Privacy policy

1. Data Controller and Definitions

  • The controller of the personal data of Customers / Users of the Online Store, also referred to as the Seller, is: YOVEE Grzegorz Mokobodzki, phone: +48 733 910 100, NIP (Tax ID): 1180063846, REGON: 011974742.
  • You can contact the Data Controller:
    • by post at: Bema 10, 05-420 Józefów, Poland;
    • by email at: info@yovee.pl
  • User – a natural person who visits the page/pages of the Online Store or uses the services or functionalities described in this Privacy and Cookies Policy.
  • Customer – a natural person with full legal capacity, a natural person acting as a Consumer, a legal person or an organisational unit without legal personality to which the law grants legal capacity, who concludes a distance Sales Agreement with the Seller.
  • Online Store – the online service operated by the Seller, available at the electronic address (website): https://masmi.com.pl/ through which the Customer/User can obtain information about Goods and their availability and purchase Goods or order the provision of a service.
  • Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2020, item 344), originating from the Seller and sent to the Customer/User by electronic means; receipt of the Newsletter is voluntary and requires the consent of the Customer/User.
  • Account – a set of data stored in the Online Store and in the Seller’s ICT system relating to a given Customer/User and the orders placed and contracts concluded by them, by means of which the Customer/User may place orders and conclude contracts.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Purposes, Legal Bases and Duration of Data Processing

  • For the purpose of performing the distance Sales Agreement, the Seller processes:
    • information regarding the User’s device in order to ensure the correct operation of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data regarding activity on the Website, including on individual subpages;
    • geolocation information, if the User has consented to the service provider’s access to geolocation. Geolocation information is used to provide more tailored offers of products and services;
    • Users’ personal data: first name, surname, registered office address, correspondence address, email address, phone number, NIP (Tax ID), bank account number or other personal data the provision of which is necessary to complete the purchase and which the Controller requires to be provided in the purchasing process.
  • This information does not in itself contain data relating to the identity of Users, but in combination with other information it may constitute personal data and, as such, the Controller affords it the full protection granted under the GDPR.
  • This data is processed pursuant to Article 6(1)(b) of the GDPR, for the purpose of providing the service, i.e. the agreement for the provision of services by electronic means in accordance with the Terms and Conditions, and pursuant to Article 6(1)(a) of the GDPR, in connection with the consent given to the use of specific cookies or other similar technologies, expressed through the appropriate settings of the web browser in accordance with telecommunications law, or in connection with the consent given to geolocation. The data is processed until the Customer/User ceases to use the Online Store.
  • The Controller undertakes to take all measures required under Article 32 of the GDPR, i.e. taking into account the state of the art, the cost of implementation and the nature, scope and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

3. Controller’s Marketing Activities

  • On the Online Store website, the Data Controller may place marketing information about its products or services. The display of such content is carried out by the Data Controller pursuant to Article 6(1)(f) of the GDPR, i.e. on the basis of the Data Controller’s legitimate interest consisting in publishing content related to the services provided and promotional content regarding campaigns in which the Data Controller is involved. At the same time, this activity does not infringe the rights and freedoms of Customers/Users, who can reasonably expect to receive content of a similar nature, may even expect it, or it is the direct purpose of their visit to the Online Store page/pages.

4. Recipients of Users’ Data

  • The Data Controller discloses users’ personal data only to processors under data processing agreements concluded for the purpose of providing services to the Data Controller, e.g. hosting and website maintenance, IT services, marketing and PR support.

5. Transfer of Personal Data to Third Countries

  • Personal data will not be processed in third countries.

