Time remaining until the promotion ends:0d 17h 21m 44s
🎉 May Promotion! Get 10% off everything with the code "MAY10" – limited time only! Dreaming of a purchase but need financing? Take advantage of our 0% interest offer! 📲 Our team is available 24/7 on chat – message us to learn more!

Polityka prywatności

1. Data Administrator and Definitions

  1. The administrator of the personal data of Customers / Users of the Online Store, also referred to as the Seller, is: Wellness and spa sp. z o.o., phone: +44 7459 857835, VAT ID: 5273151249, REGON: 54088175500000 KRS: 0001154668.
  2. You can contact the data administrator:
    1. at the correspondence address: Jana Pawła II 27, 00-867 Warszawa;
    2. at the email address: salesqualityspa@gmail.com.
  3. User - a natural person visiting the website/pages of the Online Store or using the services or functionalities described in this Privacy and Cookies Policy.
  4. Customer - a natural person with full legal capacity, a natural person being a Consumer, a legal person, or an organizational unit without legal personality, granted legal capacity by law, who enters into a Distance Sales Agreement with the Seller.
  5. Online Store - an online service operated by the Seller, available at electronic addresses (pages): https://quality-spa.eu through which the Customer/User can obtain information about the Product and its availability, and purchase the Product or order a service.
  6. Newsletter - information, including commercial information within the meaning of the Act of July 18, 2002 on the provision of electronic services (Journal of Laws of 2020, item 344) sent by the Seller electronically to the Customer/User; its receipt is voluntary and requires the consent of the Customer/User.
  7. Account - a collection of data stored in the Online Store and in the Seller's IT system regarding a specific Customer/User and the orders placed by them and the contracts concluded, which the Customer/User can use to place orders and enter into contracts.
  8. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Purposes, Legal Bases, and Duration of Data Processing

  1. For the purpose of performing the Distance Sales Agreement, the Seller processes:
    1. information about the User's device to ensure the correct operation of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, internet browser data, device data, activity data on the Site, including on individual subpages;
    2. geolocation information, if the User has consented to the service provider's access to geolocation. The geolocation information is used to provide more tailored product and service offers;
    3. personal data of Users: first name, last name, registered office address, correspondence address, email address, phone number, VAT ID, bank account number, or other personal data necessary to complete the purchase, which the Administrator requires in the purchasing process.
  2. This information does not contain data regarding the identity of Users, but in conjunction with other information, it may constitute personal data and, therefore, the Administrator provides it with full protection under the GDPR.
  3. This data is processed in accordance with Article 6(1)(b) of the GDPR for the purpose of providing the service, i.e., a contract for the provision of electronic services in accordance with the Regulations, and in accordance with Article 6(1)(a) of the GDPR, in connection with the consent to the use of specific cookies or other similar technologies, expressed through the appropriate settings of the internet browser in accordance with Telecommunications Law or in connection with the consent to geolocation. The data is processed until the Customer/User ceases to use the Online Store.
  4. The Administrator undertakes to take all measures required under Article 32 of the GDPR, i.e., taking into account the state of technical knowledge, the cost of implementation, as well as the nature, scope, and purposes of processing and the risk of violation of rights or freedoms of individuals with varying probabilities of occurrence and severity, the Administrator implements appropriate technical and organizational measures to ensure a level of security corresponding to that risk.

3. Marketing Activities of the Administrator

  1. On the website of the Online Store, the data Administrator may post marketing information about its products or services. The display of this content is carried out by the data Administrator in accordance with Article 6(1)(f) of the GDPR, i.e., based on the legitimate interest of the data Administrator in publishing content related to the services provided and promotional content of campaigns in which the data Administrator is involved. At the same time, this action does not violate the rights and freedoms of Customers/Users, who expect to receive content of similar nature, and even expect it or it is their direct purpose for visiting the website/pages of the Online Store.

4. Recipients of User Data

  1. The data Administrator discloses Users' personal data only to entities processing them under data processing entrustment agreements for the purpose of providing services to the data Administrator, e.g., hosting and website maintenance, IT services, marketing and PR services.

5. Transfer of Personal Data to Third Countries

  1. Personal data is not transferred outside the European Economic Area (EEA), except where it is necessary to achieve the purposes for which the data was collected.
  2. When providing services to users located outside the EEA – in particular in the United Kingdom – data may be transferred to such countries only to the extent required to perform the contract. The United Kingdom has been recognized by the European Commission as a country that ensures an adequate level of personal data protection, which means that data transfers to that country do not require additional safeguards under Article 45 of the GDPR.
  3. In cases where personal data is transferred to other third countries, such transfers are carried out solely on the basis of appropriate legal instruments, such as standard contractual clauses approved by the European Commission, in accordance with Article 46 of the GDPR.

