PRIVACY POLICY

THE “colorist SHE” Mobile Application

DEFINITIONS

Capitalized terms used in this Privacy Policy mean:

"Administrator" - Stetsiuk Hair Expert, incorporated in Poland as a "SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ", with capital of PLN 5.000, having its registered office at Bernarda Chrzanowskiego Street 11 lok. 8, post code: 80-278 Gdańsk - POLAND, registered with the National Court Register, kept by the District Court Gdańsk-Północ in Gdańsk, VII Economic Division of the National Court Register, under number 0000814972, NIP number: 5833378452, REGON number : 384910842.

Contact details:

- telephone number (+48) 575 555 011, 

- e-mail address: stetsiukhairexpert@gmail.com

"Mobile Application" or "Application" - the software under the name "colorist SHE" made available for a fee by the Administrator through the App Store and Google Play store for installation on the User's Device, the purpose of which is to mix hair dye shades and thereby obtain Results;

"Personal Data" - any information about a natural person identified or identifiable by one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity, including name, identification number, device IP, location data, internet identifier and information collected through cookies and other similar technology;

"Account" - a User's account created in the Application when it is installed and activated on the Device, enabling the use of the Application, which the User can access by means of a login and a password; and which is a collection of resources in which the data and information about the User's activities within the Application (including the Results) and the number and type of Packages subscribed to by the User by way of Subscription are collected.

"Policy" - this Privacy Policy;

"RODO" - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / EC;

"Regulations" or "Mobile Application Regulations" - the regulations available at https://stetsiukhairexpert.wixsite.com/stetsiukhairexpert/regulamin-colorist-she 

In the absence of a separate definition in the Policy, capitalized terms contained therein shall be understood in the manner indicated in the text of the Regulations.

"Device" - an electronic mobile device (including eg a smartphone, a tablet) connected to the Internet, using the Android or iOS operating system, through which the purchase of the Application, the registration of an Account and / or the use of the Application is made.

"User" - any natural person of full legal capacity who may download, install and use the Application in accordance with the Regulations.

"Results" means the paint and oxidant formulas generated by the Application based on the pre-selected boxes selected by the User and contained in the Application itself, as well as the paint and oxidant formulas generated by the Application based on so-called User Content entered by the User.

GENERAL

• This Policy describes how we collect, protect and use personally identifiable information ("Personal Data") that the User provides or may provide in the Mobile Application and any related products and services (collectively, the "Services") and the User's Account, as well as Data and other information obtained while using the Application. It also describes the choices available to the User regarding the use of Personal Data and how the User can access and update this information.  

• This Policy is part of and incorporated into the Mobile Application Regulations. By accessing and using the Mobile Application, the User acknowledges that he / she has read, understood and agree to be bound by all the terms and conditions of this Policy. If the User does not agree to abide by the terms and conditions of this Policy, he / she is not authorized to access or use the Mobile Application and is obliged to immediately remove / deactivate it from the Device.

• All persons using the Application or intending to use the Application may at any time and without incurring any fees, read, obtain, reproduce and preserve by printing or saving on media this Policy, which is available in the App Store and Google Play store, directly on the Application and on the Administrator's website:  https://stetsiukhairexpert.wixsite.com/stetsiukhairexpert/polityka-prywatnosci-colorist-she

• The use of the Application is voluntary, as is the provision of Personal Data by the User. Personal Data of a specific nature is not collected.  

• The voluntary provision of Personal Data and the processing of the Personal Data required by the Application or indicated in the Application is a prerequisite for the use of the Application and its Services. Failure to do so, or the provision of fictitious data, will prevent the User from using the Application and its Services and the User is obliged not to download the Application or to uninstall it immediately from the Device.

• The Administrator takes special care to protect the interests of the Application Users and, in particular, is responsible and ensures that the Data collected by him are: 

(1) processed lawfully; 

(2) collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes; 

(3) substantially correct and adequate in relation to the purposes for which they are processed; 

(4) stored in a form which permits identification of the User for no longer than is necessary to achieve the purpose of processing; and

(5) processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.

