Privacy Policy

WHAT IS THE PRIVACY POLICY?

We would like to provide you with details regarding our processing of your personal data, to give you full knowledge and comfort when using our website.

Since we operate in the internet industry ourselves, we know how important the protection of your personal data is. Therefore, we take special care to protect your privacy and the information you provide to us.

We carefully select and apply appropriate technical measures, especially those of a programming and organizational nature, ensuring the protection of the processed personal data. Our website uses encrypted data transmission (SSL), which provides protection for your identifying data.

In our Privacy Policy, you will find all the most important information regarding our processing of your personal data. Please read it – we promise it will take no more than a few minutes.

Who is the administrator of the www.o-medic.com website?

The website administrator is GLOBAL BEAUTY GROUP ŻANETA GORTAT – STANISŁAWSKA SPÓŁKA JAWNA with its registered office in Katowice, ul. ks. Ściegiennego 2, 40-113 Katowice, registered in the National Court Register by the District Court Katowice-Wschód in Katowice, VIII Commercial Division of the National Court Register, under KRS number: 0000894776, NIP 8992802390, REGON 365863362, BDO 000031030 (that is: us).

PERSONAL DATA

Which legal act regulates the processing of your personal data?

Your personal data is collected and processed by us in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1), commonly known as: GDPR. In areas not regulated by the GDPR, the processing of personal data is governed by the Polish Personal Data Protection Act of May 10, 2018.

Who is the administrator of your personal data?

The administrator of your personal data is GLOBAL BEAUTY GROUP ŻANETA GORTAT – STANISŁAWSKA SPÓŁKA JAWNA with its registered office in Katowice, ul. ks. Ściegiennego 2, 40-113 Katowice, registered in the National Court Register by the District Court Katowice-Wschód in Katowice, VIII Commercial Division of the National Court Register, under KRS number: 0000894776, NIP 8992802390, REGON 365863362, BDO 000031030,  e-mail: [email protected].

You can contact us regarding your personal data via:

• e-mail: [email protected],

• traditional mail: ul. ks. Ściegiennego 2, 40-113 Katowice,

HOW DO WE PROCESS YOUR PERSONAL DATA THAT YOU PROVIDE TO US?

What personal data do we process and for what purposes do we process it?

On our website, we offer you many different services, for which purposes we process various personal data, based on various legal grounds.

Voluntary nature of providing personal data

Providing your required personal data is voluntary but constitutes a condition for us to provide services to you (e.g., sending the newsletter or creating an account).

Recipients of personal data

The current list of entities to whom we disclose your personal data can be found here.

Automated decision-making (including profiling)

We do not make automated decisions concerning you, nor do we use profiling.

Will we transfer your personal data outside the EEA or to an international organization?

For the use of Google’s measurement and marketing tools, your personal data may be transferred to the United States, where Google LLC’s servers are located.

Google LLC is listed in the Data Privacy Framework participant list (link: https://www.dataprivacyframework.gov/s/participant-search), therefore the protection of personal data is adequate in relation to the regulations applicable in the European Union, in accordance with the Commission Implementing Decision (EU) C(2023) 4745 of 10 July 2023 on the adequate level of protection of personal data under the EU-US Data Privacy Framework (link: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework.pdf).

For the use of Facebook tools, your personal data may be transferred to the United States, where Meta Platforms Inc.’s servers are located.

Meta Platforms Inc. is listed in the Data Privacy Framework participant list (link: https://www.dataprivacyframework.gov/s/participant-search), therefore the protection of personal data is adequate in relation to the regulations applicable in the European Union, in accordance with the Commission Implementing Decision (EU) C(2023) 4745 of 10 July 2023 on the adequate level of protection of personal data under the EU-US Data Privacy Framework (link: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework.pdf).

WHAT RIGHTS DO YOU HAVE IN CONNECTION WITH OUR PROCESSING OF YOUR PERSONAL DATA?

Under the GDPR, you have the right to:

• request access to your personal data,

• request rectification of your personal data,

• request erasure of your personal data,

• request restriction of processing of your personal data,

• object to the processing of your personal data,

• request data portability.

Upon receiving any of the requests listed above, we will provide you with information about the actions taken without undue delay – and in any case within one month of receiving the request.

If necessary, we may extend the one-month period by a further two months due to the complex nature of the request or the number of requests.

In any case, we will inform you within one month of receiving the request of any such extension and the reasons for the delay.

Right of access to personal data (Art. 15 GDPR)

You have the right to obtain confirmation as to whether or not we are processing your personal data. If we are processing your personal data, you have the right to:

• access the personal data,

• obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the envisaged period for which the data will be stored, or the criteria used to determine that period, your rights under the GDPR and the right to lodge a complaint with the President of the Personal Data Protection Office, the source of the data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of these data outside the European Union;

• obtain a copy of your personal data.

