The information contained in the Policy is of general nature. Detailed information on the processing of specific personal data is made available each time during their acquisition in the content of the information clause placed in a visible and easily accessible place. This applies, in particular, to information on the purpose and legal basis of the processing of personal data, the period of their storage and the recipients to whom they are transferred.
All words, phrases and abbreviations appearing on this page and beginning with a capital letter (e.g. the Seller, the E-Store, and the Electronic Service) should be understood in accordance with their definition included in the Terms and Conditions of the E-Store available at shop-arkana.com
In case of doubts or contradictions between the Policy and the consents granted by a given person, regardless of the provisions of the Policy, the basis for undertaking and determining the scope of activities by the Controller is always voluntary consents or provisions of law. In the event of such a contradiction between the Policy and the content of information clauses provided by the Controller when collecting personal data (usually below the forms in the E-Store), the information which the Customer should follow is provided to him or her as part of the aforementioned information clauses.
2. The Controller of the collected personal data:
b) obtained based on the Customer's activity in the Internet,
is Arkana Cosmetics Sp. z o.o. Sp. K. with its registered office in Wroclaw (51-649), ul. Bacciarellego 54, entered into the Register of Entrepreneurs of the National Court Register under number 0000370832, the registration files of which are maintained by the District Court for Wrocław-Fabryczna, 6th Commercial Division of the National Court Register, with NIP 897-17-68-179, with share capital of PLN 40,000.00, fully paid up,
hereinafter referred to as “the Controller” and acting at the same time as the Seller.
In order to contact the Data Protection Officer, please contact us by e-mail:
3. The Customer's personal data are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and, repealing Directive 95/46 / WE (Official Journal of the EU.L No. 119, p. 1) (hereinafter referred to as “the GDPR”) and other currently applicable provisions, i.e. throughout the period of processing of specified data, legal provisions on the protection of personal data. The Personal data means information about an identified or identifiable natural person (hereinafter referred to as “the Personal Data”). An identifiable natural person is a person who can be directly or indirectly identified, in particular, on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
The Controller exercises due diligence in order to protect the interests of the data subjects and, in particular, ensures that the data he collects are:
a) processed in accordance with law, in a fair and transparent manner for the data subject;
b) collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with these purposes;
c) adequate, relevant and limited to what is necessary for the purposes for which they are processed;
d) correct and updated as necessary;
e) stored in a form allowing for identification of the data subject for the period no longer than it is necessary for the purposes for which the data are processed;
f) processed in a manner that ensures adequate security of the Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage by means of appropriate technical or organizational measures.
The Controller protects not only the visitors of the E-Store, but also the Customers who have provided the Controller with their personal data using other channels of communication, i.e.:
- the website https://www.facebook.com and any other websites marked or co-branded with the Facebook brand (including subdomains, international versions, widgets and versions for mobile phones), whose operating principles are based on regulations made available in particular at https://www.facebook.com/legal/terms, provided by Facebook Inc. or Facebook Ireland Limited (hereinafter referred to as "the Facebook Website"), including via the Facebook Lead Ads function aimed at direct marketing of the Controller's own products or services. The rules for the protection and use of the Personal Data by the Facebook Service are available, for example, at: https://www.facebook.com/policy.php. The Controller has no influence on the content of the legal regulations of the Facebook Website, including Personal Data.
- applications enabling the Controller to run advertising campaigns on the Facebook Website, including contests.
