Canexpol Group Logo
Canexpol Group Logo
Contact

This Privacy Policy complements the content of all agreements concluded with Laboratorium Kosmetyczne Canexpol Group Spółka z ograniczoną odpowiedzialnością Spółka komandytowa (hereinafter referred to as "Laboratorium Kosmetyczne Canexpol Group Sp. z o. o. Sp.k." or the "company"), and the changes are dictated by the entry into force of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR").

The Privacy Policy defines the principles of processing and protecting the personal data of Customers using all of the company's services, which the company may perform independently, i.e. directly or through third parties that provide services of a given type in a professional manner.

Administrator

The data controller is the CANEXPOL GROUP Cosmetics Laboratory Sp. z o. o. Sp. k. with its registered office at Świętojańska 21/2, 00-266 Warsaw, Poland, NIP: 525-279-1587 REGON: 383511169 KRS: 0000789156
Production plant and correspondence address: ul. Kołbielska 40A, Stojadła, 05-300 Mińsk Mazowiecki, Poland, Tel. +48 25 7584327, hereinafter referred to as: "Administrator".

The Administrator processes personal data in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

If any provisions of the Master Service Agreement or this Privacy Policy are found to be in conflict, in whole or in part, with any provisions of the GDPR or other applicable data protection laws, such provisions shall be wholly or in part null and void for data subjects. In their place, the provisions in accordance with the applicable law shall apply.

Collection of personal data

The personal data collected by the Canexpol Group Cosmetics Laboratory include or may include: first name and last name, name (company), Tax Identification Number (NIP), National Business Registry Number (REGON), registered office, residence or business address, telephone number, e-mail address, bank account number, as well as other data resulting from the documentation provided by the Customers, necessary for the performance of the contract between the Parties.

Personal data are collected by the Canexpol Group Cosmetics Laboratory primarily during the signing of the contract and in each situation when personal data is made available (transferred) by the Client or another third party.

The Client is personally responsible for the accuracy of the personal data provided. If the personal data relates to entities other than the Client (in particular, their employees, collaborators, or contractors), the Client declares that they have obtained and processed such data lawfully. Furthermore, the Client is obligated to enter into a data processing agreement with the Canexpol Group Cosmetics Laboratories regarding the processing of such data.

The Administrator collects and processes personal data in the form of traditional (paper) documentation as well as in the form of electronic documentation, ensuring an appropriate security standard.

Purpose of personal data processing

Personal data may be processed by the Canexpol Group Cosmetics Laboratory solely for the purpose of providing services covered by the main agreement, i.e., the Service Provision Agreement. Data will be processed only during the term of the agreement, and after that time, only to the extent necessary to fulfill the obligations and rights arising from generally applicable law.

The Canexpol Group Cosmetic Laboratory is authorized to entrust personal data to third parties only when necessary to perform the contract or in the event of an additional order (interest in the service) submitted directly by the Client, which should be understood as a change to the service agreement, and the requirement for written amendments to this agreement is excluded here. The Canexpol Group Cosmetic Laboratory may perform the contract through third parties.

The Canexpol Group Cosmetic Laboratory is authorized to send Customers offers, samples, catalogs, and price lists to the email address provided by the Customer, provided the Customer has consented to the processing of their personal data for marketing purposes related to the offering of services by the Canexpol Group Cosmetic Laboratory or entities closely collaborating with it, other than those covered by the main contract. In connection with the above, the Customer is informed that, in accordance with Article 6, Section 1, Letter a) of the GDPR, the Customer may withdraw consent to the processing of personal data at any time.

Voluntary sharing of personal data

The Client acknowledges that the provision of all personal data is voluntary, however, the refusal to provide personal data strictly related to the scope of the concluded main contract constitutes a significant obstacle to the performance of the contract and thus prevents the provision of services to the Client, and gives rise to the right of withdrawal from the concluded contract on the part of the Canexpol Group Cosmetics Laboratory.

Rights related to the processing of personal data

Any person whose personal data is processed by the Canexpol Group Cosmetics Laboratory has the right to access, rectify, or delete their personal data, and may also object to processing. The Canexpol Group Cosmetics Laboratory is obligated to comply with these requests promptly, unless an obligation or right arising directly from generally applicable law prohibits it. The person whose data is processed also has the right to lodge a complaint with a data protection authority.

Protection of personal data

The Administrator is obliged to apply appropriate technical and organisational measures to ensure the protection of the processed data, and in particular protects the data against disclosure to unauthorised persons, processing in violation of the law and change, loss, damage or destruction.

Only persons authorized by the Administrator are allowed to process your data within the Administrator's organization.

In particular, the Administrator declares that he uses professional IT security measures in accordance with the provisions of the GDPR, the implementation of which he has entrusted to a professional third party.

Other information about the processing of personal data

The Canexpol Group Cosmetics Laboratory informs all persons whose personal data may be processed in the course of its daily activities that such data may be made available to entities authorized to receive them under applicable law, including the relevant judicial authorities.

The Administrator will be obliged to transfer the collected personal data to state administration bodies, law enforcement agencies and judicial authorities at their express request and only in cases specified by law, while maintaining the principle of special caution.

The Administrator is obliged to constantly update all personal data protection standards to ensure compliance of legal, IT, organizational and other procedures with current legal provisions.

The Administrator reserves the right to make changes to the Privacy Policy if necessary to adapt its content to appropriate standards of personal data protection.

The Administrator declares that he has instructed and thoroughly trained all employees and associates of the company in the field of personal data protection.

Employees have signed an Authorization to Process Personal Data.

In all matters relating to the processing and protection of personal data, please contact the Controller using the correspondence details or e-mail address: info@canexpol.waw.pl

Regardless of the above content and conclusions drawn therefrom, the Administrator declares that:

  • I have read and undertake to comply with the obligations arising from the General Data Protection Regulation of 27 April 2016 (GDPR), the current Personal Data Protection Act and implementing acts;
  • will ensure the security of processed personal data by protecting them against unauthorized access, unjustified modification and destruction, illegal disclosure or acquisition;
  • undertakes to keep confidential all information, data, materials, documents and personal data received from the Data Controller and from persons cooperating with him, as well as data obtained in any other way, intentional or accidental, in oral, written or electronic form ("confidential data");
  • in connection with the obligation to keep confidential data secret, they will not be used, disclosed or made available without the written consent of the Data Controller for any purpose other than the performance of the Agreement, unless the necessity to disclose the information in question results from applicable law or the Agreement;
  • I am familiar with the principles of legal liability for processing personal data that is inconsistent with the Personal Data Protection Act and I am aware that I may be legally liable for failure to comply with the obligations arising from this declaration under the internal regulations in force at the data controller, the Labor Code, the Civil Code and the Personal Data Protection Act
  • Familiarizing yourself with this document before concluding the Service Agreement, if this agreement is concluded, constitutes acceptance of all its provisions.