Privacy Policy

Last update: 01.10.2024

I. Who are we?

The controller of your personal data, i.e., the entity responsible for what happens to it, is us, the owner of the bloom-bebeauty.com store, i.e.: BEAUTYVITALS LLC
30 N Gould St, STE R, Sheridan, WY 82801, USA, registered in the register of entrepreneurs.

II. How can you contact us?

Write us an email at: contact@beautyvitals.com. We will be happy to help you with anything!

III. What data do we collect and for what purpose?

We may process your personal data in the following cases:

  1. To conclude and execute the Sales Agreement or Agreement for the delivery of digital content (order fulfillment):
    • We may process data you provide, necessary for concluding and executing the Sales Agreement or Agreement for the delivery of digital content (order fulfillment) or taking action at your request before concluding it, such as: first and last name/company name, email address, contact address (delivery address), contact phone number, and tax identification number (NIP). Providing this data is voluntary but necessary to place an order or conclude a contract. These data will be processed to perform the Sales Agreement or Agreement for the delivery of digital content or take action at your request before its conclusion (Article 6(1)(b) GDPR) and to fulfill legal obligations, including tax and accounting regulations (Article 6(1)(c) GDPR). They will be processed for the necessary time to fulfill the order until the expiration of the statute of limitations for claims under the Sales Agreement or Agreement for the delivery of digital content.
  2. For complaint handling or exercising the right of withdrawal:
    • We may process data provided in the content of a complaint or a statement of withdrawal, such as first and last name, email address, contact address, phone number, order number, and bank account number (in case of payment refunds). Providing this data is voluntary but necessary to submit a complaint or a withdrawal statement. These data are processed to fulfill a legal obligation (based on Article 6(1)(c) GDPR) for the time necessary to carry out the complaint or withdrawal procedure. After completing these actions, we may process the provided personal data for archiving purposes and to demonstrate the course of the complaint or withdrawal procedure in the future, based on our legitimate interests (Article 6(1)(f) GDPR) until the expiration of the statute of limitations for your claims in this regard or until you raise a justified objection.
  3. For ongoing contact:
    • We may process your data, such as name, surname, email address, phone number, correspondence address, or other data you choose to provide in your message to us. In this case, personal data is processed based on our legitimate interests, such as corresponding and exchanging information with you (Article 6(1)(f) GDPR). After completing the correspondence or exchange of information, we may process the provided personal data for archiving purposes (which constitutes our legitimate interest based on Article 6(1)(f) GDPR). Providing such data is voluntary but necessary for communication with us or exchanging information. Your personal data processing will continue until you raise a justified objection.
  4. To maintain an account (registration and management):
    • We may process your data, such as first and last name, email address, contact address, contact phone number, and your order history. In this case, data processing is based on the agreement concluded with us for the provision of electronic services (Article 6(1)(b) GDPR). Providing this data is voluntary but necessary to set up an account (conclude an agreement) and maintain it. These data will be processed for the duration of the electronic services agreement, at the latest until the expiration of the statute of limitations for claims arising from the agreement. Additionally, you may provide more personal data in your profile, such as your birth date and month. In this case, the basis for processing your personal data will be the consent you express (Article 6(1)(a) GDPR). Providing such data is voluntary and will help us personalize offers directed to you and facilitate contact. It is up to you to decide whether to provide us with additional data, and you can change your settings at any time.
  5. To establish business or partnership cooperation and subsequently conclude and execute civil law contracts:
    • We may process your data, such as first and last name, phone number, email address, company name, tax identification number (NIP), and position/function. Providing this data is voluntary but necessary to conclude an agreement with us. These data will be processed to execute the concluded agreement or take action at your request before its conclusion (Article 6(1)(b) GDPR) and to fulfill legal obligations, including tax and accounting regulations (Article 6(1)(c) GDPR). They will be processed for the necessary time to execute the agreement until the expiration of the statute of limitations for claims arising from the concluded agreement.
  6. For contact with representatives or persons designated for contact:
