Privacy Policy

1. General Information

This policy applies to the website operating at: https://elixscent.com/

The website operator and the Personal Data Administrator is:
ELIX SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
PPŁK. STANISŁAWA SKARŻYŃSKIEGO 26,
54-530 WROCŁAW, DOLNOŚLĄSKIE, POLAND
Tax ID (NIP): 9151696582

Operator’s contact email address: info@elixscent.com

The Operator is the Administrator of your personal data with regard to the data voluntarily provided on the Website.

The Website uses personal data for the following purposes:

• Handling inquiries submitted via forms
• Providing ordered services
• Presenting offers or information

The Website collects information about users and their behavior in the following ways:

• Through data voluntarily entered into forms, which is then stored in the Operator’s systems
• By saving cookies on users’ end devices
  
  
  

2. Selected Data Protection Methods Used by the Operator

Login areas and places where personal data is entered are protected during transmission using SSL encryption. As a result, personal data and login credentials entered on the website are encrypted on the user’s device and can only be read by the target server.

Personal data stored in the database is encrypted in such a way that only the Operator possessing the encryption key can read it. This protects the data in the event of unauthorized access to the database.

User passwords are stored in hashed form. The hashing function operates in a one-way manner, meaning it cannot be reversed, which is the current industry standard for password storage.

The Operator periodically changes administrative passwords.

To minimize the risk of unauthorized access, the Operator uses complex passwords containing lowercase and uppercase letters, numbers, and special characters, with a minimum length of 8 characters.

The Website uses two-factor authentication as an additional layer of login security.

An important aspect of data protection is the regular updating of all software used by the Operator to process personal data, including regular updates of software components.

The Operator regularly creates backup copies to protect data.

3. Hosting

The Website is hosted (technically maintained) on the servers of: OVHcloud Poland

To ensure technical reliability, the hosting provider maintains server logs. The following information may be recorded:

• Resources identified by URLs (requested pages or files)
• Time the request was received
• Time the response was sent
• Client workstation name identified via the HTTP protocol
• Information about errors occurring during HTTP transactions
• URL of the previously visited page (referrer link), if the user accessed the Website via a link
• Information about the user’s browser
• Information about the IP address
• Diagnostic information related to the process of ordering services through the website
• Information related to handling emails sent to and from the Operator
  

4. Your Rights and Additional Information About Data Usage

In certain situations, the Administrator has the right to transfer your personal data to other recipients if necessary for the performance of a contract concluded with you or to fulfill obligations imposed on the Administrator. This applies to the following groups of recipients:

• Hosting providers acting under a data processing agreement
• Authorized employees and associates who use the data to fulfill the Website’s purposes
• Companies providing marketing services on behalf of the Administrator

Your personal data is processed by the Administrator no longer than necessary to perform activities specified by separate regulations (e.g., accounting regulations). In the case of marketing data, the data will not be processed for longer than 3 years.

You have the right to request from the Administrator:

• Access to your personal data
• Rectification of your data
• Deletion of your data
• Restriction of processing
• Data portability

You also have the right to object to the processing referred to in point 3.3(c) regarding the processing of personal data for purposes arising from the legitimate interests pursued by the Administrator, including profiling. However, the right to object may not be exercised if there are compelling legitimate grounds for processing that override your interests, rights, and freedoms, particularly for the establishment, exercise, or defense of legal claims.

You have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

Providing personal data is voluntary but necessary for using the Website.

Automated decision-making, including profiling, may be carried out in relation to you for the purpose of providing services under the concluded agreement and for direct marketing purposes by the Administrator.

Personal data is not transferred to third countries within the meaning of data protection regulations. This means that we do not transfer your data outside the European Union.

5. Information in Forms

The Website collects information voluntarily provided by users, including personal data if supplied.

The Website may save connection parameters (timestamp, IP address).

In some cases, the Website may save information facilitating the linking of form data with the email address of the user completing the form. In such cases, the user’s email address may appear within the URL of the page containing the form.

The data provided in forms is processed for purposes resulting from the specific form’s function, e.g.:

• Handling service requests
• Commercial contact
• Service registration

Each form clearly informs the user about its purpose.

6. Administrator Logs

Information regarding users’ behavior on the Website may be logged. This data is used for website administration purposes.

7. Important Marketing Techniques

The Operator uses website traffic analysis through Google Analytics (Google Inc., USA). The Operator does not transfer personal data to the service provider, only anonymized information. The service uses cookies stored on the user’s device.

Users can view and edit information resulting from Google advertising cookies using the following tool:
Google Ads Preferences

The Operator uses the Facebook Pixel. This technology enables Facebook (Facebook Inc., USA) to know that a registered user is using the Website. In this case, Facebook acts as the data controller. The Operator does not provide Facebook with any additional personal data. The service uses cookies stored on the user’s device.

The Operator uses remarketing techniques that allow advertising messages to be tailored to user behavior on the Website. While this may create the impression that personal data is being tracked, in practice no personal data is transferred from the Operator to advertising providers. Such activities require cookies to be enabled.

The Operator uses solutions analyzing user behavior by creating heat maps and recording sessions on the Website. This information is anonymized before being sent to the service provider, so the provider cannot identify the individual concerned. In particular, passwords and other personal data are not recorded.

The Operator uses solutions automating the operation of the Website in relation to users, e.g., sending an email after visiting a specific subpage, provided the user has consented to receiving commercial communications.

The Operator may use profiling within the meaning of personal data protection regulations.

8. Information About Cookies

The Website uses cookies.

Cookies are IT data, particularly text files, stored on the User’s end device and intended for use with the Website. Cookies usually contain:

• The name of the website they originate from
• Storage duration on the user’s device
• A unique number

The entity placing cookies on the User’s device and accessing them is the Website Operator.

Cookies are used for the following purposes:

• Maintaining the user session after login, so the user does not need to re-enter login credentials on each subpage
• Achieving the purposes described above in the section “Important Marketing Techniques”

The Website uses two main types of cookies:

• Session cookies – temporary files stored on the user’s device until logout, leaving the website, or closing the browser
• Persistent cookies – stored on the user’s device for the period specified in cookie parameters or until deleted by the user

Web browsers usually allow cookies to be stored by default. Users may change browser settings to delete cookies or automatically block them. Detailed information can be found in the browser’s help documentation.

Restrictions on the use of cookies may affect some functionalities available on the Website.

Cookies placed on the user’s device may also be used by entities cooperating with the Website Operator, including:

• Google
• Facebook
• X (formerly Twitter)
  

9. Managing Cookies – How to Give and Withdraw Consent

If the user does not wish to receive cookies, browser settings can be changed accordingly. Please note that disabling cookies necessary for authentication, security, and maintaining user preferences may hinder or, in extreme cases, prevent the use of websites.

To manage cookie settings, select your browser from the list below and follow the instructions:

• Edge
• Internet Explorer
• Chrome
• Safari
• Firefox
• Opera

Mobile devices:

• Windows Phone
• Android
• Safari (iOS)