Information
×
Catalogue of products
0
0
More
Cart
Catalogue
Profile
Wish List
Language
PL|EN|UA
  • Responsible person in the EU: Eurocos Sp. z o.o. NIP: 6793242898, registered in Poland, ul. Bonarka 19/5, Krakow, 30-415
  • bok@greenpharmcosmetic.eu
  • Manufacturer: LLC "KFK GREEN PHARM COSMETIC", Ukraine, 61051, Kharkiv, 6 Artyleriiska St. Production site: Ukraine, 61054, Kharkiv, 120 Akademika Pavlova St.
  • Privacy Policy (GDPR) – general

Privacy Policy (GDPR) – general

Privacy Policy (GDPR) – general

PRIVACY POLICY (GDPR) – GENERAL GREENPHARMCOSMETIC.EU
Effective from: 01.03.2026

Introduction
This Privacy Policy sets out the rules for processing the personal data of Users of the Website and Customers of the online Store operating at greenpharmcosmetic.eu (the “Website”, “Store”). The document has been prepared in accordance with applicable legal provisions, including the GDPR and national laws.

  1. §1. General provisions

    This Policy applies to data obtained through forms on the Website, the purchase process, the Customer account, contact with Customer Service, complaints/returns, the newsletter, and analytical activities.

    The document has been prepared in accordance with:

    1. Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”),
    2. the Act of 10 May 2018 on the Protection of Personal Data,
    3. the Act of 30 May 2014 on Consumer Rights,
    4. the Act of 12 July 2024 – Electronic Communications Law (with respect to marketing consents and cookies – details in the Cookies Policy).

  2. §2. Data controller

    The controller of personal data is:

    Eurocos sp. z o.o.
    ul. Bonarka 19/5, 30-415 Kraków, Poland
    NIP: 6793242898, REGON: 522490862, KRS: 0000980676

    Contact:

    bok@greenpharmcosmetic.com

    In matters concerning the protection of personal data, you can contact the Controller by e-mail or in writing at the registered office address.

  3. §3. What data we process

    Depending on how you use the Website, we may process, among others:

    1. first and last name,
    2. delivery/correspondence address,
    3. e-mail, telephone number,
    4. invoice details (company, NIP),
    5. order, return and complaint history,
    6. technical data: IP, online identifiers, data about the device and browser (details in the Cookies Policy).

    Providing data is voluntary, but to the extent necessary to fulfil an order it is required.

  4. §4. Purposes and legal bases of processing

    We process data for the following purposes:

    • Setting up and maintaining a Customer Account – Article 6(1)(b) GDPR.
    • Placing and fulfilling an order (sales contract) – Article 6(1)(b) GDPR.
    • Handling payments and settlements – Article 6(1)(b) and (c) GDPR.
    • Issuing sales documents (receipt/invoice) – Article 6(1)(c) GDPR.
    • E-receipt (if offered) – an e-receipt is sent after obtaining the Customer’s explicit consent. Legal basis: Article 6(1)(a) GDPR (consent) and Article 6(1)(c) GDPR (documentation obligations).
    • Contact and handling of inquiries/Customer Service – Article 6(1)(f) GDPR (legitimate interest: communication and service).
    • Complaints, returns, withdrawal from the contract – Article 6(1)(b) and (c) GDPR.
    • Establishment, assertion or defence of claims – Article 6(1)(f) GDPR.
    • Newsletter / marketing communication (if implemented) – Article 6(1)(a) GDPR (consent).
    • Analytics and statistics – Article 6(1)(a) GDPR (if based on cookies) or (f) GDPR (for data necessary for security and operation). Details: Cookies Policy.

  5. §5. Data recipients

    Data may be transferred to entities processing it on behalf of the Controller, in particular:

    1. payment operators (e.g. Przelewy24 / PayU – if implemented),
    2. courier companies and logistics operators,
    3. providers of hosting, e-commerce tools and IT services,
    4. providers of accounting systems and the accounting office,
    5. providers of analytical and marketing tools (if used – details in the Cookies Policy).

    Data may be disclosed to public authorities if required by law.

  6. §6. Transfer of data outside the EEA

    If we use tools from providers whose servers are located outside the EEA (e.g. in the USA), data may be transferred outside the EEA on the basis of:

    1. standard contractual clauses, or
    2. a decision of the European Commission finding an adequate level of protection (if applicable).

  7. §7. Data retention period

    • Data related to order fulfilment and sales documentation – for the period required by tax and accounting regulations.
    • Customer Account data – until the account is deleted (subject to archiving obligations and claims).
    • Data from correspondence and Customer Service – for the time necessary to handle the matter and possibly until the limitation of claims.
    • Data processed on the basis of consent (e.g. newsletter) – until consent is withdrawn.

  8. §8. Rights of the data subject whose data is concerned

    You have the right to:

    1. access your data,
    2. rectification,
    3. erasure,
    4. restriction of processing,
    5. data portability,
    6. object (where the basis is Article 6(1)(f) GDPR),
    7. withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

  9. §9. Right to lodge a complaint

    If you believe that your data is processed unlawfully, you have the right to lodge a complaint with:

    the President of the Personal Data Protection Office (UODO).

  10. §10. Profiling and marketing

    We may use profiling for marketing/analytical purposes only to the extent that you have consented to it (e.g. marketing cookies) or where it is necessary to present content on the Website.

    Profiling does not produce legal effects concerning you, nor does it significantly affect you in a similar way.

  11. §11. Data security

    We apply technical and organisational measures appropriate to the risks, including, among others, access safeguards, encryption of connections (SSL) and restriction of access to data only to authorised persons.

  12. §12. Cookies

    Detailed information about cookies and similar technologies (categories, purposes, consents, providers) can be found in the Cookies Policy document on the Website.

  13. §13. Changes to the Policy

    The Controller may update the Policy, in particular in the event of changes in the law or the functionality of the Website. The current version is always published on the Website.