• No products in the cart.

Privacy Policy

PRIVACY POLICY of the website https://katathanispa.pl/ (“Website”) as of 12.06.2023 (“Privacy Policy”)

I. DATA CONTROLLER

  1. The data controller is Katathani Thai Massage & Spa, located in Bydgoszcz, at ul. Pod Blankami 25, REGON 522247200. Contact with the Data Controller regarding personal data protection is possible at the e-mail address: kontakt@katathanispa.pl, phone number 452-014-541. The Controller is also the owner of the Website.
  2. The Data Controller appoints a Personal Data Inspector. The Personal Data Inspector is Dawid Siemień. Contact with the Inspector regarding personal data protection is possible at the e-mail address: kontakt@katathanispa.pl.
  3. In order to use the services, especially to conclude and execute a sales contract or a contract for the provision of electronic services with the Administrator, and to receive a reply, the user provides their personal data. The scope of data required to conclude the contract is always indicated by the Administrator.
  4. The legal basis for such data processing is Art. 6 of the GDPR, which allows personal data to be processed if they are necessary for the performance of a contract or for the taking of action leading to the conclusion of a contract and which allows the processing of personal data on the basis of voluntarily given consent.
  5. The personal data listed below are provided voluntarily, however, failure to provide the necessary data to conclude and execute a sales contract or a contract for the provision of electronic services with the Administrator results in the inability to conclude and implement them.
  6. In addition, personal data is processed by the Administrator to fulfill obligations prescribed by law, including tax law, and their failure to provide them will prevent the Administrator from fulfilling these obligations.
  7. Taking into account the nature, scope, context, and purposes of processing and the risk of violating the rights or freedoms of individuals with different probabilities and severity of threats, the Administrator implements appropriate technical and organizational measures to ensure that processing is in accordance with the GDPR. The Administrator applies technical measures to prevent unauthorized persons from acquiring and modifying personal data transmitted electronically.

II. SCOPE OF PROCESSED DATA

  1. In order to perform a contract for the provision of electronic services or to take action at the request of the person to whom the data relates before concluding the contract, the Administrator processes such personal data as: • full name/company name, • e-mail address. The legal basis for such data processing is Article 6(1)(b) of the GDPR, which allows the processing of personal data if they are necessary for the performance of a contract or for the taking of action leading to the conclusion of a contract.
  2. For direct marketing purposes, the Administrator processes such personal data as: • e-mail address. The legal basis for such data processing is Article 6(1)(f) of the GDPR, which allows the processing of personal data in connection with the legally justified interest of the Administrator for the period of existence of a legally justified interest pursued by the Administrator, but no longer than the period of limitation of claims against the person to whom the data relates, from the Administrator’s business activity.
  3. For marketing purposes, the Administrator processes such personal data as: • first name, • e-mail address. The legal basis for such data processing is Article 6(1)(a) of the GDPR, which allows the processing of personal data until the consent is withdrawn by the person to whom the data relates for further processing of their data for this purpose.
  4. To establish, assert or defend claims that the Administrator may raise or which may be raised against the Administrator, the Administrator processes such personal data as: to get to the translation… • tax identification number (TIN) of the service recipient or customer The legal basis for such data processing is Art. 6 para. 1 lit. F of GDPR, which allows for processing personal data in connection with the legitimate interest of the Administrator for the period of the existence of a legitimate interest pursued by the Administrator, however not longer than the period of limitation of claims against the person whose data concern, in connection with the business activity conducted by the Administrator.
  5. Processing of personal data of individuals by the ADO and DPO within the website in connection with the provision of services electronically, described in the Regulations, both in a fully automated, partially automated and non-automated manner, takes place on the principles set out in the Regulation of the European Parliament and Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR).

III. DATA SHARING

  1. The Administrator may share data with cooperating entities such as software suppliers, carriers, freight forwarders, courier brokers also for the purpose of delivering a response to a complaint and for transmitting marketing content in accordance with the Act of July 16, 2004, Telecommunications Law (in the case of transferring a phone number) or / and sending commercial information via electronic means in accordance with the Act of July 8, 2002, on the provision of electronic services (in the case of providing an e-mail address).
  2. In addition, users’ personal data are processed by the ADO and DPO to fulfill the obligations prescribed by law, including tax law.

IV. COOKIES

• • • • • • For the use of cookies and other related technologies (scripts, web beacons and others) on the website, we process such text information (cookies will be described in a separate point). The legal basis for such processing is Art. 6 para. 1 lit. a GDPR, which allows processing personal data based on voluntarily given consent (at the first entry to the website, there is a query about the consent to the use of cookies).

V. PROFILING

  1. Processing of personal data of individuals and entrepreneurs using the website as part of a sole proprietorship by the Administrator within the website in connection with the provision of services electronically, both in a fully automated, partially automated and non-automated manner, takes place on the principles set out in the Regulation of the European Parliament and Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR).
  2. The Administrator may use profiling on the website for direct marketing purposes, but decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude a sales contract, or the possibility of using electronic services. The effect of using profiling may be, for example, granting a discount to a person, sending him a discount code, reminding him about unfinished purchases, sending a product proposal that may match the interests or preferences of a given person, or offering better conditions compared to the standard offer. Despite profiling, it is the person who freely decides whether he wants to use the received discount or better conditions and make a purchase.
  3. Profiling on the website involves automatic analysis or prediction of a person’s behavior on the website, e.g. by adding a specific Product to the basket, browsing the page of a specific Product. A condition for such profiling is the possession by the Administrator of the person’s personal data, in order to be able to send him a discount code,.)

VI. RIGHTS OF THE DATA SUBJECTS

  1. Each person whose data is being processed has the right to access their data, to correct it, rectify it, delete or limit its processing, as well as the right to data portability. To exercise the rights mentioned above, the user should contact the Administrator. In case of a change, or a need to supplement or correct personal data, everyone whose data is processed is obliged to update them. Submitting a request to delete personal data during the advice giving is possible, but it prevents the receipt of advice.
  2. To obtain information about the processing of their personal data, as well as to exercise the rights mentioned above, any person whose data is processed can contact the Administrator.
  3. Any person whose data is processed based on consent has the right at any time to withdraw consent to the processing of their personal data by the Administrator. Withdrawing consent to the processing of personal data does not affect the legality of the processing, which was carried out on the basis of consent before its withdrawal.
  4. Any person whose data is processed has the right to lodge a complaint with the supervisory authority (currently, it is the General Inspector for the Protection of Personal Data).
  5. To fulfill obligations related to the GDPR, especially by creating records and logs, e.g., a register of customers who have objected in accordance with the GDPR, such personal data are processed as:
  • first name,
  • last name,
  • email address,
  • town/city,
  • telephone number. The legal basis for such data processing is, firstly, Art. 6 para. 1 lit. c GDPR, which allows the processing of personal data if such processing is necessary for the Administrator to comply with legal obligations; secondly, Art. 6 para. 1 lit. f GDPR, which allows the processing of personal data if the Administrator is thereby pursuing a legitimate interest.