PRIVACY POLICY OF DERMEA LABS
Understanding the Importance of Privacy: The Purpose of Our Privacy Policy
The associates of the civil law partnership operating as Dermea Labs Spółka jawna (Registered Partnership), headquartered at Stanisława Noakowskiego 16 / 31, 00-666 Warsaw, Poland, with Tax Identification Number (NIP) 7011023296 and National Business Registry Number (REGON) 388354355, are deeply committed to safeguarding the privacy and personal data of individuals from whom such data are gathered. It is our foremost priority to ensure that your personal data is processed in a manner that is secure and adheres to legal requirements, particularly in accordance with the European Parliament and Council Regulation (EU) 2016/679 dated 27 April 2016, concerning the protection of natural persons in relation to the processing of personal data and the free movement of such data (“General Data Protection Regulation” or “GDPR”).
In this privacy policy ('Privacy Policy'), we inform and explain how we use the personal data that we have obtained or that have been provided to us.
Fundamental details about the processing, including the purposes and legal bases for processing your personal data, are conveyed to you at the time of their acquisition from you or in connection with their acquisition from another source. This Privacy Policy serves only as a supplement to that information.
It is possible that a situation may arise in which we process your personal data for purposes other than those indicated in this Privacy Policy. In such a case, the binding information regarding the processing, which you received from us at the time when we acquired your personal data directly from you or in connection with their acquisition from another source, takes precedence.
In the Privacy Policy, we have also included information about the rights that you are entitled to in connection with the processing of your personal data, as well as how you can exercise these rights
Discover the Science Behind Safeguarding Your Personal Data.
The Administrator of Your personal data are the partners of the registered partnership operating under the name: Dermea Labs Spółka jawna (Registered Partership), located at Stanisława Noakowskiego 16/31, 00-666 Warsaw, Poland, NIP: 7011023296, REGON: 388354355.
You can contact us regarding your personal data by traditional mail or by sending an email to: dermealabs@gmail.com
Understand the Importance of Personal Data Processing
Basic information about processing, including the purposes of processing your personal data, is provided to you at the time of their acquisition from you. Apart from this, below you will find information about the most common cases of processing your personal data by us.
PURPOSE |
PURPOSE DESCRIPTION |
LEGAL BASIC FOR PERSONAL DATA PROCESSING
|
|
Pre-Contractual Activities |
Undertaking activities at your request that are necessary before entering into a contract concerning Dermea Labs services, specifically including presenting the offer of drivana.pl store, conducting discussions for the purpose of concluding a contract. |
Personal data are necessary for undertaking actions prior to entering into a contract (Article 6(1)(b) of the GDPR). |
|
Conclusion and Execution of Contract |
Conclusion and execution of a contract related to the services of the online store drivana.pl |
Personal data are necessary for undertaking actions prior to entering into a contract (Article 6(1)(b) of the GDPR). |
|
Inquiries, Complaints, Applications, Claims
|
Consideration by Dermea Labs of your inquiries, complaints, applications, or claims, and responding to your inquiries, complaints, applications, or claims. |
Personal data are necessary for undertaking actions prior to entering into a contract (Article 6(1)(b) The processing of personal data is necessary for the performance of a contract (Article 6(1)(b) of the General Data Protection Regulation (GDPR)) or for the realization of the legally justified interest of Dermea Labs, which involves the ability to consider and respond to your inquiry, complaint, or application (Article 6(1)(f) of the GDPR), or to fulfill a legal obligation related to the consideration of your complaint (Article 6(1)(c) of the GDPR). |
|
Legal obligations |
Fulfillment of Dermea Labs' obligations arising from universally applicable legal provisions, particularly including obligations stemming from accounting and tax regulations. |
Personal data are necessary for undertaking actions prior to entering into a contract (Article 6(1)(b) of the GDPR). The processing of personal data is necessary to fulfill a legal obligation incumbent upon Dermea Labs (Article 6(1)(c) of the General Data Protection Regulation (GDPR)). |
|
Claims |
Establishment and Pursuit of Claims by Dermea Labs or Defense Against Claims Directed Against Dermea Labs. |
The processing of personal data is necessary for the fulfillment of the legally justified interest of Dermea Labs, which involves the capability to establish and pursue claims by Dermea Labs, as well as to defend against such claims directed against Dermea Labs (Article 6(1)(f) of the General Data Protection Regulation (GDPR)). |