• This Policy does not apply to the practices of companies that the Administrator does not own or control, or to persons that the Administrator does not employ or manage, nor does it apply to sites accessible through hyperlinks on the Mobile Application or website. By clicking on the relevant links or banners, the User will be redirected to the websites / services of other entities, including collaborating entities. The Administrator is not responsible for the manner in which Personal Data is processed by such entities; therefore, the User should become familiar with the relevant policies and regulations of such entities.

• To the extent that the User purchases subscriptions to the Application through the Google Play store or App Store and provides the Personal Data necessary to make such purchases, the respective privacy policies located on the websites of these entities shall apply.  

• Considering the functional possibility of introducing new services, development of the existing ones and possible changes in the regulations concerning protection of Personal Data, it is possible that the Administrator will modify this Policy in the future, which the Administrator reserves the right. Any changes to the Policy will be published on the website of the Personal Data Administrator with information about the effective date of such changes. The User will be informed of the change of the Policy by a message posted in the Application, an email sent to an email address, or by other customary means. The User continued use of the Application after the effective date of the changed Policy (or any other activity specified at that time) will constitute the User acceptance of these changes. However, the Administrator will not, without the consent of the User, use Personal Data in a manner materially different from what was specified at the time the User Data was collected.  

• The Administrator does not send marketing information unless requested to do so or unless the User has given their consent. The User may change their mind about this at any time.

ADMINISTRATOR AND CONTACT

The Personal Data Administrator 

"Administrator" - Stetsiuk Hair Expert, incorporated in Poland as a "SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ", with capital of PLN 5.000, having its registered office at Bernarda Chrzanowskiego Street 11 lok. 8, post code: 80-278 Gdańsk - POLAND, registered with the National Court Register, kept by the District Court Gdańsk-Północ in Gdańsk, VII Economic Division of the National Court Register, under number 0000814972, NIP number: 5833378452, REGON number : 384910842.

Contact with the Administrator can be made:

a) by sending a message by post to the following address

b) that the e-mail is: stetsiukhairexpert@gmail.com  

COLLECTION OF PERSONAL DATA

What data the Administrator collects depends on:

• what Services provided by the Administrator the User is using;

• on the configuration of the Device the User is using.

The Administrator may collect and process data which identify the User and which do not identify the User. The main purpose of collecting non-identifying data is to better understand the expectations of Users using the Mobile Application, to optimize its functions and content.

When the User is using the Mobile Application, the Administrator may collect Personal Information, including:

1. The Data provided during registration and / or use of the Application, including the User's name, email address, telephone number, User name and password, the User's country of residence and any other data the User chooses to provide. The User is responsible for verifying and ensuring that all information, content, materials or Data he / she provides is correct, complete, accurate and not misleading. This data is provided voluntarily.

2. Information about the use of the Application, such as information about how the User uses the Application and interacts with the Administrator, including the User preferred language, the date and time of first installation of the Application and the date and time of the last use of the Application, data about the Results in terms of the shades and proportions of paint selected to create the mixtures.

3. Device Data, such as computer and / or mobile device operating system type and version number, manufacturer and model, Device ID, language, push tokens, Google Advertising ID, Apple ID for Advertising, browser type, screen resolution, IP address, MAC address (and the associated country in which the User is located); and other information about the Device the User is using to download or use the Application.

4. Data from services / pages on which the Application is placed (eg App Store and Google Play) - the Application uses services of third parties, which may collect information allowing to identify the User and to transfer it to the Administrator. For more information, the User should check the privacy policy of the third party service providers used by the Application:

Google Play Services

Google Analytics for Firebase

Firebase Crashlytics by Google

App Store Services

5. Use of Device Privileges - The following is a list and description of certain features on the Device that are accessed and / or modified by the Application, which may require the User's consent to access. The User acknowledge that the User's refusal to provide explicit consent may affect or limit the Usuer's experience of using the Application, or prevent the Application from working at all:

- device specifications,

- internal memory including folders containing photos,

- a camera,

- screen settings (brightness settings).

