Information about cookies
Cookies are used to adapt the content of websites to user preferences and to optimise website use. They are also used to create anonymous aggregate statistics that help understand how the User uses websites, which helps improve their structure and content without personal User identification.
- “GDPR” shall mean Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 the on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),
- “User” shall mean any person using www.esotiq.com (hereinafter the “Website”).
- Where there are any discrepancies between the Policy and the consents given by a person notwithstanding the Policy, the Company always takes actions and defines their scope based on consents given on a voluntary basis or on applicable laws. In the event of any discrepancies between the Policy and the wording of the information notices provided by the Company in the collection of Personal Data (usually below the forms in the ESOTIQ Online Shop), the information provided in the latter prevails.
- While using the Website, the User remains anonymous for as long as they want to provided that they have proper web browser settings. The User may give their Personal Data while registering on the Website and creating an account, purchasing goods, purchasing a gift card, joining a loyalty club, agreeing to receive information about product availability or subscribing to a newsletter.
- For purchases made on the Website, the User must give the following data:
- a) first and last name,
- b) e-mail address,
- c) shipping address (zip code, town or city, address),
- d) phone number,
- e) optionally: the tax identification number for the invoice,
- f) optionally: billing address (for the invoice) – (zip code, town or city, address).
- The data specified in section 6 of this Policy are required for proper purchasing on the Website and unless the User gives an additional consent, the data will not be used for the Company’s marketing purposes. Detailed provisions on the purchasing process and the process of obtaining consents to the use of Personal Data during the purchasing process are described in the ESOTIQ Online Shop Terms & Conditions, available at www.esotiq.com/pl/pl/regulami-sklepu-esotiq.
- The User may agree to receive commercial information by electronic means (hereinafter the “NEWSLETTER”) and to have their e-mail address (Personal Data) processed for the transmission of the NEWSLETTER. Based on the consent given by the User, the Company may send to the User’s e-mail address newsletters and information about special offers, competitions and news published on the Website. Once the User expresses their wish to subscribe to a NEWSLETTER, the following information will be displayed on the User’s screen:
“Dear Customer of the ESOTIQ NEWSLETTER,
Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 the on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), known as the “GDPR” becomes effective on 25 May 2018.
In view of the above, we wish to inform you about how ESOTIQ & HENDERSON S.A. with its registered office in Gdańsk processes your Personal Data and about your related rights. We want our Customers to have complete information about the GDPR and to be aware that they may request the erasure of their Personal Data at any time and to request to no longer receive commercial information by electronic means. Please read through the following notice.
At the same time, please rest assured that we take proper care of the privacy of each of our Customers and that we in no way extend our rights. Your Personal Data are safe with us, and you may withdraw the consent to their collection and processing at any time, in line with the Personal Data Protection Notice provided below. So if you do not want us to process your Personal Data, please send a request for data erasure to firstname.lastname@example.org or click the link “click here to unsubscribe” provided in the content of the e-mail you have received, and we will promptly delete your data from our database. Once your Personal Data are erased, you will no longer receive commercial information from ESOTIQ to the e-mail address your have provided (because you will be deleted from the NEWSLETTER database).
Personal Data Processing Notice
ESOTIQ & HENDERSON S.A. with its registered office in Gdańsk, ul. Szybowcowa 8A, 80-298 Gdańsk, registered in the Gdańsk-Północ District Court in Gdańsk, 7th Commercial Division of the National Court Register, at KRS No. 0000370553, with NIP: 583-311-72-20, REGON No.: 221133543, hereinafter the “Data Controller,” is the controller of your Personal Data.
The Data Controller collects your Personal Data (e-mail address only) obtained when you consented to the NEWSLETTER (“Personal Data”):
We collect your Personal Data for the following purposes:
- to inform you about our marketing activities and to send you commercial information (NEWSLETTER);
- to send you information about special offers, competitions and the news published on the Website by electronic means (by e-mail).
The Data Controller may transfer the Personal Data to the following third parties for the purposes defined in this document:
- to its employees for the purpose of their activities connected with sending the NEWSLETTER – after the employees are first communicated the Personal Data safety rules, and primarily the Personal Data Safety Policy of ESOTIQ & HENDERSON S.A. with its registered office in Gdańsk,
- to entities with whom the Data Controller have signed a framework contract (“Processor”) in order to implement NEWSLETTER assumptions; the Data Controller may in particular transfer your Personal Data to such entities as: accounting service providers, postal and courier service providers, our marketing partners, IT service providers. These entities will be obligated under contracts signed with the Data Controller to apply appropriate safety, technical and organisational measures to protect Personal Data and process them only in accordance with the law,
- to supervisory authorities, government authorities and other third parties; where necessary for the performance of the above purposes and for the discharge of legal obligations, Personal Data may be transmitted to supervisory authorities, courts and other government authorities (e.g. tax authorities and law enforcement), independent third-party advisors (e.g. auditors) or service providers.
