- The owner of the store and at the same time the data administrator is Arkadiusz Pokornicki running a business under the name of EdithNails Arkadiusz Pokornicki. We are registered with the Information Commissioners Office and our registration number is ZA507054.
- Personal data collected by EdithNails via the Online Store is processed in accordance with Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data; repeal of Directive 95/46 / EC (general regulation on data protection), also referred to as the GDPR.
- Edith Nails makes special care to respect the privacy of customers visiting the Online Store.
§ 1 Type of data processed, objectives and legal basis
- Edith Nails collects information on persons conducting legal transactions not related directly to their activities, persons conducting business or professional activity on their own behalf, and persons representing legal persons or organizational units that are not legal entities to which the act grants legal capacity, conducting business activity on its own behalf economic or professional, hereinafter referred to as “customers”.
Customers' personal data is collected in the case of:
a)registering an account in the Online Store, in order to create an individual account and manage this account. Legal basis: indispensability to perform the contract for the provision of the Account service (Article 6 paragraph 1 letter b) of the GDPR);
b) place an order in the Online Store in order to perform a sales contract. Legal basis: indispensability for the performance of the contract of sale (Article 6 (1) (b) of the GDPR);
c) using the contact form service to perform the contract provided electronically. Legal basis: indispensability to perform the contract for the provision of the contact form service (Article 6 (1) (b) of the GDPR);
d) use the service to a friend in order to perform the contract provided electronically. Legal basis - indispensability to perform the contract for the provision of the service to a friend (Article 6 (1) b) and the Client providing personal data, and indispensability for purposes arising from legally justified interests carried out by the administrator or a third party (art. 6 (1) (f) of the GDPR) in relation to the addressee of the message.
e) use the service to ask for a product, for the purpose of the performance of a contract for the service provided electronically. Legal basis: Required for the performance of the service contract, ask about the product (Article 6 (1) (b) of the GDPR).
3. In the case of a notification in the Online Store, the Customer provides:
a) email address;
b) name and surname;
c) telephone number.
4. When registering an account in the Online Store, the Customer sets an individual password to access his account. The customer can change the password at a later time, on the terms described in §5.
5. In the case of placing an order in the Online Store, the Customer provides the following data:
a) email address;
b) address details:
zip code and city;
street with house / flat number.
c) name and surname;
d) telephone number.
6. If you use the contact form service, the customer provides the following data:
a) email address;
b) name and surname.
7. If you use the service, ask for a product, the customer provides:
a) e-mail address;
8. When using the Online Store Website, additional information may be downloaded, in particular: the IP address assigned to the Client's computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
9 .From clients may also collect navigation data, including information about links in which they decide to click or other activities undertaken in our Online Store. Legal basis - a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
10. In order to determine, investigate and enforce claims, certain personal data provided by the Customer may be processed as part of using the functionality in the Online Store, such as: name, surname, data on the use of services, if the claims result from the manner in which the customer uses the services , other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
11. The transfer of personal data to Edith Nails is voluntary, because of concluded sales contracts or provision of services via the Online Store Website.
§ 2 Who is sharing data to and how long are it stored?
1. The Customer's personal data is provided to service providers used by Edith Nails while running the Online Store. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, or are subject to Edith Nails orders as to the purposes and methods of data processing (processors) or independently determine the purposes and methods of their processing (administrators).
a) Processors. Edith Nails uses suppliers who process personal data only at the request of Edith Nails. These include providers providing hosting services, accounting services, providing marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns
b) Administrators. Edith Nails uses suppliers who do not act solely on the instructions and set the goals and methods of using personal data of clients. They provide electronic and bank payment services
2. Location. Service providers are based mainly in United Kingdom and other countries of the European Economic Area (EEA).
3. Customers' personal data is stored:
a) If the basis for the processing of personal data is consent then the personal data of the client are processed by Edith Nails until the consent is canceled, and after the consent is revoked for a period corresponding to the period of limitation of claims that Edith Nails. Unless a special rule provides otherwise, the period of limitation is six years, and for claims for periodic benefits and claims related to running a business - three years.
b) If the basis for data processing is the performance of the contract, then the personal data of the client are processed by Edith Nails as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless a special rule provides otherwise, the period of limitation is six years, and for claims for periodic benefits and claims related to running a business - three years.