|
Satisfaction Assessment of Products and Services |
Evaluation of satisfaction with our products and services, and the quality of customer service. |
The processing of personal data is necessary for the realization of the legally justified interest of Dermea Labs, which involves the ability to assess customer satisfaction with Dermea Labs' products and services (Article 6(1)(f) of the General Data Protection Regulation (GDPR)). |
|
Analysis (including Statistical and Related to the Significant Characteristics of the Recipients of Our Services and Products) |
Conducting analysis aimed at enhancing the preparation of our offerings or information and ensuring more effective targeting of a selected group of recipients. |
The processing of personal data is indispensable for fulfilling the legitimate interest of Dermea Labs, which involves the ability to perform analysis of the significant characteristics of the recipients of Dermea Labs' products and services (Article 6(1)(f) of the General Data Protection Regulation (GDPR)). |
|
Usage of the Website |
Processing of personal data of users accessing the website (including IP addresses or other identifiers collected via cookies or similar technologies) for statistical purposes or for providing electronic services consisting of making content stored on the website available to users. |
The personal data is necessary for the realization of the legally justified interest of Dermea Labs, which involves analyzing user activities on the website to improve the functionalities applied on the website (Article 6(1)(f) of the General Data Protection Regulation (GDPR)) or the personal data is necessary for the performance of a contract (Article 6(1)(b) of the GDPR). |
|
Notification of Dermea Labs Activities and Marketing Operations |
Transmitting information about the activities of Dermea Labs and conducting marketing for Dermea Labs' services and products, and sometimes also those of Dermea Labs' partners. This includes sending information and offers specially prepared for you based on the analysis of your purchase history and other information (e.g., birthday discount offers, etc.). |
The processing of personal data is indispensably required for fulfilling the legitimate interest of Dermea Labs, which involves the capability to communicate about the activities of Dermea Labs and the implementation of direct marketing strategies as per Article 6(1)(f) of the General Data Protection Regulation (GDPR). To a certain extent, the basis for the processing of your personal data will be your consent (Article 6(1)(a) of the General Data Protection Regulation (GDPR)).
|
|
Social Media |
We also process personal data in connection with our activities on social media platforms. |
|
Social Media links
On the Dermea Labs website, there are links to external social media platforms (including TikTok, Facebook, Instagram). The functionalities associated with each link, particularly the transmission of information and personal data, are activated only upon clicking on the respective link. This leads to the activation of what is known as the plugin of the respective social media platforms, and your browser establishes a direct connection with the servers of the social media platform, redirecting you to its site. The provider of the platform receives information that you visited our page before entering the platform's site (even if you are not registered or logged in to that platform). Such information (including your IP address) is sent directly from your browser to the servers of the social media platform (typically located in the United States of America) and stored there. If you are logged into the platform, it will immediately associate your visit to the platform with your account on that platform.
If you do not wish for your personal data to be transmitted to social media platform providers, refrain from clicking on these links. If you do not desire the provider of the platform to link your visit to the platform with your profile, ensure that you have previously logged out of the platform.
Discover the Science of Personal Data Disclosure
In addition to Dermea Labs personnel, your personal data may be disclosed by us to service providers acting on behalf of Dermea Labs, particularly IT service providers, including those involved in maintaining and managing our website and IT systems, entities providing accounting, legal, audit, consulting, advisory, insurance, security, and delivery services, document destruction or archiving services, agencies executing marketing services commissioned by Dermea Labs, as well as entities processing online payments and banks. Your personal data will also be shared with public authorities, including courts, upon their justified demand or for the purpose of defending or pursuing claims, or if such obligation arises from legal provisions.
