Privacy Policy
The websites of the online store www.danucera.pl and www.danucera.eu (hereinafter: "Websites") are used to provide information about DANUCERA sp. z o.o., its offered products and services, to enable placing orders in the online store, and to contact customers and interested parties.
At the same time, DANUCERA sp. z o.o. conducts stationary service activities within DANUCERA SPA (hereinafter: "SPA"). In connection with this activity, personal data may also be collected and processed outside the Websites – in particular during appointment bookings (e.g., via Booksy, by phone, or in person), during the provision of services at the salon, in the payment/deposit handling process, and as part of handling complaints and pursuing or defending claims.
The information we collect in connection with the use of the Websites and SPA services may be used by us in connection with our business activities, in particular for sales, organizational, accounting, and – if applicable – marketing purposes related to our products and services.
This Privacy Policy covers all data collected through our Websites and provided to us directly or indirectly in connection with our business activities. The Privacy Policy also contains information about data security and our rights regarding access to and supervision over the information provided to us.
To ensure the highest standards of service in terms of personal data security and protection, we implement all guidelines required by law, including, among others, Data Protection Impact Assessment (DPIA).
INFORMATION ON THE PERSONAL DATA CONTROLLER
The controller of your personal data is DANUCERA sp. z o.o. with its registered office in Warsaw at ul. Górnośląska 16 lok. 33, 00-432 Warsaw, entered into the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register under KRS number 0001097617 (hereinafter: Data Controller);
You can contact us directly by sending correspondence to our registered office address:
DANUCERA sp. z o.o.,
ul. Górnośląska 16 lok. 33, 00-432 Warsaw
or/and by sending an email to kontakt@danucera.pl, listed on the website www.danucera.pl/kontakt.
INFORMATION ON THE DATA PROTECTION OFFICER
Our Data Protection Officer is Ms. Anika Karpińska. Contact with the Data Protection Officer regarding the Privacy Policy is possible via email: kontakt@danucera.pl or by sending correspondence to the address of our company's registered office:
DANUCERA sp. z o.o., Data Protection Officer
Górnośląska 16 lok. 33, 00-432 Warsaw
INFORMATION ON THE PURPOSES OF PERSONAL DATA PROCESSING
Your personal data may be collected and processed by DANUCERA sp. z o.o. both through our Websites (www.danucera.pl, www.danucera.eu) and the online store, as well as outside them – in particular in connection with stationary SPA activities (e.g., during appointment bookings via Booksy, by phone or in person, during the provision of services at the salon, when handling payments/deposits, and as part of handling complaints and pursuing or defending claims).
Within the activities of DANUCERA sp. z o.o. (online store and SPA), we may process data of, among others: store customers, individuals booking appointments, employees, senders and recipients of correspondence, contractors, individuals filing complaints or inquiries. Data processing most often occurs in connection with the performance of a contract or taking action prior to its conclusion (e.g., placing an order in the store, booking an appointment), fulfilling obligations arising from legal provisions (e.g., tax and accounting), and for the purpose of establishing, pursuing, or defending against claims.
Detailed information regarding personal data processing can be found in this Privacy Policy and in the documents posted on our website, such as: the Information Clause of the online store, the Information Clause of the SPA Salon, the Online Store Regulations, the SPA Regulations, and the Cookies Policy.
INFORMATION ON THE METHODS OF PERSONAL DATA PROCESSING
Personal data collected through the online store website www.danucera.pl, for which DANUCERA sp. z o.o. is the Data Controller, is obtained by us directly through forms, email messages, or based on connections established by web browsers with our server.
In connection with running a stationary SPA business, personal data may also be collected and processed outside the websites – in particular during appointment bookings (e.g., via Booksy, by phone or in person), during the provision of services at the salon, when handling payments and deposits, as well as part of handling complaints and pursuing or defending claims. If, before a treatment, we collect information about contraindications or other health-related data (e.g., in a questionnaire), we process it solely to ensure the safety of the treatment and based on the explicit consent of the client.
