1. General provisions.
    • The administrator of the personal data collected within the Service by FerrumLabs S.A. with its registered office in Warsaw, ul. Puławska 12/3, 02-566 Warsaw, Poland NIP: PL521393009, KRS: 0000902960, e-mail address: contact@truemenskincare.com
    • The Customer’s personal data is processed in accordance with the Personal Data Protection Act of 10 May 2018 and the Act on Provision of Electronic Services of 18 July 2002. (Journal of Laws No. 144, item 1204 as amended) and furthermore in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as „RODO” or „RODO Regulation”. Official text of the RODO Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
    • Any words or phrases capitalized in this document shall be understood in accordance with their definition in the Terms of Service, available on the websites of the Online Store.
    • The use of the Internet Shop, including making purchases, is voluntary. Similarly, the provision of personal data by the Customer or Client using the Internet Shop is voluntary, subject to two exceptions: (1) conclusion of agreements with the Administrator – failure to provide personal data necessary for the conclusion and performance of a Sales Agreement or an agreement for the provision of an Electronic Service with the Administrator in the cases and to the extent indicated on the website of the Internet Shop and in the Terms and Conditions of the Internet Shop and this Privacy Policy results in the impossibility to conclude that agreement. Providing personal data in such a case is a contractual requirement and if the data subject wishes to conclude a given agreement with the Administrator, he/she is obliged to provide the required data. Each time the scope of data required to conclude a contract is indicated previously on the website of the Internet shop and in the Terms and Conditions of the Internet shop; (2) statutory obligations of the Administrator – providing personal data is a statutory requirement resulting from universally applicable laws imposing an obligation to process personal data on the Administrator (e.g. processing of data for the purposes of keeping tax or accounting books), and failing to provide such data will prevent the Administrator from fulfilling those obligations.
    • The controller shall use his/her best efforts to protect the interests of the persons whose personal data he/she processes, and in particular shall be responsible for and ensure that the data he/she collects are (1) processed lawfully; (2) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; (3) substantively correct and adequate in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of processing; and (5) processed in a manner which ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.
    • Having regard to the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying degrees of probability and seriousness, the controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with this Regulation and to be able to demonstrate it. These measures shall be reviewed and updated as necessary. The controller shall apply technical measures to prevent unauthorised persons from acquiring and modifying personal data transmitted electronically.
    • The Website performs the functions of obtaining information about the Clients and their behaviour in the following ways
      • through the information voluntarily entered on the forms;
      • by storing cookies (so-called „cookies”) on terminal equipment.
  1. Grounds for data processing

2.1 The controller shall be entitled to process personal data where, and to the extent that, one or more of the following conditions are met: (1) the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2 The processing of personal data by the Administrator requires in each case the existence of at least one of the grounds indicated in Point. 2.1 of the Privacy Policy. Specific grounds for processing personal data of the Internet Shop’s Customers and Clients by the Administrator are indicated in the next point of the privacy policy – with reference to a given purpose of personal data processing by the Administrator.

  1. Purpose and scope of data collection
  • Each time, the purpose, basis, period and scope and recipients of the personal data processed by the Administrator result from the activities undertaken by a given Customer or Client in the Online Shop.
  • The Administrator may process personal data in the Online Shop for the following purposes, on the following grounds, during the following periods and to the following extent:

Purpose of data processing

Legal basis for processing and duration of data retention

Scope of data processing

Execution of a Sales Agreement or an agreement for the provision of an Electronic Service, or taking action at the request of the data subject prior to entering into the above-mentioned agreements

Article 6(1)(b) of the RODO Regulation (performance of a contract)The data shall be stored for the period necessary for the performance, termination or otherwise expiry of the concluded contract.

Maximum scope: name and surname; e-mail address; contact telephone number; delivery address (street, house number, apartment number, postal code, city, country), residential/business/office address (if different from the delivery address).For Service Recipients or Clients who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Client.

The stated range is the maximum.

Direct marketing

Article 6(1)(f) of the RODO Regulation (legitimate interest of the Controller)The data shall be stored for the period of existence of the legitimate interest pursued by the Controller, however, no longer than for the period of limitation of claims against the data subject in relation to the business activities conducted by the Controller. The period of limitation shall be determined by the provisions of law, in particular of the Civil Code (the basic limitation period for claims related to business activities is three years, and for a sales contract – two years).

The controller may not process the data for direct marketing purposes in the event of an effective objection to this effect by the data subject.

