Privacy policy

PRIVACY POLICY

This Privacy Policy sets out the rules for processing personal data obtained via the kosmetyk.fr online store (hereinafter: the “Online Store”).
The owner of the Online Store and the data controller at the same time is Skiera Cosmetics BV, registered office in The Hague (2544EM), Koperwerf 27, KVK 72689331, VAT NL859198819B01, hereinafter referred to as Skiera Cosmetics BV.
Personal data collected by Skiera Cosmetics BV via the Online Store is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR).
Skiera Cosmetics BV takes special care to respect the privacy of Customers visiting the Online Store.

§ 1 Types of data processed, purposes and legal basis

Skiera Cosmetics BV collects information about natural persons performing a legal act not directly related to their business, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal entities or organizational units without legal personality which are granted legal capacity by law, hereinafter collectively referred to as Customers.

Customer personal data is collected when:

Registering an account in the Online Store, to create and manage an individual account. Legal basis: necessity for the performance of the Account service agreement (Art. 6(1)(b) GDPR).
Placing an order in the Online Store, to execute the sales agreement. Legal basis: necessity for the performance of the sales agreement (Art. 6(1)(b) GDPR).
Subscribing to the newsletter, to perform the electronic service. Legal basis: the data subject’s consent (Art. 6(1)(a) GDPR).
Using the contact form, to perform the electronic service. Legal basis: necessity for the performance of the contact-form service agreement (Art. 6(1)(b) GDPR).
Using the “add a review” service, to perform the electronic service. Legal basis: necessity for the performance of the review service agreement (Art. 6(1)(b) GDPR).

When registering an account, the Customer provides:

e-mail address;
first and last name;
phone number.

During registration, the Customer sets an individual password for their account (changeable later under §5).

When placing an order, the Customer provides:

e-mail address;
address details:
- postcode and city;
- country;
- street and house/flat number;
- province/region;
first and last name;
phone number.

For Business Customers, the above scope is additionally extended by:

company name;
VAT number.

When subscribing to the Newsletter, only the e-mail address is provided.

When using the contact form, the Customer provides:

e-mail address;
first and last name;
phone number.

When using the “add a review” service, the Customer provides:

e-mail address;
first and last name or nickname (pseudonym).

When using the Store website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the ISP, domain name, browser type, access time, and operating system type.

Navigation data may also be collected from Customers, including information on links and references they click or other actions taken in the Online Store. Legal basis: the controller’s legitimate interest (Art. 6(1)(f) GDPR) consisting in facilitating the use of electronic services and improving their functionality.

For the purpose of establishing, pursuing and enforcing claims, certain personal data provided by the Customer within the Store’s functionalities may be processed, such as: first and last name, data on the use of services if the claims arise from the manner of use, and other data necessary to evidence the claim, including the extent of damage suffered. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) consisting in establishing, pursuing and enforcing claims and defending against claims before courts and other public authorities.

Providing personal data to Skiera Cosmetics BV is voluntary in connection with entering into sales agreements or service agreements via the Store website; however, failure to provide the data specified in the forms during Registration prevents Registration and account creation, and in the case of placing an order without Registration prevents placing and executing the order.

§ 2 To whom data is disclosed or entrusted and how long it is stored

Customer personal data is transferred to service providers used by Skiera Cosmetics BV in operating the Online Store. Depending on contractual arrangements and circumstances, service providers either follow Skiera Cosmetics BV’s instructions regarding the purposes and means of processing (processors) or determine the purposes and means themselves (controllers).

Processors. Skiera Cosmetics BV uses providers who process personal data solely on Skiera Cosmetics BV’s instructions. These include providers of hosting services, accounting services, marketing systems, web analytics tools, and tools for analyzing the effectiveness of marketing campaigns.

Controllers. Skiera Cosmetics BV uses providers who do not act exclusively on instruction and independently determine the purposes and means of processing Customers’ personal data. They provide electronic payment and banking services.

Location. Service providers are based in Poland and other countries of the European Economic Area (EEA).