    • If you represent any public or private entity or have been designated as a contact person on behalf of such an entity, we may process your data, such as first and last name, PESEL, phone number, email address, and position/function, based on our legitimate interest (Article 6(1)(f) GDPR), which includes signing and concluding agreements with the entity you represent, ensuring contact with such an entity, and verifying whether you are authorized to represent such an entity. Providing data is voluntary, but refusal to provide them may hinder our communication or agreement conclusion. Your data may be processed until the communication ends or the expiration of claims arising from the agreement concluded with the entity you represent or for which you act as a representative.
  7. To establish, pursue, or defend potential claims and rights:
    • Based on our legitimate interests (Article 6(1)(f) GDPR) until the expiration of these claims’ limitation period.
  8. For sending a Newsletter, including for direct marketing purposes:
    • We may process your data, such as your email address, based on your voluntary consent (Article 6(1)(a) GDPR) concerning Articles 10(1) and 10(2) of the Act of July 18, 2002, on the Provision of Electronic Services and Article 172 of the Telecommunications Law Act of July 16, 2004. Additionally, we may process your birth date and month based on the consent you express when subscribing to the Newsletter. Your data will be processed until you withdraw your consent. At any time, you can unsubscribe from the Newsletter by contacting us via email at contact@beautyvitals.com or clicking the unsubscribe link at the bottom of every Newsletter message. This does not affect the lawfulness of processing performed before your withdrawal. Based on our legitimate interests (Article 6(1)(f) GDPR), we may also analyze whether you read our Newsletters and which of the information they contain you prefer to read.
  9. To manage the website and analyze data collected automatically:
    • Based on our legitimate interest (Article 6(1)(f) GDPR) during the operation of our website but no longer than until you object to the processing of your personal data.
  10. To manage social media profiles and internet presence:
    • Since we maintain profiles on social media platforms (including Facebook, Instagram, Pinterest, Twitter), we may process data you provide when visiting our profiles and viewing the materials presented (e.g., comments, online identifiers, “likes”). Such data is processed primarily to enable activity on our profiles, present information about our various activities, initiatives, and services, promote our products and services, and for statistical and analytical purposes. The legal basis for processing your personal data is our legitimate interest (Article 6(1)(f) GDPR), involving brand promotion, presentation of our materials, maintaining the quality of provided services and products, and pursuing or defending claims if necessary. Your data in this scope will be processed for the duration of the profiles’ operation, material presentation, and afterward for the period required by applicable law. This period may be extended for the limitation period for claims if data processing is necessary to pursue or defend our claims. The above information does not apply to the processing of personal data by the administrators of social media platforms.
  11. In case of reporting adverse effects of cosmetic products:
    • If a cosmetic product purchased in our store causes adverse effects, a medical professional, end-user, legal guardian, or statutory representative may report this to us via mail to the address: BEAUTYVITALS LLC 30 N Gould St, STE R, Sheridan, WY 82801, USA, or via email: contact@beautyvitals.com. In the case of reporting adverse effects of cosmetic products, your personal data will be processed for the purposes of:
    • a. Ensuring high standards of quality and safety of cosmetic products, particularly for monitoring the safety of cosmetic products, including maintaining a register of reports of individual cases of adverse effects of cosmetic products and reporting individual cases of serious adverse effects of cosmetic products to the competent authorities. This involves fulfilling the obligation to provide public access to the above information: – Health-related data will be processed based on Article 9(2)(i) GDPR, i.e., processing is necessary for reasons of public interest in the area of public health, specifically to ensure high standards of quality and safety of cosmetic products based on legal provisions, such as Regulation (EC) No. 1223/2009 of the European Parliament and of the Council of November 30, 2009 – Article 23, and the Polish Act of October 4, 2018, on Cosmetic Products. – Other personal data will be processed based on Article 6(1)(c) GDPR, i.e., processing is necessary to fulfill our legal obligations, including those arising from Regulation (EC) No. 1223/2009 of November 30, 2009, including Articles 10 and 21, and the Polish Act of October 4, 2018, on Cosmetic Products.
    • b. Establishing, pursuing, or defending potential claims: – For health-related data, based on Article 9(2)(f) GDPR, i.e., processing is necessary for the establishment, exercise, or defense of legal claims. – For other standard data, based on Article 6(1)(f) GDPR, i.e., our legitimate interest in pursuing or defending claims.
