Privacy Policy

PRIVACY POLICY

This Privacy Policy sets out the rules for processing personal data obtained via the brilanteshop.pl online store (hereinafter: the “Online Store”).
The owner of the Online Store and the data controller is Skiera Cosmetics BV, registered office in The Hague (2544EM), Koperwerf 27, KVK 72689331, VAT NL859198819B01 (hereinafter: Skiera Cosmetics BV).
Personal data collected by Skiera Cosmetics BV via the Online Store is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR).
Skiera Cosmetics BV takes special care to respect the privacy of Customers visiting the Online Store.

§ 1 Types of data processed, purposes and legal basis

Skiera Cosmetics BV collects information about natural persons performing a legal act not directly related to their business, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal entities or organizational units without legal personality which are granted legal capacity by law, hereinafter collectively referred to as Customers.

Customer personal data is collected when:

registering an account in the Online Store, to create and manage an individual account. Legal basis: necessity for the performance of the Account service agreement (Art. 6(1)(b) GDPR);
placing an order in the Online Store, to execute the sales agreement. Legal basis: necessity for the performance of the sales agreement (Art. 6(1)(b) GDPR);
subscribing to the newsletter, to provide the electronic information service. Legal basis: the data subject’s consent (Art. 6(1)(a) GDPR);
using the contact form, to provide the electronic service. Legal basis: necessity for the performance of the contact-form service (Art. 6(1)(b) GDPR);
using the “add a review” service, to provide the electronic service. Legal basis: necessity for the performance of the review service (Art. 6(1)(b) GDPR).

When registering an account, the Customer provides:

e-mail address;
first and last name;
phone number.

During registration, the Customer sets an individual password (which can later be changed as described in §5).

When placing an order, the Customer provides:

e-mail address;
address details:
- postcode and city;
- country;
- street and house/flat number;
- province/region;
first and last name;
phone number.

For Business Customers, the scope is additionally extended by:

company name;
VAT number.

Newsletter – only the e-mail address is required.
Contact form – e-mail address, first and last name, phone number.
Add a review – e-mail address and first/last name or nickname.

While using the Store website, additional information may be collected, in particular: IP address, domain name, browser type, access time, and operating system type.

Navigation data (links clicked, actions taken in the Store) may also be collected. Legal basis: the controller’s legitimate interest (Art. 6(1)(f) GDPR) consisting in facilitating the use of electronic services and improving their functionality.

For the purpose of establishing, pursuing and enforcing claims, certain personal data provided by the Customer within the Store’s functionalities may be processed (e.g., name, surname, service-use data, other data necessary to evidence a claim and the extent of damage). Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

Providing personal data to Skiera Cosmetics BV is voluntary in connection with sales or service agreements via the Store website; however, failure to provide the data required in the forms during Registration prevents Registration and Account creation, and when ordering without Registration it prevents placing and fulfilling the order.

§ 2 To whom data is disclosed or entrusted and how long it is stored

Customer personal data is transferred to service providers used by Skiera Cosmetics BV in operating the Online Store. Depending on contractual arrangements and circumstances, service providers either follow Skiera Cosmetics BV’s instructions regarding the purposes and means of processing (processors) or determine the purposes and means themselves (controllers).

Processors. Skiera Cosmetics BV uses providers who process personal data solely on Skiera Cosmetics BV’s instructions (hosting, accounting, marketing systems, web-traffic analytics, campaign performance analytics).
Controllers. Skiera Cosmetics BV also uses providers who do not act exclusively on instruction and independently determine purposes and means of processing Customers’ personal data (electronic payment and banking services).

Location. Service providers are based in Poland and other countries of the European Economic Area (EEA).

Data retention periods:

Where processing is based on consent, personal data is processed until the consent is withdrawn, and thereafter for a period corresponding to the limitation period for claims that may be raised by or against Skiera Cosmetics BV (unless provided otherwise: six years, and three years for periodic performance and business-related claims).
Where processing is based on contract performance, personal data is processed for as long as necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims (as above).

For purchases in the Online Store, personal data may be transferred, depending on the Client’s delivery choice, to:

a courier company;
POST NL BV, The Hague.

SOFORT Banking payments: data is transferred as necessary to Mollie BV, Keizersgracht 126, 1015CW Amsterdam.
PayPal payments: likewise to Mollie BV, Keizersgracht 126, 1015CW Amsterdam.

Navigation data may be used to provide better service, compile statistics, tailor the Store to Customer preferences, and administer the Store.

Newsletter. If the Customer subscribes, Skiera Cosmetics BV will send commercial information (promotions, new products) to the e-mail address provided.

Upon a lawful request, Skiera Cosmetics BV discloses personal data to competent public authorities, in particular units of the Prosecutor’s Office, Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3 Cookies mechanism, IP address

The Online Store uses small files called cookies, stored by Skiera Cosmetics BV on the visitor’s device if the browser allows it. A cookie typically contains the domain of origin, expiration time, and a unique identifier. The information collected helps tailor products to individual preferences and produce general visit statistics.

Skiera Cosmetics BV uses two types of cookies:

Session cookies – deleted after the browser session ends or the device is switched off; they do not allow retrieval of personal/confidential data from Clients’ devices.
Persistent cookies – stored until deleted or expired; they also do not allow retrieval of personal/confidential data.

