PRIVACY POLICY

eBeauty24

We are pleased that you care about your privacy and want to read this document. We make every effort to ensure that the processing of Personal Data is carried out with respect for the privacy of individuals concerned and with care for the security of processed data, in accordance with this Privacy Policy.

We use technical and organizational measures to protect processed Personal Data, appropriate to the risks and categories of data protected, and in particular, we secure data against being disclosed to unauthorized persons, taken by an unauthorized person, processed in violation of applicable laws, and from alteration, loss, damage, or destruction.

§1. SEVERAL IMPORTANT INFORMATION AND DEFINITIONS

The data controller of Personal Data processed in connection with the use of the website https://ebeauty24.online is Dawid Gawłowski, operating under the business name DejvSoft Dawid Gawłowski, located in Opole – address: ul. Sieradzka 19/26, 45-304 Opole, VAT ID (NIP): 7543124313, Business Registry Number (REGON): 365096253;

Contact with the Data Controller is possible via email: [email protected].

Cookie Board - a computer program in the Application that manages cookies by displaying information about these files and providing the possibility for the User to consent to their use by the Administrator while using the Application.

Personal Data - information about an identified or identifiable natural person, i.e., a person who can be directly or indirectly identified, particularly by an identifier such as name, identification number, location data, internet identifier, or one or several specific factors defining the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person;

Software – for the purposes of this Policy, this refers to the internet browsers used to access the Service.

Cookies – are text files that the Service saves on the User's Device when it is used, which facilitate the use of the Application.

GDPR – refers to the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.

Partner Salon - a natural person, legal person, or organizational unit without legal personality, which in connection with its business or professional activity, has created an account on the eBeauty Planner service and offers its services to the Users of the Application.

Service/Application – the WWW site located at https://ebeauty24.online available on the Internet and on mobile applications for iOS and Android software.

Device - refers to the electronic device through which the User accesses the Service, including: PC computers, laptops, tablets, smartphones.

User – refers to every user of the eBeauty24 Application.

§2. WHAT PRINCIPLES DO WE APPLY TO DATA PROCESSING?

The Administrator adheres to the following principles of processing your Personal Data:

1. Processes Personal Data in accordance with the law, fairly, and in a manner that is transparent to the data subject,
2. Collects Personal Data for specific, explicit, and legitimate purposes and does not process them further in a way incompatible with those purposes,
3. Processes Personal Data in a way that is adequate, relevant, and limited to what is necessary for the purposes of processing,
4. Personal Data is processed by the Administrator in a proper manner and, where necessary, updated,
5. Keeps Personal Data in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed,
6. Only stores collected Personal Data on media that are secured against access by third parties,
7. Maintains the confidentiality of Personal Data.

§3. WHAT DATA DO WE COLLECT?

1. Name, email address, phone number;
2. Optionally, residential address and geolocation data;
3. Optionally, profile picture, gender, date of birth.

When you book an appointment at a Partner Salon, we receive additional data such as:

1. Date and time of the appointment;
2. Selected services at the Partner Salon;
3. Other information you provide during the reservation process.

When we make the indicated data available to the Partner Salon, it becomes an independent data controller that will process Personal Data for its own purposes (e.g., to perform the service). For detailed information, contact the respective Partner Salon.

§4. FOR WHAT PURPOSE DO WE PROCESS YOUR DATA?

We may process the Personal Data of Users and other individuals interacting with the Administrator or Users for the purposes of:

1. Performing the contract for electronic service provision within the Application, including creating a User account - the legal basis for processing Personal Data is the necessity of processing for the performance of the contract (Article 6(1)(b) GDPR);
2. Establishing contact and enabling the use of services provided by the Administrator or within the Application, including SMS reminders about reservations - the legal basis for processing is the legally justified interest of the Administrator (Article 6(1)(f) GDPR);
3. Fulfilling legal obligations incumbent on the Administrator, resulting in particular from tax laws and accounting regulations – the legal basis for processing is a legal obligation (Article 6(1)(c) GDPR);
4. Analytical and statistical purposes, including improving the functioning and utility of the Service – the legal basis for processing is the legally justified interest of the Administrator (Article 6(1) (f) GDPR);
5. Establishing and pursuing claims or defending against them – the legal basis for processing is the legally justified interest of the Administrator (Article 6(1)(f) GDPR);
6. Technical and administrative purposes, for ensuring the security of IT systems of the Administrator and managing these systems - in this respect, the legal basis for processing is the legally justified interest of the Administrator (Article 6(1)(f) GDPR);
7. Direct marketing of the Administrator's services – in this case, the legal basis for processing is the legally justified interest pursued by the Administrator or by a third party (Article 6(1)(f) GDPR);
8. Implementing new functionalities of the Application or developing existing ones – such processing of your Personal Data is necessary for the realization of the legally justified interest of the Administrator (Article 6(1)(f) GDPR).

We may also obtain Personal Data when, after a visit, you decide to add a review of the Partner Salon in the Application. The legal basis for processing the content of your review and the data you indicate in it - is Article 9(2)(a) GDPR. Remember that reviews will be publicly available in the Application for all visitors (not only logged-in Users). Reviews cannot be added anonymously.

§5. DO I HAVE TO PROVIDE MY DATA?

Providing Personal Data by the User is voluntary, but necessary for the provision of electronic services by the Administrator within the Application. The User may give separate consent to receive commercial, advertising, and marketing information from the Service Provider. The User can withdraw from receiving them at any time (withdraw their consent).

§6. ARE MY DATA TRANSFERRED OUTSIDE THE EEA?

The Administrator may transfer Personal Data to a third country, i.e., outside the European Economic Area (EEA), to enable Users from outside the EEA to use the services of the Application. This transfer may take place to:

1. Countries for which the European Commission has issued decisions on the adequacy of Personal Data protection (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) without the need to meet additional requirements;
2. Other countries, primarily based on Standard Contractual Clauses with the application of additional (technical and legal) safeguards or Binding Corporate Rules or based on Article 49(1)(c) GDPR, if the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the person whose data are concerned, between the Administrator and the User from outside the EEA.

§7. ARE MY DATA PROFILED?

Your Personal Data may be subjected to profiling, aimed at improving the offer, advertising services, reminders, or recommendations for Users who visit the Service. However, the Administrator does not take automated decisions against you that have legal effects or similarly significant effects. You can object to this type of data processing by sending an email to [email protected].

§8. WHO IS THE RECIPIENT OF MY DATA?

Your Personal Data may be used by certain third parties with whom the Administrator cooperates and who help fulfill his tasks. These entities are both service providers with whom the Administrator enters into data processing agreements and separate administrators, such as:

1. Partner Salon and its employees and associates;
2. Hosting provider (stores data on its server);
3. Mailing service provider (which stores your data if you subscribe to the newsletter);
4. Legal Advisor or Lawyer who provides legal services for the Administrator;
5. Service provider that provides technical support for the website if it is an external service provider and if this support involves areas where data are located;
6. Other subcontractors/service providers if their business requires access to Personal Data.

Due to the Administrator's use of services from providers using servers located in third countries, particularly in the United States (services such as Google, or programs used for online meetings) - there is a possibility that your Personal Data may be transferred outside the European Economic Area. We cooperate only with companies participating in the EU/US Data Privacy Framework, which guarantees that they adhere to high standards of Personal Data protection, in accordance with European regulations. Personal Data may also be transferred to authorized state authorities in connection with proceedings conducted by them, upon their request and after meeting the conditions confirming the necessity to obtain this data, in accordance with applicable legal provisions.

§9. WHAT RIGHTS DO I HAVE IN CONNECTION WITH DATA PROCESSING?

