Privacy Policy

Introduction

  1. This Privacy Policy is effective as of 01 October 2018. The provisions of the Privacy Policy have been adjusted to the requirements of the Regulation (EU) 2016/672 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC and the Act of 10 May 2018 on the protection of personal data.

Terminology

  1. For the purpose of this document:
    1. ‘Personal Data Controller’ means András Munkácsi sole proprietor doing business as András Munkácsi, Marszałkowska 111, 00-102 Warszawa, NIP: 5252735407, REGON: 369197726;
    2. ‘personal data’ means information about an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by an identifier such as his or her name and surname, identification number, location data, internet identifier or one or more factors specifying his or her physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
    3. ‘newsletter’ means the electronic form of a newsletter used to inform users about new products available on the website, new entries on the blog, updates relating to applications;
    4. ‘personal data breach’ means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed;
    5. ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, regardless of whether it is a third party. Public authorities which may receive personal data in connection with a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by such public authorities must be in compliance with the data protection rules applicable to the purposes of the processing;
    6. ‘restriction of processing’ means the indication of stored personal data with the aim of limiting their processing in the future;
    7. ‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51 of this Regulation and this authority is President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw;
    8. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the personal data controller;
    9. ‘data confidentiality’ means a property ensuring that data is not made available to unauthorised entities;
    10. ‘processing’ means any operation or a set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
    11. ‘Terms and Conditions’ means Terms and Conditions of the feelinmyskin.com website, to be found at https://www.feelinmyskin.com/terms-and-conditions/;
    12. ‘Regulation’ means Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: the ‘GDPR’);
    13. ‘website ’ means a website to be found at feelinmyskin.com;
    14. ‘act’ means Act of 10 May 2018 on personal data protection.
    15. ‘data erasure’ means erasure of personal data or its alteration which makes identification of the data subject impossible (‘anonymisation’),
    16. ‘authentication’ means an activity aiming at verification of the identity of the entity;
    17. ‘user’ means a natural person who has full or limited capacity to perform legal acts, a legal person or an organisational unit with a legal personality, using the feelinmyskin.com website;
    18. ‘consent of the data subject’ means a voluntary, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, signifies his/her consent to the processing of personal data relating to him or her by way of a statement or a clear affirmative action;

Personal Data Controller. Purposes, scope and grounds for processing

  1. The Personal Data Controller is András Munkácsi sole proprietor doing business as András Munkácsi, Marszałkowska 111, 00-102 Warszawa, NIP: 5252735407, REGON: 369197726.
  2. Contact with the Personal Data Controller regarding any matter relating to the user’s personal data protection is possible by sending an email to: gdpr@feelinmyskin.com, with a ‘Personal data’ note.
  3. The personal data of the user are processed exclusively for the following purposes:
    1. sending commercial and marketing information by means of a newsletter;
    2. maintaining contact by means of a contact form available on the website;
    3. acceptance and publication of the user’s comments regarding the content presented on the website provided by means of the form;
    4. establishment, exercise or defence of legal claims of the Personal Data Controller, including for the purposes of recovery and conducting court proceedings;
  4. The basis for processing of personal data of the users using the contact form and commenting on the content presented on the website is the user’s consent collected in compliance with Article 6(1)(a) of the GDPR.
  5. The basis for processing of personal data of the users using the newsletter for marketing and promotional purposes is the user’s voluntary consent, collected in accordance with Article 6(1)(a) of GDPR, the Act of 18 July 2002 on the provision of services by electronic means and the Act of 16 July 2004 – telecommunications law.
  6. The Personal Data Controller has the right to establish, exercise or defend his or her legal claims, pursuant to Article 6(1)(f) of GDPR, i.e. processing is necessary for the purposes of the legitimate interests pursued by the controller.
  7. The Personal Data Controller processes the following personal data of a user:
    1. Contact form: Name and surname, email address, IP address;
    2. comments: Name, email address, URL; IP address;
    3. newsletter: email address.

