Privacy Policy
of the AESTHETICPHARMA.COM Online Store for Entrepreneurs

1. GENERAL PROVISIONS

1.1. This privacy policy of the Online Store is for informational purposes only, which means that it is not a source of obligations for Service Recipients or Customers of the Online Store.

1.2. The controller of personal data collected via the Online Store is AESTHETIC PHARMA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ based in Wrocław (registered office and delivery address: ul. Trawowa 53/3, 54-614 Wrocław); entered into the Register of Entrepreneurs of the National Court Register under number KRS: 0000578580; the registration court where the company's documentation is stored: District Court for Wrocław, VI Commercial Division of the National Court Register; share capital: 20,000.00 PLN; NIP: 8943067016; REGON: 36267244300000, and email address: office@aestheticpharma.com - hereinafter referred to as the "Administrator" and being also the Service Provider of the Online Store and the Seller.

1.3. Personal data of the Service Recipient and Customer is processed in accordance with the Personal Data Protection Act of August 29, 1997 (Journal of Laws 1997 No. 133, item 883, as amended) (hereinafter referred to as the Personal Data Protection Act) and the Act on the Provision of Electronic Services of July 18, 2002 (Journal of Laws 2002 No. 144, item 1204, as amended).

1.4. The Administrator exercises special care to protect the interests of the data subjects, and in particular ensures that the data collected by him is processed in accordance with the law; collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes; factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows identification of persons they relate to, no longer than it is necessary to achieve the purpose of processing.

1.5. All words, expressions, and acronyms appearing on this page and beginning with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Regulations of the Online Store available on the Online Store's website.

2. PURPOSE AND SCOPE OF DATA COLLECTION AND DATA RECIPIENTS

2.1. Each time the purpose, scope, and recipients of data processed by the Administrator result from actions taken by the Service Recipient or Customer in the Online Store. For example, if the Customer chooses personal collection instead of courier delivery when placing an Order, their personal data will be processed to conclude and perform the Sales Agreement, but will not be made available to the carrier performing shipments on behalf of the Administrator.

2.2. Possible purposes of collecting personal data of Service Recipients or Customers by the Administrator:

2.2.1. Conclusion and performance of the Sales Agreement or agreement for the provision of Electronic Service (e.g., Account).

2.2.2. Direct marketing of the Administrator's own products or services.

2.3. Possible recipients of personal data of the Online Store's Customers:

2.3.1. In the case of a Customer who uses courier delivery in the Online Store, the Administrator makes the collected personal data of the Customer available to the selected carrier or intermediary performing the shipment on behalf of the Administrator.

2.3.2. In the case of a Customer who uses electronic payments or a payment card in the Online Store, the Administrator makes the collected personal data of the Customer available to the selected entity servicing the above payments in the Online Store.

2.4. The Administrator may process the following personal data of Service Recipients or Customers using the Online Store: first and last name; email address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country), address of residence/business/registered office (if different from the delivery address). In the case of Service Recipients or Customers who are not consumers, the Administrator may process additionally the company name and tax identification number (NIP) of the Service Recipient or Customer.

2.5. Providing personal data mentioned in the point above may be necessary to conclude and perform the Sales Agreement or agreement for the provision of Electronic Service in the Online Store. Each time the scope of data required to conclude the agreement is indicated on the Online Store's website and in the Online Store's Regulations.

3. COOKIES AND OPERATIONAL DATA

3.1. Cookies are small text files sent by the server and saved on the visitor's side (e.g., on the hard drive of a computer, laptop, or on a smartphone's memory card - depending on the device used by the visitor to our Online Store). Detailed information about Cookies, as well as their history, can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.