The Data Controller shall use appropriate safety measures, both technical and organisational, to protect your Personal Data. Personal Data shall be retained by the Data Controller and/or the Processors only for the time required to complete the purpose for which such data were collected.
You have rights connected with Personal Data protection. According to applicable data protection legislation, you have the right to complain to a competent authority (e.g. the President of the Data Protection Office or its successor authority).
Furthermore, you have the right to:
- request access to Personal Data; the data subject shall have the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to the Personal Data. At your request, the Data Controller shall provide you with a copy of your data that are being processed. For any further copies you request, the Data Controller may charge a reasonable fee based on administrative costs.
- Personal Data rectification; you have the right to have any Personal Data that concern you and are incorrect rectified. Taking into account the purposes of the processing, you have the right to have your incomplete Personal Data completed, also based on your additional statement,
- Personal Data erasure (“right to be forgotten”); you have the right to request, on condition that the circumstances provided for by the laws have arisen, to have your Personal Data promptly erased, and the Data Controller must erase such Personal Data without undue delay,
- restriction of Personal Data processing; in such a case, the Data Controller will, at your request, indicate such Personal Data, and their processing may be restricted to specific purposes only,
- Personal Data portability; under certain conditions, you have the right to receive the Personal Data that concern you and that are processed by the Data Controller in a structured, commonly used and machine-readable format, and you have the right to transfer such Personal Data to another entity,
- objection; in certain cases you have the right to object at any time, for reasons connected with your special situation, to the processing of the Personal Data that concern you, and the Data Controller may be obligated to stop processing such Personal Data.
Furthermore, please be informed that:
- a) your Personal Data are processed under the voluntary consent you expressed while subscribing for the NEWSLETTER;
- b) your consent to Personal Data processing remains valid. You may withdraw it at any time:
- c) the Data Controller does not process sensitive data;
- d) Personal Data are only processed for the purpose of sending marketing information through the ESOTIQ NEWSLETTER (including information about special offers in ESOTIQ points of sale);
- e) the Data Controller does not transfer Personal Data outside the European Union and the European Economic Area countries (Norway, Iceland and Lichtenstein) and Switzerland;
- f) the Data Controller allows you to exercise your right of access to the content of your Personal Data and the right to their rectification, erasure, restriction of processing, the right of data portability, the right to object to the processing, the right to withdraw the consent at any time.
For any questions regarding Personal Data or the exercise of the privacy rights, please contact the Data Protection Officer appointed by the Data Controller. Please find below the contact details of the Data Protection Officer: email@example.com.”
- Having read the above notice, in order to subscribe to the NEWSLETTER the User checks the box regarding the consent to Personal Data processing in line with the purposes specified in the above notice and separately checks the box with the consent to receive commercial information to their e-mail address by electronic means. Until the User checks the consent in both boxes, the Company will neither process their e-mail address nor will it send any commercial information to that address by electronic means.
- The User may unsubscribe from commercial information at any time by sending an e-mail stating that they wish to unsubscribe from commercial information to firstname.lastname@example.org or by clicking the link “click here to unsubscribe” or by unsubscribing from the Newsletter level. Unsubscribing means a request to delete the User’s Personal Data (e-mail address).
- If the User gives additional consents, the Company’s partners may also be controllers of any data obtained based on the User’s activity online using such technologies as cookies.
- The Company exercises due care to protects the interests of data subjects, and in particular it assures that the data it collects are:
- processed lawfully, fairly and in a transparent manner in relation to the data subject;
- collected for specific, clear and legitimate purposes and are not further processed otherwise than for those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- correct and updated if necessary;
- retained in a form allowing identification of a data subject for a period not longer than required for the purposes for which such data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- The Company may process the Personal Data of Users in particular for the following purposes:
- to conclude and perform a contract for the sale of goods or for the provision of services or to take actions at a request of a future customer before the conclusion of such a contract (if this is the case, we process the User’s data to manage their Account within the ESOTIQ Online Shop in order to allow the User e.g. to place orders without the need to fill out the form every time, to access to the purchase history, to manage their consents regarding the website etc.);
- to conclude and perform a contract for the sale of goods or for the provision of services or to take actions at a request of a future customer before the conclusion of such a contract (the Company need the User’s Personal Data to process the order and perform a concluded contract – and in particular to confirm the order and reserve the item for the User or send it to the User, as well as to contact the User on the matter if necessary);
- to receive and consider complaints;
- to hold a competition, especially to select the winners and give awards;
- to present advertisements, offering or special offers (discounts) regarding the products or services of the Company or its partners (whose current list is available within the ESOTIQ Online Shop) intended for all recipients, in particular in order to conclude a Newsletter contract and a contract for FACEBOK and INSTAGRAM profile management;
- to evaluate and analyse User activity and information about the User, also within automated Personal Data processing (profiling), to present general advertisements, offering or special offers (discounts) regarding the products or services of the Company or its partners, in a manner adapted to the User’s interests (without significantly influencing the User’s decisions), as well as for market and statistical analyses;
- to pursue and defend claims, including third-party claims;
- to perform the legal obligations arising from applicable laws, e.g. from tax and accounting legislation, in particular in the case of fee-based contracts;
- to correspond with the User, which includes replying to the User’s communications.
