Privacy and cookies policy
For starters, it's great you visited our website eczema-secrets.com and that you are not indifferent to the way we process your personal data. Below you will find the purposes, legal bases and the duration of personal data processing, described separately for each purpose of processing.
To begin with, we want to underline that your data is safe with us. We ensure the confidentiality of all personal data transferred to us, protect it from unauthorised users’ access and take adequate security and data protection measures required by regulations on personal data protection.
1. General information
1.2. The GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) grants to you the following rights related to the processing of your personal data:
a) the right to access your data and receive its copy,
b) the right to amend (correct) your data,
c) the right to erase your data (if in your opinion there is no legal basis for further processing of your data, you can ask us to erase you data),
d) the right to request the limitation of processing your data (you can request the restriction of data processing for the sole purpose of their storage or performance of actions agreed with you),
e) the right to object to processing the data (you have the right to object to processing the data on the basis of a legitimate interest; you should indicate a particular situation - covered by your objection, that justifies, in your opinion, ceasing data processing. We will cease to process your data for these purposes, unless we demonstrate grounds for the processing which override your rights or unless we need your data for the establishment of and pursuing legal claims as well as for the defence against your legal claims.
f) the right to transfer your data (you have the right to receive the personal data, which you provided to us upon a contract or your consent, in a structured, commonly used and machine-readable format; you can instruct us to transmit this data to another subject),
g) the right to lodge a complaint with a supervising authority (if you come to conclusions that we are processing your data unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).
The procedure of exercising these rights have been provided in detail in sections 16 – 21 of the GDPR. Please remember that you can ask us to provide you the information about the data we already possess and the purposes of its processing. Just send a message to the following e-mail email@example.com.
1.3. Your personal data can be processed by the entities whose services we use. Those entities may have access to your personal data if the services they provide us with are or may be related to the processing of personal data. This concerns, in particular, entities such as the hosting provider, e-mail service providers, website technical service providers, law firms, marketing service providers, accounting offices, cloud software providers, etc. Remember that your data is safe and processed only to the necessary extent. In addition, if necessary, your personal data may be made available to entities, bodies or institutions authorized to obtain access to data on the basis of legal provisions, such as the police, security services, courts, public prosecutor's offices, as well as tax offices, to the extent necessary to fulfill tax, billing and accounting obligations.
1.5. We use tools that can operate in a specific manner depending on information gathered with tracking technologies (profiling and behavioural advertising). However, in our opinion these mechanisms do not affect you as they do not differentiate your situation as a client, they do not impact the terms of contract that you can conclude with us.
2. Purposes and processing activities of personal data
Processed data: name, e-mail address and alternatively data contained in the message (providing data is voluntary, however it is necessary to make contact).
The purpose of processing: making contact
Duration of data processing: The content of the correspondence can be archived and it cannot be precisely determined when it will be deleted.
Legal basis: art. 6 (1) (f) of GDPR, which is our legitimate interest. The legal basis of data processing after contract termination is also our legitimate purpose of archiving correspondence for internal needs (art. 6 (1) (f) of GDPR).
Entitlement: You have the right to request access to the correspondence history that you conducted with us (if it was archived) and demand to erase it, unless archiving this data is justified due to our overriding interests, e.g. protection against potential claims on your part.
Processed data: name, e-mail address (providing data is voluntary, however it is necessary to subscribe to a newsletter).
The purpose of processing: sending the newsletter. The mail system we use tracks your activities undertaken in connection with the messages sent to you. Therefore, we have information about messages you opened, messages you used in terms of the links contained in them etc.
Duration of the processing: the time of providing newsletter services and archiving data in order to prove in the future that you consented to receiving the newsletter.
The content of the correspondence can be archived and it cannot be precisely determined when it will be deleted.
Legal basis: consent (art. 6 (1) (f) of GDPR) expressed when subscribing to the newsletter.
Entitlements: You can unsubscribe from the newsletter at any time by clicking on the link provided in every message sent as a part of the newsletter or simply by contacting us. You can amend your data or object to processing of your personal data. Considering our legitimate interest (art. 6 (1) (f) of GDPR) we will not erase your data from our database. Erasing such data would prevent us from demonstrating, if necessary, the fact that in the past you have agreed to receive the newsletter.