6. Rights of Data Subjects

  1. Every person whose data is processed has the right to:
    1. access (Article 15 GDPR) - obtain confirmation from the data Administrator as to whether their personal data is being processed. If data about the person is being processed, they have the right to access it and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data has been or will be disclosed, the period of data retention or the criteria for determining it, the right to request rectification, erasure, or restriction of the processing of personal data granted to the person whose data is concerned, as well as to lodge a complaint against such processing;
    2. to receive a copy of the data (Article 15(3) GDPR) - to obtain a copy of the data being processed, with the first copy being free of charge, and for subsequent copies, the data Administrator may impose a reasonable fee based on administrative costs;
    3. to rectification (Article 16 GDPR) - to request rectification of their personal data that is inaccurate or to complete incomplete data;
    4. to erasure of data (Article 17 GDPR) - to request the erasure of their personal data if the data Administrator no longer has a legal basis for processing them or if the data is no longer necessary for the purposes of processing;
    5. to restriction of processing (Article 18 GDPR) - to request the restriction of processing of personal data when:
      1. the data subject contests the accuracy of personal data – for a period allowing the data Administrator to verify the accuracy of such data,
      2. the processing is unlawful, and the data subject opposes erasure, requesting restriction of its use,
      3. the data Administrator no longer needs the data, but they are required by the data subject for the establishment, exercise, or defense of claims,
      4. the data subject has lodged an objection to processing – until it is clear whether the legitimate grounds of the Administrator override those of the data subject;
    6. to data portability (Article 20 GDPR) - to receive in a structured, commonly used, and machine-readable format the personal data concerning them that they provided to the data Administrator and to request the transfer of such data to another Administrator, if the data is processed based on the consent of the data subject or a contract with them and if the data is processed in an automated manner;
    7. to object (Article 21 GDPR) - to lodge an objection to the processing of their personal data for legitimate purposes of the administrator, for reasons related to their particular situation, including against profiling. In this case, the data Administrator assesses whether there are compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or grounds for establishing, exercising, or defending claims. If, according to the assessment, the interests of the data subject outweigh those of the Administrator, the data Administrator will be obliged to cease processing the data for those purposes;
    8. to withdraw consent at any time and without giving a reason, but the processing of personal data carried out before the withdrawal of consent will remain lawful. Withdrawal of consent will result in the cessation of the processing of personal data by the data Administrator for the purpose for which consent was given.
  2. To exercise the above-mentioned rights, the data subject should contact the data Administrator using the provided contact details and inform them of which right and to what extent they wish to exercise.

7. President of the Personal Data Protection Office

  1. The person whose data is processed has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office based in Warsaw, ul. Stawki 2, who can be contacted in the following ways:
  2. by mail: ul. Stawki 2, 00-193 Warsaw;
  3. via the electronic inbox available on the website: https://www.uodo.gov.pl/pl/p/kontakt;
  4. Helpline: 606-950-000.

8. Data Protection Officer

  1. In any case, the person whose data is processed may also contact the data Administrator's data protection officer directly via email or in writing at the address of the data Administrator provided in section 1 point 2 of this Privacy and Cookies Policy.

9. Changes to the Privacy Policy

  1. The privacy and cookies policy may be supplemented or updated according to the current needs of the Administrator to provide current and reliable information to Customers/Users.

10. Cookies

  1. The Online Store performs functions of obtaining information about Customers, Users, and their behavior in the following ways:
    1. by voluntarily entering information in forms for purposes resulting from the specific function of the form;
    2. by storing cookies on end devices (so-called "cookies");
    3. by collecting server logs by the hosting operator of the Online Store (necessary for the proper functioning of the service).
  2. Cookies are IT data, in particular text files, that are stored on the end device of the Customer/User and are intended for using the Online Store's website. Cookies usually contain the name of the website from which they originate, the duration of their storage on the end device, and a unique number.
  3. The Online Store uses cookies only after the Customer/User has previously consented to this. Consent to the Online Store's use of all cookies is given by clicking the button: “Close” when the cookie usage message is displayed by the Online Store or by closing this message.
  4. If the Customer/User of the Online Store does not consent to the Online Store's use of cookies, they can use the option: "I do not consent," also available in the cookie usage message from the Online Store or make changes in the settings of the currently used web browser (this may, however, cause incorrect operation of the Online Store's website).
  5. To manage cookie settings, select from the list the web browser/system and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
  6. The legal basis for processing personal data obtained from cookies is the legitimate interests of the data Administrator, consisting of ensuring high-quality services and ensuring the security of services.
  7. The Online Store uses two basic types of cookies: "session" cookies and "persistent" cookies. "Session" cookies are temporary files stored on the User's end device until they log out, leave the Online Store, or shut down the software (web browser). "Persistent" cookies are stored on the end device of the Customer/User for the period specified in the cookie parameters or until they are deleted by the Customer/User.