4. Each time, the purpose and scope of data processed by the Controller result from the Customer's consent or legal provisions which are further specified as a result of actions taken by the Customer in the E-Store or other channels of communication with the Customer. For example: (I) Customer's Personal Data may be processed in order to grant, present or give him or her dedicated offers and promotions, as far as possible tailored to his or her preferences (which may have a significant impact on the Customer) only if the Customer has expressed his or her consent (unavailable to those who have not given such consent);
The potential purposes of processing the Customer's Personal Data by the Controller include in particular:
a) conclusion and performance of the Provision of Services Agreement (the Account) or taking action at the request of the future Customer before its conclusion (your data are processed in order to run your Account so that you can enjoy the benefits it offers, e.g. placing orders without having to fill in forms each time, access to the history of purchases, managing your consents in the service etc. and allowing you to use other services available on our website);
b) conclusion and performance of the Sale Agreement or taking action at the request of the future Customer before its conclusion (your personal data are needed for the implementation of your order and performance of the agreement, in particular, for confirmation of its submission and booking or shipping a selected product to you, as well as contact you in this matter, if necessary);
c) receipt and consideration of complaints;
d) running contests, in particular, selecting the winners of contests and distributing awards;
e) presenting advertisements, offers or promotions (discounts) regarding the Controller's products or services dedicated to all recipients, in particular for the purpose of performing the Provision of the Newsletter Agreement;
f) assessment and analysis of the Customer’s activity and information as part of the automated processing of the Personal Data (profiling) in order to present general advertisements, offers or promotions (discounts), regarding the Controller's products or services, in a manner tailored to the interests of a given Customer (without affecting significantly his/ her decisions), in particular to perform the Provision of the Newsletter Agreement, and market and statistical analyzes;
g) pursuing claims and defense against claims, including third parties – in the case of using most of the functionalities of the E-Store;
h) fulfill legal obligations resulting from e.g. tax and accounting provisions, especially in the case of paid agreements;
i) keeping correspondence with the Customers, including responses to the Customers' messages.
In the case of an adult Customer, upon his or her additional consent, the Personal Data may also be processed in order to present, create, award and implement advertisements, offers or promotions (discounts) dedicated to a given Customer regarding the Controller's products or services tailored to his or her preferences to the highest possible extent (profiling), as a result of automated decision-making, which may cause legal effects to it or have a similar effect on it, e.g. through a short-term discount for a specific product only recently viewed in our store (not available to those who are not adults or who are adults but have not given consent to such action).
5. The Controller may process, in particular, the Personal Data of the Customers:
6. Using the E-Store:
a) the Personal Data provided in the form when registering the Account, placing Orders in the E-Store (in particular: name and surname, e-mail address, contact telephone number, address [street, house number, apartment number, zip code, city, country], address of residence/ business activity/ registered office [if different from the delivery address], bank account number, and in the case of the Customers who are not Consumers, the company name and NIP and other data collected during the use of the E-Store;
b) the Personal Data provided in order to use the Newsletter, provided when using the contact form or provided when making a complaint;
c) the Personal Data provided in order to participate in contests;
d) other data, in particular those obtained on the basis of the Customer's activity in the Internet, belonging to Arkana Cosmetics Sp. z o.o. Sp.K., including those obtained via the E-Store, or other channels of communication with the Customer, using cookies and similar technologies,
e) the User provides the Controller with the Personal Data indicated in the form, including in particular: name, surname, correspondence address, e-mail address, telephone number by supplementing the data contained in the application forms enabling the Controller to carry out advertising campaigns/ contests as part of the Facebook Website.
6. Providing the Personal Data by the Customer in the E-Store is voluntary, but necessary to use certain functionalities of our Store, for example, to place an order by the Customer and settle it (conclusion and performance of the Sale Agreement), to register the Account, to subscribe to the Newsletter or to use our forms.
Each time, the scope of data required to conclude an appropriate agreement is previously indicated in the E-Store (we mark the data, the provision of which is necessary to conclude an agreement/ use a certain functionality), as part of other channels of communication with the Customer or in the Terms and Conditions. Failure to submit the Personal Data may result in the inability to effectively perform the above-mentioned activities.
7. The basis for the processing of the Customer's Personal Data is primarily the necessity to perform the agreement to which he is a party, or the necessity to take action at his or her request prior to its conclusion (Article 6 (1)(b) of the GDPR). This applies primarily to the Personal Data provided in the form while registering the Account, placing Orders and concluding the Sale Agreement in the E-Store, as well as when subscribing to the Newsletter. Also in the case of the Personal Data provided to us in connection with the Customer's complaint, the legal basis for their processing is the necessity to perform/ service the sale agreement of advertised goods.
In the case of data processing operations for the aforementioned marketing purposes, with the exception of those that are implemented as part of the Newsletter, which operates on the basis of the Terms and Conditions, the basis for such processing is the fulfillment of the objectives resulting from legitimate interests carried out by the Controller. In turn, presenting, creating, granting and implementing the advertisements, offers or promotions (discounts) dedicated to a given Customer, which are based solely on automated processing, including profiling, as much as possible tailored to their preferences, which may significantly affect the Consumer's customer decisions, the basis is a voluntary consent of the Customer (Article 6 (1) (a), Article 22 (2)(c) of the GDPR). However, this applies only to adult Customers.
