This policy complies in particular with the provisions of the Regulation of the European Parliament
and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in relation to with the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (GDPR).
1. About us
The administrators of your personal data are Paulina Kasprzak / Salon Maha Punye Ayurveda, Ul. Ruczaj 43 U2B, 30-409 Kraków. NIP: 5532371107 REGON: 123131161
and Martyna Kasprzak / Salon Maha Punye Ayurveda, ul. Ruczaj 43 U2B, 30-409 Kraków NIP: 6762476603, REGON: 123136369.
The administrators can be contacted by e-mail at: firstname.lastname@example.org, by phone: 539 338 836 or by letter at: Salon Maha Punye Ayurveda Ul. Ruczaj 43 U2B 30-409 Kraków.
2. Collected data
Before using our services, by completing the consultation form, you provide us with the following data: name, surname, telephone number, e-mail address and data regarding health condition, diseases, injuries, medications taken. It is the knowledge necessary to identify possible contraindications to treatments and the safe performance of the service.
- If you order the service by phone, you provide us with your name and phone number.
When ordering the service by e-mail, you provide us with your name, e-mail address and telephone number.
- If you purchase a gift voucher or a carnet through our website www.mahapunye.com, you provide us with personal data - name, surname, email address and telephone number. If you wish to personalize the voucher / carnet, you also provide us with the name and surname of the person who will be the gift receiver. Your personal data will be transferred to the www.Przelewy24.pl payment system in order to finalize the transaction. The buyer's personal data through the website is never used for marketing purposes.
- The data of the buyer via the website www.mahapunye.com will be automatically deleted from the system after 2 years from the purchase transaction.
- Additionally, our reception area is subject to video surveillance and is marked with a monitoring pictogram.
3. How the data is used
We only use your health data to provide services. The data obtained in writing is entered by the data controller into the www.medfile.pl electronic system. The system has all safeguards for the protection of sensitive data in accordance with the GDPR regulation. The consultation card, after scanning and attaching it to files in the www.medifile.pl system, is destroyed. The card in physical form is not stored for more than 3 months. During this time, it is kept in a locked cabinet. The administrator and authorized employees have access to the card. The physical card is destroyed with a shredder with DIN 4 security level.
Your contact details are stored in Google contacts and the data of people who have agreed to receive marketing messages on the internal OpenOffice Calc lists.
Your contact details, in addition to the purpose of making an appointment, will be used for marketing purposes if you have consented to it in the form:
We will use the telephone number to send information about promotions no more than once a month. We use the application for mass sending of text messages www.smsapi.pl.
We use e-mail address to request an opinion / recommendation of the quality of service in the system of Trip Advisor, Facebook, Google.
The data obtained as a result of the monitoring record are used to ensure the safety of you, our other clients and our employees, are saved for a period of 60 days and then deleted.
4. Your rights
- The right to access your personal data. This right allows you to receive information as to whether we process personal data about you, and if so, the right to receive a copy of the personal data that we process. The right to access personal data allows you to verify that we are processing it lawfully.
- The right to rectify your personal data. This right allows you to request the correction of incomplete, untrue or out-of-date data that we process. In some cases, when fulfilling your request, we will have to verify the correctness of the new data you provide to us.
- The right to limit the processing of your personal data.This right allows you to ask us to suspend the processing of your personal data in the following situations:(I) when you want us to check the accuracy of the data; (II) when our processing is unlawful; (III) when you need the data to establish, assert or defend claims, even though we no longer need your data for our own processing purposes; (IV)when you have objected to our processing, but we need to verify whether we still have overriding and legitimate grounds to continue processing your personal data.
- The right to delete your personal data.This right allows you to request the deletion of your personal data, if it is no longer necessary for the purposes for which it was collected. You can also request us to delete your personal data, if you have successfully exercised your right to object to processing (see below), if we process your data unlawfully or we are required to delete your personal data in order to comply with the legal obligation indicated in provisions of applicable law. Remember that in some cases, we are obliged to process your data on the basis of applicable regulations and we cannot fulfill your request.
- The right to object to the processing of your data in a situation where we process your data based on the premise of a legitimate interest). You can raise the right to object for reasons related to your particular situation, when, in your opinion, the processing affects your rights or freedoms. You also have the right to object if we process your data for direct marketing purposes. In some cases, we can demonstrate that we have legitimate grounds for data processing that override your rights and freedoms (e.g. data protection in connection with an ongoing legal dispute). In such cases, the right to object does not entail the deletion of your personal data.
- The right to transfer your personal data. In exercising this right, we will provide you or a third party indicated by you with your personal data in a structured, commonly used and machine-readable format. Remember that you are entitled to this right only in relation to data processed on the basis of consent or the premise for the performance of a contract that you have concluded with us, and the processing itself is carried out in an automated manner (in IT systems).
If you have given us your consent to process your personal data, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
5. Communication and marketing
In order to provide services, we will communicate with you by phone, e-mail and SMS messages. The purpose of the SMS message is to remind you about the booked service date. This message can also be sent via e-mail, if you so wish. If you check the appropriate boxes in the form, we will send you marketing messages via the smsapi.pl mass text message system regarding our services, trying to keep their frequency moderate and we will ask you by sending an e-mail request for opinion and / or ordering the quality of services on our fanpage, or external websites (e.g. Trip Advisor, Google).
Cookies (cookies) are small text information in the form of text files, sent by the server and saved on your device (e.g. on the hard drive of a computer, laptop or smartphone's memory card) during your visit to our website. We process them in order to implement the basic functionalities of the website, identify the logged in user, adjust the content of the website to the user's preferences and remember the ordered products in the basket. Our site may also contain elements that place cookies on behalf of third parties, such as the Facebook "Like" button or leave a review from Trip Advisor. If you disable cookies, you may not be able to use certain parts of our website. If you delete cookies from your browser, you may need to reinstall the rejected cookies. The duration of the storage of files depends on the type of cookies. Session cookies expire when the browser is closed. Persistent cookies, including local shared objects ("flash cookies"), typically expire between two months and two years.
7. Data sharing
We may share your data with:
- payment agents for the purpose of making a non-cash payment, to the extent specified by the contract that connects us with them;
- public authorities (eg the Police) within the scope of the binding provisions of common law;
- database service providers (the so-called cloud) within the scope of the applicable contract;
8. Data storage
We store your data in two forms: paper and electronic. The paper form is the form you fill out before using the services; electronic forms are password-protected databases. We store your data in electronic form for as long as it is necessary to achieve the purposes for which the data was collected, until you request its deletion. The paper form is destroyed after all data has been entered into the system. It is stored no longer than 3 months and destroyed with a shredder with DIN4 protection.
We keep the monitoring record for 60 days and then it is automatically deleted.
9. Reporting a violation
In the event of a breach of the protection of your personal data, we will immediately notify the competent supervisory authority and you, but not later than within 72 hours.
In order to exercise your rights, please contact us using:
Tel: 539 338 836
Registered office address: Salon Maha Punye Ayurveda Ul. Ruczaj 43 U2B 30-409 Kraków.