Privacy policy

Privacy Policy of the BONDLY LASHES Online Store

Dear User,

We care about your privacy and want you to feel comfortable while using our services. Below, we present the most important information about how we process your personal data and the cookies used by our Store. This information has been prepared in accordance with the requirements of the GDPR, the General Data Protection Regulation.

The controller of your personal data is:

Bondly Lashes spółka z ograniczoną odpowiedzialnością
registered office in Łódź,
ul. Płatowcowa 22, 94-223 Łódź, Poland,
entered into the Register of Entrepreneurs of the National Court Register under number 0001201602,
VAT ID (NIP): 7272894015,
REGON: 54305921100000.

For matters concerning personal data protection, you can contact us at: bondly@bondlylashes.com

In this Privacy Policy, we define the rules of data processing by the Controller, also referred to as: “we,” “Seller,” or “Controller.”

We process your personal data for the following purposes, on the legal bases indicated below, and for the following periods:

Purpose: handling orders placed in the Store, including order preparation and shipment, payment processing, contact regarding the order, and handling potential claims.

Legal basis:

• Article 6(1)(b) GDPR, performance of the sales contract
• Article 6(1)(c) GDPR, compliance with the Seller’s legal obligations, for example issuing accounting documents and storing documentation

Retention period: for the period necessary to perform the contract, then until the expiry of the limitation period for claims, and for the period required by law for storing accounting documentation, for example under tax regulations. See also the Store Terms and Conditions.

Purpose: maintaining your Store account and enabling you to use its functions, such as viewing order history or saved delivery addresses.

Legal basis: Article 6(1)(b) GDPR, performance of the contract for the account service.

Retention period: until the account is deleted by the User or by the Controller in cases provided for in the Terms and Conditions.

Purpose: sending information about new products, promotions, offers, and content related to our brand.

Legal basis: Article 6(1)(a) GDPR, your voluntary consent.

Retention period: until you withdraw your consent or unsubscribe.
You may withdraw your consent at any time, for example by clicking the unsubscribe link in the newsletter footer or by contacting us.

Purpose: communication with you and responding to your inquiries, for example through the contact form, email, or account messages.

Legal basis: Article 6(1)(f) GDPR, our legitimate interest in handling inquiries and building relationships with customers and users.

Retention period: for the time necessary to handle your inquiry, and then the data may be archived for up to 3 years for evidentiary purposes, for example in the event of claims.

Purpose: enabling the publication and display of product reviews in the Store.

Legal basis:

• Article 6(1)(b) GDPR, performance of the contract regarding the review publication service, where the review is linked to your account or purchase
• or Article 6(1)(f) GDPR, our legitimate interest in presenting customer reviews and building trust in the brand

Data scope: for example username, review content, date of review.

Retention period: review data will be publicly visible in the Store for as long as they remain published. You may request deletion of your review at any time.

6.1. A customer of the Online Store may voluntarily and free of charge submit a review regarding purchases made in the Online Store. The subject of the review may also include a rating, photo, or review of a purchased product in the Online Store.

6.2. After purchases are made in the Online Store, the Seller transfers the data necessary to create an email invitation to the company handling the survey process. The sending of surveys and the process of collecting reviews in forms is fully handled by TrustMate SA, with its registered office at Bartoszowicka 3, 51-641 Wrocław. TrustMate SA sends the Customer an email requesting a review, along with a link to an online form enabling its submission. The online form allows answers to the Seller’s questions regarding the purchase, giving a rating, adding a written review, and uploading a photo of the purchased product. If no review is submitted after receiving the first invitation, TrustMate may resend the invitation.

6.3. A review may only be submitted by a Customer who made a purchase in the Seller’s Online Store.

6.4. Reviews submitted by Customers are published by the Seller in the Online Store and on the TrustMate.io profile.

6.5. Reviews may not be used by the Customer for unlawful actions, in particular acts of unfair competition against the Seller, or actions infringing personal rights, intellectual property rights, or other rights of the Seller or third parties.