6. Other data that the User chooses to provide voluntarily, such as data used to identify a lost Account.

The Administrator also indicates that if the User photographs taken by means of a camera or photographs wishes contained in the internal memory of the Device (located in adequate folders storing such photographs, eg in the Photo Gallery / Album / Image folder ), the User is obliged to give his / her consent to access this camera or memory. Lack of such consent means that the use of the Application with the use of the Image Color Recognition Module is restricted or prevented. If the User consents to such access, the Application via the User Image Color Recognition Module recognizes the color and records the name of that color in the User Account as a symbol or numbering only. These photos are not collected by the Administrator and are not saved or stored anywhere. The color determined by the Color Recognition Module is saved in a way that does not identify the User himself.

PURPOSE, GROUNDS AND DURATION OF PROCESSING

• The Administrator is entitled to process Personal Data where, and to the extent that, one or more of the following conditions are met: 

(1) the User has consented to the processing of  his / her Data for one or more specified purposes (Article 6 (1) (a) of the RODO); 

(2) processing is necessary for the performance of a contract to which the User is party or to take action at the request of the User (Article 6 (1) (b) RODO); 

(3) processing is necessary for compliance with a legal obligation to which the Administrator is subject (Article 6 (1) (c) of the RODO); or

(4) processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the User which require protection of personal data (Article 6 (1 ) (f) of the GDPR)

• The Data are processed, depending on the basis for the processing, for different purposes and for the duration necessary to achieve the specific purpose of the processing. The Administrator processes the data of Application Users:

• During the downloading of the Mobile Application and the registration and use of the Application by the User, any Personal Data required by the Application is collected and processed solely for the purposes of setting up the User Account on the Application, the correct provision of the Application Services, the performance and enforcement of obligations incumbent on the Parties, the provision of services by electronic means with regard to the provision of Application content. In the lack of the consent required by the Application for specific activities or Services, the performance of these tasks and Services is not possible. User's Personal Data is processed for as long as the User's Account remains active (ie until the subscription is canceled and the Application is uninstalled), and thereafter only if justified by another purpose and legal basis for data processing, eg the need to assert claims The Data are stored for the period necessary for the performance, termination or otherwise expiry of the concluded subscription Agreement for the Application. In the case of withdrawal of consent to the processing of Personal Data or after the expiry of the period for which consent has been granted, the Administrator shall be entitled to process the Data only for the time and to the extent that this is allowed by the provisions of generally applicable law, including in the performance of the Administrator's legal obligations or a legitimate legal interest, or to assert or defend against such claims. With regard to data processed in connection with other interests of the Controller, the data will be processed until this purpose is achieved or the User raises an effective objection.

• In the course of operating and improving the Application, solely for the purposes of enabling the User to use the functions of the Application; establishing and maintaining a User's Account; communicating with the User about the Application and responding to User's requests, questions, opinions, complaints; providing all technical and service support for the Application; resolving disputes; performing statistical analyses of the use of the Application (including through the use of Google Analytics); monitoring the correct and secure operation of the Application. The Data is stored for the duration of the User uses of the Application, and thereafter only if justified by another purpose and legal basis for data processing, such as the need to keep records of monitoring online compliance. In the event of withdrawal of consent for the processing of Personal Data or after the expiry of the period for which consent has been granted, the Administrator shall be entitled to process the Data only for the time and to the extent that this is allowed by the provisions of generally applicable law, including within the framework of the Administrator's performance of legal obligations or legitimate legal interests or the assertion of claims or defense against such claims. With regard to Data processed in connection with other interests of the Administrator, the Data will be processed until this purpose is achieved or the User raises an effective objection.

