Security Policy for grzechhair.com

Our goal is to ensure you feel safe on our website, so your privacy and personal rights are important to us. Please take a moment to review the following summary explaining how our website operates. Rest assured that your data will be processed transparently and fairly, and we will take every measure to handle it with care and responsibility. This Privacy Policy aims to inform you of how we use your personal data in compliance with the stringent requirements of the German Data Protection Act and the EU General Data Protection Regulation (GDPR).

Data Controller and Data Protection Officer

For the purposes of GDPR and other relevant legislation in EU member states, the Data Controller is:

Grzech Hair Grzegorz Grzech
Address: Przebendowskich 49a, 81-526 Gdynia
Tax ID: 5882354581
Email: rodo@grzechhair.com

The company’s Data Protection Officer can be contacted at rodo@grzechhair.com.

Scope of Personal Data Processing

We collect and process your personal data only to the extent necessary for the website’s functionality, for the content we present, and for services such as when you register on our website, log into an existing customer account, or place orders. Your personal data is collected and used solely with your consent, except in cases where consent cannot be obtained due to specific circumstances, and processing is permissible by law. The security of your personal data is a high priority. Therefore, we take technical and organizational measures to protect your data from loss and misuse by third parties.

Our employees responsible for data processing are obligated to maintain confidentiality. Your personal data is protected through encrypted transmission; for example, SSL (Secure Sockets Layer) is used for browser communication. You’ll see a padlock symbol in your browser indicating SSL connection establishment.

To ensure your data is always protected, technical security measures are regularly reviewed and adapted to new technological standards as needed. These principles also apply to companies that process and use data on our instructions.

Purposes of Processing and Legal Basis for Processing Your Personal Data

We collect, process, and use your personal data for the following purposes:

  • Contract conclusion and execution
  • Providing newsletters
  • Marketing activities, such as prize draws
  • Customer support and assistance
  • Providing broadcasting services, e.g., processing orders for goods and services offered online

Your personal data may be processed based on the following legal grounds:

  • Article 6(1)(a) GDPR: processing actions with your consent for a specific purpose.
  • Article 6(1)(b) GDPR: processing for contract performance, such as purchasing a product. This
  • applies to all processing necessary for pre-contractual actions, like responding to product or service inquiries.
  • Article 6(1)(c) GDPR: processing necessary for legal obligations, such as fulfilling tax obligations.
  • Article 6(1)(d) GDPR: processing necessary to protect your vital interests or those of another individual.
  • Article 6(1)(f) GDPR: processing based on legitimate interests, such as hiring service providers to fulfill orders (e.g., delivery services), conducting statistical surveys and analyses, login attempts, or ensuring website security. Our interest is to provide a user-friendly, attractive, and secure website optimized for both our business purposes and your expectations.

Retention Period and Deletion of Personal Data

We process and store your personal data only for as long as necessary to fulfill the storage purpose or as required by law. When the purpose ceases to apply, your data will be deleted or its processing restricted. For restricted data processing, data will be deleted once legal retention periods expire, or storage no longer poses a justified interest, provided deletion does not require disproportionate effort due to special storage circumstances.

Data Collection and General Information (Log Records)

Under Article 6(1)(f) GDPR, our website collects various data and general information each time it is accessed, temporarily stored in server logs. This log is created through automated logging by the processing computer system.

Data collected may include:

  • Website access (date, time, frequency)
  • How the site was accessed (referring website, hyperlink, etc.)
  • Volume of data transmitted
  • Browser used and its version
  • Operating system used
  • Internet service provider
  • IP address assigned to your computer by the ISP for internet connection

This data is collected and stored to operate the site and ensure its functionality and correct display of our content. We also use this data to optimize our website and ensure the security of our IT systems. Therefore, this data is stored for technical security reasons for seven days.

We also use this data for marketing purposes, market analysis, and tailoring our services to demand through user profile creation and analysis under pseudonyms unless you exercise your right to object to such data use.

Cookies, Web Analytics Services, and Social Media

We use cookies, web analytics services, and social media plugins on our website. For more information, please refer to our Cookies Privacy Policy »

Sharing Information about Our Products, Services, and Special Offers

We use your data to send you information about our products, services, and special offers to the email address you provided, but only with your prior consent or where permitted by law.

Using Your Data to Provide Information on Our Products and Services

We use your data to send information about our products, services, and special offers to the email address you provided. This occurs only with your prior consent or if legally permissible. Consent for such communication is governed by Article 6, paragraph 1(a) and Article 7 of the GDPR.

a) Newsletter Registration
You can sign up for a free newsletter on our website. During registration, we receive data from the form you filled out, including your email address. Registration follows a "double opt-in" process; after registering, you’ll receive an email requesting confirmation. This step is necessary to prevent registrations from unauthorized email addresses. You consent to data processing during the registration process, and this privacy policy is referenced.

b) Store Registration
If you register with a specific retail store to receive information by email, we will store your email address and the name of that regional retail outlet to provide information related to products and services in your area.

c) Product and Service Updates
If you purchase products or services on our website, we may send information about similar products and services to the email you provided, even without prior consent.

d) Postal Communication
We may also use your data to send information about our products, services, and special offers by post.

