PROMOTION! 40% OFF on selected items More details Free DELIVERY on orders at € 44,00.

COMPLETE THE REGIMENT
Privacy policy

Privacy policy for the dalchemyskincare.com website

Table of Contents

  1. Data Controller
  2. Data acquisition and purpose of their processing
    1. Corresponding users using contact forms
    2. Newsletter subscribers and recipients of marketing activities
    3. Contest participants
    4. Participants in loyalty programmes
    5. Users of the D'Alchemy online shop
    6. Persons submitting complaints, withdrawing from the contract and their representatives
  3. Detailed information on personal data processing is available at https://dalchemyskincare.com/
  4. Data Recipients
  5. Data processing rights
  6. Voluntary Data Provision
  7. Data transfer to third countries or international organizations
  8. Processing of personal data in an automated manner

1. Data Controller

The Controller, i.e. the entity deciding on the purposes and means of personal data processing, is D'ALCHÉMY Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (03-301) at ul. Jagiellońska 55A, entered in the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw XIII Commercial Division of the National Court Register under KRS number 0000594063, with Tax ID [NIP] number 6762498711, REGON number 363320775 (hereinafter: "Controller").

The Controller pays particular attention to the protection of personal data, therefore he has appointed a data protection officer, whom you can contact at the following e-mail address: [email protected]. The Controller encourages you to contact the Personal Data Protection Officer in connection with any doubts regarding the processing of your personal data.

2. Data acquisition and purpose of data processing

As part of our website, in carrying out our business functions, we process personal data for various purposes and scope:

Corresponding users using contact forms

Processing goal and legal basis Data storage period If data is collected in a manner other than from you - the source of their origin and categories of personal data.
In order to conduct correspondence and ensure the circulation and archiving of documents, which constitutes the legally justified interest of the Controller (Art. 6 sec. 1(f) of the GDPR). As a rule, data is processed for the periods specified by law, and if they are not indicated for specific documents, for the time when their storage is within the legally justified purpose of the Controller regulated by the time of possible claims. However, the storage period of data constituting the content of correspondence depends on the purpose of data processing to which the correspondence relates (if there are other deadlines for data deletion, information on this subject is provided in a separate information clause). As a rule, we process the data provided by you.

Newsletter subscribers and recipients of marketing activities

Processing goal and legal basis Data storage period If data is collected in a manner other than from you - the source of their origin and categories of personal data.
In order to: implement the legally justified interest of the Controller (Art. 6 sec. 1(f) GDPR), consisting in the marketing of own products and services, and in the case of express consent - also products and services of companies cooperating with the Controller (Art. 6 sec. 1(a) GDPR), using the following forms of communication:
newsletter (sending an information bulletin),

voice calls (telephone marketing),

sending commercial information (e-mail messages),

sending commercial information (text message sending),

sending promotional materials by traditional mail.

Also in connection with the implementation of other legally justified interests of the Controller (Art. 6 sec. 1(f) GDPR):
in order to establish, pursue and defend claims,

for statistical purposes related to improving work efficiency, quality of services provided and adapting them to recipients,

for advertising automation by monitoring and building a behavioral profile
Your personal data will be stored until you withdraw your consent or raise an objection, i.e. you demonstrate to us in any way that you do not wish to remain in contact with us and receive information about the activities we undertake. After withdrawing consent or expressing an objection, personal data may be stored for the purposes of demonstrating the correctness of compliance with the legal obligations incumbent on the Controller and related claims. If we did not obtain personal data directly from you, their source is the entity that had your consent to make them available to the Controller, or another important legal basis. In this case, the personal data acquired includes data necessary for the type of marketing activities in question (typically name, e-mail address, telephone number and/or mailing address).

Contest participants

Processing goal and legal basis Data storage period If data is collected in a manner other than from you - the source of their origin and categories of personal data.
In order to fulfill the obligations of the competition organizer, including processing applications, informing about the results and selecting the winners, as well as awarding and sending competition prizes, which constitutes the legitimate interest of the Controller (Art. 6 sec. 1(f) GDPR),

for the purposes of accounting, bookkeeping and financial reporting (Art. 6 sec. 1(c) and (f) GDPR),

And also in connection with the fulfilment of the Controller's other legitimate interests (Art. 6 sec. 1 f) GDPR):
in order to determine, pursue and defend claims,

for statistical purposes related to improving work efficiency, quality of services provided and adapting them to recipients.
Your personal data will be stored for the period necessary to fulfill the purpose for which they were collected, i.e. the implementation and organization of the competition, and after its completion - for the period of limitation of claims As a rule, we process the data provided by you.