6. Rights of Data Subjects

  • Every data subject has the right:
    • of access (Article 15 GDPR) – to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed. Where such data is being processed, they have the right to access it and to obtain the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the data have been or will be disclosed, the envisaged period for which the data will be stored or the criteria used to determine that period, the existence of the right to request rectification, erasure or restriction of processing of personal data concerning the data subject, and to object to such processing;
    • to obtain a copy of the data (Article 15(3) GDPR) – to obtain a copy of the data undergoing processing, whereby the first copy is provided free of charge and the Data Controller may charge a reasonable fee for any further copies, based on administrative costs;
    • to rectification (Article 16 GDPR) – to request the rectification of inaccurate personal data concerning them or the completion of incomplete data;
    • to erasure (Article 17 GDPR) – to request the erasure of their personal data where the Data Controller no longer has a legal basis for processing it or the data are no longer necessary in relation to the purposes for which they were processed;
    • to restriction of processing (Article 18 GDPR) – to request restriction of processing where:
      • the data subject contests the accuracy of the personal data – for a period enabling the Data Controller to verify the accuracy of the data,
      • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
      • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims,
      • the data subject has objected to processing – pending the verification whether the legitimate grounds of the controller override those of the data subject;
    • to data portability (Article 20 GDPR) – to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and to have the right to transmit those data to another controller, where the processing is based on the data subject’s consent or on a contract with them and the processing is carried out by automated means;
    • to object (Article 21 GDPR) – to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on the controller’s legitimate interests, including profiling. In such a case, the Data Controller assesses whether there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of legal claims. If, according to this assessment, the interests of the data subject override the interests of the controller, the Data Controller will be obliged to cease processing the data for those purposes;
    • to withdraw consent at any time and without giving any reason, whereby the processing of personal data carried out before the withdrawal of consent will remain lawful. Withdrawal of consent will result in the Data Controller ceasing to process the personal data for the purpose for which the consent was given.
  • To exercise the above rights, the data subject should contact the Data Controller using the contact details provided and inform the Controller which right they wish to exercise and to what extent.

7. President of the Personal Data Protection Office

  • The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) with its seat in Warsaw, ul. Stawki 2, who can be contacted as follows:
  • by post: ul. Stawki 2, 00-193 Warsaw, Poland;
  • via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt;
  • Helpline: +48 606-950-000.

8. Data Protection Officer

  • In any case, the data subject may also contact the Controller’s Data Protection Officer directly by email or in writing at the address of the Data Controller given in Section 1 point 2 of this Privacy and Cookies Policy.

9. Changes to the Privacy Policy

  • The Privacy and Cookies Policy may be supplemented or updated in line with the current needs of the Controller in order to provide up-to-date and reliable information to Customers/Users.

10. Cookies

  • The Online Store collects information about Customers, Users and their behaviour in the following ways:
    • through information voluntarily entered in forms, for purposes arising from the function of a given form;
    • by storing cookies (so-called “cookies”) on end devices;
    • by collecting web server logs by the Online Store’s hosting provider (necessary for the correct operation of the service).
  • Cookies are IT data, in particular text files, which are stored on the Customer’s / User’s end device and are intended for use on the Online Store website. Cookies usually contain the name of the website from which they originate, the period of storage on the end device and a unique number.
  • The Online Store uses cookies only after the Customer/User of the Store has given prior consent to this. Consent to the use of all cookies by the Online Store is given by clicking the “I AGREE” button when the notice about the use of cookies by the Online Store is displayed, or by closing this notice.
  • If the Customer/User of the Online Store does not consent to the use of cookies by the Online Store, they may change the settings of the web browser they are currently using (however, this may cause the Online Store website to malfunction).
  • To manage cookie settings, select your browser/system from the list and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
  • The legal basis for processing personal data originating from cookies is the Data Controller’s legitimate interests, consisting in ensuring high quality of services and ensuring the security of services.
  • Two basic types of cookies are used within the Online Store: “session” cookies and “persistent” cookies. “Session” cookies are temporary files that are stored on the User’s end device until they log out, leave the Online Store or switch off the software (web browser). “Persistent” cookies are stored on the Customer’s/User’s end device for the period specified in the cookie parameters or until they are deleted by the Customer/User.

Functional cookies (required)

masmi.com.pl

monit_token: 365 days, cookie
Identifies the store’s customer.

shop_monit_token: 30 minutes, cookie
Identifies the store’s customer.

client: 1 day, cookie
Identifies the logged-in customer / cart of a non-logged-in customer.

affiliate: 90 days, cookie
Stores information about the ID of the affiliate from whom the entry to the store originated.

ordersDocuments: cookie
Stores information about the document printout status.

__idsui: 1095 days, cookie
Cookie necessary for the operation of so-called light login on the site.

__idsual: 1095 days, cookie
Cookie necessary for the operation of so-called light login on the site.

__IAI_SRC: 90 days, cookie
Stores only the source from which the visit to the site originated.

login: cookie
Stores information on whether the user has logged in to the site.