2.3. User account.
Processed data: e-mail address and password (providing this data is voluntary, however it is necessary to create and account. As a part of editing your account details, you can provide your further details).
The purpose of processing: providing you with the electronic service consisting in possibility of using the user account.
Duration of the processing: You can delete your account at any time. If you choose to do this, your data will be stored in the database, so in the future we can identify you as a returning user, if you decide to use the website again as a registered user. In this regard, the legal basis for the processing of your personal data is our legitimate interest – art. 6 (1) (f) of GDPR.
Legal basis: the contract concluded on the terms indicated in the regulation - art. 6 (1) (b) of GDPR).
Processed data: data necessary to process the order, which is name and surname, billing address, company details, e-mail address, telephone number, tax identification number. Providing data is voluntary, however it is necessary to place an order.
The purpose of processing: the performance of the contract concluded upon placing an order, issuing an invoice and including it in the accounting documentation,archiving and statistical purposes as well as direct marketing of our own products and services.
Duration of the processing: The time necessary for order completion and then until the expiry of the limitation period for the claims under the contract.
After this expiry date, data can be still processed for the archiving and statistical purposes – e.g. for purposes of identifying returning clients as well as for the direct marketing purposes of own products and services until the objection is filed.
Legal basis: performance of the contract concluded upon placing an order (art. 6 (1) (b) of GDPR), issuing an invoice (art. 6 (1) (c) of GDPR), including invoice in the accounting documentation, direct marketing of own products and services (art. 6 (1) (f) of GDPR) as well as archiving and statistical purposes (art. 6 (1) (f) of GDPR).
Entitlements: You do not have a possibility to rectify order data after the order was processed. You also cannot object to the data processing and demand the erasure of the data until the expiry of the limitation period for the claims under the contract. Similarly, you cannot object to the data processing and demand the erasure of the data contained in invoices. You can object to the data processing for the purposes of direct marketing of your own products and services.
2.5. Recovery of abandoned shopping carts
Processed data: name and e-mail address.
The purpose of processing: the possibility of finalising the order (for this purpose your personal data gathered by us is processed in connection with the commencement of placing your order).
Duration of the processing: You can object to the processing of your personal data for the recovery of abandoned shopping carts purposes by clicking a link provided in the message sent as a part of recovering abandoned shopping carts.
Legal basis: legitimate interest (art. 6 (1) (f) of GDPR).
2.6. Contract withdrawal and complaints
Processed data: name and surname, address, telephone number, e-mail address, bank account. Providing this data is voluntary, however it is necessary to make a complaint or withdraw from the contract.
The purpose of processing: performance of the complaint or contract withdrawal procedure.
Duration of the processing: Time necessary to complete the procedure of complaint or the procedure of contract withdrawal. Complaints and the statements on withdrawal of the contract can also be archived for the purposes of demonstrating in the future the course of complaint or contract withdrawal procedure.
Legal basis: for the purposes of the implementation of the complaint or contract withdrawal procedure and then for archiving purposes, which is our legitimate interest (art. 6 (1) (f) of GDPR).
Entitlements: You cannot amend the data contained in the complaints and in the statements on withdrawal of the contract. Also, you cannot object to data processing and you cannot demand the erasure of the data until the expiry of the limitation period for the claims under the contract. After the expiry date of the limitation period for the claims under the contract you can, however, object to the processing of your data and demand to erase your data from the database.
Cookies are small pieces of text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our communication and information system (own cookies) or the communication and information systems of third parties (third-party cookies). Some cookies used by us are deleted after the end of the browsing session, that is after the browser is closed (session cookies). Other cookies are stored on your end device and enable us to recognise your browser the next time you visit the website (persistent cookies).
3.2. Cookie Consent
● You can always change the cookie settings in your browser or delete cookies altogether. Browsers manage cookie settings in various ways. In the auxiliary menu of the web browser you will find explanations on how to change cookie settings.
● You can also manage cookie settings by downloading a special add-on enabling you to control cookies.
3.3. Server Logs
● Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.
● Server logs typically include your IP address, the date and time of the server, information about the web browser and the operating system you use.
