Privacy and cookies policy
Good morning!
If you’re here, it’s likely that you value your privacy. We understand this fully, and that’s why we provide you with a document that consolidates the guidelines for handling personal data, the usage of cookies and other tracking technologies.
Formal information at the beginning: the administrator of your personal data is
The Dots Cosmetics Sp. z o.o.,
Address: st. Jana Heweliusza 11/811,
80-890 Gdansk, Poland
Registry Number (KRS): 0000961313,
Tax Identification Number (NIP): PL5833446917.
National Official Business Register Number (REGON): 52151441900000.
Our primary use of your personal data is to facilitate your use of our website, which includes tasks like maintaining user accounts, processing orders and contracts, handling complaints and returns, fulfilling legal tax obligations, and sending newsletters. We also use your personal data for other purposes such as claims management, statistical analysis, marketing, and more. We process your personal data for the period necessary to achieve the specific purposes for which it is being used. You have the right to access, correct, delete, or restrict the processing of your personal data, as well as the right to transfer data. Additionally, you have a right to file a complaint with a supervisory authority.
Further details about how we process your personal data can be found in the further part of the Privacy Policy.
The administrator of your personal data is
The Dots Cosmetics Sp. z o.o.,
Address: st. Jana Heweliusza 11/811,
80-890 Gdansk, Poland
Registry Number (KRS): 0000961313,
Tax Identification Number (NIP): PL5833446917.
National Official Business Register Number (REGON): 52151441900000.
This Privacy Policy applies to the website www.thedotscosmetics.com.
Regarding our website’s social media profiles, it’s important to note that based on the judgment of the Court of Justice of the European Union, the social network provider is a joint controller of personal data together with the administrator of a given profile. For information about how individual social network providers process personal data, please refer to the following link:
As part of the implementation of the personal data protection system in our organisation, we have decided not to appoint a personal data protection officer due to the fact that in our situation it is not mandatory.
In matters related to the protection of personal data and broadly understood privacy, you can contact us at the e-mail address: kontakt@thedotscosmetics.com. For issues related to our social media profiles, you may also contact the administrators of the respective social media platforms directly.
| Processing purpose | Description of the processing purpose |
|---|---|
| User account management | When creating a user account, you are required to provide the necessary information specified in the registration form. Providing this information is a condition for creating an account. You can also provide additional information about yourself within the available options when editing your account details. Additionally, our user account management system records your IP address, which was used to register your account. This data is processed for the purpose of providing you with the user account service. After deleting your user account, the data is archived for the purpose of potential establishment, investigation, or defence of claims related to the user account service. |
| Order fulfilment and contract management | When placing an order, you are required to provide the necessary information specified in the order form. Providing this information is a condition for placing an order. Additionally, the system used to manage the order process records your IP address, which was used to place the order. Every order is stored in a database, which means that your personal data associated with the order is accompanied by information about the order, such as the date and time of the order, the order identification number, transaction identifier, ordered item, price, payment method and deadline, and the date and time of download (in case of digital content). In connection with the conclusion of a contract, we may process your other personal data to fulfil the obligations specified in the contract. The scope of this data depends on which personal data is necessary to fulfil the contract. When we receive your data from an entity that employs you, for example, to execute the contract, we base such data processing on our legitimate interest, which in this case is to ensure the smooth and effective execution of the concluded contract. In such cases, we may process your identifying and contact information. Data is processed for the purpose of concluding and fulfilling the contract. After completing the contract, the data is archived for the purpose of potential establishment, investigation, or defence of claims related to the contract. The data is also stored in accounting records for tax compliance purposes. |
| Steps taken to complete orders by customers | Due to the fact that some customers begin the process of placing an order but do not complete it (i.e., they do not confirm the order and do not enter into a contract with us), we may take action to encourage our customers to finalize the purchase process. To this end, we may send email messages containing information about the unfinished order and encourage customers to complete the transaction. For the purposes of these actions, we may process personal data such as the information provided during the ordering process, particularly your name and email address, as well as information about the contents of your shopping cart, the date of starting the transaction, and other data related to the ongoing purchase process. Podstawą prawną przetwarzania Twoich danych osobowych jest art. 6 ust. 1 lit. b RODO, ponieważ działania te zmierzają do zawarcia umowy. Ponadto upatrujemy podstawy przetwarzania w naszym prawnie uzasadnionym interesie, jaki w tym przypadku stanowi zwiększanie sprzedaży. |