During the provision of services at the SPA, we may take "before" and "after" photos of treatments. This documentation serves to document the course and effects of the treatment, ensure continuity and quality of services, and handle potential complaints and establish, pursue, or defend claims.
CCTV monitoring may be used within the SPA premises to ensure the safety of persons present in the salon and to protect property. Monitoring is conducted to the extent necessary to achieve these purposes, and the monitored area is marked with appropriate information.
We primarily process this data using automated IT systems, and in the case of data obtained from written correspondence or documentation maintained in the salon (e.g., forms/questionnaires) – also manually.
On our websites, third parties also place information in the form of cookies and gain access to them. Third parties are our trusted partners with whom we constantly cooperate to adapt the advertisements we target to your needs and interests.
DIRECT COLLECTION OF PERSONAL DATA
Personal data for which we are the Data Controller is collected directly from you, among other things, during the online store order placement process, when booking an appointment at the SPA (via Booksy, by phone or in person), during email or phone contact, and in written correspondence. This data primarily includes information declared by the data subject, such as name and surname, email address, phone number, delivery address (for orders), invoicing details, and other data provided by you during the order placement or booking and service provision.
In the case of providing other services (both through our Websites and stationary at the SPA), we may ask you to provide additional data only when it is necessary for the proper provision of the service, fulfillment of obligations resulting from legal provisions, or when you give your consent.
COLLECTION OF PERSONAL DATA DURING SERVICE USE
While using our websites, we also collect data provided by you through your browser or other mobile/teleinformatic device you use to connect to the Internet. This data primarily concerns how you use our websites and is used to monitor interest in our products, offers, and services, improve implemented solutions, or customize content and product and service offers. This information may include your IP address, internet connection, web browser type, operating system type, the time you spend on our websites, and the offers you select or view.
INFORMATION ON THE LEGAL BASES FOR PERSONAL DATA PROCESSING
The Data Controller processes the collected personal data in connection with its sales and service activities, including customer service for the online store and stationary SPA activities. If we conduct marketing activities related to our products or services, the processing of data in this regard takes place only to the extent permitted by law and based on consent.
The legal basis for processing personal data for communication purposes (e.g., responding to inquiries, correspondence, contact regarding an order or appointment) and for evidentiary purposes is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting of maintaining documentation and the need to establish, pursue, or defend against claims.
Personal data may also be processed by us:
- for the purpose of performing a contract or taking steps prior to entering into a contract (e.g., placing and fulfilling an order in the store, booking and performing SPA services) – Article 6(1)(b) GDPR,
- in connection with the fulfillment of obligations arising from legal provisions (e.g., tax and accounting) – Article 6(1)(c) GDPR,
- based on consent – to the extent that consent has been given (Article 6(1)(a) GDPR), and in the case of health-related data (e.g., information about contraindications to a treatment collected in a SPA questionnaire) – based on explicit consent (Article 9(2)(a) GDPR), solely to ensure the safety of the treatment,
- for the purpose of creating "before/after" photographic documentation of treatments as part of the SPA service provision, ensuring continuity and quality of services, and handling potential complaints – Article 6(1)(b) GDPR and Article 6(1)(f) GDPR,
- for the purpose of disseminating images for marketing purposes (e.g., publication on Websites, social media, or in promotional materials) – based on consent (Article 6(1)(a) GDPR),
- to ensure the safety of persons and property (CCTV monitoring) – Article 6(1)(f) GDPR.
More detailed information on this topic can be found in the relevant documents, i.e., the Information Clause, as well as the regulations concerning the online store and the SPA Salon.
INFORMATION ON THE PERIOD OF PERSONAL DATA PROCESSING
Personal data processed based on consent will be processed by us until the consent is withdrawn or an objection to further processing is lodged.
Personal data collected in connection with correspondence will be processed by us until the statute of limitations for establishing, pursuing, or defending against claims expires.
Personal data processed in connection with the provision of services will be processed by us for the duration of the Service, to the extent necessary for its proper performance, and after this period, only to the extent necessary to fulfill obligations arising from legal provisions and in connection with any potential claims or defense against claims.
