Privacy policy

1. PERSONAL DATA ADMINISTRATOR

The administrator of cookies is the company TAQTIC Sylweriusz Faruga, based at ul. Mielecka 8/2, 53-402 Wrocław, Poland. You can contact the Administrator at the above address, by email: masaje.kontakt@gmail.com, or by phone: (+48) 534 944 402 or (+48) 537 523 181 (charges apply as per the standard rate of the respective operator).

2. PERSONAL DATA PROTECTION

Client’s personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, p. 1) (“GDPR”) and other currently applicable data protection laws.
Personal data refers to information relating to an identified or identifiable natural person (“Personal Data”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The Administrator also protects Clients who have provided their Personal Data to the Administrator via other communication channels, such as:

1. 
   a) The website https://www.facebook.com and all other websites branded or co-branded with Facebook, governed by regulations available at https://www.facebook.com/legal/terms, provided by Facebook Inc. or Facebook Ireland Limited (“Facebook Service”), including through Facebook Lead Ads for the purpose of direct marketing of the Administrator’s own products or services. The rules regarding the protection and use of Personal Data by Facebook Service are available, for instance, at: https://www.facebook.com/policy.php. The Administrator has no influence over the legal regulations of the Facebook Service, including those related to Personal Data;
   b) Applications enabling the Administrator to run advertising campaigns within the Facebook Service, including competitions.

3. PURPOSE AND BASIS FOR PERSONAL DATA PROCESSING

Personal Data may be processed for various purposes and on different legal bases depending on the functionalities of the Website used by the User, particularly for the purpose of concluding and executing agreements with the User, conducting marketing activities, market and statistical analyses, and improving the quality of services.

4. CONTACT FORM ON THE MASAJE.PL WEBSITE

Personal Data provided through the Contact Form and collected during subsequent communication may be processed for the following purposes:

1. a) Communication with the User and responding to their message – legal basis: Article 6(1)(f) of GDPR, i.e., the legitimate interests pursued by the Administrator;
   b) Depending on the content of the communication, taking actions at the User’s request before concluding the appropriate agreement – legal basis: Article 6(1)(b) of GDPR, i.e., the necessity of taking actions before concluding the agreement;
   c) Depending on the User’s message content, marketing, analytical, and statistical activities of the Administrator or partners or other so-called third parties with whom we cooperate – legal basis: Article 6(1)(f) of GDPR, i.e., the legitimate interest of the Administrator or third party;
   d) Determining, defending, and pursuing claims that may arise within the relationship between the User and the Administrator, and other purposes necessary for the realization of the legitimate interests of the Administrator or a third party – legal basis: Article 6(1)(f) of GDPR, i.e., the legitimate interests pursued by the Administrator or a third party.

Providing Personal Data is voluntary, but necessary for effective communication with us.
In principle, we will process Personal Data until the communication with the User is concluded, and in the case of marketing activities – until the User objects, unless the law requires us to process this data for a longer period or we retain it longer in case of potential claims, for the limitation period defined by law, particularly the Civil Code, or for other purposes resulting from the realization of our legitimate interests. In any case, the longer retention period of Personal Data will prevail.

Information about recipients of Personal Data, information about the possible transfer of User’s Personal Data to third countries (outside the European Economic Area), and the rights available to the User in connection with the processing of Personal Data are described in more detail in the subsequent sections of the Policy.

5. NEWSLETTER

The Data Controller of the User’s Personal Data is the entity indicated in point 1. Personal Data, including those provided in connection with signing up for the Newsletter, are or may be processed for the following purposes:

a) The execution of the agreement for the provision of the Newsletter – legal basis: Article 6(1)(b) of the GDPR, i.e., the necessity to perform the concluded agreement (newsletter) – to send the User, e.g., via email or via SMS, MMS, push notifications, or messengers linked directly to the User’s phone number (e.g., Messenger, WhatsApp), attractive advertisements and offers (discounts).

b) Marketing, analytical, and statistical activities of the Data Controller or its partners or other so-called third parties we cooperate with, e.g., presenting the User with advertisements and offers (discounts), also tailored to their interests based on profiling (we simplify the analysis of the User’s activity, e.g., purchase history and behavior on our site, to better adjust not only to certain general groups of our Clients but also their preferences). However, our activities do not significantly affect decisions, e.g., purchasing decisions – legal basis: Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Data Controller or a third party.

c) The establishment, defense, and pursuit of claims that may arise from the relationship between the User and the Data Controller, as well as other purposes necessary to achieve the legitimate interests of the Data Controller or a third party – legal basis: Article 6(1)(f) of the GDPR, i.e., legitimate interests pursued by the Data Controller or by a third party.