GDPR provides you with a range of possible rights concerning the handling of your Personal Data, which you can use. You have the right to:

1. Access your data and receive a copy of it;
2. Request rectification of the data, their deletion, or limitation of their processing;
3. Withdraw consent to the processing of your Personal Data, to the extent that the basis for processing your Personal Data is consent given earlier (withdrawing the given consent does not affect the legality of processing, which was applied based on consent before its withdrawal);
4. Data portability;
5. Object to the processing of data for marketing purposes, if processing is related to the legally justified interest of the Administrator, and for reasons related to your particular situation – in other cases, when the legal basis for data processing is the legally justified interest of the Administrator;
6. File a complaint with the supervisory authority that deals with Personal Data protection (if you believe that the processing of your Personal Data is unlawful, you have the right to file a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).
7. The rules related to the implementation of the above rights are described in detail in Articles 15 – 21 GDPR. If you have questions related to your rights or want to use them, contact the Administrator.

§10. HOW LONG IS MY DATA PROCESSED?

Your Personal Data is processed by the Administrator for the period necessary to achieve the purposes for which the data are processed or until the objection is considered if the basis for processing is the legally justified interest of the Administrator or withdrawal of consent if the basis for processing is expressed consent.

The period of data processing may be extended if processing is necessary to pursue any claims and defend rights (for the period of limitation of claims, which is a maximum of 6 years), or until the expiration of the obligation to store data arising from legal provisions (usually this is a period resulting from tax law regulations and is 5 years). After the processing period expires, data is irreversibly deleted or anonymized.

§11. ARE COOKIES USED IN THE SERVICE?

In our Application, we use necessary cookies to ensure smooth and convenient use of the Application. Our cookies are solely to facilitate your navigation of the Service and tailor it to your needs. Thanks to them, the Service can remember your settings.

We ensure that all cookies used in the Application are safe for your device. In the Service, we also use cookies for statistical purposes (including for counting visits to the Page/Tabs) or analytical purposes (e.g., to check the average length of a visit in the Application). On the Page, we use our own cookies as well as third-party cookies. The types of cookies used are session, persistent, and those set by other services such as Google Analytics.

Individual types of cookies used within the Service have been specified in the Cookie Board. You can change the settings related to cookies at any time. These settings can be changed, in particular, to block the automatic handling of cookies in the settings of your internet browser or device or to inform about their placement each time in the browser or device. In case of restriction or disabling of cookie access to your device, the use of the Service may be difficult and may disable some functionalities that require cookies. Detailed information about the possibilities and methods of handling cookies is available in the settings of your internet browser and in the Cookie Board.

You can manage cookie settings by blocking them or receiving notifications by changing the settings in your internet browser on the Device.

§12. WHAT ARE SERVER LOGS?

Server logs are records of information about what happens on the server. Server logs collect data such as:

1. Page queries: when you visit the Application, the server logs your request. It records information such as your IP address, the type of action you perform (e.g., opening a page), the page you visit, and the time you do it,
2. Error information: if any errors occur in the Application (e.g., the Service was not found), the server also records this. This allows the Administrator to fix problems and improve the Application,
3. Security issues: logs help detect dangerous attempts to access the server or other worrying activities.

Server logs are used, among other things, to maintain the security of the Application, analyze how it is used, and improve its operation. Data stored in server logs are not associated with specific individuals using the site and are not used by the Administrator to identify specific individuals. Server logs are usually used for administrative purposes, such as analyzing traffic on the page, diagnosing technical problems, ensuring security, and optimizing the operation of the Application. We respect your privacy, so this data is protected and used in accordance with applicable legal provisions.

§13. CHANGES TO THE POLICY

The policy is regularly verified and updated as necessary. This may be caused by changes in regulations or new technological solutions we introduce. As soon as something changes, we will let you know via the Application, so you are always up to date. The policy is effective from 01/05/2024. Here you can find its archived version.

Thank you for reviewing the Policy. If you have any questions about how we protect your data or would like to share your feedback with us, please write to the email address: [email protected]. We will try to assist you as quickly as possible!