CPA: 28 days, cookie
Contains information about variables for CPA / CPS programs in which the site participates.

__IAIRSABTVARIANT__: 30 days, cookie
Variant identifier for A/B testing and configuration of the IdoSell RS engine.

basket_id: 365 days, cookie
Identifier of the website user’s cart, assigned for the duration of the session.

page_counter: 1 day, cookie
Page view counter.

LANGID: 180 days, cookie
Stores information about the language selected by the website user.

REGID: 180 days, cookie
Stores information about the website user’s region.

CURRID: 180 days, cookie
Stores information about the currency selected by the website user.

__IAIABT__: 30 days, cookie
Stores the identifier of A/B tests for the purpose of testing and improving the store’s functionality.

__IAIABTSHOP__: 30 days, cookie
Stores the identifier of the store participating in the A/B test.

__IAIABTVARIANT__: 30 days, cookie
Stores the identifier of the variant drawn in the ongoing A/B test.

toplayerwidgetcounter[]: cookie
Stores the number of views of a pop-up message.

samedayZipcode: 90 days, cookie
Stores information about the website user’s postal code, which is necessary to offer courier delivery in the SameDay service.

applePayAvailability: 30 days, cookie
Stores information on whether Apple Pay is available as a payment method for the user.

paypalMerchant: 1 day, cookie
PayPal account identifier.

toplayerNextShowTime_: cookie
Stores information about the time when the next pop-up message is to be displayed.

rabateCode_clicked: 1 day, cookie
Stores information about closing the bar informing about an active discount.

freeeshipping_clicked: 1 day, cookie
Stores information about closing the bar informing about free delivery.

redirection: cookie
Stores information about closing the pop-up message informing about the suggested language for the store.

filterHidden: 365 days, cookie
After clicking the option to collapse a filter for products, stores information on which filter should remain collapsed after refreshing the product list.

toplayerwidgetcounterclosedX_: cookie
Stores information about closing a pop-up message.

cpa_currency: 60 minutes, cookie
Contains information about the currency for CPA / CPS programs in which the site participates.

basket_products_count: cookie
Stores information about the number of products in the cart.

wishes_products_count: cookie
Stores information about the number of products on the wishlist.

remembered_mfa: 365 days, cookie
Stores information about a remembered user for multi-factor authentication (MFA) purposes.

IAI S.A.

iai_accounts_toplayer: 30 days, cookie
Ensures correct display of the pop-up message informing about the IdoAccounts login service (https://www.idosell.com/pl/tysiace-gotowych-do-uzycia-funkcji/logowanie-do-sklepu-z-konta-w-innym-serwisie/).

IdoSell

platform_id: cookie
Stores information on whether the site is displayed in a mobile application.

paypalAvailability_: 1 day, cookie
Stores information on whether PayPal is available as a payment method for the user.

ck_cook: 3 days, cookie
Stores information on whether the website user has consented to cookies.

IdoAccounts

accounts_terms: 365 days, cookie
Stores information on whether the user has accepted the consent to use the IdoAccounts service.

express_checkout_login: 365 days, cookie
CookieNameExpressCheckoutLogin

Google

NID: 180 days, cookie
These cookies (NID, ENID) are used to remember user preferences and other information, such as preferred language, the number of search results displayed per page (for example 10 or 20) and whether the user wants to have Google SafeSearch filter enabled. This cookie is also necessary to offer the Google Pay payment service.

Google reCAPTCHA

_GRECAPTCHA: 1095 days, cookie
This cookie is set by Google reCAPTCHA, which protects our site from spam requests in contact forms.

PayPal

ts: cookie
This cookie is typically provided by PayPal and supports payment services on the website.

ts_c: 1095 days, cookie
This cookie is typically provided by PayPal and is used to prevent fraud.

x-pp-s: cookie
This cookie is typically provided by PayPal and supports payment services on the website.

enforce_policy: 365 days, cookie
This cookie is typically provided by PayPal and supports payment services on the website.

tsrce: 3 days, cookie
This cookie is typically provided by PayPal and supports payment services on the website.

l7_az: 60 minutes, cookie
This cookie is necessary for the PayPal login function on the website.