Information clauses

  1. Consent given by a user for the processing of his or her personal data is voluntary and can be withdrawn at any time. Withdrawal of the consent does not affect the lawfulness of the processing already conducted based on the consent given by the user before its withdrawal. Withdrawal of the consent results in erasure of the user’s email address from the address database maintained by the Personal Data Controller, used for sending out marketing and commercial information.
  2. The user has the right to obtain access to his or her personal data and upon the user’s request, the Personal Data Controller will provide a copy of the personal data which are subject to processing.
  3. The user has the right to demand that the Personal Data Controller rectify inaccurate personal data concerning him or her without undue delay and complete personal data which are incomplete.
  4. The user has the right to have his or her data erased (‘right to be forgotten’), whereas the Personal Data Controller is obliged to erase them without undue delay in a situation when: a) the personal data are no longer necessary in relation to the purposes for which they have been collected, b) the data subject has withdrawn consent which constitutes the basis for processing, c) the data subject objects to the processing regarding his or her personal data, d) the personal data have been unlawfully processed, e) the personal data have to be erased for compliance with a legal obligation specified in the provisions of law.
  5. The user has the right to obtain restriction of the processing of his or her personal data provided that the user contests the accuracy of the processed data, the processing is unlawful and the user opposes data erasure, the Personal Data Controller no longer needs the user’s data, but they are required by the user for the establishment, exercise or defence of legal claims as well as when the user objects to the processing.
  6. The user has the right to object at any time to the processing of personal data concerning him or her and the personal data controller must discontinue processing the personal data unless the controller demonstrates compelling legitimate grounds for continued processing.
  7. The user also has the right to transfer data and the Personal Data Controller is obliged to make those data available to the user in a structured, commonly used and machine-readable format. The user has the right to transmit the received data to another entity without hindrance from the Personal Data Controller in accordance with the provisions of this Regulation.
  8. The user’s personal data will be processed by the Personal Data Controller for the following periods: for the period determined by the consent given by the user for the processing of his or her personal data and within 30 days from the day of consent withdrawal or sending a request to the Personal Data Controller’s address to erase the data, unless the requirement to process data arises from specific rules about which the Controller will inform the user within 30 days from the receipt of the request.
  9. The user has the right to lodge a complaint with a supervisory authority: The President of the Personal Data Protection Office – ul. Stawki 2, 00-193, Warsaw, in case of establishment of a personal data breach by the Personal Data Controller or of processing of the personal data of the user which does not comply with the personal data protection rules.
  10. The Personal Data Controller ensures that he or she makes their best endeavours to process the personal data with the utmost respect for the privacy of data subjects as well as with the utmost care for the security of the processed personal data and in particular, the Controller ensures that all measures of physical, technological, organisational protection specified by law and aiming at securing personal data filling systems have been taken.

Making the users’ personal data available

  1. The Personal Data Controller has the right to make the personal data of a user available, without his or her consent, only to authorised entities pursuant to specific provisions (i.e. courts, law-enforcement authorities).
  2. We neither make the personal data of our users available to other entities nor sell or lend them.

Newsletter

  1. Receiving the newsletter by a user is possible only upon provision of an email address in the newsletter form and provision of a consent to personal data processing, to personal data processing for marketing purposes in line with the Act from 16 April 2004 – telecomunications law – as well as provision of consent for receiving commercial information by electronic means in accordance with the Act of 18 July 2002 – on the provision of electronic services.
  2. Resignation from receiving marketing and promotional information as well as commercial information by means of a newsletter is possible upon sending a request for removal of the address from the website’s database to the following email address gdpr@feelinmyskin.com from the email address provided in the course of registration to the newsletter; the note “Resignation from the newsletter subscription’ should be added.

Comments

  1. Comments and opinions left by the user on the website – blog – are made available and distributed only based on the consent given by the user expressed by ticking a consent clause located below the form.

Contact Form

  1. The personal data of the user collected by means of a contact form are processed only for the purposes of making and maintaining contact between the user and the Controller, to which the user consents by ticking a clause located under the contact form.

Google Analytics

  1. The feelinmyskin.com website uses the Google Analytics plugin (a tool created by Google Inc.). Google Analytics is a service that analyzes Internet services using the so-called “Cookies”, text files that are saved on the website User’s computer and enable feelinmyskin.com to analyze the use of the website by Users.
  2. The feelinmyskin.com website uses Google Analytics to analyze how Users use the website and to constantly improve the service.
  3. The information obtained from the cookie files about the way the User uses the feelinmyskin.com website is transferred and saved on the Google Inc. servers located in the United States.
  4. The feelinmyskin.com website uses Google Analytics with the following settings:
    1. IP anonymisation – this means that the Users’ IP addresses of the feelinmyskin.com website are processed after being shortened to exclude the possibility of referring them to a specific User. The IP address is not collated with other Google data;
    2. Disabled Advertising and Remarketing options – which means that the feelinmyskin.com website will not send personalized ads to the Users and will not display advertisements of the website when User uses Google search engine;
    3. Disabled Demographics and Interest Reports options – which means that the feelinmyskin.com website does not collect information about sex and age of the User and does not combine this information with information about their interests;
    4. Disabled User-ID – which means that the feelinmyskin.com internet service does not allow to combine data from interactions with multiple devices and different sessions with unique User identifiers; the website does not use the User-ID function and does not allow assigning one or more sessions (along with all activity in these sessions) to a unique and permanent identifier;
    5. Disabled option to share data with Google Inc. – feelinmyskin.com website does not provide Users’ data collected from cookies:
      1. to other Google services used to analyze online behaviors and trends that are intended to improve Google’s tools;
      2. for the purposes of comparative analysis involving the use of data to create tools and materials helpful in the marketing activities of a given industry;
      3. for Google technical support – Google support does not receive access to collected data;
      4. to Google’s marketing and sales specialists to improve the effectiveness of using Google tools through feelinmyskin.com.
  5. The maximum period of User’s data storage by the feelinmyskin.com website is 26 months.
  6. The user can prevent the saving of cookies by setting the appropriate settings in the browser software. Changing those settings may cause the User to lose the access to some of the functions of the feelinmyskin.com website. In order to disable Google Analytics tracking, the User can install a browser extension available at the following address: tools.google.com/dlpage/gaoptout.
  7. External supplier information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. Terms of use: www.google.com/analytics/terms/us.html, as well as the privacy policy: policies.google.com/privacy.