Ensuring the Security of your Personal Data: Our Dedication to GDPR Compliance
As a general rule, your personal data will not be transferred outside the territory of the European Economic Area (“EEA”) or to international organizations.
Discover Our Commitment to Protecting Your Personal Data.
We will store your personal data for the period necessary to achieve the objectives for which we process them. We will retain your personal data:
● In the case of personal data processed in connection with a contract to which you are a party and for the purposes of executing the contract, we will process your personal data for the duration of the contract. However, we may extend the above-stated periods by the period of limitation of your or our claims arising from legal provisions if the processing of these personal data is necessary for the establishment or pursuit of claims, as well as for defense against such claims, and for the duration of related court, arbitration, administrative proceedings, etc.
● To realize our legally justified interests, i.e., establishing and pursuing claims or defending against claims – (as justified by circumstances) for the period of limitation of your claims against us or our claims against you arising from legal provisions (e.g., the term for the limitation of claims related to business activity is 3 years, while the general term for the limitation of claims is 6 years; the above-mentioned periods for storing personal data may change with changes in universally applicable legal provisions), or the limitation of tax obligations related to economic events (acquisition of services or goods) in which you were a party, and for the duration of proceedings related to such claims, court, arbitration, etc.
● To realize our legally justified interests, i.e., responding to your query, complaint, application, claim, or suggestion – for the time necessary to provide a response, not exceeding 30 days, although we may extend this period by the period of limitation of your or our claims arising from legal provisions, if the processing of these personal data is necessary for the establishment or pursuit of claims, as well as for defense against such claims.
● To fulfill obligations arising from legal provisions (e.g., the Accounting Act or tax regulations or regulations concerning product liability) - for the period specified by such provisions (e.g., for accounting purposes, your personal data will be stored for 5 years from the end of the calendar year in which the tax payment deadline related to the contract expired).
● In case you raise an objection at any time, for reasons related to your particular situation – against the processing of your personal data based on our legally justified interest (pursuant to Article 6(1)(f) of the GDPR), including profiling, we will cease to process your personal data unless Dermea Labs demonstrates the existence of compelling legally justified grounds for processing, overriding your interests, rights, and freedoms, or grounds for establishing, pursuing, or defending claims.
What are your rights?
In relation to Dermea Labs processing your personal data, you are entitled to a range of rights detailed below. Should you approach Dermea Labs with a request to exercise your rights, in cases of justified doubts regarding your identity, Dermea Labs may request additional information necessary to confirm your identity. Dermea Labs will respond to requests without undue delay, ideally within a month from the day of receiving the request.
If Dermea Labs demonstrates that your requests are manifestly unfounded or excessive, particularly due to their repetitive nature, Dermea Labs may:
1. Charge a reasonable fee, considering the administrative costs of providing information, conducting communication, or undertaking the requested actions; or
2. Refuse to take action in relation to the request.
(1) Information on the Right to Access Personal Data
You have the right to request access to your personal data, including specifically information about whether Dermea Labs processes your personal data and the scope of personal data held by Dermea Labs, the purposes of processing personal data, categories of recipients of your personal data, the planned period of personal data storage, rights regarding personal data that you are entitled to, and information about the sources of acquisition of your personal data by Dermea Labs, if not collected from you. Additionally, you have the right to obtain a copy of the personal data, with the proviso that obtaining the first copy of the personal data is free of charge, and obtaining each subsequent copy may involve a fee of a reasonable amount reflecting the administrative costs of preparing such a copy of the personal data.
(2) Information on the Right to Request Rectification of Personal Data
You have the right to request the immediate rectification of incorrect personal data or, considering the purposes of processing, the completion of incomplete personal data.