Functional cookies (required)

quality-spa.eu

monit_token: 365 days, cookie
Identifies the shop's customer.

shop_monit_token: 30 minutes, cookie
Identifies the shop's customer.

client: 1 days, cookie
Identifies the logged-in customer / basket of the non-logged-in customer.

affiliate: 90 days, cookie
It stores information about the partner ID from which the shop was entered.

ordersDocuments: cookie
Stores information about the print status of a document.

__idsui: 1095 days, cookie
File required for the so-called lightweight login function on the website.

__idsual: 1095 days, cookie
File required for the so-called lightweight login function on the website.

__IAI_SRC: 90 days, cookie
It only stores the source from which the page was accessed.

login: cookie
Stores information about whether the user has logged in to the site.

CPA: 28 days, cookie
Includes information on the variables for the CPA / CPS programmes in which the site participates.

__IAIRSABTVARIANT__: 30 days, cookie
Variant identifier for the A/B test and IdoSell RS engine configuration.

basket_id: 365 days, cookie
The site user's shopping cart identifier, assigned for the duration of the ongoing session.

page_counter: 1 days, cookie
Counter of pages visited.

LANGID: 180 days, cookie
Stores information about the language selected by the site user.

REGID: 180 days, cookie
Stores information about the site user's region.

CURRID: 180 days, cookie
Stores information about the currency of the site selected by the user.

__IAIABT__: 30 days, cookie
It stores the A/B test identifier, for the purpose of testing and improving shop functionality.

__IAIABTSHOP__: 30 days, cookie
It stores the identifier of the shop participating in the A/B test.

__IAIABTVARIANT__: 30 days, cookie
Stores the identifier of the variant drawn as part of the ongoing A/B test.

toplayerwidgetcounter[]: cookie
Stores the number of times a pop up message has been displayed.

samedayZipcode: 90 days, cookie
Stores information about the site user's postcode, which is required to offer courier delivery on the SameDay service.

applePayAvailability: 30 days, cookie
Stores information about whether an ApplePay payment method is available for the user.

paypalMerchant: 1 days, cookie
PayPal account ID.

toplayerNextShowTime_: cookie
Stores information about the time at which the next pop up message is to be displayed. 

rabateCode_clicked: 1 days, cookie
Stores information about the closure of the active discount bar.

freeeshipping_clicked: 1 days, cookie
Stores information about the closing of the free delivery bar.

redirection: cookie
Stores information on the closure of the pop-up message indicating the suggested language for the shop.

filterHidden: 365 days, cookie
When the option to collapse the filter for goods is clicked, it saves which filter is to be collapsed when the goods list is refreshed.

toplayerwidgetcounterclosedX_: cookie
It stores information about closing the pop-up message.

cpa_currency: 60 minutes, cookie
Includes currency information for CPA / CPS programmes in which the site participates.

basket_products_count: cookie
Stores information on the number of products in the basket.

wishes_products_count: cookie
Stores information on the number of products in the favorites list.

remembered_mfa: 365 days, cookie
Stores remembered user information for multi-factor authentication (MFA)

IAI S.A.

iai_accounts_toplayer: 30 days, cookie
Ensures the correct display of the pop up message informing about the IdoAccounts login service (https://www.idosell.com/en/idoaccounts-is-a-system-that-facilitates-the-process-of-logging-in-to-many-stores-with-one-account-and-placing-orders-in-online-stores/).

IdoSell

platform_id: cookie
Stores information about whether the page is displayed in the mobile app.

paypalAvailability_: 1 days, cookie
Stores information on whether a PayPal payment method is available for the user.

ck_cook: 3 days, cookie
Stores information about whether the user of the website has consented to cookies.

IdoAccounts

accounts_terms: 365 days, cookie
Stores information on whether the user has accepted consent to use the IdoAccounts service.

express_checkout_login: 365 days, cookie
CookieNameExpressCheckoutLogin

Google

NID: 180 days, cookie
These cookies (NID, ENID) are used to remember your preferences and other information, such as your preferred language, how many results you prefer to have shown on a search results page (for example, 10 or 20), and whether you want to have Google’s SafeSearch filter turned on. This cookie is also required to offer the Google Pay payment service.

Google reCAPTCHA

_GRECAPTCHA: 1095 days, cookie
This cookie is set by Google reCAPTCHA, which protects our site against spam enquiries on contact forms.

