Background

Privacy Policy and Cookies Policy

Date of publication: 01.05.2025

This Privacy Policy and Cookies Policy contains information regarding the processing of personal data that you may provide to the Administrator while using the service and the use of Cookies. The Administrator reserves the right to introduce changes to the privacy policy. The reasons for introducing changes may include amendments to the law, the development of internet technologies, the use of new tools by the Administrator, and other objective reasons. At the top of the page, you will find the publication date of the current Privacy Policy and Cookies Policy.

Definitions

  • Administrator – The Data Administrator is the entity that pursues specific purposes of data processing. I always inform you about the details of data processing at the moment of collecting the data, e.g., in agreements concluded with you or, for example, in announcements. The Personal Data Administrator implementing this Personal Data Security Policy is AESTHY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw, ul. Jana Ostroroga 21/7, 01-163 Warsaw, entered in the National Court Register under number 0001161948, NIP: 5273156525.
  • Personal data – information about an identified or identifiable natural person through one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity, including the device IP, location data, online identifier, and information collected through cookies or other similar technologies;
  • Policy – this Privacy Policy, containing information on the processing of Personal Data and the use of cookies and similar tracking technologies within the Service.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
  • Personal Data Protection Act – the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000, as amended).
  • Service – the website operated by the Administrator: www.aesthy.md accessible via internet browsers and all its subpages, including all services provided within the domain, e.g., the contact form.
  • User – a natural person visiting the website/online store or using one or more of the services or functionalities described in the Policy.
  • Device – an electronic device through which the User gains access to the website.
  • Co-administrator – For the purposes of organizing the legal-medical webinar on 4.12.2024 at 19:00, the co-administrator of personal data is KANCELARIA RADCY PRAWNEGO PATRYCJA LUBIENIECKA, NIP: 6692373529.

Who is the personal data administrator?

  • The personal data administrator is AESTHY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Warsaw, ul. Jana Ostroroga 21/7, 01-163 Warsaw, entered in the National Court Register under number 0001161948, NIP: 5273156525.
  • Contact with the Administrator is possible at the above address and via e-mail: hello@aesthy.md
  • By contacting the Administrator via e-mail address, contact form, social media, or by subscribing to the newsletter, you provide your personal data, such as your name and e-mail address.
  • The Administrator attaches great importance to security and compliance with the law regarding the processing of Users’ personal data. The User’s personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC, hereinafter referred to as “GDPR”, as well as other applicable personal data protection laws.

What personal data is processed by the Administrator in connection with the use of the service?

  • The Service enables the User to contact the Administrator and provide identifying and contact data, as well as data related to the content of the message.
  • The Administrator collects data related to the activity of Users, such as time spent on the website, searched phrases, number of visited subpages, date, and source of visits.
  • If the User contacts the Administrator, the data has been provided directly by the User.
  • If the User’s data has been provided in connection with a matter handled by a person who submitted the case to the Administrator, that person is the source of the data. In such a case, the Administrator receives identifying, address, and case-related data, such as a description of the matter.
  • In connection with the User’s use of the Service, the Administrator collects data necessary to provide the particular services offered, e.g., name, surname, residential address, e-mail address.
  • Below are detailed principles and purposes of processing personal data collected while using the service.

Purpose and legal basis of the data processed by the Administrator

  1. Purposes and legal bases for processing Personal Data in the Service. Personal data of all persons using the Service is processed by the Administrator for the purpose of:
    • Analysing network traffic, ensuring security within the service, and adapting content (Article 6(1)(f) GDPR);
    • Responding to correspondence, providing requested offers, conducting communication (Article 6(1)(a) and (f) GDPR);
    • Delivering and displaying content on the website – for this purpose, the Administrator collects personal data such as: IP address, cookies; data is processed based on Article 6(1)(f) GDPR;
    • Establishing, defending, and pursuing claims – the legal basis is the legitimate interest of the Administrator (Article 6(1)(f) GDPR), consisting of protecting its rights, publication of User reviews regarding services provided by the Administrator, and conducting opinion research through surveys (Article 6(1)(a) GDPR);
    • Using cookies on the Website and its subpages (Article 6(1)(a) GDPR);
    • For analytical and statistical purposes – consisting of analysing User activity on the Service to improve functionalities used (Article 6(1)(f) GDPR);
    • For newsletter service handling (Article 6(1)(a) GDPR and Article 6(1)(f) GDPR);
    • To contact the Administrator – the Service provides the ability to contact the Administrator using an electronic contact form. Using the form requires providing personal data necessary to establish contact. The User may also provide other data to facilitate contact or handling of the inquiry. Providing the data marked as required is necessary to accept and handle the inquiry; failure to provide it results in the inability to process the request. Providing other data is voluntary. Personal data is processed to identify the sender and handle their inquiry sent through the provided form – the legal basis for processing is the necessity to perform the contract for the provision of services (Article 6(1)(b) GDPR); with regard to data provided voluntarily, the legal basis is consent (Article 6(1)(a) GDPR).

