§ 1. General provisions
1.1. The administrator of Customers' personal data is Dr Malou Sp. z o. o. with its registered office at PL. Kaszubski 8 / 311, 81-350 Gdynia, registered under the KRS number: 0001130043, NIP: 5862410359, hereinafter referred to as the "Administrator".
1.2. The Administrator processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and national regulations.
1.3. The privacy policy defines the principles of processing and protection of personal data collected from Customers via the drmalou.com store, hereinafter referred to as the "Store".
§ 2. Purposes and scope of personal data processing
2.1. Customers' personal data are processed for the following purposes:
- Fulfillment of orders placed in the Store,
- Handling complaints and returns,
- Providing marketing information, with the Client's consent,
- Contacting you regarding matters related to your order.
2.2. The data processed may include: name, email address, telephone number, delivery address, payment details and other information necessary to complete the order.
§ 3. Basis for processing personal data
3.1. The Administrator processes Customers' personal data on the basis of:
- Customer consent (Article 6, paragraph 1, letter a of the GDPR) in the case of sending marketing materials,
- Necessity to perform the contract (Article 6, paragraph 1, letter b of the GDPR) in the case of order fulfillment,
- Legal obligations incumbent on the Controller (Article 6(1)(c) of the GDPR), such as issuing invoices.
§ 4. Transfer of personal data
4.1. Customer data may be transferred:
- Payment and courier service providers, to the extent necessary to fulfill the order,
- Entities supporting the Administrator in marketing or service activities based on appropriate data processing agreements.
4.2. Data is not transferred outside the European Economic Area unless the Customer expressly consents to this.
§ 5. Customer Rights
5.1. The Customer has the right to:
- Access to your personal data,
- Correction of incorrect or incomplete data,
- Deletion of data (“right to be forgotten”) if further processing is not justified,
- Data processing restrictions,
- Data transfer,
- Objection to data processing for marketing purposes.
5.2. In order to exercise his/her rights, the Customer may contact the Administrator by e-mail at the following address: bok@drmalou.com
§ 6. Data storage period
6.1. Customers' personal data are stored for the period of:
- Necessary to fulfill the order and handle complaints,
- Defined by law, in particular those relating to the storage of accounting and tax documents,
- Until you withdraw your consent to data processing for marketing purposes.
§ 7. Security of personal data
7.1. The Administrator uses technical and organizational measures to ensure the security of personal data processing, including protection against unauthorized access, accidental loss, destruction or damage.
§ 8. Cookies
8.1. The Store uses cookies to optimize the use of the website, including for analytics, statistics, and marketing purposes.
8.2. The Customer may independently change cookie settings in their web browser or completely block their operation, which may, however, affect some of the Store's functions.
§ 9. Final provisions
9.1. In matters related to the processing of personal data and to exercise the Customer's rights, you can contact the Administrator at the following e-mail address: bok@drmalou.com
9.2. The privacy policy may be amended in the event of changes in legal regulations or technology updates. Any changes will be published on the Store's website.
