I General provisions

The company Health and Beauty Media sp. z o. o. (referred to in the text as Health and Beauty Media) pays particular attention to protection of user privacy, including their personal data that is collected in conjunction with visits to the website www.beauty-forum.com.pl (the ‘Website’) and the usage of the electronic services provided by the Website. In the present document, we have described all the necessary information about the processing of personal data that we would like to provide to you, so that you, the User, could make informed choices about the usage, including the provision of personal data, by way of the Website.

The present privacy policy applies exclusively to the website www.beauty-fairs.com.pl

Should the user make use of links placed on the Website, leading to external websites, Health and Beauty Media is not liable for the relevant privacy policies of those websites. Hence, we encourage users to acquaint themselves with the privacy policies in force at those relevant external websites.

See item XII Social media

II Responsible entity

The responsible entity (the ‘Controller’) for the processing of your personal data collected via the Website is Health and Beauty Media sp. z o. o., save for exceptions described in the present Privacy Polisy.

Contact details:

Health and Beauty Media sp. z o. o.

Królowej Marysieńki 9/ 10, 02-954 Warsaw, Poland

Phone no.: 0048 22 858 79 55

E-mail address: [email protected]

III Data processing

In relation to the conducted professional activity, we collect and process data concerning the users of the Website. This data may constitute information that may directly identify a private individual (‘User’) that is collected in relation to the User utilising the services provided by the Website, as well as information in anonymous form that would not allow us to identify the user. Anonymous information applies mainly to data collected for internal purposes related to the management of the website, including assurance of digital and electronic safety of the Website. We collect it by way of using cookie files and server logs. In substantiated cases, we may link the collected information, meaning that data that is anonymous will constitute the personal data of a User as they are linked to that identified User.

In order to ensure data processing transparency, we particularly always inform about the processing of data the moment it is collected, including about the purpose and legal basis of the processing – e. g. by way of using of the contact form or setting cookie file preferences. We strive for the data to be collected only in the scope necessary for the intended purpose, and for it to be processed only over the period, in which it is necessary.

When processing data, we ensure their safety and confidentiality, as well as access to information about processing only to persons, to whom the data applies. If, despite the utilised security resources, protection of personal data would be violated (e. g. a ‘leak’ of data or loss of data), we will inform persons, to whom the data applies, in a manner that is consistent with provisions in force.

IV How personal data is collected

We may collect personal data in the following manners:

– Direct interaction, e. g. those that the User initiated when browsing the Website or the social media profile that we manage, or by way of using the contact channels provided,

– Data from third parties, such as information from third-party websites or other information made publicly available or information provided by third parties, including, among others, the government and data dealers,

– Usage of automatic tracking technology providing us with data on the user’s interaction with our Website, by way of various technologies, such as cookie files, logs and on-line indicators and references.

V Purposes and legal basis for personal data processing

Due to the fact that we provide diverse services for Users and Users that are not logged in, we process personal data for various purposes, in various scopes and on various legal grounds described in the GDPR.

In order to provide You with the clearest information possible, we have grouped this information referring to the purpose of processing of your personal data:

1. Management of the website beauty-fairs.com.pl

Through use of the Website, we collect user information in the form of anonymous data, in the scope necessary for the correct operation of the website, management of its content, creation of statistical lists of their visits, interest in content, publications, etc. The collected user data covers: the IP address, the type of software (e. g. Windows/ Mac), the screen resolution, the name and version of the operating system and the type and version of the internet browser, and a unique device identifier. Should the user view the website using a mobile device, we will collect similar data. This data is collected through cookie files or server log files. The legal basis for the processing of collected data is our legally substantiated interest, on the basis of art. 6 section 1 letter f) of the GDPR, or User consent pursuant to art. 6 section 1 letter a) to the installation of cookie files according to their choice.

2. Non-contractual correspondence

By sending correspondence per e-mail to the provided e-mail addresses, applying to topics not related to services we provide, to the benefit of the sender of this correspondence, we ask to be provided with specific data that will allow us to provide an answer.

The collected user data stemming from correspondence is processed exclusively for the purpose of communication and handling of correspondence. We endeavour to collect only such data that is necessary in respect to the case at hand. The legal basis for the processing of collected data is our legally substantiated interest, on the basis of art. 6 section 1 letter f) of the GDPR, entailing the need to provide a solution to the submitted issue. Should You provide us with information that is other than information necessary for the handling of the specific case, the legal basis for the processing of this data will be art. 6 section 1 letter a), your consent for the processing of this personal data.