In the remaining (other) purposes, the Customer's Personal Data may be processed on the basis of:
a) voluntarily expressed consents – e.g. persons participating in contests (Article 6 (1)(a) of the GDPR);
b) applicable provisions of law – when processing is necessary to fulfill a legal obligation of the Controller, for example, when on the basis of tax or accounting provisions, the Controller settles the concluded sale agreements (Article 6 (1)(c) of the GDPR));
c) necessity for purposes other than those mentioned above resulting from legitimate interests pursued by the Controller or by a third party, in particular to establish, investigate or defend claims, keep correspondence with the Customers, also via contact forms (including responses to the Customers' messages), market and statistical analyzes (Article 6 (1)(f) of the GDPR).
8. The Controller, for the needs of presenting general advertisements, offers or promotions (discounts) dedicated to all Customers, in a manner adapted to the interests of a given Customer, may familiarize themselves with his or her preferences, e.g. by analyzing how often he or she visits the E-Store and whether and what products are viewed. This allows for a better understanding of the Customer's expectations and adaptation to his or her needs, without significantly affecting his or her decisions. Due to the use of advanced technologies by the Controller, the above activities will often be performed by the system in an automated manner, thanks to which the content sent will be the most up-to-date and the Customer will be able to quickly become familiar with them.
In the case of adult Customers, the mentioned analysis of interests or preferences will also be used to create, award and implement dedicated and adapted, to the best possible extent, advertisements, offers or promotions (discounts) in an automated manner that may have legal effects towards him or substantially affect him, thereby potentially limiting access to them for other Customers (this option is not available for the Customers who are not adults and did not give consent to such activities of the Controller). From simple “profiling” (i.e. adapting our messages, banners to your interests), our actions are distinguished by the fact that their result can significantly affect your choices as a consumer, i.e., for example, their result may be very beneficial, temporary offer for cosmetics addressed only to you based on your purchase history and conduct on our website to which other Customers will not have access. The more often the Customer uses the Controller’s services and purchases their products, the better promotions and surprises may be prepared for the Customer.
9. Each time, the catalog of recipients of the Personal Data processed by the Controller results mainly from the scope of services used by the Customer.
The catalog of recipients of the data also results from the Customer’s consent or from the provisions of law, and is further clarified as a result of actions taken by him in the E-Store or in the Application.
In the processing of Personal Data, there may participate the Controller’s partners, to a limited extent, in particular those who technically help to efficiently run the E-Store, including communication with our Customers (e.g. they support us in sending e-mails, and in the case of advertising activities – also in marketing campaigns), providers of hosting services or ICT services, carriers or agents performing Orders shipments, entities servicing electronic payments or card payments in the E-Store, companies that service software and support the Controller in marketing campaigns, as well as legal and consulting services providers.
10. The Customers’ Data are not transferred to third countries (outside the European Economic Area). What rights do you have?
11. Each Customer, at any time, has the right to:
a) file an objection with the President of the Office for the Protection of Personal Data;
b) transfer the Personal Data that has been provided to the Controller and which are processed in an automated manner, and processing takes place on the basis of the consent or an agreement, e.g. to another controller;
c) access the Personal Data (including, for example, receiving information that the Personal Data is processed);
d) request for correction and restriction of processing (e.g. if the Personal Data is incorrect) or deletion of the Personal Data (e.g. in the event that they were processed unlawfully);
e) revoke any consent given to the Controller at any time, in which case revoking the consent does not affect the processing carried out by the Controller in accordance with law before it is revoked.
f) file an objection against processing of the Personal Data of the data subject in order to implement the legitimate interests of the Controller or a third party, including, in particular, processing for marketing purposes, including profiling (if there are no other valid legitimate grounds for processing that are superior to the interests of the Customer).
12. The Personal Data may be stored for the period of using the E-Store (and they may be deleted after three years from the Customer’s recent activity as part of the E-Store), in the case of marketing activities – until the Customer files an objection, and if they are connected with cookies or similar technology, depending on technical issues until these files are deleted using the browser/ device settings (although deleting files in not always tantamount to deleting the Personal Data obtained through these files, hence the possibility of objection).