If you wish to request access to your personal data, submit your request to: [email protected].

Right to rectification of personal data (Art. 16 GDPR)

If your personal data is inaccurate, you have the right to request that we rectify it without undue delay. You also have the right to have incomplete personal data completed.

Right to erasure of personal data, the so-called “right to be forgotten” (Art. 17 GDPR)

You have the right to request the erasure of your personal data when:

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

• you have withdrawn your specific consent, to the extent that the personal data were processed based on your consent;

• the personal data have been unlawfully processed;

• you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing is related to direct marketing;

• you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by us or a third party.

Despite requesting the erasure of personal data, we may continue processing your data for the purpose of establishing, exercising, or defending legal claims, about which you will be informed.

Right to request restriction of processing of personal data (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data when:

• you contest the accuracy of your personal data – in which case we will restrict processing for a period enabling us to verify the accuracy of the data;

• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

• we no longer need the personal data for the purposes of processing, but they are required by you for the establishment, exercise, or defense of legal claims;

• you have objected to processing pursuant to Art. 21(1) pending the verification whether our legitimate grounds override your grounds.

Right to object to the processing of personal data (Art. 21 GDPR)

You have the right to object, at any time, to the processing of your personal data, including profiling, which is based on:

• processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by the data controller or a third party;

• processing for direct marketing purposes.

Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data from us in a structured, commonly used, machine-readable format and have the right to transmit those data to another controller without hindrance.

We will typically provide your personal data in CSV format. If you prefer the data to be provided in a different format, please indicate your preferred format in your request. Where possible, we will try to provide the data in your preferred format.

You can also request that we transmit your personal data directly to another controller (if this is technically feasible).

Can you withdraw your consent to the processing of personal data?

You can withdraw your consent to the processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to withdraw your consent to the processing of personal data for the purpose of providing the “Newsletter” service, you can unsubscribe here.

Complaint to a supervisory authority

If you consider that the processing of your personal data infringes the data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

In Poland, the supervisory authority within the meaning of the GDPR is the President of the Personal Data Protection Office, which replaced the GIODO as of May 25, 2018.

More information can be found here.

Cookies

General Information

While browsing the Online Store websites, “cookies” are used, hereinafter referred to as Cookies, which are small text files saved on your end device in connection with the use of the Online Store. Their use is intended to ensure the correct functioning of the Online Store websites.

These files allow us to identify the software you use and tailor the Online Store to your individual needs.

Cookies usually contain the domain name they come from, their storage time on the device, and an assigned value.

Security

The Cookies we use are safe for your devices. In particular, it is not possible for viruses or other unwanted or malicious software to get onto your devices via Cookies.

Types of Cookies

We use two types of Cookies:

• Session cookies: are stored on your device and remain there until the end of the browser session. The saved information is then permanently deleted from your device’s memory. The session cookie mechanism does not allow the collection of any personal data or any confidential information from your device.

• Persistent cookies: are stored on your device and remain there until they are deleted. Ending the browser session or turning off the device does not delete them from your device. The persistent cookie mechanism does not allow the collection of any personal data or any confidential information from your device.

Purposes

We also use Cookies from external entities for the following purposes:

• configuring the Online Store;

• creating statistics that help understand how users of the Online Store use the websites, which allows improving their structure and content via the Google Analytics analytical tool, administered by Google Ireland Ltd. based in Ireland, Google’s Privacy Policy is available at the following link: https://policies.google.com/privacy?fg=1;

• determining a customer profile to display tailored materials in advertising networks, using the Google Ads online advertising tool, administered by Google Ireland Ltd. based in Ireland, Google’s Privacy Policy is available at the following link: https://policies.google.com/privacy?fg=1;

• collecting information about user behavior using the Facebook Pixel tool, administered by Meta Platforms Ireland Limited, based in Ireland, Facebook’s Privacy Policy is available at the following link: https://www.facebook.com/help/cookies/.

To learn about the rules of using Cookies, we recommend familiarizing yourself with the privacy policies of the companies mentioned above.

Cookies can be used by advertising networks, in particular the Google network, to display ads tailored to your preferences. For this purpose, information about your navigation path on the web or the time of using the website may be stored.

To view and edit information about your preferences collected by the Google advertising network, you can use the tool available at https://www.google.com/ads/preferences/.

If you wish to request the portability of your personal data, submit your request to: [email protected].

Using your web browser settings or the service configuration, you can independently and at any time change your Cookie settings, specifying the conditions for their storage and access by Cookies to your device. You can change these settings to block the automatic handling of Cookies in your web browser settings or to inform you each time they are placed on your device. Detailed information about the possibilities and ways of handling Cookies are available in your software (web browser) settings.