Participants in loyalty programmes

Processing goal and legal basis Data storage period If data is collected in a manner other than from you - the source of their origin and categories of personal data.
In order to implement the loyalty programme (Art. 6 sec. 1(f) GDPR),

for the purposes of accounting, bookkeeping and financial reporting (Art. 6 sec. 1(c) and (f) GDPR),

And also in connection with the fulfilment of the Controller's legitimate interests (Art. 6 sec. 1(f) GDPR):
in order to conduct marketing activities related to the loyalty program (in the case of electronic or voice communication, with prior consent to the communication channel),

in order to consider notifications and complaints related to the program,

in order to establish, pursue and defend claims,

for statistical purposes related to improving work efficiency, the quality of services provided and adapting them to recipients.
Your personal data will be stored for the period necessary to fulfill the purpose for which they were collected, i.e. the implementation and organization of the loyalty program, and after the end of the program or your participation - for the limitation period for claims. As a general rule, data is obtained directly from you.

Users of the D'Alchemy online shop

Processing goal and legal basis Data storage period If data is collected in a manner other than from you - the source of their origin and categories of personal data.
In order to ensure the functionality of the website and facilitate the use of the website (Art. 6 sec. 1 (b) and (f) GDPR); details on the use of cookies are provided later in the policy,

in order to implement contracts with customers of the online store, including maintaining a user account (Art. 6 sec. 1(b) GDPR),

if applicable, for billing, accounting and financial reporting purposes (Art. 6 sec. 1(c) and (f) GDPR),

in order to implement the legitimate interest of the Controller, consisting in marketing its own products and services (Art. 6 sec. 1(f) GDPR), and in the case of express consent - also products and services of companies cooperating with the Controller (Art. 6 sec. 1(a) GDPR), using the following forms of communication:
  • newsletter (mailing of information bulletin),
  • voice calls (telephone marketing),
  • to send commercial information (e-mails),
  • the transmission of commercial information (text messaging),
  • sending promotional materials by traditional mail,
  • providing personalized content and advertisements,
  • providing PUSH notifications.

For the purposes indicated in the content of consents to the processing of personal data - if such consents have been expressed (Art. 6 sec. 1(a) of the GDPR).

We also process personal data in connection with the implementation of the Controller's other legitimate interests, pursuant to Art. 6 sec. 1 f) GDPR):
in order to determine, pursue and defend claims,

for statistical purposes related to improving work efficiency, quality of services provided and adapting them to recipients.
Your personal data will be stored until you withdraw your consent or raise an objection, i.e. you demonstrate to us in any way that you do not wish to remain in contact with us and receive information about the activities we undertake. After withdrawing consent or expressing objections, personal data may be stored for the purpose of demonstrating the correctness of compliance with the legal obligations incumbent on the Cotroller or until the expiry of the limitation periods for claims, depending on which period is longer. If a contract is concluded with the Controller (e.g. in the scope of providing services electronically or using an online store), personal data will be processed for the duration of the contract, and after its completion until the limitation periods for claims arising from it expire. As a rule, we process the data provided by you. If you did not provide us with your data, their source is [the entity that had your consent to provide them to the Controller, or another valid legal basis]. In this case, the personal data acquired includes data necessary for the type of marketing activities in question (typically name, e-mail address, telephone number and/or mailing address).

Persons submitting complaints, withdrawing from the contract and their representatives

Processing goal and legal basis Data storage period If data is collected in a manner other than from you - the source of their origin and categories of personal data.
In order to consider a submitted complaint or request to withdraw from a distance contract (Art. 6 sec. 1(c) GDPR),

for the purpose of fulfilling the contract related to the application (Art. 6 sec. 1(b) GDPR - if you are a party to the contract; Art. 6 sec. 1(f) GDPR - if you are a person cooperating with us on behalf of our client or contractor),

if applicable - in order to conduct settlements, accounting and financial reporting (Art. 6 sec. 1(c) and (f) GDPR),

in order to comply with other legal obligations (Art. 6 sec. 1(c) GDPR),

for the purposes specified in the content of the consent, if any (Art. 6 sec. 1(a) of the GDPR).