6.6. A review may only be submitted for products actually purchased in the Seller’s Online Store. It is prohibited to enter into fictitious or sham sales agreements in order to submit a review. The author of the review may not be the Seller or its employees, regardless of the basis of employment.

6.7. A submitted review may be removed by its author at any time.

Purpose: direct marketing of our products and services, including:

• sending you information about products similar to those you have already purchased, for example email messages outside the newsletter where legally permitted
• displaying personalised content and advertisements on our website or in external advertising networks, for example remarketing

Legal basis: Article 6(1)(f) GDPR, the legitimate interest of the Controller in promoting its offer to customers.

Note: some forms of these activities may require additional consents, for example consent for electronic communication or telemarketing. Where required, we will ask for them separately.

Retention period: until you effectively object to the processing of your data for direct marketing purposes.

Purpose: analysing how the Store is used, creating statistics, improving the website, user experience, and offer.

Data scope: among others, data relating to activity in the Store, such as visited pages, visit duration, clicks, order history, and technical data such as IP address or cookie identifiers.

Legal basis: Article 6(1)(f) GDPR, our legitimate interest in analysing user activity and optimising the functioning of the Store.

Retention period: data for analytical and statistical purposes is most often processed in anonymised form or anonymised after analysis. Raw data is stored for as short a period as possible, only until analyses and statistics are prepared.

Purpose: enabling the use of social media features and promoting our brand on social media, for example Instagram and Facebook integration, Share buttons, or embedded posts.

Legal basis: Article 6(1)(f) GDPR, our legitimate interest in brand promotion and making social features available to users.

Note: data collected by social media services such as Meta/Facebook, Instagram, or TikTok is processed according to their own regulations and privacy policies. We have no control over their internal data processing operations.

In connection with the processing of your personal data, you have the following rights:

You may obtain information about what data we process, for what purpose, on what basis, and receive a copy of the data.

If your data is inaccurate or incomplete, you may request that it be corrected or completed.

You may request deletion of data, among others, when:

• the data is no longer necessary for the purposes for which it was collected
• you withdraw consent and there is no other legal basis for processing
• you object to processing and there are no overriding legitimate grounds for processing

You may request restriction of processing, among others, when:

• you contest the accuracy of the data
• the processing is unlawful but you oppose deletion
• you need the data to establish, pursue, or defend claims

In cases provided for by GDPR, you may receive your data in a structured format and transfer it to another controller.

Additionally, you have:

You may object, on grounds relating to your particular situation, where we process data based on our legitimate interest under Article 6(1)(f) GDPR. In such a case, we will stop processing the data for that purpose unless we demonstrate compelling legitimate grounds overriding your interests, rights, and freedoms, or grounds for establishing, pursuing, or defending claims.

You may object at any time to the processing of your data for direct marketing purposes, including profiling for such purposes. Once you object, we will no longer process your data for those purposes.

If we process data based on your consent, for example for the newsletter, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise your rights, contact us using the Controller’s contact details provided at the beginning of this document.

Before fulfilling your request, we may ask for additional information necessary to verify your identity, in order to protect your data from unauthorised access.

We will respond without undue delay, no later than within 1 month from receiving your request. In particularly complex cases, this period may be extended to 3 months, of which you will be informed.

If you believe that we process your data in violation of the law, you have the right to lodge a complaint with the supervisory authority, the President of the Personal Data Protection Office (PUODO).

As part of our Store, we may tailor displayed content and marketing communication to your interests using profiling mechanisms.

This means that:

• based on, for example, your purchase history, viewed products, activity on the website, or information about the device you use, we may:
• display products suited to your preferences
• direct advertisements to you that we believe may be of interest to you

Profiling is used for marketing and statistical purposes only. We do not make decisions based on it that produce legal effects concerning you or similarly significantly affect you. Therefore, Article 22 GDPR does not apply here.

You have the right to object to profiling, especially profiling for direct marketing purposes. Such objection is binding on us.

Our Store, like most websites, uses cookies. Cookies are small text files stored on your device, for example a computer or smartphone, when using the Store.