4. Personal data are transferred the courier company, realize and delivered the ordered goods.
5. While Customer selects a payment through the PayPal or Card Payment, his personal data is transferred to the extent necessary for the payment to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg
6. The navigation data can be used to provide customers with better service, statistical data analysis and adaptation of the Online Store to customer preferences, as well as the administration of the Online Store.
7. In the case of requesting Edith Nails provides personal data to public authorites, especially police.
§3 Cookie mechanism, IP address
1. The Online Store uses small files, called cookies. They are saved by Edith Nails on the device of the person visiting the Online Store, if the web browser allows it. A cookie file usually contains the domain name from which it comes, its "expiration time" and an individual, randomly selected number identifying this file. Information collected using these types of files help customize products offered by Edith Nails to individual preferences and real needs of visitors to the Online Store They also give the opportunity to develop general statistics of visits of the presented products in the Online Store.
2. Edith Nails uses two types of cookies:
a) Session cookies: after the browser session is finished or the computer is turned off, the saved information is removed from the device's memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the Clients' computers.
b) Persistent cookies: they are stored in the memory of the Customer's end device and remain there until they are deleted or expired. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the client's computer.
a) customer authentication in the Online Store and ensure Customer's session in the Online Store (after logging in), then the Customer does not have to enter the login and password on each subpage of the Online Store;
b) analysis and research and audience audits, and in particular to create anonymous statistics that help to understand how customers use the Store Website, which allows improving its structure and content.
4. Edith Nails uses external cookies in order to:
a) popularization of the online Store using the facebook.com social network service (external cookie administrator: Facebook Inc with its registered office in the USA or Facebook Ireland based in Ireland);
b) collecting general and anonymous static data via analytical tools of Google Analytics (external cookie administrator: Google Inc with its registered office in the USA);
c) presenting ads tailored to the customer's preferences using the Google AdSense online advertising tool (external cookie administrator: Google Inc. with its registered office in the USA);
5. The cookie mechanism is safe for the Customers of the Online Store. In particular, this way it is not possible to get viruses or other unwanted software or malicious software onto your computers. However, in their browsers, Customers have the option of limiting or disabling access of cookies to computers. If you use this option, the use of the Online Store will be possible, in addition to the functions which, by their nature, require cookies.
6. Edith Nails can collect customer IP addresses. An IP address is a number assigned to the computer of the visitor of the Online Store by the ISP. The IP number allows access to the Internet. In most cases, it is assigned dynamically to the computer, i.e. it changes every time you connect to the Internet and is therefore commonly regarded as non-person identifying information. The IP address is used by Edith Nails when diagnosing technical problems with the server, creating statistical analyzes (eg determining in which regions we note the most visits), as information useful in the administration and improvement of the online store, as well as for security purposes and possible identification of server burdens , unwanted automated programs to browse the contents of the online store.
§ 4 Rights of data subjects
1. The right to withdraw consent - legal basis: art. 7 (3) GDPR.
a) The customer has the right to withdraw any consent granted by EdithNails.
b) Withdrawal of consent has effect since the withdrawal of consent.
c) Withdrawal of consent does not affect the processing carried out by EdithNails in accordance with the law before its withdrawal.
d) Withdrawal of consent does not entail any negative consequences for the customer, but it may prevent further use of services or functionality which, according to the law, EdithNails can only provide with consent.
2. The right to object to data processing - legal basis: art. 21 GDPR.
a) The customer has the right to object at any time - for reasons related to his special situation - to the processing of his personal data, including profiling, if EdithNails processes his data based on a legitimate interest, e.g. marketing of EdithNails products and services, statistics on the use of individual functionalities of the Online Store and facilitating the use of the Online Store, as well as a satisfaction survey.
b) resignation by e-mail, receiving marketing messages regarding products or services, will mean customer's objection to the processing of his personal data, including profiling for these purposes.
c) If the customer's objection turns out to be well founded and EdithNails has no other legal basis to process personal data, the client's personal data will be deleted, the client will object to the processing.
