Privacy policy

BEAUTY ELIXIR PRIVACY POLICY This privacy policy (“Privacy Policy”) forms an integral part of the BEAUTY ELIXIR Online Shop’s Regulations of 1 September 2021 (“Regulations”).


  1. This Privacy Policy of the BEAUTY ELIXIR Online Shop determines the basic principles related to processing of personal data by FITNESS AUTHORITY and rights of persons whose data are processed by FITNESS AUTHORITY.
  2. FITNESS AUTHORITY collects shared personal data to make them available and improve the Online Shop, sell products and potentially consider claims connected with sale.
  3. Depending on personal data category, the basis of processing thereof shall be changed. The basis for data processing is, inter alia, a consent of a personal data subject, legal obligations imposed on FITNESS AUTHORITY or legitimate interest of FITNESS AUTHORITY.
  4. Provision of personal data is voluntary, however failure to provide them may make it impossible to sell products or to render a full scope of services by FITNESS AUTHORITY for the benefit of users of the Online Shop.
  5. Persons whose personal data are processed are entitled to access their personal data and rectify them, erase them and limit the processing of personal data, transfer personal data, object to further processing of personal data, withdraw the consent to the processing of personal data, and furthermore they have the right to lodge a complaint with competence public bodies about the personal data processing.
  6. In view of the characteristics of operation of FITNESS AUTHORITY, personal data may be provided to other entities, including to public bodies in legally justified or ordered cases, to entities that process personal data on behalf of FITNESS AUTHORITY on the basis of concluded agreements (e.g. accounting offices, law firms, carriers, marketing specialists) or to staff members or associates of FITNESS AUTHORITY based on relevant authorisations.
  7. Personal data may be processed in an automated way but they shall not be subject to profiling. Personal data shall not be provided outside the European Economic Area.
  8. Personal data shall be processed for the time necessary to render the services or to conclude the agreement, as well as for the time connected with prescription of claims related to such agreements and services or by the time of withdrawing the consent to data processing, by the time of lodging an objection in connection with data processing or by the time of satisfaction of legitimate interest of FITNESS AUTHORITY or by the time of fulfilment of legal obligations by FITNESS AUTHORITY.
  9. A detailed overview of the issues related to personal data processing by FITNESS AUTHORITY is available below in a full text of the Online Shop Privacy Policy.



  1. The Controller of personal data is the company under the business name: FITNESS AUTHORITY Spółka z ograniczoną odpowiedzialnością with its registered office in Otomin (80-174) at the address: ul. Konna No. 40, entered into the Register of Entrepreneurs of the National Court Register [KRS] by the District Court for Gdańsk-Północ in Gdańsk, 7th Commercial Division of the National Court Register under KRS No.: 0000355208, NIP [Tax ID No.]: 9571037001, share capital: PLN 19,400,000.00 (“Controller”).
  2. Contact with the Controller is possible via electronic mail at the following email address:
  3. Personal data (“Data”) are processed in accordance with the provisions of the Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and the provisions of other legal acts on personal data protection.


