(2) A User is a natural person, a legal person or an organizational unit without legal personality, which is granted legal capacity by law, using the electronic services available on the website.
(4) The Administrator uses the most modern technical measures and organizational solutions to ensure a high level of protection of the processed personal data and security against unauthorized access.
I. CONTROLLER OF PERSONAL DATA
The administrator of the personal data is the Entrepreneur Mrs. Helena Milewska – Cieślewicz, conducting business under the name: Nefretete SPA Helena Milewska-Cieślewicz, based at: ul. Legionowa 6, 15-099 Białystok, NIP: 5421009484 (hereinafter referred to as the „Owner“).
II. II. PURPOSE OF PERSONAL DATA PROCESSING
(1) The Administrator processes the User’s personal data for the purpose of:
In order to register the patient’s procedure in the surgery’s treatment calendar.
2 This means that the data is needed in particular to
a. To register on the website;
b. To conclude a contract;
c. Making settlements;
d. d. Delivery of the goods ordered by the User or performance of services;
e. e. Exercise by the User of any consumer rights (e.g. withdrawal from the contract, warranty).
f. Enrollment in training courses.
3. the User may also agree to receive information on news and promotions, which will also cause the administrator to process personal data, in order to send the User commercial information regarding, among other things. new products or services, promotions or sales.
(4) Personal data shall also be processed within the framework of fulfilling legal obligations incumbent on the data controller and performing tasks in the public interest, among others. to perform tasks, related to security and defense or storage of tax records.
(5) Personal data may also be processed for the purposes of direct marketing of products, securing and asserting claims or protecting against claims by the User or a third party, as well as marketing of services and products of third parties or marketing of our own, which is not direct marketing.
III. TYPE OF DATA
(1) The Administrator shall process the following personal data, the provision of which is necessary for:
a. registering on the website:
– first and last name; – e-mail address;
b. b.making purchases through the website:
– first and last name; – gender; – delivery address; – telephone number; – e-mail address;
c. Optional data provided by the User:
– date of birth; – PESEL number (in case of an invoice request); NIP number (in case of requesting an invoice for an entrepreneur).
(2) In the case of withdrawal from the contract or acknowledgment of a complaint, when the refund is made directly to the User’s bank account, we also process information, concerning the bank account number, in order to make the refund.
IV. IV.LEGAL BASIS OF PERSONAL DATA PROCESSING
(1) Personal data are processed in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88, hereinafter referred to as the RODO Regulation.“.
(2) The Administrator shall process personal data only with the prior consent of the User, given at the time of registration on the website or at the time of confirmation of a transaction made on the website.
(3) The granting of consent for the processing of personal data is completely voluntary, however, the lack of consent prevents registration on the website and making purchases, through the website.
V. USER’S RIGHTS
(1) The user may at any time request information from the administrator about the scope of processing of personal data.
(2) The user may at any time request correction or rectification of his personal data. The user can also do it himself, after logging into his account.
(3) The user may at any time withdraw his consent to the processing of his personal data, without giving any reason. The request not to process data may concern a specific purpose of processing indicated by the User, e.g. withdrawal of consent to receive commercial information, or concern all purposes of data processing. Withdrawal of consent as to all processing purposes will result in the User’s account being deleted from the website, along with all the User’s personal data previously processed by the administrator.
(4) The user may at any time request, without giving any reason, that the administrator delete his data. The request for deletion of data will not affect the activities already performed. Deletion of data means simultaneous deletion of the User’s account, together with all personal data stored and processed so far by the administrator.
(5) The User may at any time object to the processing of personal data, both in terms of all personal data of the User processed by the administrator, as well as only to a limited extent, e.g. as to the processing of data for a specifically indicated purpose. The objection will not affect the activities performed so far. Lodging an objection will result in deleting the User’s account, together with all personal data stored and processed so far by the administrator.
(6) The user may request a restriction of the processing of personal data, either for a certain period of time or without a time limitation, but within a certain scope, which the administrator will be obliged to fulfill. The request will not affect the activities performed so far.
7 The user may request that the controller transfer to another entity, the processed personal data of the user. For this purpose, he should write a request to the administrator, indicating to which entity (name, address) the User’s personal data should be transferred, and what specific data the User wishes the administrator to transfer. After the User confirms his wish, the administrator will transfer, in electronic form, to the indicated entity, the User’s personal data. Confirmation of the request by the User is necessary for the security of the User’s personal data and to be sure that the request comes from an authorized person.
8) The Administrator shall inform the User of the action taken, before the expiration of one month after receiving one of the requests listed in the preceding paragraphs.
VI. STORAGE PERIOD OF PERSONAL DATA
1 As a general rule, personal data is kept only as long as necessary to fulfill the contractual or statutory obligations for which it was collected. The data will be deleted immediately when storage is no longer necessary, for evidentiary purposes, in accordance with civil law or in connection with a statutory obligation to retain data.