3. Contractual or pre-contractual correspondence

By sending correspondence per e-mail to the provided e-mail addresses, applying to topics related to services we provide, to the benefit of the sender of this correspondence, we collect information that is necessary for the purpose of conclusion of a contract or fulfilment of a contract that is already concluded.

The collected user data stemming from correspondence is processed exclusively for the purpose of communication and handling of correspondence. We endeavour to collect only such data that is necessary for the purpose of conclusion of a contract or fulfilment of one. The legal basis for the processing of collected data is the contract or the conclusion of a contract following the request of the person, to whom the data applies, on the basis of art. 6 section 1 letter b) of the GDPR, the collection of data necessary for the purpose of conclusion of a contract and its fulfilment. Should You provide us with information that is other than information necessary for the handling of the specific case, the legal basis for the processing of this data will be art. 6 section 1 letter a), meaning, your consent for the processing of this personal data.

4. Phone contact

Should You contact us by phone in matters not related to a contract we concluded or the services we provide, we may ask to be provided with personal data only if this is necessary to process the case, to which the instance of contact applies. The legal basis in this case shall be the substantiated interest of the Controller (art. 6 section 1 letter f)) of the GDPR, entailing the need to resolve the submitted case related to the business they operate.

5. The Newsletter

When registering yourself as a subscriber of the newsletter by way of the registration form, You provide us with your e-mail address, where You will receive your newsletter. The legal basis for the processing of personal data will be art. 6 section 1 letter a), your consent. Bear in mind that you have the right to withdraw your consent at any time. The withdrawal of the consent does not influence the legality of processing conducted on the basis of the consent before it is withdrawn.

6. Purchase of tickets to events (trade fairs, conferences) organised by Health and Beauty Media or our partners (without account registration

The Website allows Users to purchase tickets to organised industry events. For this purpose, using the provided form, you provide us with data necessary to conclude the contract, and data of the participant in the meeting, in whose name the ticket shall be issued, and covering: the first and last name, the address, the electronic mail address, where you will receive a confirmation of the conclusion of the contract, and, optionally, the name of the business and data necessary for the purpose of issuing of an invoice. In terms of the payment made, we will process data of the bank account and the payment amount. This data shall be processed on the basis of art. 6 section 1 letter b) of the GDPR in relation to undertaking of work before the conclusion of a contract and in relation to the conclusion of one, and on the basis of art. 6 section 1 letter c) of the GDPR due to the legal obligations of the Controller in terms of bookkeeping and accounting affairs.

7. Purchase of tickets to events (trade fairs, conferences) organised by Health and Beauty Media or our partners, along with the registration of an account

By registering a User account at the Website, you gain access to your transaction history, up-to-date information about current events, special offers. The legal basis for the processing of data is a contract concluded on the basis of approval of the terms and conditions, art. 6 section 1 letter b) of the GDPR in relation to the conclusion of a contract.

8. Registration of exhibitors at organised events

If you represent an entity that would like to become an exhibitor during an event organised by Us or our partners, you have to electronically register for the selected event. In order to register, you will have to create a user account in the exhibitor registration system. Hence, we will process your user data spanning the following: first and last name, e-mail address, your position, the name of the entity you represent. the legal basis for the processing of the provided personal information is art. 6 section 1 letter b) of the GDPR, undertaking of activities before the conclusion of the contract, at the request of the person, to whom the data applies (in case of sole proprietorships or personal partnerships), or art. 6 section 1 letter f), within the scope of our legally substantiated interest entailing the verification of the exhibitor before the conclusion of the contract (for capital partnerships or other entities represented by employees or other authorised persons).

9. Declaration of vaccination against Covid-19 in relation to the will to participate in a specific event

Should you express interest in participation in a specific event, to which a ticket was purchased, the user is asked to provide a statement about vaccination against Covid-19. This information is necessary to fulfil the legal obligation imposed by the legislator spanning countering Covid-19 on the basis of the Polish act of March 2nd, 2020, on particular solutions entailing the prevention, countering and combating Covid-19, other infectious diseases and the crisis situations they cause, exclusively for the purpose of consideration of the limit of persons visiting the trade fair, whereby the vaccinated persons are not counted towards the limit set by the legislator.

