Privacy Policy

How do we update our privacy policy? Howdo we updateour privacy policy?Who is the Administrator of my personal data?
The Administrator of your personal data, i.e. the entity that decides on the purposes and means of its processing, is BD hair &fit, Jupiterstraat 35, 3204BE Spijkenisse, the Netherlands (the Netherlands), EU VAT: NL003184075B11.

How can I contact you about personal information issues?
We process your personal data whenever:

• you use our services, especially when you use our products,
• you take part in the training, competitions and promotional actions we organize,
• We sometimes ask our customers to participate in market research. Any personal information used for research will only be used with your consent, we may use the information we collect to test, research, analyze and develop products. This allows us to improve and enhance the safety and security of our services, develop new features and products,
• in certain cases there may be a need to use your data to resolve legal disputes, in the case of official proceedings, in matters related to compliance with the law,
• for this purpose, we may process certain personal data such as your name, surname, date of birth, data on the use of our services, if claims arise from the way you use our services, other data necessary to prove the existence of the claim, including the extent of the damage suffered,
• We may process your personal data
• also in case we send you a Newsletter (provided that you have previously agreed to it),
• We also process your personal data when we send you marketing information about us or our business partners (provided that you have given your prior consent).
  

Do I have to give you my data?
The provision of data is voluntary, but some of your data may be necessary for the use and proper provision of our services. In addition, some of your data is necessary so that we can comply with the requirements set by law, as mentioned below.

What kind of data do you process?
We process only those data that are necessary for the purpose for which they were collected. Depending on the type of service provided, the scope of data may be different:
1) If you use our services, or participate in events organized by us we process your personal data such as – name, contact details and payment data.
2) If you take part in contests organized by us, we process, among other things, your name, telephone, email address, and in some cases, your bank account number if you have won a cash prize.
3) If you have consented to sending you Newsletter and marketing information we process, among other things, your name and email address.
4) If we issue a sales document to you then we process such data as: your name and surname, address of residence (registered office), PESEL number or NIP number.
5) If we communicate with you electronically or using telecommunication terminal equipment and automatic calling systems (after you have given your prior consent to such communication) then (depending on the form of communication) we process such data as: your name, telephone number, e-mail address.

For what purpose do you process my data?
We process your personal data in order to take action at your request (e.g. respond to an inquiry or demand), for the purpose necessary to conclude and perform a contract or provide a service, including handling possible complaints, claims or claiming receivables arising from concluded contracts.
The processing of some of your personal data is also necessary in order for us to fulfill our obligations under the law, such as those relating to the obligation to store certain data for a certain period of time, to collect certain information for the purpose of verification and identification of the user, or to transfer data to authorized bodies or entities, such as those arising from:
1) Act of 29.09.1994 on accounting,
2) Act of 11.03.2004 on tax on goods and services,
3) Act of 16.11.2000 on prevention of money laundering and financing of terrorism,

If we decide to process your data for a different purpose than we collected it for, we will inform you of this and ask for your consent, if required by law.

Cookies
To a limited extent, we may collect personal information automatically through cookies on our websites.

Cookies are small text files stored on a user’s computer or other mobile device when the user uses websites. These files are used, among other things, to use various functions provided for on a given website or to confirm that a given user has seen certain content from a given website. Among cookies, a distinction can be made between those that are necessary for the operation of websites […].

• cookies with data entered by the user (session ID) for the duration of the session (user input cookies)
• authentication cookies used for services that require authentication for the duration of the session (authentication cookies)
• security cookies, such as those used to detect authentication abuse (user centric security cookies)
• multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies)
• Persistent cookies used to personalize the user interface for the duration of the session or slightly longer (user interface customization cookies).
• cookies used to monitor website traffic, i.e. data analytics, including Google Analytics cookies (these are cookies used by Google to analyze how the User uses the Website, to generate statistics and reports on the functioning of the Website). Google does not use the collected data to identify the User, nor does it combine this information to enable identification.

By using the Site, you consent to the placement of the cookies described above on your computer or other device. However, it is possible to control and manage the installed cookies. However, please note that the removal or blocking of cookies may affect the use of the Site, as some areas of the Site may become inaccessible.
The Administrator stipulates that after rejecting cookies, some functions offered by the Sites may not function properly, and even in some cases it involves the complete inability to use the selected product.

On what legal basis do you process my data?
We process Personal Data in accordance with applicable laws and regulations, in particular in accordance with the provisions of the Regulation (RODO) on Personal Data.

The legal basis for processing your data is:

• your consent or
• Processing your application or request, or
• conclusion and execution of the contract, or
• realization of the legitimate interests of the Administrator or
• Our fulfillment of our obligations under applicable laws and regulations.