Personal data processed as part of video surveillance is generally stored for a period not exceeding 30 days, unless the recording constitutes evidence in proceedings or is necessary to establish, pursue or defend claims – in which case, until the final conclusion of the case.
More detailed information on this topic can be found in the relevant documents, i.e. the Information Clause, which we include within this Privacy Policy or make available directly each time personal data is collected.
INFORMATION ABOUT RECIPIENTS OF PERSONAL DATA
Personal data will be made available primarily to our employees in accordance with their powers and authorizations to ensure proper handling of data processing, for the necessary time and scope.
Our Employees have been trained in the personal data processing principles applicable at DANUCERA sp. z o.o., applicable legal provisions regarding personal data processing and protection, and have been obligated to maintain the confidentiality of this information.
In justified cases, personal data may also be shared with trusted cooperating entities, solely for purposes related to the provision of the service or ensuring its proper provision.
If consent is given for the use of an image for marketing purposes, the recipients of the data may also be social media platform operators on which we publish materials (acting as separate administrators).
Monitoring recordings may be made available to entities operating the monitoring system and – in justified cases – to authorized bodies or entities participating in proceedings concerning the establishment, pursuit, or defense of claims.
Due to the use of certain service providers (e.g., IT solutions, communication tools, or hosting), your data may be transferred outside the European Economic Area. In such cases, we ensure an adequate level of data protection, in particular by using standard contractual clauses approved by the European Commission or other mechanisms compliant with the GDPR.
Personal data may also be disclosed to our Data Protection Officer, in situations where it is necessary for the Data Protection Officer to perform duties stipulated in legal provisions and internal procedures.
RIGHTS OF INDIVIDUALS PROVIDING THEIR DATA
We provide all possible and available technical and organizational measures so that data subjects can freely exercise their rights. Therefore, we ask that all requests and demands regarding the exercise of data subjects' rights arising from legal provisions be sent to our email address: kontakt@danucera.pl
In justified cases, due to proper identification of the person, we may ask you to provide additional information or necessary documents confirming your identity. All requests related to the exercise of your rights should be reported directly to the Personal Data Controller, and if we process your personal data as a Processor, i.e., on behalf of another Personal Data Controller, we will immediately provide you with relevant information in this regard.
- Right to freely express or withdraw consent to data processing
You have the full right to freely express or withdraw consent to the processing of personal data. If your personal data is processed based on your consent, we will provide you with the option to withdraw it at any time.
Withdrawal of consent will take effect immediately from the moment of this action and will not affect the processing of data that took place before its withdrawal.
Withdrawing consent does not entail any negative consequences for you, but it may prevent further use of the Services or our Websites in the manner we specify.
- Right to access personal data
You have the right to access the personal data you have provided to us. We implement this right primarily through electronic communication by providing you, upon request, with information about what data you have provided to us and what data we currently hold.
Upon your request, we can provide you with copies of the information we hold in a readable format. We do not charge a fee for the preparation, processing, and issuance of the first copy of the data.
- Right to rectification of personal data
You have the right to correct (rectify) or complete your personal data. We implement this right primarily through electronic communication, enabling you to provide information about changes to your personal data.
- Right to erasure of personal data
You have the right to request the erasure of your personal data. We implement this right based on an explicit request to erase data. A request for erasure of personal data may result in the cessation of the Service or the use of services and tools provided by us or our trusted Partners. You have the right to erasure of data in situations where:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw consent on which the processing is based and there is no other legal ground for the further processing;
- the personal data has been unlawfully processed;
- the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
However, the exercise of the right to request the erasure of personal data may be limited if such processing is necessary for us to fulfill a legal obligation or to establish, pursue, or defend against claims.
- Right to restriction of personal data processing
You have the right to request the restriction of the processing of personal data. We implement this right based on an explicit request for restriction of processing, along with justification.