• In the event of an error in the Application, each time the User uses the Application, Data and information are collected on the Device (phone), referred to as Log Data. These Data may include information such as device name, operating system version, device IP address, configuration of the Application while using the Application, time and date of use of the Application and other statistics. These Data are collected to monitor the performance of the Application and to identify the cause of Application failures. The collection of data and information on a phone, referred to as Log Data, is carried out using Google Play Services, Firebase Analytics and Firebase Crashlytics. The Data are stored and processed for the duration of the User's use of the Application, and thereafter only if justified by another purpose and legal basis for the processing, eg the need to keep records of online compliance monitoring. In the event of withdrawal of consent for the processing of Personal Data or after the expiry of the period for which consent has been granted, the Administrator shall be entitled to process the Data only for the time and to the extent that this is allowed by the provisions of generally applicable law, including within the framework of the Administrator's performance of legal obligations or a legitimate legal interest, or to assert or defend against such claims. With regard to Data processed in connection with other interests of the Administrator, such Data will be processed until such purpose is achieved or the User raises an effective objection.

• To ensure that your use of the Application complies with the law, to prevent fraud and for security purposes. Administrator may use and disclose User Personal Information to law enforcement agencies, governmental authorities, and private parties as required by law or as Administrator deems necessary to: 

(a) protect the Administrator's, User's or others' rights, privacy, security or property; 

(b) enforce the terms of use of the Application in order to establish the defense and prosecution of claims against Administrator; and

(c) protect, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activities. 

The Data shall be stored and processed for the duration of the User's use of the Application, and thereafter only if justified by another purpose and legal basis for processing, such as the need to keep records of online law enforcement monitoring or the mandatory retention period for records relating to the provision of electronic services, or the period resulting from the statute of limitations for claims.

• For analytical and development purposes, ie compiling summaries, statistics, comparative surveys, for the Administrator's internal purposes, eg for the improvement of the Application and the Services provided through it, as well as on the basis of separate Regulations for the purpose of conducting research into a specific brand or product. The Data are stored and processed for the duration of the use of the Application, and on the basis of a separate consent, for the duration of the consent, and in the case of anonymised data, for an unlimited period.

HOW IS PERSONAL DATA SHARED?

• The Administrator shall not disclose the User's content or other Personal Data to third parties.  

• The Administrator may share information that is not photographs of the User in the following circumstances:

Service Providers. The Administrator may share the User's Personal Data with service providers who provide services on Administrator's behalf or assist Administrator in operating the Application (such as, for example, customer service, data analysis, email delivery, marketing and database management services, creation and development of the Application and its Services and Account, provision of information technology and related structure). Such third parties may only use the Personal Data as the Administrator directs or authorizes and in a manner consistent with this Policy and may not use or disclose Personal Data for any other purpose.

Professional advisors. The Administrator may share the User's Personal Data with professional advisors, such as lawyers, auditors, as necessary in the course of their professional services. Administrator may share User's Personal Data for compliance, fraud prevention and security, lawful requests and legal processes, such as responding to subpoenas or requests from State authorities.

Business Transfers. The Administrator may sell, transfer, or otherwise share some or all of its business or assets, including Users' Personal Data, in connection with a business transaction (or potential business transaction), such as a divestiture, merger, consolidation, acquisition, reorganization , or sale of assets, or in the event of bankruptcy or dissolution.

CROSS-BORDER PROVISION OF PERSONAL DATA

Depending on the User's location, the transfer of Data may involve the transfer and storage of information in a country other than the User's country, including countries outside the European Economic Area (hereinafter "Third Countries") and international organizations, which is related to cooperation with different entities or scope of activities.  

Data transferred to third countries for which the European Commission has decided that they meet an adequate level of protection for Personal Data and / or in accordance with any legal requirements, including an appropriate agreement that includes data protection clauses adopted by the European Commission, that ensure an adequate level of protection for the Personal Data transferred.

The User has the right to know about the legal basis for the transfer to a country outside the European Union or to an international organization governed by public international law or formed by two or more countries, such as the United Nations, and about the security measures taken to protect the User's Data. The User has the right to receive a copy of the data transferred to a third country upon the User's request to the Administrator.