    • Your personal data will be stored for the period necessary to achieve the processing purposes and in accordance with applicable regulations regarding the storage of reports of adverse effects of cosmetic products, i.e., one year after completing the verification of the adverse effect report. In the case of exercising our legitimate interests, including enabling the defense or pursuit of claims, data will be stored until the claims’ limitation period.
    • For conducting contests or promotional campaigns:
      • If you choose to participate in a contest or promotional campaign, the data you provide (including name, surname, mailing address if provided, phone number, email address, or other data provided in connection with our promotional campaign or contest) may be processed, in particular for the following purposes:a. Related to contest participation, based on the Controller’s legitimate interest (Article 6(1)(f) GDPR), specifically to ensure participation in the contest, fulfill obligations arising from the promised performance, such as evaluating contest entries, selecting winners, ensuring contact with participants, including winners, or awarding prizes, defending rights, and pursuing claims. Additionally, your data may be processed based on your consent (Article 6(1)(a) GDPR), which you grant by entering the contest, especially for publishing contest results.b. Related to participation in a promotional campaign, based on the Controller’s legitimate interest (Article 6(1)(f) GDPR), specifically to enable participation in the promotional campaign, fulfill the organizer’s obligations related to the campaign (e.g., issuing discount codes or promotional vouchers), ensure contact with participants, and defend rights and pursue claims. Additionally, your data may be processed based on consent (Article 6(1)(a) GDPR), which you provide by participating in the promotional campaign.c. To handle potential complaints and claims related to the contest or promotional campaign, where data is processed by the Controller due to the necessity of fulfilling a legal obligation (Article 6(1)(c) GDPR) for the time necessary to carry out the complaint procedure. After these actions, the Controller may process the provided personal data for archiving purposes and to demonstrate the complaint procedure in the future, based on the Controller’s legitimate interest (Article 6(1)(f) GDPR).d. Fulfilling obligations arising from applicable laws, including tax and accounting regulations (Article 6(1)(c) GDPR).
      Personal data related to contests or promotional campaigns will be stored until the expiration of claims and considering the tax obligations’ limitation period and the period required by the Polish Accounting Act or other applicable legal regulations. Providing data is voluntary but necessary to participate in the contest or promotional campaign. When we process personal data based on consent, you have the right to withdraw consent at any time, but this will not affect the processing conducted before consent withdrawal.
    • More information regarding personal data processing may be included in specific contest or promotional campaign regulations.
    • For operating loyalty programs:
      • If you choose to join a loyalty program, the data you provide (including name, surname, phone number, email address, or other data provided in connection with our promotional campaign or contest) may be processed, particularly for the following purposes:a. Related to loyalty program participation, based on the Controller’s legitimate interest (Article 6(1)(f) GDPR), specifically to enable participation in the program, ensure contact with participants, defend rights, and pursue claims. Additionally, your data may be processed based on consent (Article 6(1)(a) GDPR), which you provide by joining the loyalty program.b. To handle potential complaints and claims related to the loyalty program, where data is processed by the Controller due to the necessity of fulfilling a legal obligation (Article 6(1)(c) GDPR) for the time necessary to carry out the complaint procedure. After these actions, the Controller may process the provided personal data for archiving purposes and to demonstrate the complaint procedure in the future, based on the Controller’s legitimate interest (Article 6(1)(f) GDPR).c. Fulfilling obligations arising from applicable laws, including tax and accounting regulations (Article 6(1)(c) GDPR).
      Personal data related to loyalty program participation will be stored until the expiration of claims, considering the tax obligations’ limitation period and the period required by the Polish Accounting Act or other applicable legal regulations. Providing data is voluntary but necessary to participate in the loyalty program. When we process personal data based on consent, you have the right to withdraw consent at any time, but this will not affect the processing conducted before consent withdrawal.
    • 14. In other cases, as we notify you on an ongoing basis:
    • Your personal data may be processed based on:
    • Voluntary consent (Article 6(1)(a) GDPR);
    • Applicable legal provisions—when processing is necessary to fulfill our legal obligation (Article 6(1)(c) GDPR);
    • Necessity for purposes other than those mentioned above, arising from legitimate interests pursued by us or by a third party (Article 6(1)(f) GDPR).