If the processing of the Personal Data depends on the Customer’s consent, the Personal Data may be processed until the consent is revoked.
In any case:
a) the Personal Data will be stored even when the provisions of law (e.g. accounting or tax provisions) will oblige the Controller to process them;
b) We will store the Personal Data longer in case the Customer had any claims against the Controller, in order to pursue claims by the Controller, or in order to assert or defend against claims of third parties, during the prescription period defined by provisions of law, in particular by the Civil Code.
Depending on the scope of the Personal Data and the purposes of their processing, they may be stored for a different period.
In any case, a longer period of storage of the Personal Data is decisive.
13. The Controller has a technical ability to communicate with the Customer remotely (e.g. by e-mail).
Commercial information related to the Controller’s commercial activity may be sent only on the basis of the consent given by the Customer, including upon the acceptance of the Terms and Conditions of the Newsletter service.
Due to the fact that cookie technology (or a functionality similar to cookies) used by the Controller collects information about every person visiting the E-Store, the following provisions of the Policy apply to those who use the E-Store, regardless of whether they remain its Customers (they submit Orders, book Products or have an Account) (hereinafter referred to as “the Visitor”).
Due to the fact that the Controller may use solutions with a functionality similar to cookies – the following provisions of the Policy should also apply accordingly to these technologies.
15. A cookie file is small text information sent by the server and stored on the Visitor's device (usually on the computer’s hard disk or on a mobile device). It stores information that the E-Store may need to adapt to the ways the Visitor uses it and to collect statistics data about the E-Store and data regarding the domain name of the Internet service provider or the Visitor’s country of origin.
16. When the Visitor uses the E-Store, cookies are used to identify his or her browser or device – cookies collect various types of information which, as a rule, do not constitute personal data (they do not allow for the identification of the Visitor). Some information, depending on their contents and use, may, however, be associated with a specific person – assigning certain conducts to a specific Visitor, e.g. by linking them to the data provided during the registration of the Account in the E-Store – and thereby be considered as personal data.
In relation to information collected by cookies that may be associated with a specific person, the provisions of the Policy relating to the Personal Data apply, in particular those regarding the rights of the data subject. Information on data collected by cookies is also made available, among others, in the content of the information clause placed in a visible and easily accessible place during the first visit in the E-Store.
18. The cookies used are primarily to make it easier for the Visitor to use the E-Store, for example, by "remembering" information provided once so that it does not have to be provided every time, as well as they adjust their content, including presented advertisements, to the Vistor's preferences. Cookies are also used to increase the usability and personalization of the content of the E-Store, including presentation, creation, granting and implementation of advertisements, offers or promotions (discounts) dedicated to a given Visitor in accordance with his or her interests (it applies only if he is an adult and has given consent to such action).
By using the cookies technology used in the E-Store, it is possible for the Controller to familiarize themselves with the Visitor's preferences - for example, by analyzing how often he visits the Store. The analysis of online conduct helps to better understand the habits and expectations of the Visitors and to adapt to their needs and interests. Thanks to this technology, it is possible to present the advertisements tailored to the Visitors’ needs and interests (for example, an advertisement resulting from browsing only cosmetics in the "Make-up removal" category) and to prepare better promotions and surprises for those adult Visitors who have given their consent.
Based on cookies, the Controller also uses the technology that allows for reaching the Visitors who have visited the E-Shop or Application before by the advertising message when using other websites by them.
19. The Visitor may object to the Controller's actions undertaken for the purpose described above. In the event of the Visitor’s consent, including the presentation, creation, granting and implementation of dedicated advertisements, offers or promotions (discounts) adapted to his or her preferences, it may be revoked at any time – but this will not affect the lawfulness of processing, which was made on the basis of the consent before it is revoked.
20. Cookies used in the E-Store are harmful neither to the Visitor nor to the computer/ terminal device the Visitor uses; therefore we recommend not switching them off in the browsers. The E-Store uses two types of cookies: session cookies that remain stored on the Visitor's computer or mobile device until he logs out of the website or switches off the software (web browser), and permanent cookies, which remain on the Visitor’s device for the time specified in the cookies parameters or until they are manually removed from a web browser.