Providing Personal Data is voluntary but necessary to sign up for the Newsletter. We will process the data for the period necessary to perform the contract (until unsubscribing from the newsletter), lodging an objection by the User, as well as for the period required by law (e.g., tax, accounting laws), unless a longer period results from storing them in case of potential claims for the limitation period specified by law, particularly the Civil Code, or for other purposes arising from the pursuit of our legitimate interests. In any case, the longer retention period of Personal Data shall prevail.

Information about the recipients of Personal Data, information about any transfer of the User’s Personal Data to third countries (outside the European Economic Area), and the rights to which the User is entitled in connection with the processing of Personal Data are detailed in the further part of the Policy.

6. SOCIAL MEDIA PROFILES

The Data Controller of the User’s Personal Data is the entity indicated in point 1. Personal Data, including those that the User provides by visiting our profiles on social media (e.g., comments, likes, internet identifiers), are or may be processed for the following purposes:

a) Marketing, analytical, and statistical activities in the form of enabling the User to be active on the profile, effectively managing our profile by presenting the User with information about our initiatives and other activities, and in connection with promoting various events, services, and products – legal basis: Article 6(1)(f) of the GDPR, i.e., the legitimate interest pursued by the Data Controller.

b) The establishment, defense, and pursuit of claims that may arise from the relationship between the User and the Data Controller, as well as other purposes necessary to achieve the legitimate interests of the Data Controller or a third party – legal basis: Article 6(1)(f) of the GDPR, i.e., legitimate interests pursued by the Data Controller or by a third party.

Providing Personal Data is voluntary but necessary to fully use the functionalities of our social media profiles. Personal Data will be processed for the period necessary to achieve the aforementioned purposes or until a valid objection is raised by the User, as well as for the period required by law (e.g., tax, accounting laws), unless a longer period results from storing them in case of potential claims for the limitation period specified by law, particularly the Civil Code, or for other purposes arising from the pursuit of our legitimate interests. In any case, the longer retention period of Personal Data shall prevail.

Information about the recipients of Personal Data, information about any transfer of the User’s Personal Data to third countries (outside the European Economic Area), and the rights to which the User is entitled in connection with the processing of Personal Data are detailed in the further part of the Policy.

7. ORGANIZATION OF COMPETITIONS

The Data Controller of the User’s Personal Data is the entity indicated in point 1. If the User decides to participate in a competition organized by the Data Controller, their Personal Data are or may be processed for the following purposes:

a) conducting the competition, selecting the winners, and awarding prizes – legal basis: Article 6(1)(f) of the GDPR, i.e., the legitimate interest pursued by the Data Controller;

b) fulfilling the legal obligations of the Data Controller, especially those arising from regulations related to tax obligations – legal basis: Article 6(1)(c) of the GDPR, i.e., the necessity to comply with a legal obligation imposed on the Data Controller;

c) marketing, analytical, and statistical activities of the Data Controller or its partners or other so-called third parties we cooperate with, e.g., presenting the User with advertisements and offers (discounts), also tailored to their interests based on profiling (we simplify the analysis of their activity (e.g., purchase history and behavior on our website), which allows us to better tailor to not only general groups of our Clients but also their preferences). However, our activities do not significantly affect their decisions, e.g., purchasing decisions – legal basis: Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the Data Controller or a third party;

d) establishing, defending, and pursuing claims that may arise from the relationship between the User and the Data Controller and other purposes necessary to achieve the legitimate interests of the Data Controller or a third party – legal basis: Article 6(1)(f) of the GDPR, i.e., the legitimate interest pursued by the Data Controller or a third party.

We will process the data for the period necessary to conduct the competition, select the winners, and award the prizes, and for marketing activities – until the User objects, unless the law requires us to process the data for a longer period or we store them longer in case of potential claims, for the period of limitation specified by law, especially the Civil Code, or for other purposes arising from the pursuit of our legitimate interests. In any case, the longer retention period of Personal Data shall prevail.