LANG: 1 day, cookie
This cookie is typically provided by PayPal and supports payment services on the website.

nsid: cookie
Used in the context of transactions on the Website. The cookie is required for secure transactions.

Analytical cookies

IAI S.A.

__IAI_AC2: 45 days, cookie
Conversion tracking identifier (Activity Tracking) used to collect the history of sources preceding the placement of an order, as well as the source through which the order was placed, in accordance with the last-click attribution model.

Google Analytics

_ga_: 730 days, cookie
Used by Google Analytics to collect data on the number of times a user visits the site, as well as the dates of the first and last visit.

_ga: 730 days, cookie
Registers a unique identifier that is used to generate statistical data on how the visitor uses the website.

_gid: 1 day, cookie
The _gid cookie registers a unique identifier that is used to generate statistical data on how the visitor uses the website.

_gat: 1 day, cookie
Used to throttle request rate. Analytics anonymises the IP address.

_dc_gtm_UA-#: 730 days, cookie
Used by Google Tag Manager to control the loading of the Google Analytics script tag. Analytics anonymises the IP address.

FPLC: 1200 minutes, cookie
A non-HttpOnly version of the cookie named FPLC with a value hashed from the FPID value.

_gat[_]: 1 minute, cookie
Used to throttle request rate. If Google Analytics is implemented via Google Tag Manager, this cookie will be named _dc_gtm_.

_gat_gtag: 1 minute, cookie
Used to analyse visitors’ browsing habits, flow, source and other information.

__utma: 730 days, cookie
Used to distinguish users and sessions. The cookie is created when the JavaScript library executes and no existing __utma cookie exists. The cookie is updated every time data is sent to Google Analytics.

__utmb: 30 minutes, cookie
Used to determine new sessions/visits. The cookie is created when the JavaScript library executes and no existing __utmb cookie exists. The cookie is updated every time data is sent to Google Analytics.

__utmc: cookie
Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.

__utmt: 10 minutes, cookie
Used to limit the number of requests.

__utmz: 180 days, cookie
Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the JavaScript library executes and is updated every time data is sent to Google Analytics.

__utmv: 730 days, cookie
Used to store custom visitor-level variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor-level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.

AMP_TOKEN: 365 days, cookie
Contains a token that can be used to retrieve a Client ID from the AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from the AMP Client ID service.

FPID: 730 days, cookie
This cookie is by default named FPID (First Party Identifier). The value stored in FPID will be used to set the client identifier in the request sent to Google’s servers.

_gaexp: 90 days, cookie
Used to determine a user’s inclusion in an experiment and the expiry of experiments in which a user has been included.

_opt_awcid: 1 day, cookie
Used for campaigns mapped to Google Ads customer IDs.

_opt_awmid: 1 day, cookie
Used for campaigns mapped to Google Ads Campaign IDs.

_opt_awgid: 1 day, cookie
Used for campaigns mapped to Google Ads ad group IDs.

_opt_awkid: 1 day, cookie
Used for campaigns mapped to Google Ads criteria IDs.

_opt_utmc: 1 day, cookie
Stores the last utm_campaign query parameter.

_opt_expid: 0.2 minutes, cookie
Stores the last utm_campaign query parameter.

Google Analytics pixel: 999 days, tracking pixel
The pixel measures visits, clicks and other digital behaviours. This makes it possible to tailor the marketing strategy.

__utmli: 60 days, cookie
This cookie is part of the Enhanced Link Attribution feature, which (attempts to) distinguish clicks on links to the same destination in in-page analytics. It contains the id (if any) of the clicked link (or its parent) to be read on the next page so that in-page analytics can determine where on the page the clicked link was located.

Google Maps

SID: 3650 days, cookie
Contains digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. The combination of these cookies (SID, HSID) allows Google to block many types of attacks, such as attempts to steal the content of forms submitted in Google services.

Advertising cookies

biobeauty.pl

RSSID: 180 days, cookie
IdoSell RS user identifier, used to display tailored product recommendations on the site.

__IAIRSUSER__: 60 minutes, cookie
IdoSell RS user identifier, used to display tailored product recommendations on the site.