Data retention periods:

Where processing is based on consent, personal data is processed until the consent is withdrawn, and thereafter for a period corresponding to the limitation period for claims which may be raised by or against Skiera Cosmetics BV (unless otherwise provided by law: six years, or three years for periodic performance and business-related claims).
Where processing is based on contract performance, personal data is processed for as long as necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims (as above).

For purchases in the Online Store, personal data may be transferred, depending on the Customer’s choice, to the following entities to deliver the ordered goods:

a courier company;
POST NL BV, based in The Hague.

If the Customer chooses SOFORT Banking, their personal data is transferred, to the extent necessary to process the payment, to Mollie BV, Keizersgracht 126, 1015 CW Amsterdam.
If the Customer chooses PayPal, personal data is likewise transferred as necessary to Mollie BV, Keizersgracht 126, 1015 CW Amsterdam.

Navigation data may be used to provide better service, compile statistics and tailor the Online Store to Customer preferences, as well as to administer the Store.

Newsletter. If the Customer subscribes to the newsletter, Skiera Cosmetics BV will send marketing information about promotions and new products to the e-mail address provided.

Upon a lawful request, Skiera Cosmetics BV discloses personal data to competent public authorities, in particular to units of the Prosecutor’s Office, Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Cookies mechanism, IP address

The Online Store uses small files called cookies, stored by Skiera Cosmetics BV on the device of the person visiting the Store if the web browser allows it. A cookie usually contains the domain name it comes from, its expiration time, and a unique random identifier. Information collected via such files helps tailor Skiera Cosmetics BV’s products to individual preferences and enables general statistics on visits to products presented in the Store.

Skiera Cosmetics BV uses two types of cookies:

Session cookies – data is deleted from the device after the browser session ends or the device is switched off; session cookies do not allow the retrieval of any personal data or confidential information from Customers’ devices.
Persistent cookies – stored on the Customer’s device until deleted or expired; persistent cookies do not allow the retrieval of any personal data or confidential information from Customers’ devices.

First-party cookies are used to:

authenticate the Customer in the Online Store and maintain the Customer’s session (so that login is not required on each subpage);
perform analysis, research and audience measurement — in particular to create anonymous statistics helping to understand how Customers use the website, enabling improvements to its structure and content.

Third-party cookies are used to:

promote the Online Store via facebook.com (controller: Facebook Inc., USA / Facebook Ireland);
collect anonymous statistics via LiveChat analytics (controller: Smartsupp.com, Czech Republic);
display tailored ads via awin.com (controller: AWIN Limited, UK);
display tailored ads via rtbhouse.com (controller: RTB House S.A., Warsaw);
display tailored ads via go.pl (controller: GO.PL Sp. z o.o., Warsaw);
promote the Store via twitter.com (controller: Twitter Inc., USA);
collect statistics via Google Analytics (controller: Google Inc., USA);
display ads via Google AdSense (controller: Google Inc., USA);
present the Rzetelny Regulamin certificate via rzetelnyregulamin.pl (controller: Rzetelna Grupa sp. z o.o., Warsaw).

The cookie mechanism is safe for Customers’ devices. Customers can limit or disable cookies in their browser; in that case, some functions that by their nature require cookies may not work properly.

Changing cookie settings in popular browsers:

Skiera Cosmetics BV may collect IP addresses. An IP address is a number assigned to a visitor’s device by an ISP and enables Internet access. In most cases it is assigned dynamically (changes with each connection). IP addresses are used to diagnose server problems, compile statistics (e.g., regions of visits), administer and improve the Store, and for security and possible identification of unwanted automated programs burdening the server.

The Online Store contains links to other websites. Skiera Cosmetics BV is not responsible for the privacy practices of those websites.

§ 4 Rights of data subjects

Right to withdraw consent (Art. 7(3) GDPR) – withdrawal takes effect from the moment of withdrawal and does not affect lawful processing carried out before that moment; it may prevent the use of services/features that require consent.