How do we collect your personal data?

  • Personal data means any information that can be used to indirectly or directly identify a specific person. This definition includes personal data collected online through my website and corporate pages on external platforms.
  • When contacting me, you may be asked to provide your personal data. Data administrators may share your personal data with each other and with other companies that are capital-related or personally related to the Administrator, and use it in a manner consistent with this Privacy Notice. I may also combine it with other information to improve my content.
  • I collect personal data from various sources. These include:
    • Personal data provided directly – I collect data about how you use my website, e.g., information about the types of content you view or engage with, and the frequency and duration of your activities.
    • Personal data that I collect automatically – I also receive and store certain types of personal data each time you interact with me online. For example, I use cookies and tracking technologies to obtain personal data when the web browser accesses my website and other content delivered on other websites. Personal data is also collected while searching, posting content. Examples of the types of personal data I collect include: IP address, device identifier, location data, computer and connection information such as browser type and version, time zone settings, browser plug-in types and versions, operating system.

User rights related to the processing of their personal data

  1. The GDPR grants the following rights related to the processing of personal data:
    • The right to access personal data and obtain a copy of it;
    • The right to rectify or correct personal data;
    • The right to delete personal data, the right to be forgotten;
    • The right to restrict the processing of personal data;
    • The right to object to the processing of personal data;
    • The right to withdraw consent;
    • The right to object to the processing of personal data;
    • The right to data portability;
    • The right to lodge a complaint with the President of the Personal Data Protection Office.

Not all of these rights will always apply to the User and in every case. This is due to the nature of legal provisions.

Period of personal data processing

  1. The period of processing the User’s personal data by the Administrator depends on the type of service provided and the purpose of processing.
  2. The User’s personal data will be stored until the consent is withdrawn or until the matter is resolved.
  3. Data related to network traffic analysis collected through cookies and similar technologies may be stored until the cookie expires. Some cookies never expire, therefore the storage time of the data will be equivalent to the time needed by the administrator to achieve the purposes related to the data collection, such as ensuring security and analysing historical data related to website traffic.
  4. The period of data processing may be extended if processing is necessary to establish or pursue potential claims or defend against claims, and after that period only if and to the extent required by law. After the processing period expires, the data is irreversibly deleted or anonymised.

Data security

  1. The User’s personal data is stored and protected with due diligence, in accordance with the Administrator’s internal procedures.
  2. The Administrator processes information about the User using appropriate technical and organisational measures that meet the requirements of generally applicable laws, in particular personal data protection regulations. These measures are primarily intended to secure the User’s personal data against access by unauthorised persons. In particular, access to Users’ personal data is granted only to authorised persons who are obliged to keep this data confidential.
  3. The User should also exercise diligence in securing their personal data transmitted over the Internet, in particular by not disclosing their login data to third parties, using antivirus protection, and updating software.