● Logs are saved and stored on the server. The data saved in the server logs is not associated with particular persons using the website and is not used by us to identify you.
● The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorised to administer the server.
3.4. Google Analytics.
● We use the Google Analytics tool provided by Google LLC based in the USA.
● The purpose is to create statistics and their analysis in order to optimise websites.
● The collected data is personal data and it does not enable your identification. The information we have access to as a part of Google Analytics is in particular: information about the operating system and the web browser you use, the subpages you are viewing as a part of our website, time spent on the website and its subpages, the source directing you to our website.
● As a part of Google Analytics, we use Advertising Features such as demographic and interest reports, age range, gender, approximate location, interests expressed through online activities.
● In order to use Google Analytics, we have implemented a unique Google Analytics tracking code in the code of our website. The tracking code uses Google LLC cookies for the Google Analytics service.
3.5. Google Ads.
● We use the Google Ads advertising program operated by Google LLC.
● The purpose is to conduct advertising campaigns, including remarketing, and the legal basis is the legitimate interest, consisting of marketing of our own products and services.
● The collected data is personal data and it does not enable your identification.
● When visiting our website, a Google remarketing cookie is automatically set on your device, which, with the help of a pseudonymous identifier (ID), based on the pages you visit, enables targeted ads corresponding to your interests.
● Further data processing takes place only if you give Google your consent to combine browsing and app usage history with your account and to use your Google account information to personalise advertisements displayed on websites.
● In such a case, if you are logged in to Google while visiting our Website, Google will use your data together with Google Analytics data to create and define target group lists for remarketing purposes on various devices. For this purpose, Google temporarily combines your personal data with Google Analytics data to create target groups.
● In order to use Google Ads, we have implemented a special Google Ads conversion pixel in the code of our website. The pixel uses Google LLC cookies for the Google Ads service. You can disable these cookies from our website using the managing cookies mechanism. You can manage ad settings directly on the Google website: https://adssettings.google.com/.
● Details related to data processing under Google Ads are available on the website: https://policies.google.com/privacy.
3.6. Facebook Ads and Insights.
● We use the marketing and analytical tools available on Facebook.
● The purpose is the marketing of our products and services as well as carrying out analysis and preparing statistics.
● We have implemented Facebook Pixel on our pages, which automatically collects information on your use of our Website in terms of pages browsed, for the purposes of targeted ads concerning your activities on our website,
● Information collected as part of Facebook does not allow us to identify you. Thanks to it, we can only learn what activities you have taken on our website. We can also check your age range, gender, where you are connecting to the Internet.
3.7. Google Tag Manager
● We use the Google Tag Manager provided by Google LLC.
● Google Tag Manager is used to manage website tags via interface. With the help of Google Tag Manager, we control our advertising campaigns and the way you use our websites.
● Google Tool Manager implements only tags. Using Google Tool Manager does not involve the storage of cookies or the collection of personal data. This tool enables functioning of other tags that may collect data under certain circumstances. However, Google Tool Manager does not access this data.
● Deactivating saving options at domain or cookies level will apply to all tracking tags implemented via Google Tag Manager.
● We carry out activities in this area based on our legitimate interest of marketing our products or services and optimising our websites.
● We use the Hotjar tool provided by Hotjar Limited.
● Hotjar registers every visitor to our website and enables them to play a video recording of their activities on our website, as well as create the so-called heat maps.
● Hotjar does not register the process of completing the forms, hence, we do not have access to information that would enable us to identify you.
● We carry out activities in this field based on our legitimate interest, consisting in the creation of statistics and their analysis to optimise our websites.
3.9. Content from external websites.
● Content from external services is provided on our website, in particular the videos available on YouTube.
● Therefore, Google LLC cookies related to the YouTube service are used, including DoubleClick cookies.
● It is possible to prevent the assignment of the data collected during playing videos or reading other content available on our website directly to your profile in given internet service, by logging out of this service before visiting our website, as well as, for example, by blocking scripts.
● YouTube-related cookies are not loaded until the movie is played, so refraining from watching the movie will prevent them from loading.
● The purpose and scope of data collection and its further processing and use of the data by service providers, as well as your contact details and rights and settings to protect your privacy are described in the service providers’ privacy policies.