IV. Who are our partners (recipients of your data)?

Your personal data may be shared with entities that cooperate with us. These include entities providing services such as telecommunications, IT, hosting, courier, legal (including debt collection), accounting and financial services, entities offering statistical analysis, advertising and marketing services (including mailing services), website maintenance, and entities providing training and consulting in the field of data protection. Additionally, in the case of contests, the personal data of winners may also be disclosed/shared with entities where prizes, such as vouchers or gift cards, are redeemable, to the extent necessary for the contest and prize awarding.

As a rule, we do not transfer your personal data outside the European Economic Area (EEA). However, if necessary, we may transfer it outside the EEA only while ensuring an appropriate level of protection compliant with the GDPR. This may include:

  • Implementing appropriate safeguards, such as standard contractual clauses adopted by the European Commission and data processing agreements compliant with the GDPR;
  • Cooperating with entities processing personal data in countries where the European Commission has issued decisions confirming adequate levels of data protection;
  • Applying binding corporate rules approved by the competent supervisory authority.

V. How do we process your data, and what are your rights?

We continuously analyze risks to ensure that personal data is processed securely—ensuring, above all, that only authorized persons have access to the data and only to the extent necessary to fulfill the specific purpose for which the data was collected, considering their tasks. We ensure that all operations on personal data are recorded and carried out exclusively by authorized employees and collaborators. We take all necessary steps to ensure that our subcontractors and other cooperating entities guarantee the application of appropriate data protection measures.

Under applicable personal data protection laws, you have the following rights:

  1. Right of access to personal data (Article 15 GDPR): You have the right to obtain confirmation of whether your personal data is being processed, and if so, to access it and receive information, including the purpose of processing, the category of personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, including recipients in third countries or international organizations.
  2. Right to rectify data (Article 16 GDPR): You have the right to request the correction of your personal data if it is inaccurate or incomplete.
  3. Right to delete personal data (so-called right to be forgotten, Article 17 GDPR): In cases provided by law, you have the right to request that we delete your personal data and inform the entities to whom we disclosed your data of your request.
  4. Right to restrict processing (Article 18 GDPR): In specific cases, you have the right to request restrictions on the processing of personal data: a. If you dispute the accuracy of personal data—for a period allowing us to verify its accuracy; b. If processing is unlawful, and you object to the deletion of personal data, requesting instead to restrict its use; c. If we no longer need the personal data for processing purposes, but it is needed by you for the establishment, exercise, or defense of claims; d. If you have objected to processing under Article 21(1) GDPR—until it is determined whether our legitimate grounds override your objection.
  5. Right to data portability (Article 20 GDPR): You have the right to receive the personal data you provided and transfer it to another chosen data controller. This right applies when data is processed based on your consent (Article 6(1)(a) GDPR) or to perform a contract (Article 6(1)(b) GDPR) and is processed in an automated manner. Where technically possible, you can also request that your data be transferred directly by us to another authorized controller.
  6. Right to object (Article 21 GDPR): If we process your data based on our legitimate interests, you can object to the processing of your data at any time due to reasons related to your particular situation. In this case, we may not process your data unless we demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. If we process your personal data for direct marketing purposes, including profiling, upon receiving your objection (without requiring justification), we will cease processing your data for this purpose.
  7. Right to withdraw consent (Article 7 GDPR): If processing is based on your consent (Article 6(1)(a) GDPR), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
  8. Right to lodge a complaint with a supervisory authority (Article 77 GDPR): If you believe that the processing of your personal data violates applicable laws, you have the right to lodge a complaint with the supervisory authority—the President of the Personal Data Protection Office.

To exercise your rights (except for point 8 above), simply email us at: contact@beautyvitals.com or send us a written request to: BEAUTYVITALS LLC
30 N Gould St, STE R, Sheridan, WY 82801, USA.

VI. How long do we store your data?

The duration of processing depends on the purpose of the processing and is specified in Section III for each purpose. The processing period may be extended if necessary to establish, pursue, or defend claims (until the expiration of the claims’ limitation period), and afterward only if required by legal regulations (e.g., tax and accounting documentation—five years from the end of the calendar year in which the tax payment deadline expired). After the processing period ends, data is deleted or anonymized.

VII. Cookie Policy

On our website, we use cookies. Cookies are IT data, specifically text files, stored on the end device of the Store user and designed for the use of the Store’s websites. Cookies usually contain the name of the website from which they originate, the time of storage on the end device, and a unique number.

Cookies are used for the following purposes:

  1. Adapting the content of our website to the user’s preferences and optimizing the use of the website; in particular, these files allow recognizing the user’s device and properly displaying the website, tailored to their individual needs.
  2. Creating statistics that help us understand how users interact with our website, enabling improvements in its structure and content.

We use two basic types of cookies on our website: “session” cookies and “persistent” cookies:

  • Session cookies are temporary files stored on the user’s device until they leave the website or close their browser.
  • Persistent cookies are stored on the user’s device for the time specified in the cookie’s parameters or until the user deletes them.

