Privacy Policy and Cookies

 
 
This Privacy Policy and Cookies Notice contains information regarding the processing of personal data that you may provide to the Administrator while using the Service, as well as the use of cookies.

The Administrator reserves the right to introduce changes to the privacy policy. Reasons for these changes may include amendments to legal regulations, developments in internet technology, the use of new tools by the Administrator, and other objective factors.

 

§1. Personal data Administrator 

  

The personal data administrator is Maryna Yalouchyk, conducting business under the name MY Essence Maryna Yalouchyk, with its registered office at ul. Wita Stwosza 56 lok. 2, 80-308 Gdańsk, NIP: 5842863081, REGON: 540659034.

You can contact the Administrator via email at [email protected] or by phone at +48 792 235 515.

By contacting the Administrator via email, social media, or other communication channels, you provide your personal data, such as your name and email address.

The Administrator places great importance on ensuring both the security and legal compliance of personal data processing. User personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as “GDPR”), as well as other currently applicable legal regulations on personal data protection.

 

§2. Definitions 

  
  • Administrator – Maryna Yalouchyk.
  • Personal Dataany information relating to an identified or identifiable natural person, such as name, surname, residential address, phone number, email address, etc.
  • Policy – this Privacy Policy and Cookies.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC.
  • Service/Store – the website available at https://my-essence.eu and all its subpages, through which the User can place orders, browse content, and contact the Administrator.
  • User – any individual visiting the Service, the social media managed by the Administrator, or using one or more of the services or functionalities described in this Privacy Policy and Cookies.
 

§3. Personal data processed by the Administrator in connection with the use of the service 

  

The Service allows the User to contact the Administrator and provide identification and contact details, as well as data related to the content of the message.

The Administrator collects data related to Users’ activity, such as time spent on the website, searched phrases, the number of subpages viewed, date, and source of visits.

The Administrator primarily collects User data as a result of User activities, such as contacting the Administrator or placing an order.

When using the Service, the Administrator collects data necessary to provide specific services or conclude an agreement, such as name, surname, residential address, and email address.

Below are the detailed principles and purposes governing the processing of personal data collected during the use of the Service.

 

§4. Scope and purposes of data processing

 

The Administrator processes the personal data of all individuals using the Service for the following purposes:

  • Preparation and execution of the Sales Agreement, as well as the realization of rights arising from it. The Administrator processes data based on Article 6(1)(b) GDPR.

  • Analysis of network traffic, ensuring security within the Service, and content customization. The Administrator processes data based on Article 6(1)(f) GDPR.

  • Responding to inquiries, providing requested offers, and maintaining communication. The Administrator processes data based on Article 6(1)(a) and (f) GDPR.

  • Providing and displaying content within the Service.
    For this purpose, the Administrator collects personal data such as the IP address and cookies. The Administrator processes data based on Article 6(1)(f) GDPR.

  • Establishing, defending, and pursuing claims – the legal basis for processing is the Administrator’s legitimate interest in protecting its rights. The Administrator processes data based on Article 6(1)(f) GDPR.

  • Using cookies on the Website and its subpages based on Article 6(1)(a) GDPR, i.e., the User’s consent.

  • For analytical and statistical purposes, specifically conducting analyses of User activity in the Service to improve the applied functionalities. The Administrator processes data based on Article 6(1)(f) GDPR.

To contact the Administrator, please use email. Contact is possible at [email protected].

The email message should include the necessary data to establish contact and handle the inquiry. The User may also provide additional data to facilitate communication.

The Administrator requires the provision of basic identification data, such as name and email address, to accept and handle the inquiry. Failure to provide these details will prevent a response. Providing additional data is voluntary.

The Administrator processes personal data based on Article 6(1)(b) GDPR for handling inquiries and based on Article 6(1)(a) GDPR for data provided voluntarily with the User’s consent.

 

§5. User rights related to the processing of their personal data

 
The GDPR grants the following rights related to the processing of personal data:
  • The right to be informed about the processing of personal data and to receive a copy of the data (Article 12 GDPR).
  • The right to access personal data (Article 15 GDPR).
  • The right to rectify, supplement, update, or correct personal data (Article 16 GDPR).
  • The right to erasure (the right to be forgotten) (Article 17 GDPR).
  • The right to restrict processing, as specified in (Article 18 GDPR).
  • The right to object to the processing of personal data (Article 21 GDPR).
  • The right to lodge a complaint with a supervisory authority (i.e., the President of the Personal Data Protection Office) (Article 77 GDPR).

Not all of these rights will apply to the User in every case. This depends on the nature of legal regulations. Failure to provide the required data may prevent the execution of a contract concluded remotely, the issuance of an invoice, or the ability to establish contact upon the User’s request.

 

§6. Retention period of personal data

 
The period for which the Administrator processes User’s personal data depends on the type of service provided and the purpose of processing.

  • User’s personal data will be stored until consent is withdrawn or until the matter is resolved or the execution of the Agreement is completed.

  • For contract conclusion and execution, including remote sales, data will be stored for the period necessary to document the fulfilled contract, including the issuance of invoices or receipts, for five years from the end of the calendar year in which the tax payment deadline expired.

  • Data related to network traffic analysis collected through cookies and similar technologies may be stored until the expiration of the respective cookie file. Some cookies never expire, meaning data retention will correspond to the time necessary for the Administrator to fulfill its purposes, such as ensuring security and analyzing historical traffic data.