- The Company may process in particular the following Personal Data of Users:
- for Users of the ESOTIQ Online Shop: the Personal Data the User enters in the form while registering an account, placing an order or booking a product or asking questions in the ESOTIQ Online Shop (in particular: first and last name, e-mail address, contact phone, address [street, house number, flat number, zip code, city or town, country], domicile/business address/registered office [if different that shipping address], bank account number, and for customers who are not consumers – additionally name of company and tax identification number [NIP]), and the remaining data gathered during the use of the ESOTIQ Online Shop;
- Personal Data provided for Newsletter purposes, in the contact form or with a complaint;
- Personal Data provided for competition entry purposes;
- Personal Data provided for the purpose of joining the ESOTIQ Shopping Club (“ESOTIQ CLUB”);
- any other data, in particular obtained based on the User’s activity online, in mobile apps or in physical stores owned by the Company, including data obtained through the ESOTIQ Online Shop or other User communication channels, cookies or similar technologies.
- Users always provide their Personal Data in the ESOTIQ Online Shop, in the NEWSLETTER and in other User communication channels on a voluntary basis but they are required to provide them if they want to use certain functionalities, e.g. place orders (in the ESOTIQ Online Shop), settle orders (conclude and perform the contract for the sale of goods), register accounts (in the ESOTIQ Online Shop), subscribe to a newsletter etc. The scope of the data each time required for contract conclusion is first specified through specific User communication channels (e.g. in the Terms & Conditions). Failure to provide one’s Personal Data may render a User unable to successfully complete the above actions.
- The User’s Personal Data are processed primarily on the grounds of the need to perform a contract to which the User is a party or the need to take actions at the User's request before the conclusion thereof (Article 6(1)(b) of the GDPR). This applies in particular to the Personal Data specified in the form at Account registration in the ESOTIQ Online Shop, at order placement (in the ESOTIQ Online Shop), and at the conclusion of a contract for the sale of goods (in the ESOTIQ Online Shop), as well as at Newsletter subscription. Also the Personal Data provided to the Company in connection with a User’s complaint are processed on the ground of the need to perform / handle a contract for the sale of the goods under the complaint. In turn, presenting, creating, assigning and delivering any User-dedicated advertisements, offering or special offers (discounts) that are only based on machine processing, including profiling, adapted to the User’s preferences as much as possible and with a potential of significantly influencing the User’s consumer decisions takes place based on a consent given by the User on a voluntary basis (Article 6(1)(a)), Article 22(2)(c) of the GDPR). For any other purposes, the User’s Personal Data may be processed based on:
- consents given on a voluntary basis – e.g. for competition entrants (Article 6(1)(a) of the GDPR);
- applicable laws – where the processing is required to perform the Company’s legal obligation, e.g. where the Company settles the sale contracts on the ground of tax or accounting legislation (Article 6(1)(c) of the GDPR).
- The User may agree to the processing of their data for the Company’s marketing purposes. In such a case, the User shall have the right of access to the data, the right to rectification, and the right to request that similar Personal Data be erased. The User may at any time request the erasure of their Personal Data by sending the request to email@example.com.
- The Company protects the provided data, in particular against unauthorised access. The Company allows all the Users who provide their Personal Data to exercise their rights under the GDPR, and in particular the right of access to the Users’ own data, the right to request data rectification, the right to object in the cases as defined in that regulation, and the right to data erasure (“to be forgotten”).
- Users’ Personal Data may be profiled. Profiling means actions of the Company [taken in order to present general advertisements, offering or special offers (discounts) intended for all customers in a way adapted to the interests of a specific User] which may involve learning User preferences, e.g. through analysis of how often the User visits the ESOTIQ Online Shop and whether they purchase or book products in the Company’s physical shops and if yes – which products. It helps better understand the customer’s expectations and thus meet their needs without significantly influencing their decisions. Since the Company uses advanced technologies, such actions will be often automated, performed by a system; as a result, the User will always receive the latest news and will be able to learn it quickly.