On our website, the following types of cookies may be used:

  • “Necessary” cookies, enabling the use of services available through the Store, e.g., authentication cookies for services that require authentication within the Store.
  • Cookies ensuring security, e.g., used to detect authentication fraud within the Store.
  • “Performance” cookies, enabling the collection of information about how users interact with the Store’s website.
  • “Functional” cookies, allowing the storage of user-selected settings and personalizing the interface, e.g., in terms of language, region, font size, or website layout.
  • “Advertising” cookies, enabling the delivery of content more tailored to user interests.

We use both our own cookies (to ensure the proper functioning of our website, such as monitoring site popularity, statistical and analytical purposes, and order fulfillment) and third-party cookies from entities whose services we use within our operations (e.g., through tools like Google Analytics or Facebook).

Providing access to cookies does not give us direct access to other personal data. Information collected and stored in cookies may be retained after a browser session ends, allowing for reuse during future visits to our website.

Most web browsers automatically allow cookies to be stored on the user’s device. Users can change their browser settings to block cookies or to notify them when cookies are being sent to their device. Detailed information on how to manage cookies can be found in your browser settings.

For example:

  • In Mozilla Firefox, go to the menu (three horizontal lines), select “Options,” then “Privacy & Security,” and locate the “Cookies and Site Data” section or “Enhanced Tracking Protection.”
  • In Microsoft Edge, go to the menu (three dots), select “Settings,” then “Site Permissions,” and locate “Cookies and Site Data.”
  • In Google Chrome, go to the menu (three dots in the upper-right corner), select “Settings,” then “Privacy and Security,” and choose “Cookies and other site data.”

Please note that restricting the use of cookies may impact certain functionalities available on our website.

VIII. Profiling

We use data stored in cookies to tailor content to your needs. By “content,” we mean both what we publish on our website and what administrators display on social media platforms where we maintain profiles (e.g., Facebook, Instagram). By “tailoring,” we aim to make the content more relevant to you.

Cookies allow us to analyze your behavior. For example, based on how often you visit our website and show interest in specific products, we can understand your preferences. This helps us better meet customer needs by adapting the functionality of our website. Thanks to cookies, we can show you ads tailored to your interests and offer customized marketing materials.

If you opt out of cookies, you will still see advertisements while using our website, but they will not be related to your previous activities on the site. In addition, analyzing interests (preferences) for creating and presenting personalized offers and discounts is only applied to adult users who have given their explicit consent. You can revoke this consent at any time.

IX. Retargeting

We strive to deliver the best offers and content tailored to your needs. To do this, we use technologies that help us understand your preferences better. For example, we can present you with personalized offers on other websites.

This is based on information collected during your visits to our website, using cookies to identify which products or content you find most interesting. We may also use data from your orders to show you personalized ads on platforms like Facebook or Instagram.

This approach allows you to revisit products you were interested in—like returning to a favorite store where the staff knows your preferences and suggests items you might like.

X. Server Logs

Like most websites, we collect data contained in server logs. These logs include your IP address, hostname, Internet provider, browser type, time spent on the site, and which pages you view while using our service. Information from server logs is only accessible to authorized personnel managing our server. This data serves as a supporting material for website administration, such as generating statistics about visitor regions. However, these summaries do not include information identifying individual users.

XI. Marketing Tools

  1. Google Tag Manager (GTM):
    • We use Google Tag Manager to manage website tags and integrate tracking codes on our website. GTM helps measure user behavior, track advertising impact, and optimize the site. Data collected by GTM is aggregated and does not identify individual users.
  2. Google Analytics:
    • We use Google Analytics for statistical analysis and traffic verification on our site. This tool collects anonymous data about visits and user behavior to improve our website. Google Analytics may include features like remarketing and demographic reports. For more details about Google’s data policies, visit: Google Analytics Privacy Policy.
  3. Google Ads:
    • Google Ads allows us to display advertisements on external websites. Using cookies, we measure ad campaign performance. Data collected helps assess marketing efforts and improve targeting. Google Ads also enables remarketing to show you personalized ads based on your activity.
  4. Facebook Pixel:
    • Facebook Pixel is a marketing tool that helps analyze your actions on our website for remarketing and measuring ad effectiveness. Facebook’s privacy policies can be found at: Facebook Privacy Policy.

XII. Final Provisions

We continuously review our Privacy Policy to keep it updated. Changes or additions to this policy, which may arise due to legal updates, privacy standards, or service enhancements, will be communicated on our website or via email.