2 Information, relating to the contract, shall be stored for evidentiary purposes, for a period of three years, starting from the end of the year in which the business relationship with the User was terminated. Deletion of data will take place after the expiration of the statutory limitation period for the assertion of contractual claims.
(3) In addition, the administrator may retain archival information relating to concluded transactions, as their storage is related to the User’s claims, for example, under warranty.
4. if no contract has been concluded, between the User and the Owner, the User’s personal information is stored until the User’s account on the website is deleted. Deletion of the account may occur as a result of a request by the User, withdrawal of consent to the processing of personal data, or objection to the processing of such data.
VII. ENTRUSTING DATA PROCESSING TO OTHER ENTITIES
The Administrator may entrust the processing of personal data to entities cooperating with the Administrator to the extent necessary for the implementation of the transaction, e.g. for the preparation of the ordered goods and delivery of shipments or transmission of commercial information from the Administrator (the latter applies to Users who have agreed to receive commercial information).
(3) Personal data of Website Users shall not be transferred outside the European Union.
VIII. COOKIES FILES
(2) Cookies are fragments of information that contain a unique reference code that the website sends to the User’s device for the purpose of storing, and sometimes tracking information, about the device being used. They usually do not allow to identify the User’s person. Their main purpose is to better tailor the website to the User.
3 Some of the cookies present on the website are available only for the duration of a given web session and expire when the browser is closed. Other cookies are used to remember the User when he or she returns to the website. They are then retained for a longer period of time.
4 Cookies used on this website are:
4.1 Technical or functional cookiesSome cookies ensure that certain parts of the site work properly and learn about user preferences. By placing functional cookies, we make it easier for you to visit our website. This way you don’t have to repeatedly enter the same information when visiting our website and, for example, items remain in your shopping cart until you pay. We may place these cookies without your permission. 4.2 Analytics cookies We use analytical cookies to optimize the use of the website for our users. With these analytical cookies, we gain insight into the use of our website. We ask for your permission to place analytical cookies. 4.3 Advertising cookies We use advertising cookies on this site to enable us to personalize ads, and we (and third parties) gain insight into campaign performance. This is based on the profile we create based on your clicking and surfing on and off https://www.helenamilewska.pl. With these cookies, you, as a visitor to the site, are associated with a unique identifier, so you don’t see the same ad more than once, for example. 4.4 Marketing / tracking cookies Marketing / tracking cookies are cookies (or other forms of local storage) used to create a profile of a user for the purpose of displaying ads to that user or tracking that user on this or several sites for similar marketing purposes. Since these cookies are marked as tracking cookies, we ask for your permission to place them. 4.5 Social media We have placed content from Facebook, Instagram, TikTok and LinkedIn on our site for the purpose of promoting web pages (e.g. “Like”, “pin”) or sharing (e.g. “Tweet”) on social networks such as Facebook, Instagram, TikTok and LinkedIn. This content is embedded with code from Facebook, Instagram, TikTok and LinkedIn and places cookies. This content can store and process certain information for personalized ads. Read the privacy statements of these social networks (which may change regularly) to find out what they do with your (personal) data that they process with these cookies. Retrieved data is anonymized to the extent possible. The social networks Facebook, Instagram, TikTok and LinkedIn are located in the United States or China.
5 All cookies, occurring on the website, are set by the administrator.
6. all cookies, used by this website, comply with the applicable laws of the European Union.
7. most Users and some mobile browsers automatically accept cookies. If the User does not change the settings, cookies will be stored in the memory of the device.
8. the User can change his preferences, regarding the acceptance of cookies, or change the browser, so that he can receive an appropriate notification each time the cookie function is set. To change the cookie acceptance settings, adjust the settings in your browser.
9 It is worth remembering that blocking or deleting cookies may prevent full use of the website.
10. cookies will be used for necessary session management, including:
a. Creating a special login session for the User of the website so that the website remembers that the User is logged in and their requests are delivered in an efficient, secure and consistent manner;
b. Recognizing a User who has visited the website before, so that the number of unique users who have used the website can be identified and so that the website can be sure of sufficient capacity for the number of new users;
c. Recognize whether a visitor to the website is registered with the website;
d. Rejestrowanie informacji z urządzenia Użytkownika, w tym: pliki cookies, adres IP i informacje o używanej przeglądarce, w celu możliwości diagnozowania problemów, administrowania i śledzenia Użytkowania witryny;
e. Recognizes whether a website visitor is registered on the website;
f. Recording information from the User’s device, including: cookies, IP address and information about the browser used, in order to be able to diagnose problems, administer and track Website usage;