes other than direct marketing;

  • data portability — the User has the right to receive from the Controller, in a structured, commonly used and machine-readable format, their personal data which they provided to the Controller on the basis of a contract or consent; the User may also instruct the Controller to transmit those data directly to another entity;

  • lodge a complaint with a supervisory authority — if the User believes the Controller processes their data unlawfully, they may lodge a complaint with the President of the Personal Data Protection Office (PUODO) or another competent supervisory authority;

  • withdraw consent to the processing of personal data — at any time the User has the right to withdraw consent to processing of those personal data that the Controller processes on the basis of the User’s consent; withdrawal of consent will not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

The User provides all data voluntarily and knowingly.
 

§ 4. Recipients of data and transfer of data to third countries or international
organizations
 

The following categories of entities may have access to the User’s personal data:

  • authorized employees and associates of the Controller;

  • partners cooperating with the Controller and the Controller’s partners who, under a separate agreement, operate electrolysis salons under the Controller’s brand and who, depending on the nature of cooperation, may also be separate controllers;

  • service providers supplying the Controller with technical and organizational solutions enabling the provision of services and functionalities (in particular courier and postal service providers, IT services, marketing services, legal and advisory service providers, and their authorized employees and associates);

  • entities performing data analytics to personalize advertising and acting as separate controllers for that purpose, in particular Google LLC; more information on data protection rights can be found at: https://policies.google.com/privacy;

  • authorized public authorities — on the basis of applicable law, in particular in the fight against fraud and abuse.
     

Outside the cases indicated above, the Controller will not transfer nor allow the transfer of personal data provided by the User outside the EEA unless it takes the measures necessary to ensure that the transfer complies with the GDPR. Such measures may include, in particular, transferring personal data to a recipient in a country which, according to a European Commission decision, ensures an adequate level of personal data protection, or transferring personal data on the basis of standard contractual clauses approved by the European Commission.
 

In operating the Service, the Controller uses Google services, where Google is a separate controller of Users’ personal data. The Controller promotes its services using Google AdWords. Data collected about Users helps better target advertising and promotion of the Service owner and is also used to develop remarketing campaigns. The Controller makes special efforts to encourage Users to visit the Service. Therefore, to improve its services and enhance the Service, it collects, in an anonymous form via Google Analytics, information about the User’s technical profile.
 

The Controller may also collect statistical data on the popularity and use of particular services offered by the Service and share them with other entities. Such data will be shared only anonymously and in aggregate form, without the possibility of identifying Users’ personal data on that basis. The Controller may also use the collected statistical data for marketing, informational, statistical purposes and for publication in media such as the Internet, press, radio, television, mobile and landline telephony.

 

§ 5. Processing of minors’ data
 

The Service is not designed for or addressed to persons under 16 years of age.

 

§ 6. Data retention period
 

Personal data provided by the User will be processed for as long as necessary to achieve the purposes for which it was collected. The retention period is not strictly fixed and depends on many factors, including the User’s decisions regarding use of the Service. Nevertheless, this period will not be longer than:

  • for data processed in connection with performance of contracts concluded with the Controller — for the duration of those contracts and after their termination for the period resulting from legal provisions on limitation of claims, meaning a maximum of 6 years from the date of contract termination;

  • for data processed to fulfil legal obligations incumbent on the Controller, including tax and accounting law — for the period and to the extent required by law, no longer than 5 years from the date the contract ceases to be in force;

  • for data processed on the basis of the Controller’s legitimate interest — until those interests are fulfilled or until the User objects to processing in this manner;

  • for data processed on the basis of the User’s consent — until the User withdraws that consent.

     

§ 7. Cookies
 

The Service automatically collects only the information contained in cookies, as referred to below. As a result of using the Service, text files (so-called cookies) may be stored on the user’s device to facilitate access to and use of the Service. Cookies are also used to examine the User’s preferences and behaviour, enabling personalized content in the Service and improving its functioning. Data collected via cookies is also used for statistical purposes.
 

The User may disable the placement and storage of cookies using their web browser. The method depends on the browser used. Detailed information on cookie handling options is available in the settings of the software (web browser).
 

Information on cookie management in specific browsers can be found on dedicated pages of those browsers. The company may store two types of cookies: “session” cookies and “persistent” cookies. “Session” cookies are temporary files that remain on the user’s device until logging out of the website or closing the browser. “Persistent” cookies remain on the device for the period specified in the cookie parameters or until manually deleted by the user.
 

Cookies placed on the User’s terminal device may also be used by advertisers and partners cooperating with the Controller. Cookies may be used to display advertisements tailored to the User’s use of the Service. The User may browse and edit information resulting from cookies using available online tools.

The Controller notes that restricting the use of cookies may affect some functionalities available in the Service and, in extreme cases, may make it impossible to use the Service.

 

§ 8. Changes to the Privacy Policy
 

The Controller reserves the right to update and modify this Privacy Policy, especially in the event of the evolution of Internet technologies, changes in regulations on personal data protection, or the development of the Service. Users will be informed of any changes in a clear and understandable manner so that they are aware of the modifications introduced.

bottom of page