10. Direct advertising

In relation to the conducted business activity, the collected personal data will be processed in terms of direct advertising of own products and services as expressed through the commencement of activity spanning the provision of specific advertising materials to you in a traditional form. The described activity is our legally substantiated interest on the basis of art. 6 section 1 letter f) of the GDPR. Keep in mind that you are entitled to express opposition against the processing of your personal data for the purpose of direct advertising.

Should you provide us with separate express consent, we may provide you with advertising material via selected communication channels, such as: phone calls, text messages or e-mail messages. The legal basis for the processing of your personal data is art. 6 section 1 letter a) of the GDPR, Your consent. Keep in mind that you are entitled to withdraw your consent at any time. The withdrawal of the consent does not influence the legality of processing effected on the basis of the consent before it is withdrawn.

11. Company profile management

Due to the fact of maintenance of a company profile, we process user personal data for the purpose of operation of a company profile on selected social media websites in order to provide, through these, information about our activity, the promotion of various events that we organise and our brand, products and services, furthermore, the development and maintenance of the community that is related to us, and for the purpose of communication via the available functions of the relevant website (comments, chat, news), as well as for analytical purposes concerning analyses of operation, popularity, mode of use of the indicated company profile. The legal basis for the processing of collected data is our legally substantiated interest, on the basis of art. 6 section 1 letter f) of the GDPR. You have the right to oppose the processing of data for a specific purpose.

See more under IX Social media

We may also process personal data for the following reasons:

– Due to the operated business, the Controller collects personal data in other situations as well – e. g. during business meetings, industry events or by way of exchange of business cards – for purposes related to the initiation and maintenance of business relationships. The legal basis for the processing in this case is the legally justified interest of the Controller pursuant to art. 6 section 1 letter f) of the GDPR, entailing the creation of a network of contacts in relation to the conducted business.

– In relation to the execution of services provided electronically, and the provision of their safety, handling of complaints, we may process User data and operational data. The legal basis for the processing of the collected data is our legally substantiated interest pursuant to art. 6 section 1 letter f) of the GDPR,

– In relation to the exercising of User rights, in particular the right to data correctness, the right to withdraw consent and the storage of User requests and proof of these being handled. The basis for the processing of the collected data is our legally substantiated interest pursuant to art. 6 section 1 letter f) of the GDPR,

– In relation to the exercising of the burden of proof, archival needs and for the purpose of securing information due to the legal obligation to provide facts, and, if at all, the establishment, investigation or defence against claims. The basis for the processing of the collected data is our legally substantiated interest pursuant to art. 6 section 1 letter f) of the GDPR.

VI The personal data we collect

In relation to the provision of services through electronic channels, we collect personal data in the scope necessary for the specific purpose of their processing. These are, among others: The first and last name, the e-mail address, phone number, the content of correspondence or of conversations, data of the business entity (if applicable), invoice data (if applicable), the bank account number and the bank name (if applicable), the industry that you represent (if applicable).

Beside the data indicated above, if you use our Website, we will additionally collect and log data concerning the IP address (Internet Protocol address) of the end device that you use, the name of the service provider, through which you access the website, the names of the downloaded files or data, the date and time and the duration of viewing of the provided content, the date and time of the information you send, the name of the operating system and information concerning the web browser that was made use of for the purpose of viewing of the Website, the name or number of the device used for viewing. Log files are stored by us over a short period of time in order to determine interference and for security purposes (e. g. for inspection of attempted attacks), and then deleted. Log files that need to be stored longer for the purpose of proof are not removed until the moment of final clarification of specific incidents, and may, in individual cases, be provided to law enforcement bodies.

VII Rights of the persons, to whom data applies

A User, whose personal data is processed, is entitled to the following rights:

1. Right to information about the processing of personal data

– on this basis, any person making a submission is provided with information about the processing of personal data, including primarily the objectives and legal basis of processing, the scope of data held, the uncovered entities and the planned time of deletion of the data.

2. Right to acquire copies of the data

– on this basis, we provide copies of the data we process concerning the person making the request.

3. Right to correction

– on this basis, we are obliged to remove any inconsistencies or errors in the processing of personal data, and to amend them if they are incomplete.

