Privacy Policy dated 07.03.2026.
License number issued by Kreator Legal Geek: 10a2f92b-85b0-469c-b1f5-8b0da6c0f05e.

Privacy Policy of the SkinVibe Store
skinvibe.pl / skinvibe.eu / skinvibe.uk / skinvibe.global
("Store")

Dear User!

We care about your privacy and want you to feel comfortable while using our services. Below you will find the most important information about the rules governing the processing of your personal data and the cookies used by our Store. This information has been prepared in accordance with the GDPR, i.e. the General Data Protection Regulation.

DATA CONTROLLER

ITRG-ZIĘBA-MAGIERA-STYLIŃSKI SPÓŁKA JAWNA (general partnership) with its registered office at Christo Botewa 6B/B4, 30-798 Cracow, Poland, entered in the National Court Register — Register of Entrepreneurs by the District Court for Kraków-Śródmieście in Cracow, 11th Commercial Division of the National Court Register, under KRS number 0000890294, VAT ID: PL9452174051, REGON: 122875190.

If you wish to contact us regarding the processing of your personal data, please write to us at: contact@skinvibe.eu.

YOUR RIGHTS

You have the right to request:

• access to your personal data, including obtaining a copy of your data (Art. 15 GDPR or — if applicable — Art. 13(1)(f) GDPR),
• rectification of your data (Art. 16 GDPR),
• erasure of your data (Art. 17 GDPR),
• restriction of processing (Art. 18 GDPR),
• data portability to another controller (Art. 20 GDPR).

You also have the right to:

• object at any time to the processing of your data:
  • on grounds relating to your particular situation — against the processing of your personal data based on Art. 6(1)(f) GDPR (i.e. our legitimate interests), including profiling (Art. 21(1) GDPR);
  • where personal data are processed for direct marketing purposes, including profiling, to the extent that processing is related to such direct marketing (Art. 21(2) GDPR).

Please contact us if you wish to exercise your rights. You may object to our use of cookies (which you can read about below) in particular by adjusting your browser settings.

If you believe that your data is being processed unlawfully, you may lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland, or with your local supervisory authority.

PERSONAL DATA AND PRIVACY

Below you will find detailed information on the processing of your data depending on the actions you take.

1. Placing an order in the Store — part 1

Purpose
fulfilment of your order
Legal basis
sales contract (Art. 6(1)(b) GDPR)	legal obligation, particularly related to accounting and product safety, requiring us to process your personal data (Art. 6(1)(c) GDPR)
Retention period
for the duration of the above-mentioned contract	until the expiry of legal obligations incumbent upon us
furthermore, your data will be processed until the expiry of the limitation period for claims — by you or by us (more information on this topic can be found in the last table of this section)
What happens if you do not provide data?
you will not be able to place an order

2. Placing an order in the Store — part 2

Purpose
improving the quality of our services based on reviews submitted by users through a satisfaction survey service
Legal basis
our legitimate interest in processing your data to conduct satisfaction surveys regarding our services (Art. 6(1)(f) GDPR)
Retention period
if you do not submit a review — for a period of 30 days from the date of your purchase, or until we accept your objection to processing; if you do submit a review — until it is deleted, or until we accept your objection to processing*
furthermore, your data will be processed until the expiry of the limitation period for claims — by you or by us (more information on this topic can be found in the last table of this section)
What happens if you do not provide data?
we will not take your feedback into account in our efforts to further develop our services

* whichever applies in a given case

3. Creating an account in the Store

Purpose
performance of the contract for the provision of account management services in the Store
Legal basis
service provision contract (Art. 6(1)(b) GDPR)
Retention period
for the duration of the above-mentioned contract
furthermore, your data will be processed until the expiry of the limitation period for claims — by you or by us (more information on this topic can be found in the last table of this section)
What happens if you do not provide data?
you will not be able to create an account and use its features, such as viewing order history or checking order status

4. Contacting us (e.g. to ask a question)

Purpose
handling your enquiries or requests
Legal basis
contract or actions taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR) — where your enquiry or request relates to a contract to which we are or may become a party	our legitimate interest in processing your data for the purpose of communicating with you (Art. 6(1)(f) GDPR) — where your enquiry or request is not related to a contract
Retention period
for the duration of the binding contract or — if the contract is not concluded — until the expiry of the limitation period for claims — see the last table of this section*	until the expiry of the limitation period for claims — see the last table of this section — or until we accept your objection to processing*
furthermore, your data will be processed until the expiry of the limitation period for claims — by you or by us (more information on this topic can be found in the last table of this section)
What happens if you do not provide data?
we will not be able to respond to your enquiry or request

* whichever applies in a given case

5. Browser settings or similar actions allowing marketing activities

Purpose
direct marketing, consisting of displaying personalised advertisements (you can read more about this in the "Profiling" and "Cookies" sections of this Privacy Policy)
Legal basis
our legitimate interest in processing data for the above-mentioned purpose (Art. 6(1)(f) GDPR)
Retention period
until the expiry or deletion by you of cookies used for marketing purposes*
What happens if you do not provide data?
you will not receive suggestions for products or services that may be of interest to you