  1. The data are processed by the Controller for the following purposes:
    1. preparation, conclusion and performance of the agreement for provision of services by electronic means or Sale Agreement, including for the purpose of fulfilling the obligations connected with complaints or similar - the basis for processing the Data is Article 6(1)(b) of the GDPR, and in the case of Customer’s representative, the basis for processing his/her Data is the legitimate interest of the Controller, i.e. a possibility of contacting the Customer (Article 6(1)(f) of the GDPR);
    2. service and respectively maintenance (recording and archiving) of communication carried out through the contact form or messages sent to the Controller’s address or address of electronic mail indicated in the Online Shop - the basis for processing is Article 6(1)(c) of the GDPR in the case when the Controller is obliged to contact the Customer in connection with fulfilment of the legal obligations imposed on the Controller, and also Article 6(1)(f) of the GDPR when the legitimate interest of the Controller is reflected in delivery of replies to asked questions;
    3. establishment of, pursuit of or defence against claims related to concluded agreements or rendered services - the basis for processing is Article 6(1)(f) of the GDPR;
    4. fulfilment of the legal obligations imposed on the Controller in accordance with applicable tax and accounting provisions, including archiving of agreements and settlement documents - in such a case, the basis for processing is Article 6(1)(c) of the GDPR;
    5. conducting analyses, statistics, marketing actions and sending commercial information by electronic means (including Newsletter) - the basis for processing is Article 6(1)(a) of the GDPR, i.e. consent of the data subject or Article 6(1)(f) of the GDPR, when the processing pertains to the User.
  2. Data processed in accordance with (1) above may be made accessible to third parties, including, among others:
    1. to entities with which the Controller has concluded personal data processing agreements, i.e. to entities rendering IT, accounting, banking, legal, administrative, postal, courier, marketing services or Newsletter service;
    2. to staff members or associates of the Controller, who have been trained, authorised and obliged to keep confidentiality and to comply with personal data protection provisions;
    3. to public administration bodies or to other entities authorised on the basis of legal provisions to demand that the personal data be provided, in order to fulfil the obligations of the Controller or the aforementioned bodies and entities.
  3. The Controller processes the following personal data: first and last name, electronic mail address, contact phone number, address (street, house number, suite number, postcode, town/city, country) and delivery address. In the case of Users being entrepreneurs, the Controller additionally processes the name or business name and Tax ID No. [NIP] of the entrepreneur.
  4. Moreover, the Controller may process the Data reflecting the way of using services rendered by electronic means and Data necessary to render the Newsletter service:
    1. designations which identify the end of telecommunication network or ICT system of the person using the Online Shop and services rendered by electronic means;
    2. information about using, including about commencing, finishing and the scope of using the Online Shop and the foregoing services each and every time;
    3. e-mail address.
  5. Provision of the Data from (3) above is crucial for the services to be properly rendered by electronic means within the Online Shop, as well as to conclude and perform the Sale Agreement. Provision of the Data is voluntary but a refusal to provide them may result in impossibility of concluding the relevant agreement with the User or rendering the services for the benefit of the User.
  6. The Data may be processed in an automated way but they shall not be subject to profiling. The Controller shall not make any decisions whatsoever towards the Data subject, which would be based solely on automated processing of the Data, and which would give rise to legal effects or would significantly affect the Data subject in a similar way.
  7. The Data shall be stored for the period necessary to complete the objectives from (1) above, i.e.:
    1. for the purposes connected with conclusion and performance of the Sale Agreement - by the time of performance thereof, however not shorter than for the prescription period of claims related to the Agreement;
    2. for the purposes of handling communication - for the period necessary for addressing a notification, as well as for the prescription period of claims related to the given case;
    3. for tax, accounting or other purposes necessary from the perspective of the applicable provisions - for the time consistent with the application provisions;
    4. for the purposes specified in (1) point (5) above - by the time of withdrawing the consent, satisfying the legitimate interest of the Controller or a third party or by the time of lodging an objection to personal data processing.


  1. The Controller may benefit in the Shop from profiling for the purposes of direct marketing but decisions made on the basis thereof by the Controller do not pertain to conclusion of or refusal to conclude any agreement whatsoever through the intermediary of the Shop.
  2. The profiling consists in automated analysing or forecasting the behaviour of a given person in the Shop.
  3. The effect of benefiting from profiling may be the award of a discount to a given person, reminding about uncompleted purchasing, sending of proposals concerning the Product which may meet the interests or preferences of a given person or proposing of better terms & conditions compared to the standard offer. Despite the profiling, it is a given person that makes a decision freely whether he/she will want to use the discount received in this way or better terms & conditions and make a purchase in the Shop.