4. Right to oppose processing in course of direct advertising

– on this basis, we are obliged to immediately halt the processing of data for direct advertising

5. Right to oppose data processing on the basis of our legally substantiated interest

– on this basis, we are obliged to undertake activity spanning the assessment of whether our legally substantiated interest does not violate the right of the requesting person to privacy, and in case the law is violated, to stop the processing of personal data for the specific purpose.

6. Right to have the data deleted

– on this basis, one can request the removal of data, the processing of which is not necessary any more for the execution of any objective, for which it was collected.

7. Right to have the data transferred

– on this basis – to the extent, in which data is processed in relation to a concluded contract or a given consent – the Controller releases the data provided by a person, to which it applies, in a machine-readable format.

8. Right to have the data processing limited

– on this basis, we cease operations on personal data – save for operations, to which the person, to whom the data applies, had consented – and we cease storage, in line with the assumed rules of retention or until the cause of reduction of the scope of personal data processing ceases.

In order to make a submission to exercise any of the rights indicated above, contact us by way of one of the following communication channels:

Electronic form available at https://www.health-and-beauty.com.pl/personal-data/personal-data-forms/

By e-mail: [email protected]

By phone: +48 22 858 79 55

By post: Health and Beauty Media sp. z o. o., Królowej Marysieńki 9/ 10, 02-954 Warsaw, Poland.

Specific information can be found at the following locations:

– Your rights in relation to the profssing of personal data: https://www.health-and-beauty.com.pl/personal-data/personal-data-processing-rules-at-health-and-beauty-media-sp-z-oo/information-of-rights-of-users-whose-data-is-processed/

– the assumed rules of processing of requests submitted to us: https://www.health-and-beauty.com.pl/personal-data/personal-data-processing-rules-at-health-and-beauty-media-sp-z-oo/how-to-make-requests-to-exercise-rights-pursuant-to-the-gdpr/

9. Right to complain

– Should you believe that the processing of personal data violates data protection regulations, the concerned person may submit a complaint with the President of the Polish Data Protection Office.

The request is submitted to the Polish Data Protection Office, address: Stawki 2, 00-193 Warsaw, Poland.

VIII Recipients of personal data

We do not disclose the personal data of the Website Users, save for the following situations, when

– it is necessary due to the business, telecommunications operators, legal offices,

– it is required or allowed by the provisions of the law, and in such cases, we provide the data to companies, organisations and persons, if in good faith we believe that the provision, usage, retention or disclosure of personal data is substantiated due to the following:

– working towards the fulfilment of requirements of the law in force, provisions, legal processes or legally binding requests of state institutions,

– exercising of existing conditions of usage of the Website (Website Terms and Conditions), including the investigation of potential violations,

– detection of fraud and fraud prevention, and the resolution of other difficulties concerning security and technical issues,

– protection of rights of property or security of the Controller, Website Users and other persons as required or permitted by law.

– You consent to such provision as the person, to whom the data applies,

– it is necessary for the purpose of execution of activities contracted by us by third parties, on the basis of concluded contracts, e. g. hosting provider, website operation. In such a case, in substantiated cases, we may provide the personal data acquired by us in the form of subcontracting, to cooperating suppliers, so that it is possible for them to process the personal data in our name.

IX Due to the usage of various electronic solutions, depending on the services that You use through out Website www.beauty-fairs.com.pl, Your personal data will be provided to entities providing the Controller with specific services. These entities can be located in third countries, which

1. Do not belong to the European Economic Area (EEA), however, with respect to which, the European Commission has issued decisions stating that the legal order of these countries guarantees sufficient protection of personal data. These countries include: Andorra, Argentina, Canada, Guernsey, Faroe Islands, Israel, Isle of Man, Japan, New Zealand, Switzerland, Uruguay.
2. Do not belong to the EEA, and with respect to which the European Commission has not issued decisions stating that the legal order in these countries guarantees sufficient protection of personal data (e. g. the United States).

The provision of personal data to entities outside of the EEA, providing specific services for our benefit, takes place on the basis of relevant transfer contracts concluded with these entities. These contracts take into account standard data protection clauses (model contract clauses) approved and accepted by the European Commission. In addition, the legal basis for the provision of personal data to entities with seats in countries indicated under a) are the relevant decisions of the European Commission concerning the proper protection of personal data, as published in the Official Journal of the European Union.