* whichever applies in a given case

6. Browser settings or similar actions allowing analytical activities

Purpose
analysis of how you use and navigate the Store website, in order to improve its functionality (you can read more about this in the "Analytical activities" and "Cookies" sections of this Privacy Policy)
Legal basis
our legitimate interest in processing data for the above-mentioned purpose (Art. 6(1)(f) GDPR)
Retention period
until the expiry or deletion by you of cookies used for analytical purposes*
What happens if you do not provide data?
we will not take into account how you use and navigate the Store website in our efforts to develop it further

* whichever applies in a given case

7. Giving your consent to receive marketing content from us (e.g. information about special offers)

Purpose
sending marketing information, especially special offers	analysis of the effectiveness of messages sent by us, in order to establish general principles for effective messaging in our business (you can read more about this in the "Analytical activities" section of this Privacy Policy)
Legal basis
your consent to our marketing activities (Art. 6(1)(a) GDPR)	our legitimate interest in processing data for the above-mentioned purpose (Art. 6(1)(f) GDPR)
Retention period
until you withdraw your consent — remember, you can withdraw your consent at any time. Processing of data up to the moment of withdrawal remains lawful.	until we accept your objection to processing
furthermore, your data will be processed until the expiry of the limitation period for claims — by you or by us (more information on this topic can be found in the last table of this section)
What happens if you do not provide data?
you will not receive our marketing materials, including information about our special offers

8. Subscribing to the newsletter

Purpose
sending the newsletter containing information about products, promotions and news in the Store	analysis of the effectiveness of content sent by us, in order to establish general principles for effective messaging in our business (you can read more about this in the "Analytical activities" section of this Privacy Policy)
Legal basis
your consent (Art. 6(1)(a) GDPR) given by subscribing to the newsletter	our legitimate interest in processing data for the above-mentioned purpose (Art. 6(1)(f) GDPR)
Retention period
until you withdraw your consent (unsubscribe from the newsletter) — remember, you can withdraw your consent at any time. Processing of data up to the moment of withdrawal remains lawful.	until we accept your objection to processing
furthermore, your data will be processed until the expiry of the limitation period for claims — by you or by us (more information on this topic can be found in the last table of this section)
What happens if you do not provide data?
you will not be able to receive information about the Store and our services

When subscribing to the newsletter via the form, in addition to your email address, we automatically record the technical context of the subscription (such as language, market and form source) for the purpose of personalising the content sent to you.

9. Taking action or omission that may give rise to claims related to the Store or our services

Purpose
establishing, pursuing or defending potential claims related to a concluded contract or services provided
Legal basis
our legitimate interest in processing personal data for the above-mentioned purpose (Art. 6(1)(f) GDPR)
Retention period
until the expiry of the limitation period for claims, or until we accept your objection to processing*
What happens if you do not provide data?
it will not be possible to establish, pursue or defend claims

* whichever applies in a given case

10. Geolocation and language preferences

Purpose
detecting your approximate location (country) based on your IP address to suggest the most appropriate version of the Store (skinvibe.pl, skinvibe.eu, skinvibe.uk, or skinvibe.global) with the correct currency, language, and shipping options. Your country and language preferences may be shared with our email marketing provider (Klaviyo) for communication personalisation.
Legal basis
our legitimate interest in ensuring the correct operation of our international store (Art. 6(1)(f) GDPR). The IP address is processed transiently and is not stored. Preference cookies require your consent (category: functional).
Retention period
IP address: processed transiently, not stored. Preference cookies: 60 days from the moment you express your preference.
What happens if you do not provide data?
you can browse the Store without restrictions; however, we will not be able to suggest the Store version best suited to your location

DATA PUBLICATION

If you decide to publish a comment, its content and your signature will be visible to other users of the Store.

We do not disclose your email address to other users — unless you do so yourself.

PROFILING

We carry out profiling within the Store — this will apply to you if you allow such activities. This profiling consists of an automatic assessment of which products or services you may be interested in, using information about the content you view. As a result, advertisements for products or services displayed within the online services you use will be better tailored to you and your needs.

Furthermore, if you subscribe to the newsletter or consent to receive marketing content, our email marketing provider may carry out automated analysis of your data (such as purchase history, message open rates, product preferences) for the purpose of personalising the content sent to you — e.g. selecting recommended products or determining the optimal time for sending messages.

The profiling we carry out does not result in decisions that produce legal effects concerning you or similarly significantly affect you. You have the right to object to profiling at any time pursuant to Art. 21 GDPR.

ANALYTICAL ACTIVITIES

Within the Store website, we carry out analytical activities aimed at increasing its intuitiveness and accessibility — this will apply to you if you allow such activities. As part of the analysis, we will take into account how you use and navigate the Store — for example, how much time you spend on a given subpage, or which areas of the Store you click on. This will allow us to optimise the layout, appearance and content of the Store during its development, in order to improve its functionality.