You have the option to exercise the right to restriction of personal data processing in situations where:
- you contest the accuracy of the provided personal data - for a period enabling us to verify the accuracy of the contested data;
- the processing of personal data is unlawful, but you oppose the erasure of your personal data;
- the personal data we process is no longer needed for the purpose for which we processed it, but is required by you for the establishment, exercise, or defense of legal claims;
- you object to the processing of personal data due to a particular situation, as indicated in personal data protection regulations.
- Right to object to personal data processing
You have the right to object to the processing of your personal data. We exercise this right based on an explicit objection you provide regarding the processing of your personal data.
- Right to data portability
You have the right to request the transfer of your personal data to another service provider. For security reasons and due to the lack of data portability standards, we provide you with a copy of the personal data received.
- Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint regarding the processing of your personal data with the supervisory authority, i.e., the President of the Personal Data Protection Office, ul. Stawki 2; 00-193 Warsaw.
Our goal is to ensure the highest standards in maintaining the Privacy Policy and protecting your personal data. We guarantee you the ability to exercise your rights under personal data processing regulations. For your safety and to clarify any doubts, we kindly ask you to first contact our Data Protection Officer to resolve any dispute via email: kontakt@danucera.pl
The above rights and their implementation may, in justified cases, be subject to limitations. Such a situation will occur if the limitation results from legal obligations to which we are bound. In such a case, we will provide you with appropriate information along with the justification for our decision.
INFORMATION ON THE OBLIGATION TO PROVIDE DATA
The provision of certain personal data is necessary for us to properly provide our Services or to fulfill a request or notification. Applying the minimization principle, we do not collect more data than necessary for their execution. Each time additional personal data is necessary for a specific purpose, you will receive appropriate information directly or this information will be provided in the relevant Information Clause.
Failure to provide the required information may result in the restriction or cessation of our Services or the fulfillment of a request or notification.
Persons reporting adverse events concerning our products may be additionally required to provide more data if such data is required by law.
INFORMATION ABOUT BOOKING TOOLS (BOOKSY)
When booking an appointment via external booking tools (Booksy), your data may be processed by both the Administrator and the tool provider – in accordance with its terms and conditions and privacy policy.
The Administrator processes data for the purpose of managing bookings, organizational contact, and providing SPA services. The tool provider may also process data as a separate administrator – within the scope of the platform's operation. Detailed rules for data processing by the tool provider can be found in its documents.
INFORMATION ON AUTOMATED DATA PROCESSING
Both our websites and the IT tools we use to provide our Services are based on IT systems in which personal data processing processes occur in an automated manner.
This processing may be combined with profiling. Profiling of visitors to our websites is carried out in a way that does not cause any negative legal, financial, or other consequences. The actions we undertake in the area of automated personal data processing and profiling are aimed at improving the quality of our services, products, and tailoring our offer to the expectations of our Customers.
- Information on profiling
In order to adapt the offer, improve functions, and increase the functionality of our websites and the tools we provide, we collect and process information about how users of our websites use our site and what products and services they are interested in.
Information is also used for statistical and analytical purposes and may be used for automatic offer matching processes, including for marketing our products and services.
- Information on cookies
Cookies are a type of technology that saves data and collects it from the devices you use when visiting our websites, using our solutions, tools, and Services available via a web browser, or reading emails referring to websites (containing graphic elements). In addition to cookies, together with the providers of tools and services we use, we employ other available technologies that allow information to be saved in your system/web browser in appropriate data stores (Session Storage, Local Storage, IndexedDB).
On our websites, we may place code snippets of analytical tools provided by other providers, which allow cookies to be saved in the domains of these services. These solutions help us monitor the quality of our websites and our Services, their operation, and monitor the activities of Customers and Users.
Cookies and similar technologies other than those strictly necessary are generally activated after obtaining the User's consent expressed in the cookie banner/panel. Consent can be withdrawn or changed at any time in the cookie settings available on the Websites. Limiting the use of cookies may affect the operation of some Website functions.
