Privacy Policy of laris-perfect.pl website General information:
This document is a privacy policy adopted by Laris-Perfect Sp. z o.o. and pertains to the principles of personal data processing collected from visitors of the website: http://laris-perfect.pl
The Privacy Policy document fulfills the obligation of providing information according to Art. 13 of the European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the European Union L 119 of 4.05.2016, p. 1) (hereinafter referred to as “GDPR”). It is also an expression of concern for the rights of individuals who visit the website and use services offered through it. Data Controller The data controller of personal data collected from website visitors is Laris-Perfect Sp. z o.o. with its registered office at Bronowicka 38/5, Kraków, KRS 0000617583, NIP: 6272745987, REGON: 364428836. Contact: biuro@laris-perfect.pl, phone: +48 537 771 403. The basis, purpose, and scope of processing, i.e., what data we collect, why and how we process it The data controller declares that personal data of users is processed in accordance with Art. 6 para. 1 letter b) – i.e., processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract or Art. 6 para. 1 letter a) i.e., based on the consent of the data subject.
The data controller processes personal data to fulfill the contract or the purpose indicated in the consent. The data controller processes data only to the extent necessary for these purposes and for the period necessary to perform the contract or until the data subject withdraws consent. The following personal data of website users is collected voluntarily in the data controller’s website located at http://laris-perfect.pl: first name, e-mail address, inquiry content, and any attached files. Data collected using the contact form is collected for the purpose of: sending responses to received inquiries and requests, developing submitted applications and comments, managing and fulfilling obligations resulting from contracts that bind the data controller with the website guest, predicting and solving difficulties related to products and services provided to the user of the website. The website guest may also voluntarily consent to the use of the provided data, i.e., e-mail address, for the purpose of carrying out individual marketing of personal data by the data controller. Who has access to data collected using the website Your personal data collected through the website is not disclosed to third parties without your consent. Exceptions are situations where such disclosure results from applicable law obliging the data controller to transfer them to authorized entities. With your consent, depending on the needs, we may transfer or make some of your personal data available to the following categories of recipients: courier service providers; payment/banking service providers; market research service providers; insurance companies; IT service providers;
The administrator collects logs of the service, but does not link them in any way to personal data. Statistics that help administer the service can be generated based on log files. Summary statistics in the form of such statistics do not contain any identifying characteristics of people visiting the Service.
This statement suggests that the administrator of the service collects logs, but does not link them to personal data, ensuring that the privacy of the users is protected. The log files are used to generate statistics that help the administrator to manage and improve the service. These statistics are presented in an aggregated form and do not contain any information that could identify individual users. Therefore, the privacy of the users is not compromised by the use of logs and statistics.
User Permissions. Right to access data According to Articles 15-22 of GDPR, every user has the following rights: Right to access data (Article 15 of GDPR). The person whose data is processed has the right to obtain confirmation from the administrator whether personal data concerning them is being processed and, if so, access to them. Right to rectification (Article 16 of GDPR).
The person whose data is processed has the right to request the immediate rectification of their personal data that is inaccurate from the administrator. Right to erasure of data (“right to be forgotten”) (Article 17 of GDPR). The person whose data is processed has the right to request the immediate erasure of their personal data. Right to restriction of processing (Article 18 of GDPR). The person whose data is processed has the right to request restriction of processing in the following cases: When the data is inaccurate – for the time needed to correct it The person whose data is processed has objected pursuant to Article 21(1) to processing – pending verification whether the legitimate grounds of the controller override those of the data subject. Processing is unlawful, and the data subject opposes the erasure of personal data and requests the restriction of their use instead. Right to data portability (Article 19 of GDPR) Right to object. If personal data is processed for direct marketing purposes, the person whose data is processed has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that it is related to such direct marketing.
The user may exercise their rights by sending a relevant request to biuro@laris-perfect.pl: a) The request, for proper identification, should be sent from the email address used to submit the contact form or provided in the consent given during the visit to the salon. b) The request can also be submitted by post – by sending a registered letter containing such request to the postal address of the data controller’s company. In accordance with the law, the administrator responds to the person who submitted the request within a month regarding the actions taken. If the administrator does not take any action, they will inform the person submitting the request about this fact. The right to file a complaint with the supervisory authority is available for actions taken by the administrator. Privacy protection for minors Only adults may be customers of the Store, however, the Store does not collect and verify information about the age of its customers. The Store administrator is not responsible for any registration of minors in the Store or for any actions they take. Legal responsibility for such actions rests solely with their legal guardians.
Security
The service is equipped with security measures aimed at protecting personal data under the control of the Administrator from loss, improper use, and modification. The Administrator also has appropriate documentation and has implemented relevant procedures related to personal data protection in the company. The Administrator ensures that all disclosed information is protected in accordance with applicable regulations and security protection standards, in particular: Only authorized employees or co-workers of the data administrator and authorized persons responsible for the service who have been granted appropriate authorizations have direct access to personal data collected by the data administrator in accordance with Art. 29 of the GDPR.
The Administrator declares that by commissioning other entities to provide services, it requires partners in accordance with Art. 28 of the GDPR to ensure appropriately high standards of protection for entrusted personal data, sign appropriate entrustment agreements in which partners confirm the use of standards and the right to control the compliance of the activities of these entities with these standards. In order to ensure adequate protection of electronic services provided, the Service Administrator uses a high level of security, including cryptographic protection of personal data transmission (SSL protocol). Due to the public nature of the Internet, using electronic services may be associated with risks, regardless of the due diligence exercised by the Data Administrator. Cookies Mechanism. Links to other pages Some areas and features of the Service may use cookies, which are text files saved on the guest’s computer, identifying them in a way necessary to enable certain operations. Cookies are used, among others, to remember data necessary for user login. The condition for cookies to work is their acceptance by the browser and not deleting them from the disk.
Cookies
The website uses “session” cookies (stored until leaving the website or closing the browser) as well as persistent cookies (stored on the computer for a specified period of time). Users of the website can change their settings in this regard. Web browsers allow for the deletion and blocking of cookies. Detailed information on this topic is available in the help or documentation of the web browser. Disabling cookies usually results in the limitation or blocking of some website functionalities.
Privacy Policy Changes
The website administrator reserves the right to change the above privacy policy at any time and place, while also committing to promptly publish the new privacy policy on the website pages and inform all registered users about this fact. The data administrator reserves the right to make changes, withdraw or modify functions or properties of the website, as well as cease operations, transfer rights to the website and perform any legal actions allowed by applicable law. Contact For any questions or comments regarding this privacy policy or any practices used on the website, please contact us at: biuro@laris-perfect.pl