First-party cookies are used for:

authenticating the Client and maintaining the session (so the Client does not have to log in on every subpage);
analysis and audience measurement (anonymous statistics) to improve the site’s structure and content.

Third-party cookies are used for:

promotion via facebook.com (Facebook Inc., USA / Facebook Ireland);
anonymous statistics via LiveChat (Smartsupp.com, Czech Republic);
targeted advertising via awin.com (AWIN Limited, UK);
targeted advertising via rtbhouse.com (RTB House S.A., Warsaw);
targeted advertising via go.pl (GO.PL Sp. z o.o., Warsaw);
promotion via twitter.com (Twitter Inc., USA);
statistics via Google Analytics (Google Inc., USA);
ads via Google AdSense (Google Inc., USA);
displaying the Rzetelny Regulamin certificate via rzetelnyregulamin.pl (Rzetelna Grupa sp. z o.o., Warsaw).

The cookie mechanism is safe for Clients’ devices. Clients can limit/disable cookies in their browser; some functions that require cookies may then not work properly.

Changing settings in popular browsers:

Skiera Cosmetics BV may collect IP addresses (usually dynamic). They are used to diagnose server problems, compile statistics (origin regions of visits), administer and improve the Store, ensure security, and identify unwanted automated requests.

The Online Store contains links to external websites. Skiera Cosmetics BV is not responsible for the privacy policies applied on those sites.

§ 4 Rights of data subjects

Right to withdraw consent (Art. 7(3) GDPR) — effective upon withdrawal; does not affect lawful processing carried out before that moment; may prevent the use of services/features that require consent.

Right to object (Art. 21 GDPR) — at any time, on grounds relating to the individual situation of the Client, against processing based on legitimate interest (marketing, statistics, usability, satisfaction surveys). Unsubscribing from marketing e-mails constitutes an objection for these purposes. If the objection is justified and no other legal basis applies, the relevant data will be erased.

Right to erasure (“right to be forgotten”) (Art. 17 GDPR) — e.g., when data is no longer needed, consent is withdrawn, there is an objection to marketing, processing is unlawful, erasure is required to meet a legal obligation, or data was collected in connection with information society services. Despite an erasure request, Skiera Cosmetics BV may retain certain data to establish/exercise/defend legal claims or comply with legal obligations (e.g., name, e-mail, address, order number).

Right to restriction of processing (Art. 18 GDPR) — e.g., where accuracy is contested (verification within 7 days), processing is unlawful and restriction is requested, data is no longer needed for the original purpose but required for claims, or an objection is pending. During restriction, related services/communications are suspended.

Right of access (Art. 15 GDPR) — confirmation of processing, access to data, and information on purposes, categories, recipients, storage period/criteria, rights, complaint, source, automated decision-making/profiling, safeguards for transfers outside the EU, plus a copy of the data.

Right to rectification (Art. 16 GDPR) — immediate correction of inaccurate data and completion of incomplete data (upon request to the e-mail indicated in §6).

Right to data portability (Art. 20 GDPR) — receipt of one’s data and transfer to another controller or direct transfer where technically feasible; data provided in a CSV file (commonly used, machine-readable).

Response times. Skiera Cosmetics BV complies (or refuses) without undue delay and no later than one month after receiving the request; for complex/multiple requests this may be extended by two months, with notice within one month.

The Client may submit complaints, questions and requests to the Controller; may request a copy of the Standard Contractual Clauses (SCCs) via the address in §6.
The Client has the right to lodge a complaint with the President of the Personal Data Protection Office.

§ 5 Security management — password

Skiera Cosmetics BV ensures secure, encrypted (SSL) connections when transmitting personal data and when logging into the Client Account.
If a Client with an Online Store account loses their password, a new one can be set via the “Forgot your password” function; passwords are stored in encrypted form and never sent by e-mail.
Skiera Cosmetics BV never requests login details or passwords by (e-)mail.

§ 6 Changes to the Privacy Policy

This Privacy Policy may be amended; Skiera Cosmetics BV will notify Clients at least 7 days in advance.
Questions related to the Privacy Policy: [email protected]
Date of last modification: 08.09.2021

Cookie name	Provider	Purpose	Expiry
AEC	Google	Ensures that requests within a browsing session are made by the user and not by other sites.	6 months
cookiesplus	brilanteshop.pl	Stores your cookie preferences.	1 year
DV	Google	It is used to collect information about how the visitor uses the website. The cookie collects information anonymously, including the number of people visiting the website, where the visitors came from and the pages they visited.	1 day
PHPSESSID	brilanteshop.pl	This cookie is native to PHP and enables websites to store serialised state data. It is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie.	Session
PrestaShop-#	brianteshop.pl	This cookie helps keep user sessions open while they are visiting a website, and help them make orders and many more operations such as: cookie add date, selected language, used currency, last product category visited, last seen products, client identification, name, first name, encrypted password, email linked to the account, shopping cart identification.	480 hours
SOCS	Google	Stores information about the user's cookie decision.	13 months
__cflb	Cloudflare	Technical cookies required by CDN provider Cloudflare.	1 hour
__Secure-ENID	Google	Used to store user preferences and information.	13 months

Cookie name	Provider	Purpose	Expiry
_ga	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years
_ga_#	Google	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.	2 years

Cookie name	Provider	Purpose	Expiry
_fbp	Facebook	Stores and tracks visits to websites.	3 months
_gcl_au	Google	Collects and stores information from ad clicks.	3 months