Privacy Policy – Balola Sopot

Together
We celebrate beauty

Pl  ·  En

Privacy Policy


1. Definitions 

Administrator – Marta Socha-Kilanowska, running a business under the name Skin Routine Holistic Diagnostyka Cery Marta Socha-Kilanowska, ul. Seazamkowa 35/2 81-198 Dębogórze, NIP: 7471792547 REGON: 523584387, e-mail: sopot@balola.pl, telephone number: 666 466 717 

Regulations – terms and conditions of the beauty salon and balola.pl website     

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 

Booksy – an appointment booking service available at booksy.com. 

Website – a website maintained by the Administrator at balola.pl 

User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.

2. Data processing

In connection with the User’s use of the Website and the Booksy, the Administrator collects data to the extent necessary to provide individual services. Detailed rules and purposes of processing personal data collected during the User’s use of the Site are described below.

3. Purposes and legal bases for data processing

Personal data of all Users using the Website (including IP address or other identifiers and information collected through cookies) are processed by the Administrator: 

  • in order to provide services electronically to the extent of providing Users with access to content collected on the Website – in which case the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR); 
  • in order to possibly determine and pursue claims or defend against them – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in the protection of his rights; 
  • for the purpose of sending commercial information by means of a newsletter, the legal basis for processing is the User’s consent (Article 6(1)(a) of the GDPR) 

The User’s activity on the Website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities regarding the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical and administrative purposes, to ensure the security of the IT system and to manage this system, as well as for analytical and statistical purposes – in this regard, the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR). GDPR). 

The main source of obtaining personal data about Users using the services offered by the Administrator’s business is the Booksy, which collects, processes and transfers data to the Administrator. The principles and purposes of data collection are described in detail by the Booksy under the following link: https://booksy.com/pl-pl/p/privacy . The Administrator is not directly responsible for the data provided to him by the Booksy (including the correctness of the data provided), but takes all necessary measures to secure the data. 

In addition, the Administrator also receives data directly from the User, who submits it through the Client Card, in accordance with the Regulations, in order to perform a specific service. 

4. Newsletter 

The Administrator processes Users’ personal data in order to carry out marketing activities, which may consist in sending the User marketing content (newsletter). 

The Administrator does not make automatic decisions and the User’s personal data is not subject to profiling.

5. Cookies

The Administrator uses “cookies”. These are short text information saved on a computer, telephone, tablet or other device. They can be read by the Administrator, as well as by systems belonging to other entities whose services it uses (such as Google). Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number. More information about cookies can be found at www.allaboutcookies.org . 

Cookies used on the Website do not store personal data or other information collected from the User. The Website uses cookies to identify the browser session, which enables the use of the website’s functions. The use of “cookies” techniques does not allow downloading any personal and address data of the User or any confidential information from his computer. 

Cookies are used for the following purposes: maintaining service security and preventing fraud, facilitating website performance, registering visits for marketing and statistical purposes, using social features, supporting website personalization (e.g. saving language settings). Cookies may also be used and posted by partners cooperating with the Administrator – then they are subject to cookie policies or privacy policies of the entities posting them. 

The User consents to the processing of information contained in cookies by expressing consent given during the first visit to the Website in the displayed window. The User may agree to the processing of all data or only those that are necessary for the correct display of the Website. 

A user who does not want to use cookies for the purpose described above may delete them manually at any time. For detailed instructions on how to proceed, visit the website of the manufacturer of the web browser you are using. 

In the case of using Google Chrome, the instructions can be found here – https://support.google.com/chrome/answer/95647?hl=en 

In the case of using Mozilla Firefox, the instructions can be found here – https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer 

In the case of using Safari, the instructions can be found here – https://support.apple.com/kb/ph21411?locale=pl_PL 

In the case of using Microsoft Edge, the instructions are here – https://docs.microsoft.com/en-us/microsoft-edge/devtools-guide/debugger/cookies 

In the case of using Internet Explorer, the Administrator suggests changing the tool to one of the above, and the instructions can be found here – https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage- cookies _ 

The administrator feels obliged to warn that disabling or limiting the use of cookies may cause difficulties in using the Website and limit its functionality.

6. Processing of User Data

The Administrator informs Users that he entrusts the processing of personal data to the following entities: 

Outside the EEA: 

Due to the fact that some entities cooperating with the Administrator are based outside the European Union, and therefore in the light of the provisions of the GDPR, they are treated as third countries. The administrator ensures that the data is transferred to entities from the United States that use standard contractual clauses. 

Google Inc. (head office address: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) – providing the Google Analytics solution for monitoring website traffic. The collected data makes it impossible to identify a specific person, and more information about the tool’s privacy standards is available at the link www.google.com/intl/pl/policies/privacy/partners/ . In addition, using the following link: https://tools.google.com/dlpage/gaoptout , it is possible to disable the activity measured by Google Analytics. 

Facebook Inc. (headquarters address: Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA) – providing the Facebook Pixel solution for monitoring website traffic. The collected data prevents the identification of a specific person, and more information about the privacy standards of the tool is available at the link https://developers.facebook.com/docs/privacy/. 

Thus, it guarantees compliance with data protection standards analogous to the Regulation, and the Administrator’s use of their technology in processing personal data is lawful. 

7. Period of personal data processing 

The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a general rule, data are processed for the duration of the service or order execution, until the withdrawal of the expressed consent or filing an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator. 

The period of data processing may be extended if the processing is necessary to establish and pursue any claims or defend against them, and thereafter only if and to the extent required by law. After the expiration of the processing period, the data shall be irreversibly deleted or anonymized.

8. User’s rights

The User has the right to: 

  • access to the content of the data and request their rectification, 
  • deletion of data, 
  • restriction of processing, 
  • the right to transfer data, 
  • the right to object to data processing, 
  • the right to lodge a complaint to the supervisory body – the President of the Office for Personal Data Protection ul. Stawki 2, 00-193 Warsaw 

To the extent that the User’s data is processed on the basis of consent, the consent may be withdrawn at any time by contacting the Administrator. 

The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the legitimate interest of the Administrator, and – for reasons related to the particular situation of the User in other cases where the legal basis for data processing is the legitimate interest of the Administrator (e.g. in connection with the implementation of analytical and statistical purposes). 

9. Data recipients

In connection with the implementation of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems and entities related to the Administrator. 

The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who make a request for such information, based on the appropriate legal basis and in accordance with the provisions of applicable law. 

10. Contact 

Contact with the Administrator is possible at the e-mail address: sopot@balola.pl or in writing to the Administrator’s registered office address (ul. Seazamkowa 35/2 81-198 Dębogórze).

11. Changes to the Privacy Policy

The policy is verified on an ongoing basis and updated as necessary. The current version of the Policy has been adopted and has been in force since May 2023.