  • The processing period may be extended if necessary to establish, pursue, or defend against legal claims. After this period, data will be stored only if required by law. Once the retention period has expired, the data will be irreversibly deleted or anonymized.

§7. Data security

 
The User’s personal data is stored and protected with due care, in accordance with the internal procedures implemented by the Administrator. The Administrator processes User information using appropriate technical and organizational measures that comply with applicable legal regulations, especially those concerning personal data protection. These measures are primarily intended to protect Users’ personal data from unauthorized access.

Access to Users’ personal data is granted only to authorized individuals, who not only have the appropriate permissions but are also obligated to maintain confidentiality.

At the same time, the User should take necessary precautions to secure their personal data when transmitted via the Internet. In particular, the User should not disclose login credentials to third parties, use antivirus protection, and regularly update software.

 

§8. Transfer of data to third parties

 
The User’s personal data may be transferred to third parties whose services the Administrator uses in connection with the operation of the Service, including but not limited to:
  • Website hosting providers
  • Legal service providers
  • Accounting service providers
  • Office management services
  • Payment system and electronic transaction processors
  • IT system service and maintenance providers, including those for automated invoicing and order processing

 

Processing of data outside the European Economic Area (EEA)

 

User personal data may be processed outside the European Economic Area (EEA) in so-called third countries, particularly in the United States, as a result of the Administrator’s use of IT solutions whose servers are located outside the EEA. The legal basis for such data transfer is the European Commission’s Decision 2021/914 on standard contractual clauses for the transfer of personal data to third countries.

Both the Administrator and the service provider ensure the highest level of data protection guarantees. The processing of personal data will not violate the privacy of individuals.

 

Entities processing data within the EEA:

  • Meta Platforms Ireland Limited
    4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland (formerly Facebook Ireland Limited) – for managing social media services.

  • CashDirector S.A.
    Al. Jerozolimskie 96, 00-807 Warsaw, Poland
    KRS: 0000424600, NIP: 5222885734 – for issuing accounting documents.

  • STRIPE PAYMENTS sp. z o.o.
    Ul. Ludwika Waryńskiego 3A, 00-645 Warsaw, Poland
    KRS: 0000937028, NIP: 7011062474 – for payment processing and electronic transactions.

  • Other contractors or subcontractors engaged in technical, administrative, or legal assistance for the Administrator and its clients, such as accounting, IT, graphic design, copywriting, debt collection, and legal services.

  • Government authorities, such as the Tax Office, to fulfill legal and tax obligations related to accounting and financial settlements.

 

Entities processing data outside the EEA:

  • Google Analytics by Google LLC – for security tools and statistical analysis of the Service (Google Analytics).

 

Social media plugins

The Administrator integrates social media plugins into the website. The purpose and scope of data collection, further processing, and use by service providers are described in their respective privacy policies:

 

§9. Cookies and tracking technologies

 

This website uses cookies.

Upon the first visit to the website, the User receives information about the use of cookies. Not changing browser settings is considered consent to their use.

The Service allows for the collection of information about the User through cookies and similar technologies, which are typically installed on the User’s device (e.g., computer, smartphone). These technologies are used to:

  • Remember the User’s preferences (e.g., font selection, contrast settings, acceptance of policies).
  • Maintain the User’s session (e.g., after logging in).
  • Store login credentials (only with the User’s consent).
  • Collect information about the User’s device and visit, ensuring security as well as analyzing visits and adjusting content accordingly.

The Administrator does not associate information obtained via cookies or similar technologies with other User data, nor does it use such information for identification purposes.

 

What are cookies?

 

Cookies are short text files stored on the User’s device while browsing websites.

  • The Administrator uses “first-party cookies” to ensure the website functions correctly.
  • “Third-party cookies” are processed by external systems from service providers used by the Administrator.

User control over cookies

 

The User has the right to change cookie settings directly in their browser or delete them at any time.

Additionally, the User may browse the website in “incognito mode”, which blocks the collection of visit data.

 

Tracking technologies used on this website

  • Social media plugins, such as Facebook, Instagram, TikTok, etc.
  • Analytical and marketing tools, such as Google Analytics.

 

§10. Server logs

 
Using the Service involves sending requests to the server where the website is hosted. Each request directed to the server is logged in the server logs. These logs include:
  • IP address of the computer from which the request was sent
  • Language settings
  • Request timestamp
  • Browser information
  • Access times
  • Referring website URL (the website from which the User was redirected)
  • Operating system and browser details used by the User

The data recorded in server logs is not associated with specific individuals using the Service and is used exclusively for administrative purposes.

Server logs are retained on the server and are not used by the Administrator to identify Users.

 

§11. Social media

 

The Administrator maintains profiles on social media platforms, including YouTube, Pinterest, Facebook, TikTok, and Instagram (referred to as “fan pages”). On these platforms, the Administrator publishes and shares content, as well as offers and product recommendations.

The administrators of these social media platforms track user behavior through cookies and similar technologies whenever users interact with fan pages or other areas of Facebook and Instagram.

Social media platform administrators have access to general statistics regarding the interests and demographic data of users visiting the fan pages (e.g., age, gender, place of residence). The scope and purposes of data processing on these platforms are determined by the administrators of these services.