You may receive copies of the concluded transfer contracts – in such a case please contact the personal data protection representative appointed by the Controller, by sending your request to [email protected], or by regular post, to the Company address.

Presently, the data transfer applies to the following service provider:

– GetResponse, spółką z ograniczoną odpowiedzialnością with seat in Gdańsk, Poland, address Arkońska 6/ A3, 80-387 Gdańsk, Poland, Polish National Court Register no. KRS 0000187388, NIP (tax id.) no. 9581468984, in relation to data transfers to Canada and the United States.

X Automated processing, including profiling

Both us as well as our service providers may automatically collect specific data on Users and their modes of usage of services. We ask that you acquaint yourselves with the content of the Cookie Policy in order to acquire specific information concerning cookie files and other website activity monitoring technologies that we use as part of our service.

Save for cases allowed by the law, cookie files are placed on User drives only after acquisition of their consent via a banner informing about cookie files or the preference centre.

The Cookie Policy includes information on how to block these technologies.

Your personal data is not used for profiling.

IX Data storage periods

In line with the established policy, personal data is processed for the following periods:

– six years from the conclusion of the conducted correspondence if not related to the contract,

– six years from the termination of a contract, to which the person, to whom the data applies, is a party, including any information, agreements, clarifications made by e-mail or phone, collected during the validity of the contract,

– five years from the year following the year of the accounting transaction on the basis of legal provisions obliging the Controller to process personal data for bookkeeping and fiscal purposes,

– three years from the collection of data for the purpose of Website management,

– ten years from the conclusion of claims proceedings,

– until the submission of complaints or the termination of the purpose of processing, in situations when data is processed for direct advertising purposes,

– until consent is withdrawn or until the purpose, why the consent was issued, ceases,

– six years from the receipt of application documents if the relevant candidate is not chosen.

XII Social Media – plugins

Our website uses social media plugins from various sites. In course of usage of plugins, the browser engages in a direct connection to servers of the relevant site. A given supplier thus receives the information that your web browser had displayed the relevant page in a given social media site, even if you do not have a user account with that provider, or if case you are not currently logged in with them. Log files (together with IP addresses) are then sent by Your web browser directly to the server of that provider, and may be stored there. The location of the supplier or their server may lie outside of the EU or the EEA (e. g. in the United States). However, despite the owner of the website at that particular social media website being us, due to the character of social media, the data controller shall be the owner (the ‘Operator’) of that social media site. The Operator handles all the digital service infrastructure, they have their own privacy policy and maintains their own relationship with the User (should You be a registered user of that particular social media site). We thus have no influence on the scope of data collected by social media suppliers by way of these plugins. The objective and scope of data collection, their further processing and usage by the social media site, and the related user rights and options of protection of their privacy, are presented in information on the privacy policy of that particular social media site.

1. Facebook plugins

Facebook is operated under the address www.facebook.pl by the company Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (‘Facebook’). An overview of Facebook plugins and their mode of use is found under http://developers.facebook.com/plugins; information on the Facebook privacy policy is found at http://www.facebook.com/policy.php.

2. Instagram plugin

Instagram is operated at www.instagram.com by the company Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (‘Facebook’). Information on data protection can be found at LinkedIn at https://help.instagram.com/519522125107875.

Our objective in terms of data processing under the social media profiles we operate is to inform Users about our offers, products, services, special offers, competitions, industry events, company news, and interaction with persons visiting our company profile.

XIII Data protection representative

We have appointed a data protection inspector, who may be contacted on any issues concerning the processing of personal data, through the following channels:

– electronically, under [email protected]

– by post: Health and Beauty Media sp. z o. o., Królowej Marysieńki 9/ 10, 02-954 Warsaw, Poland, noting ‘Data protection inspector’ on the envelope.

XIV Miscellaneous provisions

1. The present Privacy Policy may be amended from time to time. User rights due to this Privacy Policy shall not be limited without express consent of the User. All changes to the Privacy Policy will be published here, and important changes shall be notified more clearly. We also retain past versions of the Privacy Policy at the archives, for user reference reasons. The present version of the Privacy Policy was published on 01.09.2021.
2. Any questions, remarks or doubts concerning the content of the present Privacy Policy or the mode, in which we process personal data, as well as complaints concerning these issues (however, we do hope that such complaints will not be necessary) should be sent by e-mail including detailed information on the complaint, to the address [email protected]. All complaints shall be handled and answered.