Information about the recipients of Personal Data, information about any transfer of the User’s Personal Data to third countries (outside the European Economic Area), and the rights to which the User is entitled in connection with the processing of Personal Data are detailed in the further part of the Policy.

8. PROFILING

The Data Controller, for the purpose of presenting general advertisements, offers, or promotions (discounts) intended for all Clients, tailored to the interests of a given Client, may review their preferences, e.g., by analyzing how often they visit the Website and whether and which services they purchase in the physical stores owned by the Data Controller. This allows for a better understanding of the Client’s expectations and adapting to their needs, without significantly affecting their decisions. Due to the advanced technologies used by the Data Controller, these actions will often be carried out by the system in an automated manner, ensuring that the content sent is the most up-to-date and allowing the Client to quickly familiarize themselves with it.

The Data Controller may also process information regarding the Client’s preferences, which may sometimes constitute Personal Data, voluntarily provided by the Client to the Data Controller through the functionality in the Online Store, including to limit the presented Products or Promotions.

9. PARTNERS AND RECIPIENTS OF DATA

Each time, the catalog of recipients of Personal Data processed by the Data Controller depends primarily on the scope of services the Client uses.

The catalog of data recipients also results from the Client’s consent or from legal provisions and is specified by the actions they undertake on the Website.

The Data Controller’s partners may be involved in processing Personal Data to a limited extent, particularly entities that technically help operate the Website efficiently, including communication with our Clients (e.g., assisting in sending emails, and in the case of advertising activities – also in marketing campaigns), providers of hosting or IT services, carriers or intermediaries executing Order shipments, entities handling electronic payments or card payments on the Website, entities offering consumer credit agreements, companies that service software, support the Data Controller in marketing campaigns, as well as providers of legal and advisory services.

10. TRANSFER OF DATA TO THIRD COUNTRIES (OUTSIDE THE EUROPEAN ECONOMIC AREA)

As part of the Data Controller’s use of tools supporting its ongoing activities provided, e.g., by Google, the Client’s Personal Data may be transferred to a country outside the European Economic Area where the entity cooperating with it maintains tools for processing Personal Data in cooperation with the Data Controller.

Appropriate safeguards for the transferred Personal Data have been provided by the Data Controller through the use of standard data protection clauses adopted by a European Commission decision and data processing agreements that meet GDPR requirements. When transferring data to countries outside the European Economic Area, we make every effort to ensure that our partners provide an adequate level of protection by taking additional security measures for Personal Data.

11. CLIENT RIGHTS

Each Client has the right, at any time, to:

a) lodge a complaint with the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw);

b) transfer Personal Data provided to the Data Controller, which are processed automatically and based on consent or an agreement, e.g., to another controller;

c) access Personal Data (including, e.g., receiving information about what Personal Data is being processed or copies of it);

d) request the correction, restriction of processing (e.g., if Personal Data is incorrect), or deletion of Personal Data (e.g., if it was processed unlawfully);

e) withdraw any consent given to the Data Controller at any time, whereby the withdrawal of consent does not affect the legality of processing carried out by the Data Controller based on consent before its withdrawal;

f) object to the processing of their Personal Data for the legitimate interests of the Data Controller or a third party (if there are no other overriding legitimate grounds for the processing). If the Personal Data is processed for direct marketing purposes, the Client has the right to object at any time to the processing of their Personal Data for such marketing, including profiling, to the extent that the processing is related to such direct marketing – in such cases, the Personal Data must no longer be processed for these purposes.

12. DATA SECURITY

The Data Controller, considering the state of the art, the cost of implementation, the nature, scope, context, and purposes of processing, and the risk of violating the rights or freedoms of individuals of varying likelihood and severity, applies appropriate technical and organizational measures ensuring the protection of the processed Personal Data appropriate to the threats and the category of data subject to protection, and in particular, protects the data from unauthorized access, acquisition by an unauthorized person, processing in violation of applicable regulations, and alteration, loss, damage, or destruction. Disclosing externally information about the technical and organizational measures ensuring the protection of processing may weaken their effectiveness, thus threatening the proper protection of Personal Data.

The Data Controller appropriately provides, for example, the following technical measures to prevent the unauthorized acquisition and modification of Personal Data transmitted electronically:

a) protecting the data set from unauthorized access.

The Privacy Policy is effective as of July 1, 2024.