21. Depending mainly on the purposes and legal basis for processing the Personal Data collected by cookies, they may be stored for the time indicated in para. 13 of the Policy.
The Personal Data collected by cookies regarding the Visitor who is not a Customer will be kept until he files an objection. The Controller may remove the Personal Data if they are not used for marketing purposes for 3 years, unless the provisions of law obliges the Controller to process the Personal Data for a longer period.
Part of the Personal Data may be stored longer in case the Visitor has any claims against the Controller or in case the Controller seeks redress or defend against claims (including third parties) during the prescription period defined by the provisions of law, in particular the provisions of the Civil Code.
In any case, a longer period of storage of Personal Data is decisive.
22. The Visitor may change the way cookies are used by managing the expressed consents as part of the privacy settings on our site, including blocking or removing those that come from the E-Store (and other websites). In order to do this, you should change your browser settings. The removal method varies depending on the web browser used. Information on how to delete cookies should be located in the "Help" section of the selected web browser. Removal of cookies is not tantamount to removal of the Personal Data by the Controller obtained through cookies.
For example, in Internet Explorer, cookies can be modified from: Tools -> Internet Options -> Privacy; in the Mozilla Firefox browser: Tools -> Options -> Privacy; while in Google Chrome: Settings -> Show advanced settings -> Privacy -> Content settings -> Cookies. Access paths may vary depending on the browser version used.
Detailed information on managing cookies on a mobile phone or another mobile device can be found in the user's manual/ user guide for a given telephone or mobile device.
It is also possible to block cookies of third parties with the simultaneous acceptance of cookies used directly by the Controller (option "block third party websites' cookies”).
24. At any time, you can contact the Controller by sending a message by postal service or e-mail to firstname.lastname@example.org
The Controller stores correspondence for statistical purposes and for the best and quickest response to appearing inquiries, as well as in the scope of complaint settlements and decisions made on the basis of notifications about administrative interventions in the indicated Account. The addresses and data collected in this way will not be used for communication for purposes other than the implementation of the inquiry.
In the case of contact with the Controller in order to perform specific actions (e.g. submitting a complaint with the use of form), the Controller may again ask the person to provide data, including personal data, e.g. in the form of name, surname, e-mail address, etc. to confirm his or her identity and allow for the return contact in a given matter and to perform the requested action. Providing these data is not mandatory, but it may be necessary to perform activities or obtain information that is of interest to the person.
25. The Controller, taking into account the condition of technical knowledge, the cost of implementation and the nature, scope, context and purposes of processing and the risk of violating the rights or freedoms of natural persons with different probability of occurrence and threat type, applies appropriate technical and organizational measures to ensure the protection of the Personal Data processed adequate to threats and categories of data covered by the protection, in particular, he protects the data against being made available to unauthorized persons, being taken away by an unauthorized person, being processed with violation of applicable provisions and change, loss, damage or destruction. Providing information on technical and organizational measures that provide protection of processing outside may impair their effectiveness and thus it jeopardizes the proper protection of the Personal Data
The Controller provides, for example, the following technical measures to prevent the collection and modification of the Personal Data sent electronically by unauthorized persons:
a) Securing the data set against unauthorized access.
b) SSL certificate in the E-Store pages where the Personal Data is provided.
c) Encryption of data used to authorize a person using the functionality of the E-Store.
d) Access to the Account only after providing an individual login and password.
26. The E-Store may contain links to other websites. The Controller encourages you to read the Terms and Conditions and privacy policies used for other websites. This Policy applies only to the Controller’s indicated activities.
27. The Controller may change the Policy in the future for the following important reasons:
a) changes in the applicable provisions, in particular those regarding the protection of the Personal Data, telecommunication law, services provided electronically and those regulating consumer rights, affecting the rights and obligations of the Controller or the rights and obligations of the data subject;
b) development of functionality or Electronic Services followed by the progress of the Internet technology, including the application/ implementation of new technological or technical solutions affecting the scope of the Policy.
Each time the Controller places information on changes in the Policy as part of the E-Store website. With every change, the new version of the Policy will appear with a new date.
This version of the Policy is valid as of 25 May 2018.