Furthermore, if you express a wish to receive marketing messages or newsletters from us, we may analyse the effectiveness of our mailings. For example, we may check whether and how they influenced activity in our Store. Such activities will help us establish general principles for sending such messages in our business — e.g. regarding optimal sending times or how to formulate effective content.

DATA SECURITY

When processing your personal data, we apply organisational and technical measures in accordance with applicable laws, including the use of SSL/TLS certificate encryption.

COOKIES

Our Store, like most websites, uses so-called cookies. These files:

• are stored in the memory of your device (computer, phone, etc.);
• do not cause changes to your device settings.

In this Store, cookies are used for the following purposes:

• remembering your session
• statistical purposes
• marketing purposes
• providing Store functionality

Cookies may be set both by us and by third parties whose services we use: Google LLC (analytics and advertising), Meta Platforms, Inc. (advertising), TikTok Technology Ltd. (advertising), Klaviyo, Inc. (email marketing) and Consentmo (cookie consent management). Detailed information about cookies from individual providers is available in the cookie settings on our website.

To learn how to manage cookies, including how to disable them in your browser, you can use your browser's help file. You can access this information by pressing the F1 key in your browser. You will also find appropriate instructions on the following pages, depending on the browser you use:

• Google Chrome
• Opera
• Safari
• Mozilla Firefox
• Microsoft Edge

Below you will find information about the main cookies used in the Store and their validity periods.

cookie name	validity period	cookie function
_ga, _gid	up to 2 years / 24h	Google Analytics — website traffic statistics (analytical)
_gcl_au	90 days	Google Ads — conversion attribution (marketing)
_fbp	90 days	Meta Pixel — ad conversion tracking (marketing)
tt_*	session / up to 13 months	TikTok Pixel — ad conversion tracking (marketing)
__kla_id	2 years	Klaviyo — email marketing profile identification (marketing)
mdApp_countryCodeDomain	60 days	Remembering your selected country (functional)
mdApp_showRecommendationLang	60 days	Remembering your selected language (functional)
__cmp*	1 year	Consentmo — remembering your cookie preferences (essential)

Using the appropriate options in your browser, you can at any time:

• delete cookies,
• block the use of cookies in the future.

In such cases, we will no longer process them.

EXTERNAL SERVICES / DATA RECIPIENTS

We use the services of external entities that support us in conducting our business. We entrust your data to them for processing — these entities process data only on our documented instructions.

Below you will find a list of recipients of your data:

ACTION	DATA RECIPIENTS	TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
any activity related to the Store	Shopify Inc. (Ottawa, Canada) — e-commerce platform	yes — Canada (European Commission adequacy decision) + Standard Contractual Clauses (SCC)
	entity providing technical/IT support	does not take place
	persons cooperating with us on the basis of civil law contracts, supporting our ongoing business activities	does not take place
	BaseLinker Sp. z o.o. (Poland) — sales management software	does not take place
	hosting provider	does not take place
browsing the Store website with settings allowing marketing activities	Meta Platforms, Inc. (Menlo Park, USA) — advertising and remarketing	yes — USA (EU-US Data Privacy Framework)
	TikTok Technology Ltd. (Dublin, Ireland) / ByteDance Ltd. (Singapore) — advertising	yes — Singapore and other countries (Standard Contractual Clauses SCC)
browsing the Store website with settings allowing analytical activities	Google LLC (Mountain View, USA) — Google Analytics, Google Ads	yes — USA (EU-US Data Privacy Framework)
geolocation and Store version personalisation	Mushdesk S.L. (Madrid, Spain) — provider of the Orbe geolocation service	does not take place
placing an order in the Store	payment provider (PayU S.A., PayPo Sp. z o.o. — Poland)	does not take place
	entity delivering the product to you (InPost, DPD, Orlen Paczka and others)	does not take place
	accounting software provider	does not take place
	accounting office	does not take place
	provider of standard office software (including email)	does not take place
subscribing to the newsletter or consenting to receive marketing messages	Klaviyo, Inc. (Boston, USA) — email marketing platform	yes — USA (EU-US Data Privacy Framework)
using services provided to us in connection with the Store by social media platforms	social media platforms (Meta, TikTok, Google/YouTube)	yes — see above
participating in a satisfaction survey regarding our services or products	Judge.me (New Zealand) — product review platform	yes — New Zealand (European Commission adequacy decision)
contacting us (e.g. asking a question)	provider of standard office software (including email)	does not take place

The above-mentioned recipients based in the USA are participants in the EU-US Data Privacy Framework, which has been recognised by the European Commission as providing an adequate level of protection for personal data. In the event that the Data Privacy Framework adequacy decision is invalidated, we will base data transfers on Standard Contractual Clauses (SCC) adopted by the European Commission.

In addition:

relevant public authorities to the extent that we are obliged to disclose data to them.