Your personal data is processed in the service in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "GDPR").

The Data Controller is Vean Poland Spółka z o.o., with its registered office in Kraków, at ul. Długa 29, 31-147 Kraków, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register, under KRS number: 0000804879, NIP: 6751714312, REGON: 384466318 (hereinafter referred to as "Administrator").

For matters related to the processing of your personal data, you may contact us via email at [email protected] or by postal mail at the following address: ul. Długa 29, 31-147 Kraków.
2.3. Personal data provided to the Administrator is processed and stored in accordance with the GDPR.

Data collected in the Service is provided by the User through forms, service reservations, product purchases, contact via email messages, or phone contact, and is also automatically collected by the IT system used by the Administrator during the User’s visit to the website of the Service.

Providing true personal data is voluntary but necessary to execute transactions via the website or service.

Your personal data, including email address, name, company name, NIP, REGON, PESEL, street, house and apartment number, postal code, city, country, phone number (landline or mobile), and IP address, is processed for the following purposes:

a) Sale of services and goods, exchanges, returns, and handling of complaints. The legal basis for processing is Article 6(1)(b) of GDPR, which authorizes us to process data necessary to execute the contract.
b) Insofar as your personal data is included in accounting documents, it will be processed within the scope and for the purposes specified by the Accounting Act of 19 September 1994. The legal basis for processing is Article 6(1)(c) GDPR.
c) We may also process your data for direct marketing (i.e., to offer you our products and services). The legal basis for processing is Article 6(1)(f) GDPR, which allows us to process data for purposes related to our legitimate interests.
d) Sending newsletters (i.e., commercial information). The legal basis for processing is Article 6(1)(a) GDPR, which authorizes us to process data based on your consent.
e) Investigative procedures, statistics, and analyses aimed at improving the distribution of services and products. Processing is necessary for our legitimate interest in continuously improving the distribution of our services and products and ensuring ease of use. The legal basis is Article 6(1)(f) GDPR.
f) Processing may also be necessary for our legitimate interest in complying with legal obligations or handling complaints, improving the quality of our products or services. The legal basis is Article 6(1)(c) and (f) GDPR.
g) Preparation of a health questionnaire to assess eligibility for the service. If the qualification for the procedure or handling of claims requires the processing of health-related information, we will only process such sensitive information with your consent or if necessary to establish, pursue, or defend legal claims. The legal basis is Article 9(2)(a) and (f) GDPR.

The Administrator collects data provided by Users in contact forms, during visits to Administrator's facilities related to service reservations, and through email messages.

Data collected through server logs is not associated with specific individuals using the website and is not used by the Administrator for identifying Users. It serves solely as a support tool for managing the website, and its contents are not disclosed to anyone other than those authorized to manage the server.

Within our organizational structure, companies within the Vean Group operating within the European Economic Area (EEA) have access to your personal data as part of cooperation in providing services and distributing products, along with authorized employees and collaborators. Our partners, including companies providing accounting, IT services, courier services, hosting services, and electronic payment processors, also have access to your data.

The Administrator does not sell or disclose personal data to third parties other than those described above.

The Administrator will store your personal data only for the time necessary to fulfill legal obligations. This means we may store your data even after you stop using the Service, particularly data required to fulfill obligations to state authorities. Your data will be processed until its deletion or withdrawal of consent, noting that withdrawal of consent will not affect the legality of processing that occurred before consent was withdrawn.

As a general rule, we do not transfer your personal data to third countries or international organizations. In justified cases, we may provide data to a company providing technical support for the website located outside the EEA, but in all such cases, your data will be processed according to GDPR security standards.

We respect your right to privacy and take data security seriously.

Personal data provided in website forms or email communications is treated as confidential and is not visible to unauthorized persons.

he Administrator uses the latest technologies and special procedures to protect personal data. Personal data is stored in a database where technical and organizational measures ensure the protection of processed data in accordance with GDPR requirements, including:

a) Computers used for receiving your email communications and storing your data have multiple security measures, including password protection, locking devices in secured rooms accessible only to authorized persons, using licensed and regularly updated antivirus software, firewalls, and clean screen policies.
b) Personal data is processed by persons authorized by the Administrator or data processors based on agreements obligating them to maintain proper data security standards.

The Administrator declares that all necessary technical and organizational measures have been implemented to ensure the security and integrity of the personal data it processes, to prevent data loss, modification, and/or access by unauthorized third parties.

In connection with the processing of your personal data, you have the right to:

• Access your data (receive information and a copy).
• Request the rectification (correction) of data.
• Request the deletion of unlawfully processed data.
• Restrict data processing.
• Transfer data to another data controller.
• Withdraw consent at any time without affecting the lawfulness of processing carried out prior to consent withdrawal.

Each User has the right to modify or update their personal data by submitting a request in the form specified in point 2. To modify or request the deletion of data, please specify exactly which data the request pertains to and the desired method of modification (e.g., change of personal data, complete deletion of personal data from the database).

The deletion of personal data may occur as a result of the withdrawal of consent or the submission of a legally permissible objection to the processing of personal data.

You have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that your data is being processed unlawfully.

No, we do not profile your personal data or make decisions about your preferences based on automated data processing.

During your visit to the Service, the Administrator’s system automatically collects cookies, including: the public IP address of the computer from which the query was sent, client station name, user name during authorization, request arrival time, HTTP request first line, HTTP response code, the number of bytes sent by the server, URL of the page previously visited by the User (if access to the Service was via a link), browser information, and error details during connection.

The Administrator uses cookies to enable login to the Service account, monitor User activity on the site, and compile usage statistics. Cookies also allow users to retain their browsing parameters in the Service.

Users can block the collection of such information by disabling cookies in their browser settings. However, the Administrator cannot guarantee that the Service will function properly with cookies disabled.

Video monitoring applies to individuals using services in our physical locations, whose images are captured by video monitoring devices installed on the Administrator's premises (e.g., entrance/exit of the studio). Data processing via monitoring serves to protect the Administrator's property and ensure the safety of individuals on the premises, including recording undesirable incidents (e.g., theft or vandalism), identifying perpetrators, securing evidence for investigations, and defending legal claims, all of which are in the Administrator's legitimate interest.

The legal basis for processing personal data obtained through video monitoring is the legitimate interest of the Administrator to secure and protect its premises and individuals within them, in accordance with Article 6(1)(f) GDPR.

Video surveillance recordings will be stored for no longer than three months from the recording date.

The Administrator reserves the right to amend this document in the event of changes in data protection law. Any updates or changes to the Privacy Policy will be announced on www.vean-tattoo.pl.