Right to object (Art. 21 GDPR) – the Customer may object at any time, on grounds relating to their particular situation, to processing based on legitimate interest (e.g., marketing, statistics, usability, satisfaction surveys). Unsubscribing from marketing e-mails constitutes an objection for those purposes. If the objection is justified and no other legal basis exists, the relevant data will be erased.

Right to erasure (“right to be forgotten”) (Art. 17 GDPR) – e.g., when data is no longer necessary, consent has been withdrawn, an objection to marketing has been made, processing is unlawful, erasure is required to comply with a legal obligation, or data was collected in connection with information society services. Despite an erasure request, Skiera Cosmetics BV may retain certain data to establish/exercise/defend legal claims or comply with legal obligations (e.g., name, e-mail, address, order number).

Right to restriction of processing (Art. 18 GDPR) – e.g., where accuracy is contested (max. 7 days for verification), processing is unlawful and restriction is requested, data is no longer needed for the original purpose but required for claims, or an objection is pending. During restriction, related services/communications are suspended.

Right of access (Art. 15 GDPR) – confirmation of processing, access to data and information on purposes, categories, recipients, storage period/criteria, rights, complaints, source, automated decision-making/profiling, safeguards for transfers outside the EU, plus a copy of the data.

Right to rectification (Art. 16 GDPR) – immediate correction of inaccurate and completion of incomplete data (on request via the e-mail indicated in §6).

Right to data portability (Art. 20 GDPR) – receipt of one’s data and transfer to another controller or direct transfer where technically feasible; data provided in a CSV file (common, machine-readable format).

Response times. Skiera Cosmetics BV will comply with or refuse a request without undue delay and no later than one month after receipt. For complex or numerous requests, this may be extended by two months; the Customer will be informed within one month about the extension and reasons.

Customers may address complaints, questions and requests regarding data processing and the exercise of rights to the Controller.
The Customer may request a copy of the Standard Contractual Clauses (SCCs) via the address indicated in §6.
The Customer has the right to lodge a complaint with the President of the Personal Data Protection Office concerning any violation of GDPR rights.

§ 5 Security management – password

Skiera Cosmetics BV ensures secure, encrypted connections (SSL) when transmitting personal data and when logging into the Customer Account.
If a Customer with an Online Store account loses their password, a new password can be generated via the “Forgot your password” function; passwords are stored in encrypted form and are not sent by e-mail.
Skiera Cosmetics BV never asks for login details or passwords by (e-)mail.

§ 6 Changes to the Privacy Policy

This Privacy Policy may be amended; Skiera Cosmetics BV will notify Customers 7 days in advance.
Questions related to this Privacy Policy should be sent to: [email protected]
Date of last modification: 08.09.2021

Cookie name	Provider	Purpose	Expiry
AEC	Google	Ensures that requests within a browsing session are made by the user and not by other sites.	6 months
cookiesplus	kosmetyk.fr	Stores your cookie preferences.	1 year
DV	Google	It is used to collect information about how the visitor uses the website. The cookie collects information anonymously, including the number of people visiting the website, where the visitors came from and the pages they visited.	1 day
PHPSESSID	kosmetyk.fr	This cookie is native to PHP and enables websites to store serialised state data. It is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie.	Session
PrestaShop-#	kosmetyk.fr	This cookie helps keep user sessions open while they are visiting a website, and help them make orders and many more operations such as: cookie add date, selected language, used currency, last product category visited, last seen products, client identification, name, first name, encrypted password, email linked to the account, shopping cart identification.	480 hours
SOCS	Google	Stores information about the user's cookie decision.	13 months
__cflb	Cloudflare	Technical cookies required by CDN provider Cloudflare.	1 hour
__Secure-ENID	Google	Used to store user preferences and information.	13 months

Cookie name	Provider	Purpose	Expiry
_ga	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years
_ga_#	Google	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.	2 years

Cookie name	Provider	Purpose	Expiry
_fbp	Facebook	Stores and tracks visits to websites.	3 months
_gcl_au	Google	Collects and stores information from ad clicks.	3 months