Below is a description of the types of cookies and similar technologies used on our sites.
|
Technology type and description of use |
|
PERMANENT COOKIES Permanent cookies are created in the user's system/browser after the first visit to a given website or performing a specific action. Permanent cookies, unlike session cookies, are not deleted at the end of the user's session. Permanent cookies are automatically deleted by the user's browser after a certain period. They can also be manually deleted by the user. |
|
SESSION STORAGE Information from the browser's Session Storage is saved and read only at the explicit request of the server sent to the web browser user. Data collected in Session Storage is deleted, similar to session cookies, when the browser window is closed. |
|
LOCAL STORAGE A data store that is an internal database of the web browser used to store large amounts of data. This store allows data to be stored in structured form and as files. Data is stored as objects, access to which is limited only to the appropriate domain or subdomain sources from which they were saved. |
We use cookies and similar technologies to improve the effectiveness of our websites and services offered, and to provide our Customers with a more refined product offer tailored to their expectations and preferences.
|
PURPOSE |
TYPE OF TECHNOLOGY |
SCOPE OF USE |
|
Analytics and statistics |
Cookies Local Storage Session Storage IndexedDB |
Information processed in these data stores is used for conducting analyses, developing statistics, monitoring User and Customer behavior on the Website and Services, and presenting our advertisements (on our Website and on other sites operated by marketing platforms we use), which ultimately serves to improve the Website and Services. |
|
User authorization |
Cookies |
Information processed in these data stores is used for user authorization in the IT system. Thanks to the information contained in these data stores, we are able to properly recognize the user. |
|
Service configuration |
Cookies Local Storage |
Information processed in these data stores is used to store preferred settings that you have selected within the Service and Services. Thanks to the information contained in these data stores, we can remember the settings and configurations of the service and services and selected elements, page views. |
|
Interface language settings |
Cookies Local Storage |
Information processed in these data stores is used to store the language settings of the service or services that you have selected. Thanks to the information contained in these data stores, we can always present you with the correct language version. |
|
Advertising |
Cookies |
Information processed in these data stores is used to provide Users and Customers with general and personalized advertisements tailored to their preferences. |
The analysis of data recorded in our analytical systems based on the use of cookies and similar technologies shows us which content is most interesting for visitors to our websites.
At the same time, the use of anonymous cookies and similar technologies allows us to present better content without the need to send surveys and conduct trial-and-error actions or choice tests.
Thanks to the use of cookies and similar technologies, we are able to determine what we should improve and what elements to avoid on our websites, making our websites more user-friendly.
PURPOSE OF USING COOKIES AND OTHER TECHNOLOGIES
Below, we describe in detail the purposes of using individual technologies.
CHANGING COOKIE SETTINGS
If a user of our websites is not interested in our automated processing of information based on cookies or other similar technologies, they can change the default browser settings.
Changing cookie settings in the most popular search engines is possible at the following addresses:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Opera: https://help.opera.com/en/latest/web-preferences/#manageCookies
Safari: https://support.apple.com/kb/ph21411?locale=en_US
Microsoft Edge: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Internet Explorer: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer
LIST OF TRUSTED PARTNERS' SERVICES
On our pages, third parties also place information in the form of cookies (so-called "ciasteczka") and gain access to them. Third parties are our trusted partners, with whom we constantly cooperate to tailor advertisements to your needs and interests.
The current list of services of our trusted Partners and Service Providers, whose scripts we place on our websites to save information in cookies and in information stores using other technologies, and to whom we may transfer your personal data in connection with the provision of information society services.
|
SERVICE |
WEB ADDRESS |
POLICY |
|
Shopify |
shopify.com |
|
|
Przelewy24 |
przelewy24.pl |
|
|
Stripe |
Stripe.com |
|
|
PayPal |
paypal.com |
|
|
Fakturownia |
fakturownia.pl |
|
|
Baselinker |
baselinker.pl |
|
|
Booksy |
More detailed information on cookies can be found in the Cookie Policy section and in the cookie notices appearing on our website www.danucera.pl and www.danucera.eu in connection with the Privacy Policy.
FINAL PROVISIONS
The Administrator may introduce changes to this Privacy Policy, particularly in the event of changes in Website functionalities, changes in service providers, changes in business processes, or changes in legal regulations. The current version of the document is published on the Websites.