3.2. The Administrator may process data contained in Cookies when visitors use the Online Store's website for the following purposes:

3.2.1. Identifying Service Recipients as logged in to the Online Store and showing that they are logged in;

3.2.2. Remembering Products added to the cart to place an Order;

3.2.3. Remembering data from completed Order Forms, surveys, or login data to the Online Store;

3.2.4. Customizing the content of the Online Store's website to the individual preferences of the Service Recipient (e.g., regarding colors, font size, page layout) and optimizing the use of the Online Store's pages;

3.2.5. Conducting anonymous statistics presenting how the Online Store's website is used.

3.3. By default, most web browsers available on the market accept saving Cookies by default. Everyone has the possibility to determine the conditions of using Cookies through the settings of their own web browser. This means that it is possible to partially restrict (e.g., temporarily) or completely disable the possibility of saving Cookies - in the latter case, however, it may affect some functionalities of the Online Store (for example, it may be impossible to go through the Order path via the Order Form due to not remembering Products in the cart during subsequent steps of placing the Order).

3.4. Web browser settings regarding Cookies are important from the point of view of consent to the use of Cookies by our Online Store - in accordance with the regulations, such consent may also be expressed through web browser settings. In the absence of such consent, appropriate changes should be made to the web browser settings regarding Cookies.

3.5. Detailed information on changing settings regarding Cookies and their independent removal in the most popular web browsers are available in the help section of the web browser and on the following pages (just click on the respective link):
 in Chrome browser
 in Firefox browser
 in Internet Explorer browser
 in Opera browser
 in Safari browser

3.6. The Administrator also processes anonymized operational data related to the use of the Online Store (IP address, domain) to generate statistics helpful in administering the Online Store. These data are aggregate and anonymous, i.e., they do not contain characteristics identifying visitors to the Online Store's website. These data are not disclosed to third parties.

4. BASIS FOR DATA PROCESSING

4.1. Providing personal data by the Service Recipient or Customer is voluntary, although not providing the personal data indicated on the Online Store's website and in the Online Store's Regulations necessary to conclude and perform the Sales Agreement or agreement for the provision of Electronic Service will result in the inability to conclude such an agreement.

4.2. The basis for processing the personal data of the Service Recipient or Customer is the necessity to perform the agreement to which they are a party or to take action at their request before concluding it. In the case of data processing for the purpose of direct marketing of the Administrator's own products or services, the basis for such processing is (1) the prior consent of the Service Recipient or Customer or (2) the fulfillment of legally justified purposes pursued by the Administrator (in accordance with Article 23 paragraph 4 of the Personal Data Protection Act, a legally justified purpose is considered, in particular, direct marketing of the Administrator's own products or services).

5. RIGHT TO CONTROL, ACCESS TO, AND RECTIFICATION OF YOUR DATA

5.1. The Service Recipient or Customer has the right to access their personal data and correct them.

5.2. Everyone has the right to control the processing of data concerning them contained in the Administrator's data set, and in particular the right to: request completion, updating, rectification of personal data, temporary or permanent suspension of their processing or their deletion if they are incomplete, outdated, untrue or were collected in violation of the law or are no longer necessary to achieve the purpose for which they were collected.

5.3. If the Service Recipient or Customer gives consent to the processing of data for the purpose of direct marketing of the Administrator's own products or services, the consent may be revoked at any time.

5.4. If the Administrator intends to process or is processing the data of the Service Recipient or Customer for the purpose of direct marketing of the Administrator's own products or services, the data subject is also entitled to (1) submit a written, reasoned request to cease processing their data due to their special situation or (2) object to the processing of their data.

5.5. To exercise the rights referred to above, one can contact the Administrator by sending an appropriate message in writing or via email to the Administrator's address indicated in the introduction to this privacy policy.

6. FINAL PROVISIONS

6.1. The Online Store may contain links to other websites. The Administrator urges that after switching to other websites, read the privacy policy established there. This privacy policy applies only to this Online Store.

6.2. The Administrator applies technical and organizational measures ensuring the protection of processed personal data appropriate to the threats and categories of data protected, and in particular protects the data against unauthorized access, takeover by an unauthorized person, processing in violation of applicable regulations, and change, loss, damage or destruction.

6.3. The Administrator appropriately provides the following technical measures to prevent unauthorized access and modification of personal data sent electronically:
1) Securing the data set against unauthorized access.
2) Access to the account only after providing an individual login and password.