This Privacy Policy is a supplement to all agreements concluded with Laboratorium Kosmetyczne Canexpol Group Spółka z ograniczoną odpowiedzialnością Spółka komandytowa (hereinafter referred to as "Laboratorium Kosmetyczne Canexpol Group Sp. z o.o. Sp.k." or the "Company"). The changes are introduced in connection with the entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”).
The Privacy Policy sets out the rules for the processing and protection of personal data of Clients using any of the Company’s services, which may be provided either directly by the Company or through third parties offering such services in a professional manner.
Administrator
The data controller is Laboratorium Kosmetyczne CANEXPOL GROUP Sp. z o.o. Sp. k., with its registered office at ul. Świętojańska 21/2, 00-266 Warsaw, Poland,
Tax ID (NIP): 525-279-1587, REGON: 383511169, KRS: 0000789156.
The production facility and correspondence address is: ul. Kołbielska 40A, Stojadła, 05-300 Mińsk Mazowiecki, Poland, Phone: +48 25 758 43 27. Hereinafter referred to as the “Controller.”
The Controller processes personal data in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
If any provisions of the main Service Agreement or this Privacy Policy are found to be wholly or partially inconsistent with the GDPR or any other applicable data protection laws, such provisions shall, to the corresponding extent, be deemed non-binding for the data subjects. In place of those provisions, the applicable legal regulations that comply with the relevant laws shall apply.
Collection of Personal Data
The personal data collected by Laboratorium Kosmetyczne Canexpol Group may include: full name, company name, tax identification number (NIP), statistical number (REGON), registered office or residential/business addresses, phone number, email address, bank account number, as well as any other data provided in client documentation that is necessary for the performance of the agreement between the Parties.
Personal data is collected by Laboratorium Kosmetyczne Canexpol Group primarily during the signing of an agreement, as well as whenever personal data is shared (provided) by the Client or another third party.
The Client is solely responsible for the accuracy of the personal data provided. If the personal data concerns entities other than the Client directly (in particular, the Client’s employees, collaborators, or contractors), the Client declares that such data has been obtained and is processed in accordance with the law. Furthermore, the Client is obliged to conclude a data processing agreement with Laboratorium Kosmetyczne Canexpol Group for the processing of such personal data.
The Controller collects and processes personal data both in traditional (paper) form and in electronic form, ensuring an appropriate standard of security.
Purpose of Personal Data Processing
Personal data may be processed by Laboratorium Kosmetyczne Canexpol Group solely for the purpose of providing services covered by the main agreement, i.e. the Service Agreement. The data will be processed only for the duration of the agreement, and thereafter only to the extent necessary to fulfill obligations and exercise rights arising from applicable legal regulations.
Laboratorium Kosmetyczne Canexpol Group is entitled to entrust personal data to third parties only when necessary for the performance of the agreement or in the case of an additional order (or service request) made directly by the Client, which shall be understood as a modification of the service agreement and, in this context, excludes the requirement for a written form of amendment. Laboratorium Kosmetyczne Canexpol Group may perform the agreement with the involvement of third parties.
Laboratorium Kosmetyczne Canexpol Group is entitled to send Clients offers, samples, catalogs, and price lists to the email address provided by the Client, provided that the Client has given consent for their personal data to be processed for marketing purposes related to services offered by Laboratorium Kosmetyczne Canexpol Group or its closely cooperating partners, beyond the scope of the main service agreement.
In connection with the above, the Client is hereby informed that, pursuant to Article 6(1)(a) of the GDPR, they may withdraw their consent to the processing of personal data at any time.
Voluntary Provision of Personal Data
The Client acknowledges that providing personal data is voluntary; however, refusal to provide data strictly necessary for the execution of the main agreement constitutes a significant obstacle to its performance and, consequently, makes it impossible to deliver services to the Client. In such cases, Laboratorium Kosmetyczne Canexpol Group reserves the right to withdraw from the agreement.
Rights Related to the Processing of Personal Data
Any individual whose personal data is processed by Laboratorium Kosmetyczne Canexpol Group has the right to access their personal data, request its rectification or deletion, and object to its processing. Laboratorium Kosmetyczne Canexpol Group is obliged to fulfill such requests without undue delay, unless doing so would conflict with a legal obligation or right arising directly from applicable law.
The data subject also has the right to lodge a complaint with the data protection authority.
Personal Data Security
The Controller is required to implement appropriate technical and organizational measures to ensure the protection of processed data, in particular by safeguarding it against unauthorized access, unlawful processing, alteration, loss, damage, or destruction.
Only individuals authorized by the Controller are permitted to process your data within the Controller’s organization.
The Controller specifically declares that it uses professional IT security measures compliant with the GDPR, the implementation of which has been entrusted to a qualified third-party provider.
Other Information on Personal Data Processing
Laboratorium Kosmetyczne Canexpol Group informs all individuals whose personal data may be processed in the course of its daily operations that such data may be disclosed to entities authorized to receive it under applicable laws, including relevant judicial authorities.
The Controller shall be obligated to disclose collected personal data to public administration authorities, law enforcement agencies, and judicial bodies upon their explicit request and only in cases specified by law, while exercising particular caution in doing so.
The Controller is obligated to continuously update all personal data protection standards to ensure that legal, IT, organizational, and other procedures remain compliant with current legal regulations.
The Controller reserves the right to make changes to this Privacy Policy if necessary to align its content with appropriate personal data protection standards.
The Controller declares that all employees and collaborators of the Company have been informed and thoroughly trained in matters related to personal data protection.
The employees have signed an Authorization to Process Personal Data.
For all matters related to the processing and protection of personal data, please contact the Controller using the correspondence details or via email at: info@canexpol.waw.pl.
Notwithstanding the above content and the conclusions drawn from it, the Controller declares that:
- has reviewed and undertakes to comply with the obligations arising from the General Data Protection Regulation of 27 April 2016 (GDPR), the current Personal Data Protection Act, and applicable implementing regulations;
- will ensure the security of processed personal data by protecting it against unauthorized access, unjustified modification and destruction, as well as unlawful disclosure or acquisition;
- undertakes to keep confidential all information, data, materials, documents, and personal data received from the Data Controller and its associates, as well as any data obtained in any other way, whether intentionally or accidentally, in oral, written, or electronic form (“confidential data”);
- in connection with the obligation to maintain the confidentiality of confidential data, such data shall not be used, disclosed, or shared without the prior written consent of the Data Controller, except for the purpose of performing the Agreement, unless the disclosure of such information is required by applicable law or the Agreement;
- is aware of the legal liability for processing personal data in violation of the Personal Data Protection Act, and acknowledges that failure to fulfill the obligations arising from this declaration may result in legal consequences under the internal regulations of the Data Controller, the Labor Code, the Civil Code, and the Personal Data Protection Act.
- Familiarization with this document prior to entering into the Service Agreement shall constitute acceptance of all its provisions upon conclusion of the agreement.