Privacy Policy - AniOla BeautiSpace

1. General Information

This Privacy Policy sets out the rules for processing and protecting personal data of users of the AniOla BeautiSpace website available at www.aniola-beautispace.pl. The Policy has been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR).

2. Data Administrator

The administrator of personal data is AniOla BeautiSpace. For matters regarding personal data protection, you can contact us via the email address indicated in the Contact section or by mail to the Administrator's registered office address. The Administrator makes every effort to protect personal data against unauthorized access, loss, destruction or unauthorized modification.

3. Types of Processed Data

The Administrator processes the following categories of personal data: identification data (first name, last name), contact data (email address, phone number, delivery address), order data (purchase history, shopping preferences), technical data (IP address, browser information, cookies) and in the case of a user account - login data (password in hashed form).

4. Purposes and Legal Bases for Processing

Personal data are processed for the following purposes: order fulfillment and contract performance (legal basis: contract performance Art. 6(1)(b) GDPR), handling complaints and returns (legal basis: contract performance Art. 6(1)(b) GDPR), sending newsletter (legal basis: user consent Art. 6(1)(a) GDPR), maintaining user account (legal basis: contract performance Art. 6(1)(b) GDPR), conducting statistics and analyses (legal basis: legitimate interest of the Administrator Art. 6(1)(f) GDPR), and ensuring website security (legal basis: legitimate interest of the Administrator Art. 6(1)(f) GDPR).

5. Data Retention Period

Personal data are stored for the period necessary to achieve the purposes for which they were collected, but not longer than the limitation period for claims or the period required by law (e.g., tax regulations - 5 years). Data processed on the basis of consent are stored until consent is withdrawn. After the retention period, data are deleted or anonymized.

6. User Rights

Each user has the right to: access their personal data (Art. 15 GDPR), rectification of data (Art. 16 GDPR), erasure of data "right to be forgotten" (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), object to processing (Art. 21 GDPR) and withdraw consent at any time (Art. 7(3) GDPR). To exercise their rights, the user may contact the Administrator. The user also has the right to lodge a complaint with a supervisory authority (Data Protection Authority).

7. Sharing Personal Data

Personal data may be shared with the following categories of recipients: payment service providers (payment processing), courier and postal companies (order delivery), IT service providers (hosting, technical support), marketing service providers (if consent to marketing has been given) and authorized authorities on the basis of legal provisions. All data recipients are obliged to maintain confidentiality and comply with personal data protection rules in accordance with GDPR.

8. Cookies and Tracking Technologies

The website uses cookies and similar technologies to ensure proper website operation, analyze website traffic and personalize content. Cookies can be persistent (remaining after closing the browser) or session-based (deleted after closing the browser). The user can change browser cookie settings at any time, but this may affect website functionality. Detailed information can be found in the Cookies Policy.

9. Data Security

The Administrator applies appropriate technical and organizational measures ensuring protection of processed personal data against unauthorized access, loss, destruction, modification or unauthorized disclosure. In particular, SSL/TLS encrypted connections are used, passwords in hashed form, regular backups and access control to data. All data are processed in accordance with current security standards.

10. Transfer of Data Outside the EEA

In the case of transferring personal data outside the European Economic Area (EEA), the Administrator ensures appropriate legal safeguards, including standard contractual clauses approved by the European Commission or other appropriate mechanisms consistent with GDPR. The user will be informed about any transfer of data outside the EEA.

11. Changes to the Privacy Policy

The Administrator reserves the right to make changes to this Privacy Policy. Users will be informed about any changes by publishing an updated version on the website. In case of significant changes, users will receive an additional notification by email. Continued use of the website after changes are made means acceptance of the new Privacy Policy content.

12. Contact

For matters regarding personal data processing and exercise of user rights, you can contact the Administrator: via the contact form available on the website, at the email address indicated in the Contact section or by mail to the Administrator's registered office address. The Administrator responds to all inquiries within 30 days of receiving the request.