Cookies allow us, among others, to:

• ensure the proper functioning of the Store, for example maintaining your session after login and storing the contents of your shopping cart between visits
• improve the operation of the Store by remembering your preferences
• compile website usage statistics, which helps us improve the Store, for example through Google Analytics or similar tools
• conduct marketing activities, including displaying advertisements tailored to your interests, for example remarketing in advertising networks or social media

Cookies do not change the configuration of your device or software settings.

Through your browser settings, you can at any time:

• delete stored cookies
• block future use of cookies

Instructions for managing cookies can be found in your browser’s help section, often under F1, or on the browser provider’s website, such as Chrome, Firefox, Edge, or Safari.

Please note that restricting cookies may affect some Store functionalities, for example login, remembering your shopping cart, or proper display of some website elements.

In our Store, cookies are used in particular for:

• essential purposes, necessary for the proper functioning of the Store, for example session maintenance, cart handling, and order processing
• functional purposes, remembering your settings and preferences, for example language, consents, or selected options
• statistical purposes, creating anonymous statistics about visits, traffic sources, and user behaviour
• marketing purposes, remarketing and ads tailored to your activity
• social media integration, for example displaying plugins, embedded posts, or Like and Share buttons

Detailed information about the tools we use, including service providers, may also be presented in a separate cookie notice or in the cookie consent settings on the Store website.

We use external entities to whom we may entrust the processing of personal data, only to the extent necessary to achieve specified purposes.

Potential recipients of your data include in particular:

• courier companies and postal operators, for delivering ordered goods
• payment operators, for processing payments, for example online payment systems, banks handling bank transfers, PayPal, and similar
• hosting providers and e-commerce software providers, delivering IT infrastructure and Store software
• IT service providers, programmers, technicians, and system administrators, who may incidentally access data while performing commissioned work, always under a data processing agreement and confidentiality obligation
• analytics service providers, for example systems for analysing traffic in the Store, such as Google Analytics or similar tools
• marketing service providers, for example companies conducting advertising campaigns, advertising partners including advertising networks such as Google Ads, advertising systems of social media platforms, tracking pixels, and social media platforms on which we maintain profiles
• newsletter service providers, if we use an external email marketing platform, your email address may be processed there
• entities handling shop or product review systems, where we use external tools for collecting reviews, we may provide them with necessary data such as email address and order number
• public authorities, to the extent that we are required to disclose data to them under applicable law, such as courts, law enforcement authorities, or tax authorities

Entities processing data on our behalf act under data processing agreements and are obliged to ensure an appropriate level of data security and confidentiality.

In connection with the use of certain tools provided by external entities, such as analytics tools, marketing tools, mailing platforms, or social media services, your personal data may be transferred to countries outside the EEA, in particular to the United States.

In such cases:

• we ensure that the transfer always takes place in accordance with GDPR
• data recipients provide an adequate level of privacy protection
• appropriate legal mechanisms are applied, such as:
• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• other instruments provided for by GDPR

You have the right to obtain information about the safeguards used in relation to transfers outside the EEA. To do so, please contact us.

When processing your personal data:

• we apply appropriate technical and organisational measures ensuring their protection in accordance with the law
• we use safeguards such as SSL encryption for connections to the Store, in particular during login, form completion, and payments
• we restrict access to data only to authorised persons and only to the extent necessary for the performance of their duties

We continuously monitor and adapt the safeguards used to current technical, organisational, and legal requirements.

If you have any questions regarding this Privacy Policy or wish to exercise your rights, please contact us:

e-mail: bondly@bondlylashes.com
registered office address: Bondly Lashes sp. z o.o., ul. Płatowcowa 22, 94-223 Łódź, Poland

We will be happy to provide the necessary information and assist you with matters related to your privacy.

The Controller reserves the right to introduce changes to this Privacy Policy in the future for important reasons, in particular:

• changes in legal regulations concerning personal data protection or electronic services
• implementation of new technologies or tools in the Store
• introduction of new services or modification of existing ones

We will inform users about significant changes to the Privacy Policy in advance, for example through a notice on the Store website or by email in the case of Newsletter subscribers.