And also in connection with the implementation of the legally justified interests of the Controller (Art. 6 sec. 1(f) GDPR):
for the purpose of establishing, pursuing and defending claims,

for statistical purposes related to improving work efficiency, quality of services provided and adapting them to recipients.

NOTE: if the description of the circumstances of the event contains special category data, it will be processed for the purpose of determining, pursuing and defending claims (Art. 9 sec. 2(f) GDPR)
Your personal data will be stored until the notification is processed and the claims limitation period expires. As a rule, we process the data provided by you. If you did not provide us with your data, the source is the person who provided your data in the application. We obtain personal data to the extent necessary to process the request, most often including name and surname, e-mail address, telephone number, mailing address, circumstances to be reported, and bank account number (in the case of returns).

Online consultations on choosing cosmetics and skin care

Processing goal and legal basis Data storage period If data is collected in a manner other than from you - the source of their origin and categories of personal data.
Data processing is carried out for the purposes of:
arranging an online consultation, based on our legitimate interest (Art. 6 sec. 1(f) GDPR),

preliminary assessment of needs based on a survey (the basis for processing is consent, Art. 6 sec. 1(a) GDPR),

selecting appropriate cosmetics and providing advice on skin care during online consultations based on consent (Art. 6 sec. 1(a) GDPR),

pursuing, determining, securing and defending claims that may arise on the basis of the advice provided, on the basis of our legitimate interest (Art. 6 sec. 1(f) of the GDPR).

The processing of health data is based on explicit consent (Art. 9 sec. 2(a) GDPR).
Your personal data collected in connection with the online consultation will be stored for a period of 3 years or until the consent to the processing of personal data is withdrawn. In the event of claims for personal injury - within the limitation period for these claims. As a rule, we process the data provided by you.  

3. Detailed information on personal data processing is available at https://dalchemyskincare.com/

Social media

On our website you can find links to our social media profiles. To the extent that we manage these profiles, we are Controllers or - depending on a given service - co-controllers of personal data together with the given owner of the social networking site, therefore we process personal data of visitors to our profiles on social media (Facebook, LinkedIn, Twitter). This data is processed exclusively for the purposes of:

  1. maintaining our profile (placing information about promotions, offers, activities of D'Alchemy);
  2. obtaining anonymised analytical and statistical data obtained by a given website on the basis of previously established parameters based on the nature of our clientele, as well as our promotion and marketing goals;
  3. direct marketing,
  4. communication with our customers via tools provided by a given website.

And also in relation to the fulfilment of the legitimate interests of the Controller (Art. 6 sec. 1(f) GDPR):

  1. to establish, pursue and defend claims,
  2. for statistical purposes related to improving work efficiency, quality of provided services and adapting them to recipients.

The legal basis for the processing of personal data by us for the above-mentioned purposes is our legitimate interest (Art. 6 sec. 1(f) GDPR) consisting in building and promoting your own brand, analyzing your preferences and activities in order to ensure better company operations and increasing the quality of our services by learning about your preferences in order to personalize offers and, consequently, better meet your needs

In the case of Facebook, the Controller or co-controller (e.g. in the field of Facebook Page Insights) of your personal data is Meta Platforms Ireland Ltd. with its registered office in Dublin (address: 4 Grand Canal Square Grand Canal Harbor Dublin 2, Ireland). The co-management agreement can be consulted at this address:https://www.facebook.com/legal/controller_addendum

Appropriate regulations and privacy policies apply to Facebook. To read Facebook's privacy policy, we encourage you to visit this page: https://www.facebook.com/privacy/explanation.

Your personal data will be stored until a given request is processed and the limitation periods for claims expire.

As a rule, we process the data provided by you. If you did not provide us with your data, the source is the person who provided your data in the application. We obtain personal data to the extent necessary to process the request, most often including name and surname, e-mail address, telephone number, mailing address, circumstances to be reported, and bank account number (in the case of returns).

