I. Service
This privacy policy applies to the website in the domain www.kosmet.com.pl.
II. Personal Data Controller
The Personal Data Controller is PCC Consumer Products Kosmet Sp. z o. o., registered office at ul. Sienkiewicza 4, 56-120 Brzeg Dolny, registered into the Register of Entrepreneurs of the National Court Register, maintained by the District Court for Wroclaw-Fabryczna in Wroclaw, IX Commercial Division of the National Court Register, (KRS) 0000002277, the shared capital (paid up) 76.832.800,00 PLN, TIN 917-11-54-737, National Business Registry Number 930850566.
In the matter of personal data, you can contact us by e-mail: odo.kosmet@pcc.eu
The Personal Data Controller declares that he is taking particular care to protect the interests of the data subjects and, in particular, ensures that:
- he processes Personal Data in accordance with the law, fairly and transparently;
- he collects Personal Data for specific, explicit and legitimate purposes and does not further process it in a manner inconsistent with these purposes;
- Personal Data is adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- Personal Data is correct and updated as necessary;
- Personal Data is stored in a form that permits identification of the data subject for no longer than is necessary for the purpose for which the Data is processed;
- processes Personal Data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.
III. The purpose of processing
Personal Data may be processed by the Personal Data Controller, among others in order to:
- communicate and reply to a message. The basis for the processing of personal data is a legitimate interest of the Personal Data Controller or a third party, e.g.: responding to your inquiry, ours or our partners’ marketing, including the PCC Group.
- conclude and execute a contract for the provision of services or a contract of sale – the basis for data processing is the necessity to conclude a contract;
- in order to conduct direct marketing of products and services of the Personal Data Controller and entities from PCC Group – until the moment you notify objection to data processing for this purpose or you withdraw your consent – the basis for data processing is the legitimate interests of the Personal Data Controller or a third party consent;
- fulfil the Personal Data Controller’s legal obligations (e.g. tax, accounting, consideration of a complaint) – for the duration of these obligations or for the period necessary to demonstrate compliance with these obligations to bodies authorized to audit in this respect – the basis for processing is the legal obligation of the Personal Data Controller;
- settle, defend and pursue claims – for a period of limitation (e.g. resulting from contracts) or for the duration of any proceedings – the basis for processing is the legitimate interest or legal obligation incumbent on the Personal Data Controller.
Providing Personal Data is voluntary, but it may be necessary, for example, to conclude or perform a contract or to respond to an inquiry or to conduct correspondence.
If the processing of Personal Data is based on your consent, you have the right to withdraw your consent at any time without affecting the legality of the processing which had been made on the basis of consent before its withdrawal.
IV. Recipients of personal data
- Personal Data may be made available to third parties only within legally permitted limits, for the purpose and scope necessary, for example, for the correct implementation of the Sales Agreement or the Service Provision Agreement.
- The Personal Data Controller may entrust the processing of Personal Data to third parties in order to perform activities related to running business, as well as for purposes related to pursuing claims or protection against claims regarding the use of services or products. These entities may be:
- external consulting companies (including legal, auditing, tax, marketing and accounting companies);
- external IT specialists;
- entities supporting the Personal Data Controller in handling correspondence;
- couriers – in the case of correspondence or courier shipments;
- Internet payment operators or banks – in the case of financial settlements;
- entities cooperating with the Personal Data Controller as part of sales services;
- and other entities from the PCC Group that implement some of the above services for the Personal Data Controller.
V. Rights of data subjects
In any case, the data subject has the right to:
- access his/her Personal Data (including, for example, receiving information which Personal Data is processed),
- request correction and limitation of processing of Personal Data (e.g. if it is incorrect);
- deletion of Personal Data (e.g. in the event that it was processed unlawfully);
- transfer Personal Data that has been provided to the Personal Data Controller, and which is processed in an automated manner, and the processing takes place on the basis of consent or under a contract, e.g. to another Personal Data Controller;
- object to the processing of Personal Data processed on the basis of indispensability for purposes arising from legitimate interests pursued by the Personal Data Controller or by a third party, in particular in the case of processing for marketing purposes;
- make a complaint to the authority competent for the protection of personal data.
VI. Cookies
The Personal Data Controller uses cookies (small text files), which are saved in the Users’ end device in order to obtain data on the use of the Website by Users.
Cookies allow, among others:
- maintaining Users’ sessions after logging in, so there is no need to log in separately on each subpage of the Website;
- adjusting the content of the Website to the needs and interests of Users;
- preparing statistics of Website visits;
- creating online surveys and securing them against multiple voting by the same people.
Information obtained through cookies includes, among others: the name of the Internet service provider, IP addresses of the Users, countries from which the Users connect to the website.
The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored on the User’s device for the time specified in the cookie file parameters or until they are deleted by the User.
In many cases, software used for browsing websites (web browser) allows cookies to be stored in the User’s device by default. The User may at any time delete cookies stored in his / her end device or block websites from storing cookies in the web browser settings (also in a mobile phone or other device that allows access to the Internet). More information about cookies is available in the “Help” section in the browser’s menu.
The Personal Data Controller informs that restrictions on the use of cookies may affect some of the functionalities available on the Website.
The administrator of this website uses Google services:
1: Google Analytics – a service that enables data to be collected for the purpose of analysing website visit statistics. Detailed information on how data is processed by Google Analytics can be found on the website: https://support.google.com/analytics/answer/6004245?hl=en. The User can prevent the collection of their data by installing the following browser add-on that blocks the transfer of data to Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en.
2: Google reCAPTCHA – a service that checks whether data on a website (e.g. in a form) has been entered by a person or by an automated system by observing the User’s behaviour. The analysis takes place automatically in the background after opening the website without informing the User. As part of the analysis, the mechanism takes into account various types of information (e.g. IP address, mouse movements, time spent on the website), and the collected data is then sent to Google. More information about Google reCAPTCHA can be found on the website: https://www.google.com/recaptcha/intro/v3.html.
More information regarding Google’s privacy policy and data collection can be found on the website: https://policies.google.com/privacy?hl=en.
VII. Change of privacy policy
This Privacy Policy may be changed by the Personal Data Controller by publishing a new version on the Website.
This version of the Privacy Policy is effective from 25/05/2018.