Google Analytics

__gads: 395 days, cookie
Used to ensure the delivery of ads or retargeting.

  • Cookies are used for the following purposes:
    • to create statistics that help understand how Customers/Users of the Online Store use the websites, which makes it possible to improve their structure and content;
    • to maintain the Customer’s/User’s session (after logging in), thanks to which the Customer/User does not have to re-enter their login and password on each subpage of the Online Store;
    • to define the Customer’s/User’s profile in order to display product recommendations and tailored materials in advertising networks, in particular the Google network.
  • Web browsing software (web browser) usually allows cookies to be stored on the Customer’s/User’s end device by default. Customers/Users can change these settings. The web browser allows cookies to be deleted. It is also possible to automatically block cookies.
  • Restrictions on the use of cookies may affect some of the functionalities available on the Online Store’s websites.
  • Cookies placed on the Customer’s/User’s end device may also be used by advertisers cooperating with the Online Store and by the Online Store’s partners.
  • Cookies may be used by the Google network to display ads tailored to the way the Customer/User uses the Online Store. For this purpose, they may retain information about the user’s navigation path or the time spent on a given page: https://policies.google.com/technologies/partner-sites.
  • We recommend that the Customer/User read the privacy policies of these companies in order to learn the rules for the use of cookies used in statistics: Google Analytics Privacy Policy.
  • With regard to information about the Customer’s/User’s preferences collected by the Google advertising network, the Customer/User can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/.
  • Plugins are placed on the Online Store website which may transfer Customers’/Users’ data to controllers such as: Google Maps, Google Analytics, PayPal, Google reCAPTCHA, IAI S.A., Google.
  • For the proper performance of the distance Sales Agreement, the Data Controller may make Customers’/Users’ data available to courier companies. The currently available delivery methods in the Online Store are available at: Payment and delivery methods
  • For the proper performance of the distance Sales Agreement, the Controller may make Customers’/Users’ data available to online payment systems. The currently available prepayment methods in the Online Store are available at: Payment and delivery methods

11. Online Chat

As part of our live chat support, we use the tawk.to platform, which enables real-time communication with users of our website. When using the chat, the tawk.to platform may collect certain personal data, such as name, email address, user location and chat history. This information is used solely to enable effective communication and to provide high-quality customer service. We ensure that all personal data collected via the tawk.to chat is protected in accordance with our privacy policy and is not shared with third parties without the user’s explicit consent.

12. Newsletter

  • The Customer may consent to receive commercial information by electronic means by selecting the appropriate option in the registration form or later in the relevant tab. If such consent is given, the Customer/User will receive at the email address provided information (Newsletter) from the Online Store, as well as other commercial information sent by the Seller.
  • The Customer may unsubscribe from the Newsletter at any time, either by clicking the relevant link in each Newsletter or via the Customer Service Office.

13. Account

  • The Customer/User may not post or provide to the Seller any content in the Online Store, including reviews and other data, that is unlawful.
  • The Customer/User gains access to the Account after registration.
  • As part of registration, the Customer/User provides the account type or gender, first name, surname, company name, NIP (Tax ID), data for issuing the sales document, shipping details, email address and chooses a password. The Customer/User warrants that the data provided by him/her in the registration form is true. Registration requires a thorough reading of the Terms and Conditions and ticking the appropriate box in the registration form to confirm that the Customer/User has read the Terms and Conditions and fully accepts all of its provisions.
  • When the Customer/User is granted access to the Account, a contract for the provision of electronic services relating to the Account is concluded between the Seller and the Customer for an indefinite period. The Consumer may withdraw from this contract under the rules set out in the Terms and Conditions.
  • Registration of an Account on one of the Online Store’s websites simultaneously constitutes registration enabling access to the other websites on which the Online Store is available.
  • The Customer/User may terminate the contract for the provision of electronic services at any time with immediate effect by informing the Seller thereof by email or in writing at the address of the Data Controller given in Section 1 point 2 of this Privacy and Cookies Policy.
  • The Seller has the right to terminate the service contract relating to the Account in the event of discontinuation or transfer of the Online Store service to a third party, breach of the law or the Terms and Conditions by the Customer/User, as well as in the event of the Customer’s/User’s inactivity for a period of 6 months. The contract is terminated subject to a seven-day notice period. The Seller may stipulate that re-registration of an Account will require the Seller’s consent.