| Handling of complaints or withdrawal from a contract. | If you file a complaint or withdraw from a contract, you provide personal data included in the content of the complaint or statement of withdrawal from the contract. Providing this information is a condition for submitting a statement of withdrawal from the contract or a complaint. The data is processed for the purpose of handling the process of withdrawal from the contract or the complaint process. After completing such a process, the data is archived for the purpose of potential establishment, investigation, or defence of claims related to the handling of the process of withdrawal from the contract or the complaint process. The data is also stored in accounting records for tax compliance purposes. |
| Handling of comments/reviews | When adding a comment/review, you are required to provide the necessary information specified in the comment/review form for publication of the comment/review. Providing this information is a condition for publishing the comment/review. Additionally, the comment/review system records your IP address, which was used to submit the comment/review. The comment/review system may be managed by an external provider. In such a situation, the use of the system is subject to the terms and privacy policy of the external provider. Detailed information about external provider tools can be found in the section dedicated to the tools we use. The data is processed for the purpose of publishing the comment/review, which is our legitimate interest. The comment or review you add, along with the personal data you provide, will be visible on the page according to the settings. You may modify or delete the comment/review at any time. A deleted comment/review and associated personal data are archived for the purpose of potential establishment, investigation, or defence of claims related to the comment/review. |
| Contact and correspondence | When contacting us through available communication channels such as email, social media messengers, chats, etc., you naturally provide your personal data included in the correspondence. Providing this information is a condition for establishing contact. Additionally, the communication system records your IP address, which was used to send the message. The communication system (e.g. chat, messenger) may be managed by an external provider. In such a situation, the use of the system is subject to the terms and privacy policy of the external provider. Detailed information about external provider tools can be found in the section dedicated to the tools we use. The data is processed for the purpose of conducting communication, which is our legitimate interest. After the communication is completed, the data is archived for the purpose of potential establishment, investigation, or defence of claims related to the conducted communication. |
| Tax and accounting obligations fulfilment | In connection with the performance of the contract, we also fulfil various tax and accounting obligations, in particular by issuing invoices, including the invoice in our accounting documentation, storing documentation, etc. To issue an invoice, we process data such as name, company, business address, and tax identification number (NIP), among others. Providing the data required by tax law is necessary to fulfil the indicated obligations. |
| Creating an archive | For the purposes of our business, we may create archives in both traditional and digital forms. Personal data processed in connection with you may be included in the archives, and their scope may vary depending on the data received and the justified extent of data for archival purposes. In this case, we rely on our legitimate interest in organizing and managing personal data carriers. |
| Defence, establishment, or pursuit of claims | Using our website and entering into a contract with us may result in certain claims in the future from either our or your side. Therefore, we are entitled to process personal data for the purpose of defence, establishment, or pursuit of claims. Within this scope, we may process any personal data related to a given claim, so the scope of data may vary depending on the subject of the claim. In this case, we rely on our legitimate interest in protecting our interests. |
| Creating target groups for advertising | Your email address stored in our database may be transferred to a specific advertising system (e.g. Facebook Ads, LinkedIn Ads) to create a target group for advertising using that email address. During the use of this function, the email address is hashed before being sent to the advertising system to create a target group. The email address will be used in the matching process conducted by the specific advertising system. The advertising system does not disclose the email address to third parties or other advertisers and deletes the email address immediately after the matching process is completed. The advertising system implements processes and procedures to ensure the confidentiality and security of the transmitted email address and the set of user identifiers that make up the target group created using the email address, among other things, by applying technical and physical safeguards. Creating a target group for advertising using your email address is our legitimate interest, which in this case is the realization of our marketing objectives. |
