Privacy policy

1. General information:
This document is the privacy policy adopted by Oltens Sp. z o.o. and concerns the rules of processing personal data collected from the users of the https://oltens.com website.

2. The Privacy Policy document is a fulfilment of the information obligation that comes with it: Article 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ of the EU L 119, 4.05.2016, p. 1) (hereinafter referred to as "the GDPR") It is also an expression of care for the rights of visitors to the website located in the company's domains and using the services offered through it.

3. Personal data controller
The controller of the personal data collected from the website visitors is Oltens Sp. z o.o. with its registered office in Jarocin (63-200), ul. Karola Marcinkowskiego 16, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court of Poznań Nowe Miasto and Wilda, 8th Commercial Division under the KRS number 0000676077. NIP: 7822705641, Regon: 367169832, e-mail: sklep@oltens.com, telephone number: 61 224 70 00.


II. The basis, purpose and scope of processing, i.e. what data we collect, why and how we process it

1. The controller declares that it processes users' personal data in accordance with: Article 6(1)(b), i.e. processing is necessary for the execution of the contract to which the data subject is party or to take action at the request of the data subject or Article 6(1)(a), i.e. on the basis of the data owner's consent. The controller shall process the data only to the extent necessary for the above purposes and for the period necessary for their implementation, or until the data subject's consent is withdrawn.

2. The following personal data of the website users are collected voluntarily in the Controller's Website at https://www.oltens.com: name, surname, company (optional), address, city/town, telephone number, e-mail address, content of an enquiry and attachments, if any. The data collected with the use of the contact form are collected for the purpose of: sending answers to received enquiries and requests, processing sent requests and comments, managing and fulfilling the obligations resulting from agreements that bind the Personal Data Controller with the Website user, anticipating and solving difficulties related to products and services provided to the Website user. The Website User may also voluntarily consent to the use of the data provided, i.e. e-mail address, for the purpose of individual marketing of the Data Controller.

III. Who has access to the data collected through the Website

1. Recipients of personal data collected through the Oltens.com website will be: IT service providers acting as data processor, companies providing credit services (if necessary), courier companies providing goods purchased at the shop. The transfer of data shall take place on the basis of a contract of entrustment entered into pursuant to Article 28 of the GDPR.

2. Personal data collected through the website shall not be disclosed to third parties, except for the situations described above, or if such disclosure results from the applicable legal regulations obliging the Controller to disclose personal data to authorised entities.

3. The Data Controller collects website logs but does not associate them in any way with personal data. On the basis of log files, it is possible to generate statistics that help to manage the website. Summaries in the form of such statistics do not contain any features identifying the visitors to the website.


IV. User rights. Right of access to data

Pursuant to Articles 15 to 22 of the GDPR, each user has the following rights:
1. Right of access to data (Article 15 of the GDPR). The data subject shall be entitled to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed and, if so, to have access to them.

2. Right to rectify data (Article 16 of the GDPR). The data subject has the right to demand from the Controller the immediate correction of incorrect personal data concerning him/her.

3. Right to erasure data ("right to be forgotten") (Article 17 of the GDPR). The data subject has the right to demand from the Controller the immediate erasure of personal data concerning him/her.

4. Right to restrict processing (Article 18 of the GDPR). The data subject has the right to request the controller to restrict the processing in the following cases:
a) When data is incorrect - for the period of time needed to correct them
b) The data subject has lodged an objection pursuant to Article 21(1) to the processing - until it has been established whether the legitimate grounds of the controller take precedence over those of the data subject.
c) the processing is unlawful and the data subject opposes the deletion of personal data and demands a restriction on its use instead

5. Right to transfer data (Article 19 of the GDPR)

6. Right to object. If personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him/her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.

7. The user may exercise his or her rights by sending an appropriate request to sklep@oltens.com:
a) The request for correct identification should be sent from the e-mail address from which the request was made via the contact form or which was given in the content of the consent given during the visit to the salon.
b) The request may also be submitted by mail - by sending a registered mail containing such a request to the Company's mailing address, maintained by the Data Controller.

8. In accordance with the provisions of law, the Controller shall provide the person who made the request with an answer regarding the action taken within one month. If the Controller does not take such action, it shall notify the person making the request of that fact.

9. The Controller's actions may be subject to a complaint to the Supervisory Authority.

V. Protection of the privacy of minors

1. The Website's customers may only be natural persons of legal age, however the Website does not collect and verify information on the age of customers. 

2. The Administrator of the Website shall not be liable for actions taken by minors. The legal responsibility for such actions lies solely with their legal guardians.

VI. Safeguards

1. The Website is equipped with security measures aimed at protecting personal data under the Controller's control against loss, misuse and modification. The Controller also has relevant documentation and has implemented appropriate procedures related to personal data protection in the company.

2. The Controller shall ensure that it protects any information disclosed in accordance with applicable legislation and security standards, and in particular:
a) Only authorised employees or collaborators of the Controller and authorised persons dealing with the Website maintenance who have been granted appropriate powers of attorney have direct access to personal data collected by the Controller pursuant to Article 29 of the GDPR.
b) The Controller declares that by commissioning other entities to provide services, the controller requires the partners, pursuant to Article 28 of the GDPR, to ensure appropriately high standards of protection of the personal data entrusted to them, to sign appropriate entrustment agreements in which the partners confirm the application of the standards, and to have the right to control the compliance of these entities with these standards.
c) In order to ensure proper protection of services provided by electronic means, the Website Administrator applies a high level of security, including cryptographic protection of personal data transmission (SSL protocol).
d) Due to the public nature of the Internet, the use of services provided by electronic means may involve risks, regardless of the Controller's due diligence.

VII. Cookies Mechanism. Links to other sites

1. Some areas and functions of the Website may use cookies, i.e. text files saved on the visitor's computer, identifying the visitor in a manner necessary to enable certain operations. Cookies are used, among other things, to remember the data necessary for a user to log in. The condition for cookies to work is their acceptance by the browser and not deleting them from the disk.

VIII. Cookies

1. The website uses "session" (saved until you leave the website, close your browser) and persistent cookies (saved on your computer for a certain period of time). 

2. Website users can change their settings in this respect. The web browser allows to delete or block cookies. Detailed information about this can be found in the help or documentation of the web browser.

3. Disabling cookies will usually limit or block some of the website's functionalities.

IX. Change in the privacy policy

1. The Administrator of the Website reserves the right to change the above privacy policy at any time and place, at the same time undertaking to immediately publish a new privacy policy on the Website pages and inform all registered Users of this fact.
2. The data controller reserves the right to make changes, withdraw or modify the functions or properties of the Website, as well as to cease operations, transfer rights to the Website and perform any legal actions permitted by applicable legal acts.

X. Contact

1. In case of any questions or comments regarding this Privacy Statement or any practices in the website, please contact us at: marketing@oltens.com