How long will you process my data?
For individual cases, the duration of data processing is as follows:
1) if we process your data on the basis of a contract, the processing will last as long as the contract lasts and the statute of limitations for possible claims,
2) if you have given your consent to processing for a specific purpose, we will process your personal data until you revoke your consent, after which we will delete it immediately,
3) data that we process on the basis of the legitimate interest of the data controller – the period of processing lasts until the aforementioned interest ceases. interest (e.g. the statute of limitations for civil law claims) or until the data subject objects to further such processing – in situations in which such an objection is entitled under the law,
4) data processed in order for us to fulfill our obligations under applicable laws and regulations, we will process for as long as it is required by such laws and regulations.

Who are the recipients of the data?
Recipients of the data are persons authorized by the Administrator to use the data in the performance of their official duties, to whom the Administrator orders such activities.

In certain situations, we have the right to transfer your data if necessary so that we can perform our services, meet our obligations and properly comply with applicable laws.

In performing some of the tasks (including document destruction, data storage, accounting and payroll services, legal services, marketing services, IT services), we use external entities. In justified cases, the relevant authorities will also receive them from us.

In this case, we entrust personal data to subcontracted entities in the performance of a specific purpose on our behalf (based on a Data Entrustment Agreement), while still remaining the Controller of your data and responsible for its security.

We will only transfer data to three groups:
1) persons authorized by us, our employees and associates who need to have access to the data in order to properly perform their duties,
2) processors to whom we outsource this task in order to fulfill a strictly defined purpose (e.g., an accounting office, a law firm, an IT company),
3) other data recipients (e.g., law enforcement agencies, banks in case they make a request to provide information based on an appropriate legal basis in accordance with the provisions of applicable law).

Do you share my data, and to whom ?
We do not share your data with third parties or entities, except when:
1) you have voluntarily consented to such sharing. The consent given in advance can be revoked by you at any time, in the same simple manner in which it was given.
2) the sharing is necessary for the performance of a contract or the provision of a service.
3) in specific cases, your data may be shared with entities authorized to do so under generally applicable laws (e.g. law enforcement agencies, an auditor for the purpose of auditing financial statements).

Each request for access is thoroughly investigated by us,
and the transfer of data takes place only if, as a result of this analysis, we determine that there is a valid and effective legal basis for requesting disclosure of your data to these entities.

Do we transfer personal data outside of European Union countries?
Our partners are mainly based in Poland and other countries in the European Economic Area (EEA). Some of our suppliers are based outside the EEA. In connection with the transfer of your data outside the EEA, we have ensured that our suppliers provide guarantees of a high level of protection of personal data. We minimize the extent of data sent outside the EEA. At the same time, we verify in the case of application of the SCC whether there is a risk of a breach of data protection by these entities outside the EEA, among other things, what their data security process is like and whether the data shared could potentially be of interest to third countries.

How do you protect my data?
In connection with the processing of your personal data, you have the following rights:
1) to be informed regarding the processing of your personal data, the so-called “information obligation” (pursuant to Articles 12 and 13 RODO),
2) to access the content of your personal data (pursuant to Article 15 RODO),
3) to request the rectification of your personal data (pursuant to Art. 16 RODO), i.e. correcting inaccurate data and completing incomplete data,
4) request the restriction of the processing of your personal data (pursuant to Art. 18 RODO),
5) the right to request the transfer of your personal data to another Controller (pursuant to Art. 20 RODO),
6) to object to the processing of your data for reasons related to your particular situation (pursuant to Art. 21 (1) RODO), however, this right is not absolute – ie. despite your objection, we will still be able to process your personal data if we demonstrate that there are valid, legitimate grounds for the processing overriding your rights and freedoms or grounds for establishing, asserting or defending claims,
7) object to the processing of your personal data carried out for the purposes of direct marketing, to the extent that the processing is related to such direct marketing. This objection does not require justification or conditions of effectiveness – in this case we will no longer be able to process your personal data for direct marketing purposes.

Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

8) request deletion of your personal data (in accordance with Article 17 of the RODO) – the so-called “right to be forgotten”, you can exercise this right, for example, when:
a) the Administrator processes your personal data unlawfully,
b) you file an objection to the processing of your data for marketing purposes,
c) the data must be deleted in order for the Administrator to comply with its obligation under the law;

You can exercise the above rights by submitting to us (the Data Controller) the appropriate statement:
a) by e-mail at the following address: hello@barbaradomon.eu
or
b) in writing – by postal mail at:
BD hair &fit, Jupiterstraat 35, 3204BE Spijkenisse, the Netherlands (the Netherlands),
note: personal data

9) In addition, you have the right to file a complaint
to the supervisory authority, i.e. the President of the Office for Personal Data Protection (formerly GIODO).

How do we update our privacy policy?
We may update this policy from time to time. If we make material changes, we will notify you by email. To the extent permitted by applicable law, your use of our services after such notification constitutes your consent to updates to this policy.
We encourage you to periodically review this policy for the latest information about our privacy practices. We also make previous versions of our privacy policy available for review.

The Policy is reviewed on an ongoing basis. The current version of the Policy was adopted and is effective as of. You can find archived versions of this document on our website.