3. The right to delete data ("the right to be forgotten") - legal basis: art. 17 GDPR.
a) The customer has the right to request the removal of all or some personal data.
b) The customer has the right to request the deletion of personal data if:
a. personal data are no longer necessary for the purposes for which they were collected or processed;
b. withdrew his specific consent to the extent to which personal data were processed based on his consent;
c. he objected to the use of his data for marketing purposes;
d. personal data are processed unlawfully;
e. personal data must be removed in order to comply with the legal obligation provided for by Union law or the law of the Member State to whom EdithNails Nails is subject;
f. personal data have been collected in connection with the offering of information society services.
c) Despite the request to delete personal data, EdithNails may retain certain personal data in connection with filing an objection or withdrawing consent to the extent that processing is necessary to establish, investigate or defend claims, as well as to fulfill a legal obligation requiring processing Union law or the law of the Member State to which EdithNails is subject. This applies in particular to personal data including: name, surname, e-mail address, which data is retained for the purpose of handling complaints and claims related to the use of EdithNails services, or additionally the address of residence / mailing address, order number, which data they are kept for the purpose of handling complaints and claims related to concluded sales agreements or provision of services.
4. The right to limit data processing - legal basis: art. 18 GDPR.
a) The customer has the right to demand the restriction of the processing of his personal data. Submission of a request, pending its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. EdithNails will also not send any messages, including marketing messages.
b) The customer has the right to request a restriction of the use of personal data in the following cases:
a. when he questions the correctness of his personal data - then EdithNails limits their use for the time needed to verify the correctness of data, but no longer than for 5 days;
b. when the data processing is unlawful, and instead of deleting the data, the Customer will demand restriction of their use;
c. where personal information is no longer necessary for the purposes for which it was collected or used, but is needed by the Customer to establish, assert or defend claims;
d. when he objected to the use of his data - then the restriction takes place for the time needed to consider whether - due to the special situation - protection of the client's interests, rights and freedoms outweighs the interests that the Administrator performs while processing the client's personal data.
5. The right of access to data - legal basis: art. 15 GDPR.
a) The customer has the right to obtain from the administrator confirmation whether he processes personal data, and if this is the case, the customer has the right to:
a. get access to own personal data;
b. obtain information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of this data, the planned period of customer data storage or criteria for determining this period (when it is not possible to determine the planned data processing period) about the rights of the Customer under GDPR and the right to lodge a complaint with the supervisory body, the source of these data, about automated decision-making, including profiling and about safeguards applied in connection with the transfer of these data outside the European Union;
c. obtain a copy of own personal data
6. The right to rectify data - legal basis: art. 16 GDPR.
7. The right to data transfer - legal basis: art. 20 GDPR.
a) The customer has the right to receive his personal data, which he provided to the administrator, and then send them to another personal data administrator of his choice. The customer also has the right to demand that personal data be sent by the administrator directly to such an administrator, if it is technically possible. In this case, the Administrator will send the Customer's personal data in the form of a file in csv format, which is a widely used, machine-readable format that allows sending the received data to another personal data administrator.
8. In the situation when the Customer comes from the rights resulting from the above rights, EdithNails fulfills the request or refuses to meet it immediately, however not later than within one month after receiving it. However, if - due to the complexity of the request or the number of requests - EdithNails will not be able to meet the request within a month, it will meet them within the next two months informing the customer within one month of receiving the request - about the intended extension and its reasons.
9. You have the right to file a complaint with The Data Protection Act (DPA) regarding the violation of your personal data protection rights or other rights granted under GDPR.
10. The client may submit complaints, queries and requests to the administrator regarding the processing of his personal data and the exercise of his rights.
§ 5 Security management - password
1. EdithNails provides customers with a secure and encrypted connection when transferring personal data and when logging in to the Customer Account on the Website. EdithNails uses an SSL certificate issued by one of the world's leading companies in the field of security and encryption of data transmitted via the Internet.
2. EdithNails never sends any correspondence, including electronic correspondence, with a request for login data, in particular an access password to the customer's account.
3. If the customer who has an account in the online store has lost any access password in any way, the Online Store allows you to generate a new password. EdithNails does not send a password reminder. The password is stored in an encrypted form in a way that prevents its reading. To generate a new password, please enter your e-mail address in the form available under the "Forgot Password" link provided at the login form for the account in the online store. The customer will received the e-mail to address provided during registration or saved in the last change of the account's profile, containing a redirection to a dedicated form made available on the store's website, where the customer will be able to set a new password.
2. Last modified: 18/05/2018