Cookies

The website automatically collects only information contained in cookies. The website operator informs that cookies (so-called "cookies") are IT data, in particular text files, which are stored on the end device of the Website User. Cookies usually contain the name of the website from which they come, the time they are stored on the end device and a unique number. The cookies are used in order to:

  1. adjusting the content of the websites within the service to User's preferences as well as optimizing the browsing experience; the files recognize the User’s device and help to display the website properly and in accordance with his/her individual needs;
  2. creating statistics, which help to assess the way in which the Service Users use the websites, which allows for improving the Website's structure and content;
  3. utrzymania sesji użytkownika serwisu;

The following types of cookies are used on the Website:

  1. "necessary" cookies that enable the use of services available on the Website, e.g. authentication cookies used for services that require authentication on the Website; cookies used to ensure security, e.g. used to detect authentication abuses within the Website
  2. "performance" cookies, enabling the collection of information on the use of the Website;
  3. "functional" cookies which allow for "remembering" the settings and interface parameters selected by the User, for example: User's language or region, font size, website layout, etc.;
  4. <li"advertising" cookies, enabling the provision of advertising content more tailored to their interests.

PUSH notifications

For marketing purposes - with prior consent - D'Alchemy sends Push Notifications via browsers to users' end devices.

Push notifications with marketing content - if prior consent has been granted - can be turned off at any time, which results in the withdrawal of consent to receiving marketing Push Notifications. The withdrawal of consent does not affect the processing of personal data and the sending of marketing content that we performed before the withdrawal of consent.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (below: Google). Google Analytics uses cookies. The information generated by the cookie regarding your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these pages, your IP address will be shortened by Google beforehand within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. The IP address provided by Google Analytics will not be combined with other data held by Google.

The purpose of data processing is to evaluate the use of the website and to compile reports on activities on the website. Other related services will be provided based on your use of the website and the Internet. The processing is based on the legitimate interest of the website operator.

Google Analytics collects data on IP addresses, network location, date of visit, operating system, browser type. You can prevent the storage of cookies by appropriately setting your browser software; however, please note that if you do this you may not be able to use all the features of this website to the fullest extent possible.

In addition, you can prevent the collection of data generated by cookies and data relating to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=pl (Browser Add On) to disable Google Analytics

Using Google Ads

Our website uses Google Conversion Tracking. If you have reached our site via an advertisement sent by Google, Google Ads will set a cookie on your computer. A tracking cookie is used when a user clicks on an ad served by Google. These cookies expire after 30 days and are not used to identify you personally. If you visit certain pages on our website and the cookie has not expired, we and Google can recognize that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie. Cookies cannot be tracked by Ads advertiser sites. The information collected using the redirect cookie is used to generate redirect statistics for Ads advertisers who use such functionality. Customers are only informed of the total number of users who clicked on the ad and were redirected to the site. However, they do not receive information that identifies users.

If you do not want your traffic on the website to be verified, change your browser settings, e.g. by blocking cookies from the "googleleadservices.com" domain.

Please note that you cannot opt out of the use of cookies if you wish to continue recording measurement data. If you have deleted all cookies in your browser, you will need to set the corresponding cookie again.

Use of Facebook social plug-ins

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer, within the meaning of Art. 6 sec. 1(f) GDPR) we use social plug-ins (“plug-ins”) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). Plugins may represent elements of interaction or content (e.g. videos, graphics or text contributions) and may be identified by, for example, the Facebook logo (white "f" on a blue tile), a "Like" button or a thumbs up, or are marked with the addition "Facebook Social Plugin". The list and design of Facebook social plug-ins can be viewedhere

When a user uses functions on a website that contains such a plug-in, the device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and incorporated into the online offer. In this process, user profiles can be created from processed data. We have no influence on the amount of data collected by Facebook using the plug-in, therefore we inform users about its operation to the best of our knowledge.

Through the integration of plugins, Facebook receives the information that the user has accessed the corresponding page. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If users interact with the plug-ins, for example by using the "Like" button or the comment function, information is sent from the device directly to Facebook and stored there. If you are not a member of Facebook, it is still possible for Facebook to obtain your IP address.

The purpose and scope of data collection and the further processing and use of data by Facebook, as well as the related rights and options for setting the privacy protection of users, can be foundin Facebook's privacy policy.

If you are a Facebook member and do not want Facebook to collect data about you through this website and combine it with user data already stored on Facebook, you must log out of Facebook and delete your cookies before using our website. Other settings changes regarding the use of data for advertising purposes are possiblein your Facebook profile settings

Measuring change with the Facebook pixel

With your permission, we use a "user action pixel" called "Facebook pixel", i.e. a service provided by Meta Platforms Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA ("Facebook") on our website. With its help, we can track users' actions after viewing or clicking on an ad on Facebook. This allows us to track the effectiveness of advertising on Facebook, which we use for statistical and market research purposes. Data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, and we inform you about it to the best of our knowledge. Facebook may link this data to your Facebook account and use it for its own advertising purposes, in accordance with Facebook's privacy policy. You can prevent Facebook and its affiliates from serving ads on and off Facebook.

This consent can only be expressed by users over 13 years of age. If you are younger, please ask your guardians to express your consent.

If you want to learn more about how Facebook ensures compliance with European data protection laws, clickhere

Server logs

  • Use of the Website is associated with sending enquiries to the server on which the Website is stored.
  • Each query directed to the server is saved in the server's logs. Logs cover IP address of the User, data and time of server, information about web browser and operating system used by the User, etc.
  • Logs are saved and stored on the server
  • Data saved in server logs is not associated with any particular people using the Website and it is not used by the Controller for the purpose of identifying the User.
  • Server logs constitute solely an auxiliary material that is used for Website administration. Their content is not disclosed to any parties besides people authorized to manage the server.

4. Data recipients

In connection with its business activities, the Controller will disclose your personal data to the following entities:

  1. state authorities or other entities authorized under the regulations - if it is necessary for the fulfillment of legal obligations,
  2. entities supporting us in our activities on our behalf, in particular: suppliers of external IT systems supporting our activities, subcontractors, entities auditing our activities or appraisers, and such entities will process data on the basis of a contract with the Controller and only in accordance with his instructions,
  3. entities providing accounting, HR or legal services - to the extent necessary to ensure compliance with legal obligations or to establish, pursue and defend claims,
  4. companies that utilize or archive documents and other media - to the extent that data is stored in paper form or on these media,
  5. courier and postal service companies,
  6. companies carrying out marketing activities,
  7. companies providing marketing automation services - e.g. SalesManago.
  8. Calendly LLC (USA) – in the scope of arranging consultations on the selection of cosmetics and providing care advice.

5. Data processing rights

Each person whose data is processed by the Controller has the right to:

  1. access personal data,
  2. correct personal data,
  3. delete personal data,
  4. restrict the processing of personal data,
  5. object to the processing of personal data (in accordance with Art. 21 sec. 1 GDPR, when submitting an objection, please indicate its reasons related to your particular situation),
  6. transfer personal data.

Additionally, you have the right to lodge a complaint with the supervisory authority, i.e. President of the Office for the Protection of Personal Data, more information at https://uodo.gov.pl/pl/526/2464

6. Voluntary data provision

Providing data is necessary to conclude contracts and settle the business activity conducted, as well as for the Controller to comply with legal requirements. In other respects (in particular for the purpose of processing data by the Controller for marketing purposes), providing data is voluntary

7. Transfers of data to third countries or international organizations

Your data is transferred outside the European Economic Area. For our providers such as Calendly, social media and cookies and other tracking technologies, your personal data may be transferred to the USA. We transfer personal data to entities based in the USA that participate in the Data Privacy Framework. For more information, please visithttps://www.dataprivacyframework.gov/s/

In other cases, we enter into standard contract clauses with our suppliers. More information, including copies of standard contractual clauses we use, can be obtained by contacting our personal data inspector: [email protected]

8. Processing of personal data in an automated manner

Automated decision-making, including profiling, takes place as part of the collection of statistical and analytical data and as part of contextual and behavioral advertising.

Profiling takes place through the collection and processing of your data through automated analyzes of your behavior when using social networking sites and our store in order to constantly improve its operation and the services we provide.

The above profiling serves only to improve the quality of our services and does not produce any legal effects or affect you in any other similar way.

up
Shop is in view mode
View full version of the site
Sklep internetowy Shoper Premium