- The User's Personal Data for which the Company is the controller may be provided to other recipients or Personal Data processors under a written contract signed with such entities. The catalogue of recipients of the Personal Data processed by the Company each time arises primarily from the scope of services used by the User. The catalogue of recipients also arises from the User’s consent or from applicable laws and is further defined as a result of the actions taken by the User in the ESOTIQ Online Shop. Personal Data may be processed to a limited degree by the Company’s partners, especially those who help manage the technical side of the ESOTIQ Online Shop and other customer communication channels (e.g. manage the FACEBOOK or INSTAGRAM profiles, assist in marketing campaigns), hosting providers or providers of telecommunications services, carriers or agents shipping the ordered goods, entities handling electronic payments or card payments in the ESOTIQ Online Shop, companies that maintain software and support the Company in marketing campaigns, as well as legal and consultancy service providers.
- Within the Company’s use of the Google tools supporting its current operations, the User’s Personal Data may be transferred to countries from outside the European Economic Area, in particular to the United States of America (USA) or to another country where the Company’s partner maintains the tools used to process Personal Data in collaboration with the Company. The Company has ensured appropriate protection of the transferred Personal Data through application of standard data protection clauses meeting the requirements of the GDPR for any data received under data processing contracts. For data transfers from Europe to the USA, some U.S. entities may additionally ensure appropriate data protection level under the Privacy Shield (more information about this available on https://www.privacyshield.gov/).
- Since the cookies (or a technology with a function similar to cookies) used by the Company gather information about every person visiting the Website, the provisions of the Policy apply to all Website visitors, whether or not they are the Company’s customers (i.e. whether or not they place orders and have an account in the ESOTIQ Online Shop).
- Automatically collected data
- a) While the User uses the ESOTIQ.com website, their data are automatically collected. Such data include but are not limited to: IP address, domain name, browser type, operating system type. The data may be collected by cookies, Google Analytics, Facebook, Criteo, HotJar
- b) Cookies are files sent to the User’s computer or another device while the User browses the website of ESOTIQ.com.
- c) The data referred to in this section 23 are used to adapt, measure and improve the services of ESOTIQ.com and to carry out marketing activities.
- Criteo (the User may learn more about how to opt out from interest-based advertising for instance from: http://www.networkadvertising.org/choices/ or http://www.youronlinechoices.com/);
- Google AdWords
- Google Analytics
- Alani ………………..
- Every User has at any time the right:
- to lodge a complaint to the President of the Data Protection Office;
- to portability of the Personal Data which they have provided to the Company and which undergo automated processing, where the processing takes place based on a consent or agreement e.g. regarding another controller;
- of access to Personal Data (including to receive the information which data are processed);
- to request recertification and restriction of processing (e.g. if data are incorrect) or erasure of Personal Data (e.g. if they were processed unlawfully);
- to withdraw a consent granted to the Company at any time; however, consent withdrawal has no impact on any lawful processing carried out by the Company before the consent withdrawal;
- to object to the processing of the Personal Data that concern them carried out based on legitimate interests of the Company or a third party, and to object to the processing for marketing purposes, including profiling.
- Personal Data may be processed throughout the period the User uses the ESOTIQ Online Shop (and they may be erased seven years after the User’s last activity in the ESOTIQ Online Shop), for marketing activities – until the User objects, and if they are connected with cookies and similar technologies – until these files are deleted through browser/device setting (where file deletion is not always tantamount to deletion of the Personal Data collected through such files), depending on technical aspects. If the processing is contingent upon the User’s consent, Personal Data may be processed until the consent is withdrawn. In such a case:
- Personal Data will be stored also if applicable (e.g. accounting or tax) laws obligate the Company to retain them;
- the Company will retain the Personal Data: in case the User lodges any claims against the Company; in order to allow the Company to pursue claims; or for the assertion or defence of third-party claims, until they expire under the statute of limitations, and in particular under the civil code.
So depending on the scope of the Personal Data and the purpose of their processing, their retention periods may differ.
- Commercial information connected with the competitive activities carried out by the Company may be sent (only based on the User’s consent) to the User’s e-mail address or phone number. The consent to the Terms & Conditions must be expressed, it cannot be implicit or inferred. Likewise, the User’s consent to the processing of their Personal Data must be expressed, it cannot be implicit or inferred.
- The Company applies the technical and organisational measures ensuring the protection of the processed Personal Data as appropriate to the threats and category of the protected data, and in particular secures the data against unauthorised access, unauthorised removal, processing in violation of applicable laws, as well as against modification, loss, damage or destruction, If the information about the applied technical and organisational measures ensuring the protection of processing is disclosed to third parties, this may undermine effectiveness of such measures and thus threaten proper data processing. Examples of the protection measures used by the Company: