This Privacy Policy concerns the processing and protection of users’ personal data in connection with the use of the online store www.StylishDoctor.com

Our primary goal is to ensure users of the online store have privacy protection at least corresponding to the standards defined in applicable legal regulations, especially in the Act of July 18, 2002, on the provision of electronic services, the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) – GDPR, and the Act of July 16, 2004, Telecommunications Law.

Every user of the online store remains anonymous until they decide to disclose their identity. The data administrator processes personal data, among other things, based on consent, where consent includes marking the appropriate checkbox or any other behavior that clearly indicates acceptance of the proposed processing.

The online store and the services of the administrator are not intended for children under 18 years of age, nor are they directed towards them.

If you do not accept the content of this policy, please refrain from using the online store immediately.

§1 Definitions

  1. Online Store – an online store in the domain www.StylishDoctor.com, whose rights belong to the Seller;
  2. Administrator – PB Company limited liability company based in Kędzierzyn-Koźle at Bolesława Śmiałego 2, 47-232 KĘDZIERZYN-KOŹLE, entered into the National Court Register by the DISTRICT COURT IN OPOLE, VIII Economic Department of the National Court Register under the number KRS: 0001017884 NIP: 7492115941 REGON: 524405926;
  3. User -an individual who uses the services of the Online Store;
  4. Account – a part of the Online Store assigned to the User, allowing them to perform specific actions within the Online Store;
  5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
  6. Personal Data (or “data”) – any information relating to an identified or identifiable natural person;
  7. President of the Office for Personal Data Protection (“PUODO”) – the authority responsible for personal data protection;
  8. Identifiable Natural Person – a person whose identity can be determined directly or indirectly, especially by reference to an identification number or one or more specific factors determining their physical, physiological, mental, economic, cultural, or social identity; information is not considered as enabling the identification of a person if it would require excessive costs, time, or actions;
  9. Data Processing – any operations performed on personal data, such as: collection, recording, storage, processing, alteration, disclosure, and deletion, especially those operations carried out in information systems.

§2 Who is the Administrator of my personal data?

The administrator of your personal data is PB Company, a limited liability company based in Kędzierzyn-Koźle at Bolesława Śmiałego 2, 47-232 KĘDZIERZYN-KOŹLE, entered into the National Court Register by the DISTRICT COURT IN OPOLE, VIII Economic Department of the National Court Register under the number KRS: 0001017884 NIP: 7492115941 REGON: 524405926.

For inquiries about your personal data, you can contact us via email: store@stylishdoctor.com, or by phone: 600449988.

§3 Legal bases and purposes of processing data depend on the type of services you use:

ServiceLegal BasisPurpose of ProcessingData Storage Period
Customer Account RegistrationArt. 6(1)(b) GDPR (performance of a contract)Execution of the contract for the provision of electronic services consisting of creating and maintaining an account in the Online Store and enabling the use of the training platform. Providing personal data is voluntary but necessary to create an account.User data will be processed until the permanent deletion of the User’s account.
Product SalesArt. 6(1)(b) GDPR (processing is necessary for the performance of a contract) and Art. 6(1)(c) GDPR (legal obligation) in relation to the provisions of the Act of 18 July 2002 on the provision of electronic services and the Civil Code. Providing personal data is necessary to conclude and perform the contract.Execution of the sales contract, including order acceptance, order fulfillment, and handling complaints.Data will be processed for the period resulting from the expiration of claims arising from the sales contract, i.e., six years from the date of contract conclusion.
Complaints and Withdrawal ProcedureArt. 6(1)(c) GDPR (legal obligation) arising from the provisions of the Act of 30 May 2014 on consumer rights. Providing personal data is necessary to process complaints or withdrawals from the contract.Handling Consumer complaints and conducting the withdrawal procedure.After processing the inquiry or complaint, we store data for a period not exceeding three years, unless the nature of the inquiry requires a longer data storage period.
Issuing InvoicesArt. 6(1)(c) GDPR (compliance with legal obligations) arising from tax law provisions, including the storage of accounting documentation.Fulfillment of obligations arising from tax law provisions.After issuing the invoice, we will process this data for six years (accounting documentation).
Email ContactArt. 6(1)(f) GDPR (legitimate interest) consisting of maintaining contact with potential customers and providing answers to questions. Providing personal data is voluntary but necessary to establish contact.Processing inquiries and providing answers.Data will be processed for a period of two years.
Direct Marketing and Sending Commercial Information (Newsletter)Art. 6(1)(f) GDPR (legitimate interest) in sending commercial information and direct marketing with the prior consent of the User. Providing personal data is voluntary but necessary to provide the Newsletter service.Sending information about current products and offers via email.We will send commercial information until you unsubscribe from receiving it. Each commercial message contains a link that allows you to unsubscribe from receiving commercial information.

The periods specified in the table above are counted from the end of the year in which the Administrator commenced the data processing process to facilitate technical control of these periods. After this time, personal data is permanently destroyed or deleted unless the obligation to continue storing the data arises from applicable regulations.

§4 To whom do we disclose your personal data?

The Administrator may disclose your personal data to the following categories of recipients:

  • Accounting service provider: Mustaszar Sp. z o.o.
  • Payment service providers: PayU (PayU S.A.), Google Pay (Google LLC), Apple Pay (Apple Inc), Twisto (Twist sp. z o.o.), BLIK (Polski Standard Płatności sp. z o.o.), PayPal (PayPal (Europe) S.à l. et Cie, S.C.A.), banks processing your payment – depending on the chosen payment method;
  • Courier companies delivering shipments: InPost (InPost sp. z o.o.), DHL (DHL Parcel Polska Sp. z o.o.), DPD (DPD Polska sp. z o.o.), UPS (UPS Polska sp. z o.o.), DHL Express Poland Sp. z o. o. – depending on the chosen delivery method;
  • Technical and IT support company, including website hosting and data storage on the server (home.pl);
  • Companies providing access to the Facebook and Instagram platforms, where the Online Store’s official fan page is located (Meta Platforms Inc.);
  • Company providing Google Analytics statistical analysis tool (Google LLC);
  • Company providing an analytical tool tracking traffic in the Online Store (Hotjar Ltd, New Relic Inc).

All external entities may use your data only to perform a specific service. All individuals with access to your data must process it carefully and comply with applicable laws and regulations. We do not disclose your data to third parties for commercial purposes, and we do not sell your data to other companies. The Online Store may provide personal data to authorized authorities, tax authorities, and/or law enforcement authorities if required by law.

Sklep Internetowy może przekazać dane osobowe uprawnionym władzom, organom podatkowym i/lub organom ścigania, jeśli wymagają tego przepisy prawa.

§5 Transfer of data to third countries

The Administrator transfers your personal data outside the European Economic Area only when necessary and resulting from the use of services provided by companies with international reach. Service providers are required to ensure the same level of protection and to apply appropriate legal mechanisms to ensure the protection of personal data, such as binding corporate rules adopted by the relevant supervisory authority or other international certification standards or standard contractual clauses specified by the European Commission.

§6 User Right

  • User has the right to demand from the Administrator:

    1. Access to their personal data – each person exercising this right has the right to obtain information about whether and what information the Administrator processes about them, as well as to obtain a free copy of the data.
    2. Rectification of data – each person exercising this right has the right to request the correction of their data or its supplementation.
    3. Limitation of processing – each person exercising this right has the right to limit the processing of their data in case of questioning the accuracy of the data, as well as its legality or necessity of processing, and to object.
    4. Withdrawal of consent to data processing – each person exercising this right has the right to withdraw previously given consent to the processing of data for specific purposes. Consent does not have retroactive effect, which means that data processing before the withdrawal of consent remains legal. Note! The above right concerns only the processing of data based on the User’s consent.
    5. Objection – each person exercising this right will be able to object to the processing of their data, based on the Administrator’s legitimate interest.
    6. Data portability – each person exercising this right will be able to request the transfer of their data in PDF format to the designated Administrator.
  • In addition to the rights specified above, each person whose data is processed has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that their data is processed in violation of applicable regulations. The complaint should be submitted to the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, or using the form on the website: https://uodo.gov.pl/

  • The rights specified in point 1 can be exercised by contacting us using the contact details provided in the “Contact” tab. The Administrator will exercise the rights by contacting the Administrator’s email address within a maximum period of 30 days from receiving the request. If, due to the specific nature or complexity of the matter, it is not possible within the 30-day period, the Administrator will fulfill it within the next month, and will promptly inform the authorized person about the extension of the deadline.

  • In order to ensure security, we reserve the right to request certain known information. By using such a process, we can verify whether the data concerns the person in question.

  • The Administrator has the right to refuse to implement the rights specified above only if it is in accordance with the law and due to overriding grounds relating to the interests of the data subject. The Administrator will inform the authorized person of the reasons for refusing to implement the request each time.

§7 Cookies

In the Online Store, we use cookies, which are small text-numerical files stored by the IT system on the User’s device (computer, phone, or other device used to connect to the Online Store) while browsing the Online Store. These cookies allow for the subsequent identification of the User when reconnecting to the Online Store from the device (e.g., computer or phone) on which they were saved.

The Administrator may use the following types of cookies:

  1. Temporary Cookies: These cookies exist on the computer only while visiting a specific website – precisely until the browser is closed. They allow the store’s pages to remember the choices made by customers on the previous page and aim to optimize navigation within the Online Store, such as by remembering the settings of a logged-in user in the Online Store – allowing the user to not re-enter their login and password on each page of the store (password and login are not stored in the cookie – only the client’s session number, which does not identify the client’s personal data).

  2. Statistical Cookies: This type of cookie is used to provide important information about traffic on the website and how visitors use it. Google Analytics, Hotjar, and New Relic are among the tools used to collect this data. These cookies are solely used for collecting statistics regarding website traffic and determining the user’s profile to display them tailored materials in advertising networks, particularly the Google network.

The aforementioned companies guarantee compliance with standards equivalent to those of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, concerning the protection of personal data. The use of their technologies by the Online Store in processing personal data is in accordance with the law.

No personal data of Online Store Users is stored in cookies. Cookies are not used to determine the identity of Users. The legal basis for using cookies is the legitimate interest of the Administrator.

Cookies are used in the Online Store with the consent of Users.

Cookies placed on the user’s end device by the store may also be used by advertisers and partners cooperating with the store’s operator, and may be used by advertising networks, particularly the Google network, to display ads tailored to the way the user uses the store. For this purpose, they may retain information about the user’s navigation path or time spent on a given page.

The Administrator analyzes the browsing history of the Online Store and traffic on the site in an automated manner. Data analysis does not have any legal consequences for Users and is only intended to adjust the content presented by the Administrator to Users’ preferences.

Users can withdraw or change the scope of their previously expressed consent to the use of cookies in the Online Store and delete them from their browser at any time. Consent can be given by the User through appropriate settings of the software, in particular the web browser, installed on the telecommunications device used by the User to browse the content of the Online Store.

Users can also limit or disable cookies in their browser settings to block cookies or warn the User before saving a cookie file on the device they use to browse the content of the Online Store. However, in this case, the User may not be able to use all the functionalities of the Online Store.

§8 Social media plugins

Please be informed that within the Online Store, there may be links allowing its Users to directly access other websites for which the owner of the Online Store is not responsible. We do not have control over the privacy policies and the use of cookies by the administrators of those websites. We recommend that before using the services offered by other websites, each User familiarizes themselves with the privacy policy document and the use of cookies, if provided, and if not, contacts the administration of the respective website to obtain information on this matter.

Privacy policies in third-party services:

FACEBOOK

The Administrator places buttons linked to the Facebook service on the pages of their Online Store. For this purpose, buttons referring to the Facebook service are placed in appropriate sections and pages. By using the button, the User logs into the Facebook service, where Facebook’s privacy policy applies. You can familiarize yourself with this policy at the following link:

 

https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
INSTAGRAMThe Administrator places plugins on their website that refer to the Instagram service. By using this plugin, the User logs into the Instagram service, where Instagram’s privacy policy applies. You can familiarize yourself with this policy at the following link:https://www.facebook.com/help/instagram/155833707900388

§9 How do we secure your personal data?

The administrator takes all necessary measures to ensure the security of your data. To achieve this, appropriate technical and organizational measures are implemented to ensure that processing is carried out in accordance with the law and in a manner that ensures security. This includes, among other things, the use of encrypted HTTPS connections, password authentication, and a firewall on the server. The IT systems used by the administrator have appropriate security measures in place to guarantee the confidentiality and integrity of the processed personal data

§10 Where can I report objections / comments regarding the processing of personal data?

  • You can report objections/comments regarding the processing of personal data via e-mail: store@StylisDoctor.com

§11 Final provisions

The Administrator implements technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data covered by the protection, in particular securing the data against unauthorized access, acquisition by an unauthorized person, processing in violation of applicable laws, as well as alteration, loss, damage, or destruction. The Administrator reserves the right to change the Privacy Policy for important reasons (such as changes in universally applicable laws, the introduction of new functionalities, modification of IT systems). In the event of any changes to the Privacy Policy, the Administrator will inform Users by posting information about the change on the homepage. Users with User Accounts will additionally be notified by the Administrator by sending information about the change in the Privacy Policy to the email address provided by them in the registration form. The change in the Privacy Policy shall enter into force within 14 days from the date of publication on the Website. Archived versions of the Privacy Policy are published on the Website in the “Privacy Policy” tab. In the case of agreements concluded before the change in the Privacy Policy, the Privacy Policy in force on the day of conclusion of the Agreement shall apply.