The Administrator store the information he collects in connection with the Application on Amazon Web Services and Google Cloud Platform. For Amazon Web Services, the Administrator uses the United States as the data storage location, and for Google Cloud Platform, the Administrator uses the location closest to the User when the User uses the Application as the data storage location. The Personal Data may be accessed by the Administrator's service providers in other locations outside the User's country. The Device ID (and general information about the use of the Application) may also be available to the Company's support team at other locations outside of the User's country.

STORAGE OF INFORMATION

Users' Personal Data is retained and will be used for the period necessary for Administrator to comply with its legal obligations, resolve disputes, and enforce its obligations, unless a longer retention period is required or permitted by law. The Administrator may use any aggregate data derived from or containing Users' Personal Data after it has been updated or deleted, but not in a manner that would permit identification. Once the retention period has expired, the Personal Data will be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be exercised after the expiry of the retention period.

PERSONAL DATA SECURITY

The Administrator uses commercially reasonable security practices to safeguard information collected through the Application and takes reasonable steps to verify the Personal Data provided. However, data transmission over the Internet or wireless network cannot be guaranteed. Therefore, while we strive to protect the User's Personal Data, the User acknowledges that:

(1) there are security and privacy restrictions on the Internet that are beyond the Administrator's control; 

(2) the security, integrity and privacy of any information and data exchanged between the User and the Mobile Application and Services cannot be guaranteed; and 

(3) any such information and data may be viewed or manipulated in transit by a third party, despite best efforts.

USERS 'RIGHTS

The User has:

• the right to be informed, access, rectification (amendment, updating and supplementing), restriction of processing, deletion or portability of Personal Data - The User has the right to request from the Administrator information on the purpose, scope, manner of processing and source of Data, the right to access his / her Personal Data, the right to control the processing of Personal Data, the right to obtain information on the manner in which the Personal Data is made available, the right to rectify the Personal Data, update or supplement them, the right to erasure ("the right to be forgotten") or restriction of processing and the right to portability of his / her data. The detailed conditions for exercising the aforementioned rights are indicated in Articles 15-21 of the RODO.

• the right to withdraw consent at any time - the person whose data are processed by the Administrator on the basis of expressed consent (pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the RODO) has the right to withdraw consent at any time, without affecting the legality of the processing performed on the basis of consent before its withdrawal

• the right to object - the person whose data are processed by the Administrator shall have the right to object at any time - on grounds relating to his or her particular situation - to the processing of Personal Data concerning him or her based on Article 6 (1 ) (e) (public interest or tasks) or (f) (legitimate interest of the controller) of the GDPR, including profiling under these provisions. The Administrator shall in that case no longer be permitted to process those Personal Data unless the Administrator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User, or grounds for the establishment, exercise or defense of claims.

• the right to lodge a complaint to the supervisory authority - the person whose data is processed by the Administrator has the right to lodge a complaint to the supervisory authority in the manner and mode specified in the provisions of the RODO and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.

HOW TO USE THE RIGHTS

Any requests for exercising the User's rights may be addressed to the Administrator using the contact details provided herein. Please note that before responding to such requests, the Administrator may ask for verification of the User's identity. The User's request must contain sufficient information to verify that the User is the person he or she claims to be or is an authorized representative of such person. Sufficient details must be provided for the Administrator to properly understand and respond to the request.  

CHILDREN'S PRIVACY

Administrator does not knowingly collect any Personal Data from children under the age of 18. The Administrator encourages parents and legal guardians to monitor their children's Internet use and to help enforce this Policy by instructing children never to provide Personal Data through the Mobile Application.

If you have reason to believe that a child under the age of 18 has provided Personal Information to us through the Mobile Application, please contact the Administrator.

VIOLATION OF PERSONAL DATA

In the event that the security of the Application is breached or Users' Personal Data is disclosed to unrelated third parties as a result of external activities, including but not limited to security attacks or fraud, the Administrator reserves the right to take reasonable appropriate measures, including but not limited to investigation and reporting, and to notify and cooperate with law enforcement authorities. In the event of a data breach, reasonable efforts will be made by the Administrator to notify Users if there is a reasonable risk of harm to the User as a result of the breach or if notification is otherwise required by law. In this case, the User will be notified via email or the Application.

​