E-mail address

Newsletter

Article 6(1)(a) of the RODO Regulation (consent)Data shall be stored until the data subject withdraws his or her consent to further processing for this purpose.

Name, e-mail address

Customer’s expression of an opinion about the concluded Sales Agreement

Article 6(1)(a) of the RODO Regulation Data shall be stored until the data subject withdraws his or her consent to further processing for this purpose.

E-mail address

Maintenance of tax books

Article 6(1)(c) of the RODO Regulation in conjunction with Article 86 § 1 of the Tax Ordinance, i.e. of 17 January 2017. (Journal of Laws of 2017, item 201).The data are stored for the period required by legal regulations ordering the Administrator to keep tax books (until the expiry of the tax liability limitation period, unless tax acts provide otherwise)

First and last name; home/business/office address (if different from delivery address), company name and tax identification number (NIP) of the Customer or Client

Determining, pursuing or defending claims which the Administrator may assert or which may be asserted against the Administrator

Article 6(1)(f) of the RODO Regulation The data shall be stored for the period of the existence of a legitimate interest pursued by the Controller, however, no longer than for the period of the statute of limitations for claims against the data subject resulting from the business activities conducted by the Controller. The period of limitation shall be determined by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for a sales contract it is two years).

First and last name; contact telephone number; e-mail address; delivery address (street, house number, apartment number, postal code, city, country), address of residence/business/office (if different from delivery address).For Service Recipients or Clients who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Client.