Transfer of data to third parties

  1. The User’s personal data may be transferred to third parties whose services the Administrator uses in connection with operating the service.
  2. Due to the use of services provided by Google or Facebook, Users’ personal data may be transferred to the United States of America (USA), Canada, and other countries. These entities guarantee an appropriate level of personal data protection required by European regulations.
  3. Entities processing the provided data within the European Economic Area:
    • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland (formerly Facebook Ireland Limited).
    • GetResponse Spółka Akcyjna, headquartered in Gdańsk, al. Grunwaldzka 413, 80-309 Gdańsk – the entity providing the newsletter system.
    • Facebook or Instagram, particularly regarding advertising tools.
    • Facebook Ireland Ltd. – regarding the use of Meta Platforms (Facebook) advertising tools and the processing of data within the group of Custom Audiences.
    • Other contractors or subcontractors engaged in technical, administrative, or legal support for the Administrator and its clients, such as accounting, IT, graphic design, copywriting services, debt collection companies, lawyers, etc.
    • Public authorities, e.g., the tax office – for the purpose of fulfilling legal and tax obligations related to accounting and settlements.
  4. Entities processing data outside the European Economic Area:
    • Google Analytics by Google LLC – the entity providing tools used to protect the Service and analyze statistics (Google Analytics).
    • MANYCHAT, INC., 450 Lexington Ave, 4th Floor, New York, NY 10017
  5. As part of the Administrator’s operations, social media plugins have also been embedded on the website. The purpose and scope of data collection and their further processing and use by the service providers are described in the privacy policies listed below:

Cookies and tracking technologies

  1. The website you are on uses cookies.
  2. During the first visit to the website, an information notice about the use of cookies is displayed. Not changing the browser settings is equivalent to consenting to their use.
  3. The service enables the collection of information about the user through cookies and similar technologies, the use of which often involves installing tools on the User’s device.
  4. This information is used to remember the user’s decisions (font selection, contrast, policy acceptance), maintain the user’s session (e.g., after logging in), remember the password (with consent), collect information about the user’s device and visit for security purposes, as well as to analyze visits and adjust content. Information obtained via cookies and similar technologies is not combined with other data of the website’s users, nor is it used for user identification by the Administrator.
  5. Cookies are short text information stored on the device used by you while browsing websites. They may be read by the Administrator (“first-party cookies,” which the Administrator uses to ensure the proper functioning of this website), as well as by systems belonging to other entities whose services the Administrator uses (“third-party cookies”).
  6. The User has the right to change cookie settings in their browser or to delete them.
  7. The User can also use the website in so-called incognito mode, which prevents data about their visit from being collected.
  8. This website uses the following tracking technologies:
    • social plugins, such as Facebook and Instagram;
    • analytical and marketing tools, such as Google Analytics, Facebook Pixel.

Newsletter

  • When signing up for the newsletter, the User provides the Administrator with their name and e-mail address. Providing this data is voluntary but necessary to subscribe to the newsletter. The User may unsubscribe from receiving the newsletter at any time by clicking the link included in each newsletter message or by contacting the Administrator using the data provided above.
  • Subscribing to the newsletter means that the User agrees to receive marketing and commercial information by means of electronic communication in accordance with the Act on the provision of electronic services. By confirming the subscription, the User agrees to the Administrator’s use of telecommunications end devices for direct marketing of the Administrator’s products and services and for sending commercial information.
  • The mailing system used by the Administrator to send the newsletter records all activity and actions taken by the User related to the emails sent to them, including the date and time of email opening, clicking links in the message, the moment of unsubscribing, etc.

Server logs

  • Using my website involves sending requests to the server on which the website is hosted.
  • Each request sent to the server is recorded in server logs, which include, for example: IP address, server date and time, information about the web browser and operating system you are using.
  • Data stored in server logs is not associated with specific individuals using the service and is used as auxiliary material for administrative purposes.
  • The contents of the server logs are not disclosed to anyone except those authorized to administer the server.

Social media

  • The Administrator has profiles on social media platforms Facebook and Instagram (“fanpages”). On these fanpages, content, offers, and product recommendations are regularly published and shared. The administrators of social media platforms record user behavior through cookies and similar technologies whenever interacting with our fanpages and other Facebook and Instagram websites.
  • Social media administrators have access to general statistics regarding interests and demographic data (such as age, gender, place of residence) of users visiting the fanpages. When using social media platforms, the scope and purposes of data processing in these platforms are determined by their administrators.

Changes to the privacy policy

  • The policy is continuously reviewed and updated when necessary.
  • We will update this Privacy Notice when necessary. When we publish changes to this statement, we will also update the date of the last modification. We will also store previous versions of this Privacy Notice in the archi...
  • I will not limit your rights under this Privacy Notice without your consent.