1. General information

This policy applies to the www Service, operating at the url address: undercut.pl

The Service Operator and the Personal Data Administrator is: Undercut BarberShop ul. Wilcza 42, Warsaw 00-679

The Operator’s e-mail contact address: undercut@undercut.pl

The Operator is the Administrator of your personal data in relation to the data provided voluntarily on the Service.

The Service uses personal data for the following purposes:

Running the comment system

Handling inquiries via the form

The Service performs the functions of obtaining information about users and their behavior in the following manner:

Through data entered voluntarily in forms, which are entered into the Operator’s systems.

Through saving cookie files (so-called “cookies”) in end devices.

  1. Selected data protection methods used by the Operator

The places of logging in and entering personal data are protected in the transmission layer (SSL certificate). Thanks to this, personal data and login data entered on the website are encrypted on the user’s computer and can only be read on the target server.

Personal data stored in the database are encrypted in such a way that only the Operator who has the key can read them. Thanks to this, the data is protected in the event of the database being stolen from the server.

User passwords are stored in hashed form. The hashing function works one-way – it is not possible to reverse its operation, which is currently the modern standard for storing user passwords.

The Operator periodically changes its administrative passwords.

In order to protect data, the Operator regularly makes backup copies.

An important element of data protection is the regular update of all software used by the Operator to process personal data, which in particular means regular updates of programming components.

  1. Hosting

The website is hosted (technically maintained) on the operator’s servers: another company

In order to ensure technical reliability, the hosting company keeps logs at the server level. The following may be recorded:

resources specified by the URL identifier (addresses of requested resources – pages, files),

time of query arrival,

time of sending the response,

name of the client station – identification performed by the HTTP protocol,

information on errors that occurred during the execution of the HTTP transaction,

URL address of the page previously visited by the user (referrer link) – in the case when the transition to the Service was made via a link,

information on the user’s browser,

information on the IP address,

diagnostic information related to the process of self-ordering services through the registers on the website,

information related to the handling of e-mail directed to the Operator and sent by the Operator.

  1. Your rights and additional information on the method of using data

In some situations, the Administrator has the right to transfer your personal data to other recipients, if it is necessary to perform the contract concluded with you or to fulfill the obligations incumbent on the Administrator. This applies to the following groups of recipients:

persons authorized by us, employees and associates who must have access to personal data in order to perform their duties,

hosting company,

companies handling mailings,

companies handling SMS messages,

companies with which the Administrator cooperates in the scope of its own marketing,

couriers,

insurers,

law firms and debt collectors,

banks,

payment operators,

public authorities.

Your personal data processed by the Administrator for no longer than is necessary to perform the related activities specified in separate regulations (e.g. on accounting). In relation to marketing data, the data will not be processed for longer than 3 years.

You have the right to request from the Administrator:

access to personal data concerning you,

their rectification,

deletion,

restriction of processing,

and data transfer.

You have the right to object to the processing indicated in point 3.2 to the processing of personal data for the purpose of exercising legally justified interests pursued by the Administrator, including profiling, however, the right to object cannot be exercised in the event of the existence of important legally justified grounds for processing, overriding interests, rights and freedoms towards you, in particular the determination, pursuit or defense of claims.

A complaint may be filed against the Administrator’s actions to the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.

Providing personal data is voluntary, but necessary for the operation of the Service.

You may be subject to automated decision-making, including profiling, for the purpose of providing services under the concluded contract and for the purpose of conducting direct marketing by the Administrator.

Personal data is not transferred from third countries within the meaning of the provisions on the protection of personal data. This means that we do not send it outside the European Union.

  1. Information in forms

The service collects information provided voluntarily by the user, including personal data, if provided.

The service may save information about connection parameters (time stamp, IP address).

In some cases, the service may save information facilitating the linking of data in the form with the e-mail address of the user filling out the form. In such a case, the user’s e-mail address appears inside the URL of the page containing the form.

The data provided in the form is processed for the purpose resulting from the function of a specific form, e.g. in order to process a service request or sales contact, register services, etc. Each time, the context and description of the form clearly informs what it is for.

  1. Administrator’s Logs

Information about the behavior of users on the service may be subject to logging. This data is used to administer the service.

  1. Important marketing techniques

The operator uses statistical analysis of traffic on the website, through Google Analytics (Google Inc. based in the USA). The operator does not transfer personal data to the operator of this service, but only anonymized information. The service is based on the use of cookies on the user’s end device. In terms of information about user preferences collected by the Google advertising network, the user can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/

  1. Information about cookies

The Service uses cookies.

Cookies (so-called “cookies”) are computer data, in particular text files, which are stored on the Service User’s end device and are intended for using the Service’s websites. Cookies usually contain the name of the website from which they originate, the time of their storage on the end device and a unique number.

The entity placing cookies on the Service User’s end device and obtaining access to them is the Service operator.

Cookies are used for the following purposes:

maintaining the Service user’s session (after logging in), thanks to which the user does not have to re-enter their login and password on each subpage of the Service;

achieving the purposes specified above in the “Important marketing techniques” section;

The Service uses two basic types of cookies: “session cookies” and “persistent cookies”. “Session” cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or disabling the software (web browser). “Persistent” cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.

Software for browsing websites (web browser) usually allows cookies to be stored on the User’s end device by default. Users of the Service can change the settings in this regard. The web browser allows deleting cookies. It is also possible to automatically block cookies. Detailed information on this subject is included in the help or documentation of the web browser.

Restrictions on the use of cookies may affect some functionalities available on the Service’s websites.

Cookies placed on the Service User’s end device may also be used by entities cooperating with the Service operator, in particular the following companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).

  1. Managing cookies – how to express and withdraw consent in practice?

If the user does not want to receive cookies, they can change their browser settings. We reserve that disabling the support of cookies necessary for authentication processes, security, and maintaining user preferences may make it difficult, and in extreme cases may prevent the use of websites

To manage cookie settings, select the web browser you are using from the list below and follow the instructions:EdgeInternet ExplorerChromeSafariFirefoxOperaMobile devices:

  • Android
  • Safari (iOS)
  • Windows Phone