Controllers information clause – Venome


Controllers information clause

Who is the controller of your personal data?

The controllers (entities who determine how your personal data are used) are ESTHETIC SOLUTIONS AT Andrzej Szymczak, Tomasz Pawelczak S.C. ul. Chartowo 5, 61-245 Poznań, NIP 7822568440 (“Controller 1“) and Venome sp. z o.o., NIP 7822572542 (“Controller 2“). These entities will process your personal data jointly as co-controllers (“Co-controllers”).

How can I contact them to receive more information on personal data processing?

To provide more information on how your personal data are processed by Co-controllers, a joint contact point has been created. You can call us at (+48) 690 020 021, e-mail us at: kontakt@dermatic.pl, or visit us in person at: ul. Chartowo 5, 61-245 Poznań.
To contact a specific controller, send an e-mail to one of these addresses:
Controller 1: kontakt@dermatic.pl,
Controller 2: office@venome-global.com

How do we obtain your data?

We have received your data from you, either because you used the offer of the Co-controllers, or because you opted in to receive commercial communications from the Co-controllers.

What is the purpose and legal basis of data processing?

Your personal data may be processed to fulfill your orders or respond to your inquiry submitted via the Venome website (GDPR Article 6(1)(b)). In these cases, the following data are processed: name, surname, e-mail address or telephone number, address, billing information. If you opted in to receive commercial communications, including our stores’ offer, or subscribed to our newsletter, we will process your personal data (phone number and/or e-mail address) to send you this information (GDPR article 6(1)(b) and/or (f)). In terms of communicating with our current customers with regard to our service offer, our legitimate interest involves maintaining the customer relationship and provide up-to-date information regarding our services and promotional offers.

Is providing your personal data mandatory?

Providing your data is voluntary, but if you do not provide them for any reason, we will not be able to fulfill your order or contact you.

What are your rights in terms of data processing?

We guarantee all your rights under the General Data Protection Regulation, which include the right to access, rectify, or move the data, or have them removed, to restrict processing, to object to personal data processing, and the right not to be subject to decisions based solely on automated processing (including profiling).

You can exercise these rights, depending on situations described in GDPR articles 15–22, in particular when:

  • regarding rectification: you notice your data are incorrect or incomplete;
  • regarding erasure: your data are no longer needed for the purposes for which they had been collected by one of the Co-controllers; you withdraw your consent to data processing and there is no other legal basis for processing; you object against the processing of your data due to circumstances described in GDPR article 21; your data are being processed illegally; your data should be erased in order to comply with applicable legal provisions; or your data have been collected in order to provide services electronically to a child;
  • regarding restriction of processing: you notice your data are incorrect — you can request restriction of data processing for a period allowing us to verify the accuracy of the data; your data are being processed illegally, but you do not want to have them erased; we no longer need your data, but you may need them for legal defense or pursuit of claims; or you object against data processing — until it is determined whether our legal basis for processing overrides the legal basis for objection.
  • regarding data portability: your data are processed based on your consent or a contract concluded with you, or the processing is automated.

You can lodge a complaint regarding the way we process your personal data to the supervisory authority, that is the President of the Personal Data Protection Office (address: Prezes Urzędu Ochrony Danych Osobowych, Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa).

You have the right to object against the processing of your personal data when:

  • your personal data are processed based on legitimate interest or for statistical purposes, and your objection is justified by your exceptional circumstances; in this case, we may no longer process these personal data unless we demonstrate a legitimate basis for processing them that overrides your interests, rights and freedoms or bases to determine, bring or defend claims;
  • your personal data are processed for direct marketing purposes, including profiling for that purpose.

Who do we share your personal data with?

We share your personal data with entities supporting us in the provision of our services, including services provided electronically. These can include our employees, our partners, entities or individuals supporting us in providing services to you, co-operating with us during marketing campaigns, and providing IT support.

How long do we keep your personal data?

Your personal data are kept for the duration of the contract concluded with you, and also after its expiration, to:

  • pursue claims related to the contract,
  • fulfill our legal duties, including fiscal and accounting duties,
  • prevent abuse and fraud,
  • until the period of limitation expires.

When we respond to your inquiry — until the period of limitation expires for claims resulting from the response.

We keep your personal data for marketing purposes until you object against their processing, and if the processing is based on your consent — until you withdraw your consent.

How do we fulfill our obligations towards you as Co-controllers and what are the arrangements between us?

Your rights related to our processing of your personal data can be exercised towards each of the Co-controllers, but to make it easier for you to contact us, you can submit your request at the above contact point. We have arranged that the contact point will be managed first by Controller 1.

The same controller is also responsible for preparing the privacy notice you are reading and informing you about any potential breach if there is a high risk that your rights or freedoms will be compromised as a result of the breach, pursuant to GDPR article 34.