| Social media management | If you follow our profiles on social media or interact with content published by us on social media, we naturally see your data that is publicly available on your social media profile. We process this data only within the given social media platform and solely for the purpose of operating the given social media platform, which is our legitimate interest. If you contact us via a private message, you naturally provide us with your personal data included in the correspondence, particularly your image and name. In this case, your data is processed for the purpose of contacting you, and the legal basis for processing is our legitimate interest. It may happen that we initiate contact with you via social media to offer cooperation. In this case, your data will be processed for the purpose of searching for potential contractors and offering and establishing cooperation, which is our legitimate interest. Messages sent to us via social media are automatically archived by tools available within each social media platform and are available to us until you delete them. You have access to all messages exchanged with us in the private message section. Your use of social media is subject to the terms and privacy policies of the administrators of these platforms, and these administrators provide services to you fully independently and separately from us, through electronic means. |
| Analysis and statistics using only anonymous information | We conduct analytical and statistical activities using tools provided by external suppliers. Within the analytical tools, we have access only to Anonymous Information. Processing of Anonymous Information is based on our legitimate interest, which consists in creating, reviewing, and analyzing statistics related to user activity on the website in order to draw conclusions allowing for later optimization of our activities. Through the tools, we only have access to a set of statistics and information not attributed to specific individuals. Detailed information about external provider tools can be found in the section dedicated to the tools we use. |
| Internal marketing using only anonymous information | We conduct marketing activities using tools provided by external suppliers. Within the marketing tools, we have access only to Anonymous Information. Processing of Anonymous Information is based on our legitimate interest, which consists in creating and conducting marketing activities based on Anonymous Information, as well as targeting advertisements within external systems based on Anonymous Information for the purposes of marketing our own products and services. Through the tools, we only have access to a set of statistics and information not attributed to specific individuals. Detailed information about external provider tools can be found in the section dedicated to the tools we use. |
| Organizing promotional campaigns | To increase sales of our products/services, we may conduct various promotional campaigns, including those in cooperation with external partners. The rules related to the organization of promotional campaigns are defined in separate regulations. The scope of personal data that we will process in connection with the organization of a promotional campaign may vary depending on the type of promotional campaign. The legal basis for processing your personal data is our legitimate interest, which in this case is marketing and increasing the sales of our own products. |
| Providing additional features using only anonymous information | On our websites, we may embed video or audio players, social media widgets, comment modules, chat, newsletter forms, or other tools provided by third parties. All of these tools process Anonymous Information. Processing of Anonymous Information is based on our legitimate interest, which in this case is to provide the possibility of using additional features on the website. Through the tools, we do not have access to any other information, and furthermore, this information is not necessary for us – Anonymous Information is processed solely for the purpose of enabling additional features. Detailed information about external provider tools can be found in the section dedicated to the tools we use. |
| Fulfilment of obligations related to personal data protection | As a data controller, we are obligated to fulfil obligations related to personal data protection. Therefore, we may process your personal data if it is necessary to perform these obligations (for example, in the case of considering your request regarding your personal data). The scope of data depends on what data is necessary for us to fulfil the obligation and demonstrate compliance with GDPR. Furthermore, in this case, we also rely on our legitimate interest, which is to secure the data necessary to demonstrate accountability. |
The scope of processed data is described with regard to each processing purpose. Information in this regard is located above in point 3 of the Privacy Policy. Among the data is information such as:
- first and last name,
- email address,
- phone number,
- IP address,
- delivery address,
- invoice data,
- bank account number,
- details of the placed order,
- data collected in the mailing system,
- data related to added comment/opinion,
- information visible in social media profiles,
- information contained in correspondence,
- Anonymous Information
We use tools that gather a range of information about your use of our website. This includes the following information:
- information about your operating system and internet browser,
- viewed subpages,
- time spent on the website,
- transitions between individual subpages,
- clicks on individual links,
- mouse movements,
- scrolling of the website,
- the source from which you came to the website,
- age range in which you are located,
- your gender,
- your approximate location restricted to the city/town.
- your interests or other preferences based on your online activity,
- video recordings of your sessions on our website,
- heat maps illustrating your behaviour on our website
This information is referred to in this Privacy Policy as “Anonymous Information”.
In our opinion, Anonymous Information in and of itself does not have the character of personal data, since it does not allow us to identify you and we do not associate it with typical personal data that we collect about you. However, given the rigorous case law of the Court of Justice of the European Union and the divided opinions among lawyers, as a precaution, in case Anonymous Information is deemed to be personal data, we have also included detailed explanations in this Privacy Policy regarding the processing of this information.
We are unable to provide you with access to Anonymous Information about you, as we cannot attribute any Anonymous Information to any specific user. From the perspective of tools that collect Anonymous Information, we only have access to a set of statistics and information that is not attributed to specific individuals.
Processing Anonymous Information allows us to provide you with access to the functionality available on the website. In addition, Anonymous Information is used for analytical, statistical, and marketing purposes, such as setting and targeting ads.
Anonymous Information is also processed by tool providers in accordance with their terms of use and privacy policies. They may use them to provide and improve their services, manage them, develop new services, measure the effectiveness of ads, protect against fraud and abuse, and personalize content and ads displayed on specific services, websites, and applications. Detailed information on this can be found in the section dedicated to the tools we use.
In addition, some information about you may be automatically collected by the tools we use. Detailed information about external provider tools can be found in the section dedicated to the tools we use.
In exceptional cases, we may also obtain your personal data from other sources, such as when the entity that employs you provides us with your data as a contact person in matters related to a concluded contract, or when you represent an entity that enters into a contract with us.
We process your personal data for as long as it is justified within the given purpose of processing personal data, therefore processing periods may vary depending on the purpose. Remember that ending the processing of your data within one purpose does not necessarily result in the complete removal or destruction of your personal data, as the same set of data may be processed within another purpose, for the period specified for it. Complete removal or destruction of data occurs when we complete all the purposes and in other cases indicated in the GDPR.
Below you will find a description of processing periods:
- User account – data related to the user account will be processed for the duration of the user account’s operation;
- Order fulfillment and concluded contract – data related to the contract will be processed for the time necessary to conclude and perform the contract;
- Actions taken to complete orders by customers – data related to unfinished orders will be processed for a maximum period of 6 months from the day you placed the order;
- Complaints and contract withdrawals – data related to complaints and contract withdrawals will be processed for the time necessary to handle the complaint or withdrawal from the contract;
- Newsletter – data related to the newsletter will be processed for the period you use the newsletter;
- Comments / opinions – data related to posting a comment / opinion will be processed until you delete the comment or opinion;
- Contact and correspondence support – data related to correspondence support will be processed for the duration of the contact between us;
- Tax and accounting obligations – data related to performing tax and accounting obligations will be processed for the period provided for in tax law, usually 5 years from the end of the tax year;
- Archive – data related to the archive will be processed until the information contained in the archive is no longer useful;
- Establishing, investigating and defending claims – data related to claims will be processed until the claims expire, with the statute of limitations for claims differing depending on the applicable law (e.g., for businesses it may be 3 years, and for consumers 6 years);
- Recipient groups – data related to recipient groups will be processed until they are no longer useful or until you successfully object;
- Social media – generally, I have no control over the storage period of your personal data on social media. They are available on Facebook, Instagram, YouTube or LinkedIN under the terms and privacy policies of these services. We are unable to delete your data from Facebook, Instagram, YouTube or LinkedIN – only you can do so;
- Analysis and statistics – data related to analytics and statistics will be processed until they are no longer useful or until you successfully object;
- Own marketing – data related to own marketing will be processed until they are no longer useful or until you successfully object;
- Promotional campaign organization – data related to organizing promotional campaigns will be processed for the time necessary to conduct the promotional campaign;
- Additional tools – data related to additional tools will be processed until they are no longer useful or until you successfully object;
- Personal data protection obligations – data related to personal data protection will be processed until they are no longer useful, until you successfully object, or until the limitation period for our liability as a personal data administrator expires.
If we process your personal data based on your consent, you may withdraw such consent at any time: either by your own action or by contacting us at the contact details provided. Remember that withdrawing your consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.
We would venture to say that modern businesses cannot do without services provided by third-party entities. We also use such services. Some of these services involve the processing of your personal data. The external service providers who participate in the processing of your personal data are:
- Hosting provider – for the purpose of storing data on the server;
- Mailing system provider – for the purpose of using the mailing system;
- Invoicing system provider – for the purpose of issuing invoices;
- CRM system provider – for the purpose of streamlining work;
- Pop-up display system provider – for the purpose of displaying pop-ups;
- Customer service system provider – for the purpose of streamlining the customer service process;
- Cloud computing provider – for the purpose of using cloud solutions;
- Accounting office – for the purpose of using accounting services;
- Law firm – for the purpose of providing legal services on our behalf;
- Technical support service – for the purpose of carrying out technical work related to the areas where data is processed;
- Order fulfillment entity, courier company, Polish Post – for the purpose of logistics support for orders of physical products;
- Other subcontractors, in particular IT solution providers – for the purpose of cooperation with various subcontractors who may have access to your personal data if they provide services related to such access.
If necessary, your personal data may be made available to a legal advisor or lawyer bound by professional secrecy. The need may arise from the necessity of using legal assistance that requires access to your personal data.
Your personal data may also be transferred to tax authorities to the extent necessary to fulfill tax, settlement, and accounting obligations. This concerns in particular all declarations, reports, financial statements, and other accounting documents containing your personal data.
In addition, if necessary, your personal data may be made available to entities, authorities, or institutions authorized to access data based on legal provisions, such as police services, security services, courts, and prosecutors.
Your data is shared with courier companies to the extent necessary to deliver orders. These companies become independent administrators of your personal data.
As for Anonymous Information, providers of tools or plugins that collect Anonymous Information have access to them. Providers of these tools are independent data controllers of the data collected and may share this data on terms defined by them in their own regulations and privacy policies, which we have no control over.
We transfer your personal data to third countries in connection with the use of tools that utilize resources located in third countries, particularly in the USA. Providers of these tools guarantee an adequate level of protection for personal data through appropriate compliance mechanisms provided by the GDPR, especially through the use of standard contractual clauses.
Currently, your personal data is transferred to third countries in connection with our use of the following solutions:
| Solution Type | Solution Provider | Third Country |
|---|---|---|
| USA | ||
| Data Backup | USA |
In addition, Anonymous Information collected in connection with the use of the tools listed in the annexe to this privacy policy may be transferred to third countries, especially the USA.
We do not make decisions based solely on automated processing, including profiling, that would have legal effects on you or similarly significantly affect you. However, we do use tools that can take certain actions depending on the information gathered through tracking mechanisms, but we believe that these actions do not have a significant impact on you because they do not differentiate your situation as a customer, do not affect the terms of the contract you can enter into with us, etc.
By using certain tools, we may, for example, direct personalized ads to you based on your previous actions taken on a given website or suggest products that may interest you. This is what is known as behavioural advertising. We encourage you to deepen your knowledge about behavioural advertising, especially in terms of privacy-related issues. Detailed information, along with the possibility of managing settings related to behavioural advertising, can be found here.
The GDPR grants you the following potential rights related to the processing of your personal data:
- the right to access your data and receive a copy of it;
- the right to rectify (correct) your data;
- the right to erasure (if you believe we have no legal basis for processing your data, you can request that we delete it);
- the right to restrict processing of data (you can request that we restrict the processing of your data to only storing it or performing actions agreed with you, if you believe we have incorrect data or are processing it unlawfully);
- the right to object to the processing of data (you have the right to object to processing of your data based on legitimate interest; you should indicate a particular situation that justifies us stopping the processing objected to; we will stop processing your data for these purposes, unless we demonstrate that the legal basis for processing your data overrides your rights, or that your data is required for establishing, exercising or defending legal claims);
- the right to data portability (you have the right to receive your personal data that you provided to us based on a contract or your consent in a structured, commonly used and machine-readable format;
- you can instruct us to transmit this data directly to another entity);
- the right to withdraw consent to the processing of personal data, if you previously gave such consent; the right to lodge a complaint with a supervisory authority (if you believe that we are processing your data unlawfully, you can file a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).
We would like to emphasize that the above-mentioned rights are not absolute and will not apply to all processing activities of your personal data.
We stress that one of the rights mentioned above always applies to you: if you believe that we have violated the provisions on the protection of personal data in processing your personal data, you have the possibility to lodge a complaint with the supervisory authority.
Our website, like almost all other websites, uses cookies.
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our teleinformatics system (first-party cookies) or teleinformatics systems of third-party entities (third-party cookies). Certain information can be saved and stored in cookie files, which can be accessed by teleinformatics systems for specific purposes.
Some of the cookies used by us are deleted after the end of the internet browser session, i.e. after it is closed (session cookies). Other cookies are stored on your end device and allow recognition of your browser during the next visit to the website (persistent cookies).
If you want to learn more about cookies in general, you can read this article.
Cookies that are not necessary for the proper provision of electronic services remain blocked until you give your consent to the use of cookies. During your first visit to a given website, we display a message asking for your consent along with the ability to manage cookies, i.e. to decide which cookies you agree to and which ones you want to block.
Yes, you can manage cookie settings within your internet browser. You can block all or selected cookies, and you can also block cookies from specific websites. You can also delete previously saved cookies and other website and plugin data at any time.
Internet browsers also offer the option of using incognito mode, which you can use if you do not want information about visited websites and downloaded files to be saved in browsing and download history. Cookies created in incognito mode are deleted when all windows in this mode are closed.
Browser plugins are also available that allow you to control cookies, such as Ghostery. Control over cookies can also be provided by additional software, especially antivirus packages.
In addition, there are tools available on the internet that allow you to control certain types of cookies, especially for the collective management of behavioural advertising settings.
We also give you the ability to control cookies directly from our website. We have implemented a special mechanism for managing cookies that allows you to block cookies that you do not want. Remember that disabling or limiting cookie support may make it impossible to use some of the features available on our website and may cause difficulties in using the website, as well as many other websites that use cookies. For example, if you block cookies from social media plugins, social buttons, widgets, and functions implemented on our website may be unavailable to you.
The answer to this question can be found in many places in this Privacy Policy when describing individual tools, behavioural advertising, cookie consent, etc. However, for your convenience, we have gathered this information in one place. Below you will find a list of options for managing your privacy:
- cookie settings within your web browser;
- browser plugins that support cookie management, such as Ghostery;
- additional software for managing cookies;
- incognito mode in your web browser;
- settings for behavioural advertising, such as youronlinechoices.com;
- cookie management mechanism on our website;
- Google Analytics Opt-out;
- Google Ads Settings;
- Facebook Ads Settings;
- LinkedIn Privacy Settings.
As you can see, the subject of personal data processing, the use of cookies, and privacy management, in general, can be quite complicated. We have made every effort to provide you with as much knowledge as possible in this document on issues that are important to you. If anything is unclear to you, you want to learn more, or simply talk about your privacy, please email us at contact@thedotscosmetics.com.
Attachments related to the Privacy Policy and cookies are available for download here.