The Data subjects have the following rights within the scope and in the cases provided for in the GDPR, as well as other legal acts on personal data protection:

  1. right to access the Data and rectify them (Article 15 and Article 16 of the GDPR);
  2. right to erase and limit the processing of the Data (Article 17 and Article 18 of the GDPR);
  3. data portability right (Article 20 of the GDPR);
  4. right to object to the Data processing (Article 21 of the GDPR);
  5. right to withdraw the consent to the Data processing when the processing takes place on the basis of Article 6(1)(a) of the GDPR - withdrawal of the consent does not affect the legality of the data processing prior to withdrawal of the consent;
  6. right to lodge a complaint with the President of the Personal Data Protection Office ( in the case when the Data are deemed to be processed in a breach of the personal data protection provisions.


  1. The Online Shop uses Cookies. Cookies are IT-related data saved in the form of text files placed in User’s terminal devices, which are used for benefiting from the Online Shop, e.g. laptop or smartphone.
  2. Cookies are divided into necessary Cookies (required for the Online Shop to correctly operate and for provision of services), as well as Cookies the use of which is not required for the Online Shop to correctly operate or for provision of services.
  3. Cookies other than the necessary ones are saved on User’s terminal device only after prior express consent of the User, i.e. the consent given before saving them. The Controller encourages getting acquainted with the issues concerning the use of Cookies.
  4. Cookies allow to recognise user’s device, to display the Online Shop in a way that is consistent with user’s preferences or to maintain user’s session. Cookies typically contain the name of their website of origin, the storage period on the terminal device and a unique number.
  5. Cookies allow to adapt the displayed content to User’s preferences, as well as to optimise the use of the Online Shop. Moreover, Cookies may be used for creating anonymised and aggregated statistics which allow to understand the way of using the Online Shop by Users.
  6. The Controller uses the following types of Cookies:
    1. session - temporary files remaining on user’s device by the time of logging out of the website or turning off the software (browser);
    2. persistent - temporary files remaining on user’s device for particular time (consistent with parameters of specific Cookies) or by the time of removal thereof by the user;
    3. external - temporary files coming from external web sites, used for collection of statistical data pertaining to the way of using the Online Shop - for this purpose, the Controller uses the following tools:
      a. Google Analytics;
  7. The User may resign from placing Cookies on terminal devices by the software for browsing through websites.
  8. Detailed information about the possibility and ways of handling Cookies is available in settings of the software used for browsing through websites. Limitation of using Cookies may affect some functionalities of the Online Shop.
  9. Limitation of using Cookies may affect some functionalities available in the Service.


  1. The Privacy Policy only refers to the Online Shop. The Online Shop may contain hyperlinks redirecting to other websites not related to the Controller. The Controller does not bear responsibility & liability for contents placed in the aforementioned services, as well as for the privacy protection principles applicable therein. The Controller suggests getting acquainted with the privacy policies binding on such websites.
  2. As part of the conducted activities, the Controller applies technical and organisational means & measures to ensure protection of the processed Data within the scope appropriate to the category of the data covered by protection and hazards which may pertain to them. The Controller takes, in particular, actions to prevent the Data from being disclosed to unauthorised persons, from being processed in breach of the provisions or from being rectified, lost, damaged or destructed by third parties.
  3. The Controller applies the following technical means & measures for data protection:
    1. The Data are sent by the safe SSL/TLS protocol;
    2. The Data stored on servers are encrypted - protection of the Data against physical access to servers is ensured by a reliable service provider;
    3. The Data used for authorisation are encrypted and have been secured against unauthorised access by third parties;
    4. access to the Account is possible only after entering an individual login and password created by the customer.
  4. The Controller reserves the right to update and amend the Privacy Policy. Updated versions of the Privacy Policy shall be made accessible on the Online Shop’s website.
  5. The Controller is not responsible & liable for actions or omissions of Users, as a result of which the Controller processes the personal data given by them in the way specified herein.
  6. The Controller reserves the right to introduce changes, withdraw or modify the functions or properties of the Online Shop at all times, as well as to cease its activities, transfer the rights to the Online Shop and to perform any and all legal activities permitted by the applicable provisions of the law.
The Discovery

Reset Password

Please enter a valid email address.
Please enter your Name and Surname.
Please enter a valid email address.
Password must be min. 6 characters long.
Password must be min. 6 characters long.