(3) Information on the Right to Request Deletion of Personal Data (Right to be Forgotten)
You have the right to request the immediate deletion of your personal data if one of the following circumstances occurs:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You have lodged an effective objection to processing;
- The personal data were processed unlawfully;
- The personal data must be deleted to comply with a legal obligation;
- You have withdrawn your consent to the processing of personal data, and the personal data were processed based on your consent and there is no other legal basis for processing;
- The personal data were collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
However, you will not be able to exercise the right to delete personal data, for instance, if such personal data are necessary for establishing, pursuing, or defending claims.
(4) Information on the Right to Request Restriction of Processing of Personal Data
You have the right to request the restriction of processing of your personal data, for example, when:
● You question the accuracy of your personal data processed by us - in such a case, you may request a restriction of processing for a period allowing the verification of the accuracy of these personal data;
● You believe that our processing of your personal data is unlawful, but at the same time, you oppose the deletion of these personal data, requesting instead the restriction of their use;
● We no longer need your personal data for our processing purposes, but they are required by you to establish, pursue, or defend claims;
● You have objected to our processing of your personal data due to your particular situation - in such a case, you may request the restriction of processing until it is determined whether our legally justified interests in processing the personal data are overriding in respect of the grounds of your objection.
In the case of restriction of processing of your personal data, we may store them and additionally use them only for the purpose of establishing, pursuing, or defending claims, for protecting the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State. Other activities may be undertaken only with your consent.
(5) Information on the Right to Data Portability
You have the right to receive your personal data, which you have provided to Dermea Labs, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another data controller without hindrance from Dermea Labs, if:
1. The processing is based on your consent or on a contract with you, and
2. The processing is carried out by automated means.
In the situation indicated above, you also have the right to request that your personal data be transmitted by Dermea Labs directly to another personal data controller, where technically feasible.
(6) Notification of the Right to Object to the Processing of Personal Data
You possess the legal right to object at any moment – for reasons pertaining to your specific situation – to the processing of your personal data if the legal basis of the processing is Dermea Labs' legitimate interest. In such instances, you should indicate the particular situation that, in your opinion, justifies ceasing the processing of your personal data covered by the objection.
In response to your objection, Dermea Labs shall cease processing your personal data unless it demonstrates the existence of compelling legally justified grounds for processing, overriding your interests, rights, and freedoms, or grounds for establishing, pursuing, or defending claims.
If personal data are processed for direct marketing purposes, you may at any time object to such processing, including profiling, without needing to demonstrate reasons related to your specific situation, and Dermea Labs is obliged to immediately cease such processing.
(7) Information on the Right to Withdraw Consent
In every instance where the processing of personal data is based on your consent, you retain the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
(8) Information on the Right to Lodge a Complaint with a Supervisory Authority
You have the right to file a complaint with the relevant supervisory authority – in Poland, the President of the Personal Data Protection Office, if you believe that the processing of personal data concerning you violates the provisions of the GDPR.
Understanding the Legal and Contractual Requirements of Personal Data
All personal data are provided voluntarily, but some are necessary for the execution of the contract concluded with you, making and fulfilling orders (data allowing your identification, data necessary for delivery), fulfilling obligations arising from legal provisions, issuing appropriate tax documents (tax identification number), and failure to provide them will prevent the realization of these actions.
Information on Automated Decisions and Profiling
Dermea Labs, for the purpose of conducting marketing activities, employs profiling activities, i.e., analyzing information about you and assessing your purchasing preferences to present you with an offer tailored to your characteristics or matching – in the assessment of Dermea Labs – your needs and requirements.
Dermea Labs also conducts profiling activities monitoring the internet traffic of users of the Dermea Labs website.
Changes to the Privacy Policy
This Privacy Policy may be subject to changes and updates. If you wish to have up-to-date information regarding how we process your personal data, please visit this page periodically.