Privacy policy

PRIVACY POLICY

for the users of

www.hairbya.eu

 

To secure the personal data of the users of the www.hairbya.eu website, the Administrator collects and processes personal data by the provisions of the law on the protection of personal data, including, in particular, the provisions of Regulation (EU) 2016/679 EU of the European Parliament and of the Council of April 27, 2016 on the protection of individuals about the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: “GDPR”).

I. Data of the Personal Data Administrator

  1. The administrator of your personal data is First Class Design Sp z o.o., address of place of business and address for service: ul. Okrężna 8, 44-100 Gliwice, Poland, NIP [Tax Identification Number]: 6312710654.
  2. This policy comprehensively sets forth all information regarding your personal information. If you have any further questions concerning this policy, contact us by email: info@hairbya.eu.

 

II. Purposes and grounds for processing personal data

  1. In order to provide electronic services in accordance with the scope of our activities, we process your personal data for various purposes, i.e.:
  • Performing a contract or taking actions necessary to conclude a contract (Article 6 para. 1b GDPR) in connection with actions concerning, among other things, the conclusion of a contract for the provision of services (e.g., newsletter, blog)
  • to carry out legal obligations incumbent on the administrator (Article 6(1)(c) GDPR) in connection with the performance of duties under the laws
  • for the purpose of communication – (Article 6.1F GDPR), based on the administrator’s legitimate interest in responding to your inquiries and thus the desire to provide you with the highest quality of our services
  • for correspondence archiving purposes – the legal basis for processing after the end of communication is the legitimate purpose of archiving correspondence for future demonstration (Article 6.1F of the GDPR).
  • for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6.1F of the GDPR) consisting of conducting analyses of Users’ activities, as well as their preferences in order to improve the functionalities used and services provided;
  • for the purpose of possible determination and investigation of claims or defense against them – the legal basis for processing is the legitimate interest of the Administrator (Article 6.1F GDPR) based on the protection of your rights;
  • for the Administrator’s marketing purposes (Article 6.1F of the GDPR legitimate interest of the Administrator)
  • for the purpose of posting comments – Article 6 para. 1a of the GDPR, on the basis of consent (in this case, we assume that posting a comment is a concurrent consent to the processing of personal data)
  • for the purpose of sending newsletters – on the basis of Article 6.1F GDPR (the administrator’s legitimate interest in processing data for direct marketing purposes) and on the basis of the Act on the provision of services by electronic means
  • for the purpose of operating a Facebook fanpage, an Instagram account and a TikTok account and interacting with users of these social media sites – on the basis of Article 6.1F of the GDPR (the administrator’s legitimate interest).

2. We process the following User data, depending on the form of communication:

  • first and last name (optional)
  • e-mail address (optional)
  • mailing address (optional)
  • telephone number (optional)
  • IP numer

III. Right to withdraw consent

  1. If the processing of personal data is carried out on the basis of consent, you may withdraw the consent you have given at any time.
  2. If you would like to revoke your consent to the processing of personal data, it is sufficient to send an e-mail directly to info@hairbya.eu for this purpose.
  3. If the processing of your personal data took place on the basis of consent, its revocation does not affect the legality of the previous processing.

IV. Requirement of personal data

  1. Providing personal data is voluntary and depends on your decision. However, in some cases, providing specific personal data is necessary to enable you to use electronic services and other tools on our website.
  2. The scope of personal data necessary for you to provide in order to use the electronic services available on the website is indicated each time on the website.

V. Recipients of personal data

  1. Like most businesses, we use third parties in our operations, which sometimes involves the transfer of personal data to external recipients. Therefore, if necessary, we pass your personal data to our web host and the IT company that manages the site. If we conclude a contract, your data will also be transferred to the accounting firm and the company that operates the invoicing software.
  2. It may also happen that based on a relevant legal regulation or a decision of a competent authority, we will have to provide your personal data to other entities, whether public or private.
  3. On our side, we assure you that we analyze each request for personal data very carefully and very thoroughly, so that we do not pass the information to an unauthorized person.