  • The Administrator processes the following personal data: (1) Electronic correspondence address; (2) First name; (3) Surname; (4) Residential address i.e. street, building number, premises number, city, postal code, countries; (5) Telephone number;
  • In the event that the Customer submits an instruction for the Seller to issue a VAT invoice, the Administrator shall also process the following personal data: (1) Company name; (2) TIN; (3) Business address (street, building number, premises number, city, postal code, countries).
  1. Information in the forms.
  • The Website collects information voluntarily provided by the Client.
  • The service may also save information about the connection parameters (time stamp, IP address).
  • The data in the forms shall not be made available to third parties otherwise than with the consent of the Customer.
  • Data provided in the forms are processed for the purpose resulting from the function of a given form, e.g. to conclude a Sales Agreement, to perform the process of service request or business contact, to take advantage of Newsletter subscription.
  • For the proper functioning of the Internet Shop, including the performance of Sales Agreements concluded, it is necessary for the Administrator to use the services of external entities (e.g. software provider, courier, or payment processor). The controller shall only use the services of such processors who provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing complies with the requirements of the RODO Regulation and protects the rights of data subjects.
  • Transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy – the Administrator transfers data only if it is necessary for the realization of a given purpose of personal data processing and only to the extent necessary for its realization. For example, if the Customer uses personal collection, his/her data will not be transferred to the carrier cooperating with the Administrator.
  • Personal data of Service Recipients and Customers of the Internet Shop may be transferred to the following recipients or categories of recipients:
    • carriers / forwarders / courier brokers – in the case of a Customer who uses the Product delivery method in the Internet Shop by mail or courier, the Administrator makes the collected personal data of the Customer available to a selected carrier, forwarder or broker executing the shipment on the order of the Administrator to the extent necessary to realize the delivery of the Product to the Customer;
    • entities processing electronic or credit card payments – if a Customer uses the electronic or credit card payment method in the Internet Shop, the Administrator shall make the collected personal data of the Customer available to a selected entity processing the aforementioned payments in the Internet Shop on the order of the Administrator to the extent necessary to handle the payment made by the Customer;
    • service providers providing the Administrator with technical, IT and organisational solutions, which enable the Administrator to conduct its business, including the Internet Shop and the Electronic Services provided by means of it (in particular software providers for operating the Internet Shop, providers of e-mail and hosting software, as well as providers of company management software and technical assistance to the Administrator, and also warehouse operators and entities, to whom the logistic service of orders has been transferred) – the Administrator shall make the collected personal data of the Customer available to the chosen supplier acting on his behalf only in the case and to the extent necessary for the accomplishment of a given purpose of data processing in accordance with this privacy policy;
    • providers of accounting, legal and advisory services who provide the Administrator with accounting, legal or advisory support (in particular an accounting office, a law firm or a debt collection agency) – the Administrator shall make the collected personal data of the Client available to the selected provider acting on its behalf only in the case and to the extent necessary to carry out the given purpose of data processing in accordance with this Privacy Policy.
  1. Rights of the data subject
    • Every person has the right to control the processing of data concerning them by the Service Provider; in particular, the right to:
      • Right of access, rectification, restriction, erasure or portability – the data subject has the right to request from the Controller access to his/her personal data, their rectification, erasure („right to be forgotten”) or restriction of processing and has the right to object to the processing, as well as has the right to portability of his/her data. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the RODO Regulation.
      • Right to withdraw consent at any time – the person whose data are processed by the Administrator on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO Regulation), is entitled to withdraw consent at any time without affecting the legality of the processing that was carried out on the basis of consent before its withdrawal.
      • The right to lodge a complaint to the supervisory authority – the person whose data is processed by the Controller has the right to lodge a complaint to the supervisory authority in the manner and mode specified in the provisions of the RODO Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
      • Right to object – The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. The controller shall in that case no longer be permitted to process those personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
      • Right to object to direct marketing – where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, insofar as the processing is related to such direct marketing.
    • In order to exercise the rights referred to in this section of the privacy policy, you can contact the Administrator by sending a relevant message in writing or by e-mail to the Administrator’s address indicated at the beginning of the privacy policy or by using the contact form available on the website of the Internet Shop.
  2. Information about cookies.
  • The website uses cookies.
  • Cookies (so-called „cookies”) are IT data, in particular text files, which are stored in the Service Recipient’s terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website they come from, the time of storage on the terminal equipment and a unique number.
  • The Administrator is the entity placing cookies on the end device of the Service Recipient and accessing them.
  • Cookies are used for the following purposes:
    • creating statistics which help to understand how the Service users use websites, which enables improving their structure and content;
    • maintaining a session of the Service User (after logging in), thanks to which the Service User does not have to re-enter login and password on each subpage of the Website;
    • determine the profile of the Client in order to show him/her targeted material in advertising networks.
  • There are two main types of cookies used on the Website: „session” (session cookies) and „permanent” (persistent cookies). Session” cookies are temporary files that are stored in the User’s terminal equipment until logging off, leaving the website or switching off the software (web browser). „Permanent” cookies are stored in the final device of the Customer for the time specified in the parameters of cookies or until they are deleted by the Customer.
  • Web browsing software (internet browser) usually allows the storage of cookies on the Client’s terminal device by default. Service Recipients may change their settings in this regard. The Internet browser makes it possible to delete cookies. It is also possible to block cookies automatically. Detailed information on this subject can be found in the help or documentation of the Internet browser. Restrictions on the use of cookies may affect some of the functionalities available on the Website.
  • Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser.
  • Cookies placed in the end device of the Service Recipient and used can also be by advertisers and partners cooperating with the Service Operator.
  • It is advisable to read the privacy policies of these entities to learn about the use of cookies used in statistics: Google Analytics privacy policy
  • Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the user’s use of the Website. For this purpose, they may store information about the user’s navigation path or the time spent on a particular page.
  • With regard to the information on the Customer’s preferences collected by the Google advertising network, the Customer can view and edit the information resulting from the cookies using the following tool: https://www.google.com/ads/preferences/
  1. Final provisions
    • This Privacy Policy takes effect from 01.06.2021
    • The Service Provider is entitled to amend the provisions of the Privacy Policy for important reasons, which are considered to be:
      • extending or modifying the functionality of the Website,
      • the introduction of new services or changes to the content of services, in particular the introduction of a charge for some or all services,
      • changes to the technical requirements necessary for the operation of the Service, in particular regarding the end user’s equipment and IT system, changes to the technical conditions for the provision of services, the occurrence of new risks associated with the provision of services by electronic means,
      • the need to make changes to the Privacy Policy of a technical nature that do not affect the content of the rights and obligations of the Parties, in particular the removal of errors and mistakes, changes to links,
      • the need to adapt the Privacy Policy to current legislation, in particular as regards the services provided,
      • the need to adapt the services provided or the content of the Privacy Policy to court rulings and administrative decisions,
      • adapt the Privacy Policy to the best practices of service provision and user protection,
      • changes to the Service Provider’s data disclosed in the Privacy Policy, in particular contact details.
    • The Service Provider shall give notice of an amendment to the Privacy Policy by: a notice visible to the User after logging in, which displays information about the amendment to the Privacy Policy and a link to the content of the new Privacy Policy or the content of the amendments made, posting information about the amendment to the Privacy Policy on the Website, sending information about the amendment to the Privacy Policy along with the consolidated text of the Privacy Policy to Registered Users by e-mail to the e-mail address provided in the registration process.