We aim to make our emails enjoyable and relevant. Therefore, we track and store entry and click rates in your user profile for statistical and analytical purposes, with the legitimate interest of the Controller (Article 6, paragraph 1(f) GDPR). This includes data on whether and when you open our emails, the content you click on, and any delivery issues.

You can unsubscribe from these emails at any time, withdrawing consent with future effect. Every email and newsletter contains an unsubscribe link, which redirects to a confirmation page on our website.

Alternatively, you may withdraw consent by contacting us:

  • By email: rodo@grzechhair.com
  • By mail: GRZECH HAIR, Przebendowskich 49a, 81-526 Gdynia

Please note that certain notifications, such as registration confirmations, customer service communications, and transaction confirmations, cannot be unsubscribed from as they are required to fulfill contractual obligations or to operate our website. These notifications will be sent to you based on your provided contact details.

Processing Personal Data for Contact, Registration, and Orders

a) Contacting Us
Data you provide when contacting us by phone, email, or contact form is stored based on Article 6, paragraph 1(a) GDPR to respond to your queries. The record of contact is retained for compliance purposes. Consent is obtained in the contact form, referencing this Privacy Policy. Data will be deleted once the inquiry is resolved.

b) Registration
Our website offers a registration option where you can provide personal data. These details are stored for contractual purposes (Article 6, paragraph 1(b) GDPR), for fulfilling or preparing agreements. Depending on the situation, we may request contact information like your name, delivery address, billing address, email, and payment preferences.

c) Orders without Registration
You may place an order as a guest without registering. Note that without an account, your details will need to be re-entered for future orders. Data provided during guest orders is processed for contractual purposes (Article 6, paragraph 1(b) GDPR). Once your order is fulfilled, data will be deleted unless you activate an account within 14 days.

d) Additional Provisions
We may store technical data as required by Article 6, paragraph 1(c) and (f) GDPR to prevent misuse of data or investigate security incidents, particularly for data protection against attacks on our systems. This may involve actions ordered by public authorities or courts if legally required or to protect our rights and interests.

Sharing Personal Data with Third Parties

We ensure maximum data security when sharing personal data, which is only shared with carefully selected and contracted service providers and partners. We transfer data solely to entities within the European Economic Area (EEA) subject to strict EU data protection regulations or to those adhering to equivalent standards.

a) Sharing Data with Suppliers
For the products and services on our website, we work with suppliers. If you order from these suppliers, we transfer your data (such as your email, delivery, and billing address) to them for contract purposes (Article 6, paragraph 1(b) GDPR). Your supplier is identified on the relevant product page, General Terms of Business, or Legal Information.

b) Sharing Data with Service Partners
To maintain and optimize our website, we work with service providers for central IT, web hosting, payment processing, shipping, equipment installation, and newsletters. Required data (e.g., name, address) is shared under contractual agreements (Article 6, paragraph 1(b) and (f) GDPR). Data processors include Ceneo Sp. z o.o. and Opineo Sp. z o.o., who may send customer satisfaction surveys as part of the Trusted Opinions program.

c) Further Disclosures
We may share data with third parties or public authorities as required by current data protection law if legally mandated or necessary for criminal investigations or to protect our rights.

d) Bank and Payment Processing
To facilitate online payments, data may be shared with financial institutions such as ING Bank Śląski S.A. and Twisto Polska Sp. z o.o. based on contract requirements (Article 6, paragraph 1(f) GDPR). Details are only shared when required for transaction fulfillment, fraud prevention, or credit checks if you choose credit-based payment options like eRaty.

Your Rights

You have various rights regarding your data, and we are happy to assist you. Simply contact us using the details below:

  • Email: rodo@grzechhair.com
  • Mail: GRZECH HAIR, Przebendowskich 49a, 81-526 Gdynia

To ensure data security, we may request further details to confirm your identity.

a) Right of Access: You have the right to know what data we hold about you.

b) Right to Rectification: Request immediate correction or completion of personal data.

c) Right to Restrict Processing: Request that data processing is limited.

d) Right to Erasure: Request data deletion unless required for legal or public interest reasons.

e) Right to Data Portability: Receive or transfer a copy of your data.

f) Right to Object: Object to data processing based on legitimate interest.

g) Right to Withdraw Consent: Withdraw consent at any time for future data processing.

h) Right to Object to Automated Decision-Making and Profiling: You may object to decisions based solely on automated processing if they significantly affect you.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.

Privacy Policy Updates

We reserve the right to change our Privacy Policy to remain compliant with current legal requirements or to cover new products or services.