VI. Transfer of personal data to third countries

  1. We use a variety of popular services and technologies, offered by entities such as Facebook, Microsoft, Google, YouTube, Instagram, TikTok. These companies are based outside the European Union and are therefore considered third countries under the GDPR.
  2. The GDPR imposes certain restrictions on the transfer of personal data to third countries because since European laws do not apply there, in principle, the protection of the personal data of EU citizens may, unfortunately, be insufficient. Therefore, each personal data administrator is required to establish a legal basis for such transfers.
  3. We would also like to kindly inform you that due to our use of technologies that track users’ activities in the form of Facebook pixel codes and Google Tag Manager codes, your data will be transferred by us outside the European Economic Area.
  4. In our case, your personal data may be transferred to the United States/Canada, among other countries.
  5. Currently, the services offered by Google and Facebook are provided by entities in the European Union. You should, however, each time read the privacy policies of these providers in order to receive up-to-date information regarding the protection of personal data. Detailed information is available in the content of the privacy policy of each of these service providers, available on their websites, e.g:

VII. Period of personal data processing

  1. By applicable laws, we will process your data only for the time needed to achieve the designated purpose. After this period, your data will be deleted or destroyed.
  2. Regarding the specific processing periods, we kindly inform you that we process your personal data for a period of time:
  • for the period of realization of the service, as well as for the period of limitation of claims under the law – with regard to data provided by Users,
  • for the period required by law, including tax law – for personal data involving compliance with obligations under applicable laws,
  • for the period of correspondence and 5 years after its termination (for archival purposes constituting a legitimate interest of the administrator) – about personal data in the form processed to answer a question,
  • until objection is raised- with respect to data on the basis of the Administrator’s legitimate interests or for marketing purposes,
  • until the withdrawal of consent – with respect to data processed on the basis of consent,
  • until the statute of limitations for potential contractual claims – with respect to data processed on a contractual basis

3. We count periods in years from the end of the year when we began processing personal data. If you exercise your right to forget, such situations are considered on a case-by-case basis.

4. After the expiration of the processing period, the data are irreversibly deleted or anonymized.

VIII. Rights of data subjects

  1. We kindly inform you that you have the right to:
  • Information about data processing,
  • receive a copy of personal data,
  • rectification of personal data,
  • deletion of personal data,
  • restriction of processing of personal data,
  • objection to the processing of personal data,
  • transfer of personal data,
  • withdrawal of consent.

2. We point out that the enumerated rights are not absolute, and in certain situations, we may lawfully refuse you. However, if we refuse to grant a request, it is only after careful consideration and only in situations where denial of the request is necessary.

3. Regarding the right to object, we explain that you have the right to object at any time to the processing of personal data based on the Administrator’s legitimate interests (Section III) in connection with your particular situation. However, you must bear in mind that, by the regulations, we may refuse to consider your objection if we prove that:

  • there are legitimate grounds for processing that override your interests, rights and freedoms, or
  • there are grounds for establishing, asserting or defending claims.

4. In addition, at any time, you may object to processing of your data for marketing purposes. In such a situation, upon receipt of your objection, we will cease processing for such purposes.

you can execute your rights by sending an email directly to info@hairbya.eu.

IX. The right to file a complaint

If you believe that your personal data is being processed in violation of applicable law, you may file a complaint with the President of the Office for Personal Data Protection.

X. Cookies files

  1. Like most websites, the Administrator uses so-called tracking technologies, i.e., cookies, which allows the site to be improved to meet the needs of its visitors.
  2. The Site does not automatically collect any information except that contained in cookies.
  3. When you enter the Site for the first time, you must agree to cookies to continue using the content of the Site. Otherwise, you must leave the Site. It is also possible to change your browser settings, disable or delete cookies.
  4. Detailed information on cookies is contained in the Cookie Policy (HERE).

XI. Final Provisions

  1. The Privacy Policy is updated on an ongoing basis. You will be notified of any changes made to this Privacy Policy via the website. If the Administrator changes the Privacy Policy, it will post the updated text of the document on the website.
  2. Changes to the Privacy Policy are valid from the date of posting the updated text on the website.
  3. This Privacy Policy is valid as of 01.10.2023. (publication date – 01.10.2023).