PayPal

ts: cookie
This cookie is generally provided by PayPal and supports payment services on the website.

ts_c: 1095 days, cookie
This cookie is generally provided by PayPal and is used to prevent fraud.

x-pp-s: cookie
This cookie is generally provided by PayPal and supports payment services on the website.

enforce_policy: 365 days, cookie
This cookie is generally provided by PayPal and supports payment services on the website.

tsrce: 3 days, cookie
This cookie is generally provided by PayPal and supports payment services on the website.

l7_az: 60 minutes, cookie
This cookie is necessary for the PayPal login-function on the website.

LANG: 1 days, cookie
This cookie is generally provided by PayPal and supports payment services on the website.

nsid: cookie
Used in the context of transactions on the Website. The cookie is required for secure transactions.


Analytics cookies

IAI S.A.

__IAI_AC2: 45 days, cookie
Activity Tracking identifier to collect the history of pre-order sources as well as the source through which the order was placed according to the last click attribution model.

Google Ads

*-*: 14 days, cookie
It stores information about whether a 'Google Consumer Reviews' popup has already been displayed, asking for consent to send a survey about the order.

Google Maps

SID: 3650 days, cookie
Contain digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. The combination of these cookies (SID, HSID) allows Google to block many types of attack, such as attempts to steal the content of forms submitted in Google services.


Advertising cookies

quality-spa.eu

RSSID: 180 days, cookie
IdoSell RS user ID, used for the purpose of displaying tailored product recommendations on the website.

__IAIRSUSER__: 60 minutes, cookie
IdoSell RS user ID, used for the purpose of displaying tailored product recommendations on the website.

Google Ads

_gcl_au : 90 days, cookie
Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.

FPAU: 90 days, cookie
A cookie that collects information about users and their activity on the site through embedded elements for analytical and reporting purposes.

FPGCLAW: 90 days, cookie
Contains campaign related information on the user.

FPGCLGB: 90 days, cookie
Contains campaign related information on the user.

_gcl_gb: 90 days, cookie
Contains campaign related information on the user.

_gac_gb_<>: 90 days, cookie
Contains campaign related information on the user.

_gcl_aw: 90 days, cookie
Contains campaign related information on the user.

IDE: 730 days, cookie
This cookie are used to show Google ads on non-Google sites.

1P_JAR: 30 days, cookie
This cookie file is used to collect website statistics and track conversion rates. Sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates.

test_cookie: 1 days, cookie
It is used for testing whether the permissions to set cookies in the user's browser are enabled

AEC: 138 days, cookie
These cookies prevent malicious sites from acting on behalf of a user without that user’s knowledge.

APISID: 193 days, cookie
This cookie file is stored on your computer to remain connected to your Google account, while visiting their services again. While you remain with this active session and use add-ons on other websites, such as ours, Google will use these cookies to improve your user experience.

CONSENT: 559 days, cookie
This cookie file is stored on your computer to remain connected to your Google account, while visiting their services again. While you remain with this active session and use add-ons on other websites, such as ours, Google will use these cookies to improve your user experience.

DSID: 10 days, cookie
‘DSID’ cookie is used to identify a signed-in user on non-Google sites and to remember whether the user has agreed to ad personalization.

OTZ: 23 days, cookie
This cookie is used to remember your preferences and other information, such as your preferred language, the number of results displayed on a search results page (for example, 10 or 20), and whether you want to have Google SafeSearch turned on.

SAPISID: 28 days, cookie
This cookie file is stored on your computer to remain connected to your Google account, while visiting their services again. While you remain with this active session and use add-ons on other websites, such as ours, Google will use these cookies to improve your user experience.

SEARCH_SAMESITE: 176 days, cookie
Allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

SIDCC: 393 days, cookie
Download certain tools from Google and save certain preferences, for example the number of search results per sheet or activation of the SafeSearch filter. Adjust the ads appearing in google search.

SSID: 393 days, cookie
This cookie file is stored on your computer to remain connected to your Google account, while visiting their services again. While you remain with this active session and use add-ons on other websites, such as ours, Google will use these cookies to improve your user experience.

__Secure-*: 730 days, cookie
These cookies are used to deliver ads more relevant to you and your interests.


  1. Cookies are used for the following purposes:
    1. creating statistics that help understand how Customers/Users of the Online Store use the websites, allowing for improvements in their structure and content;
    2. maintaining the session of the Customer/User (after logging in), so the Customer/User does not have to re-enter their login and password on each subpage of the Online Store;
    3. defining the profile of the Customer/User in order to display product recommendations and tailored materials in advertising networks, particularly Google’s network.
  2. The web browser software (web browser) typically allows the storage of cookies on the end device of the Customer/User by default. Customers/Users can change the settings in this regard. The web browser allows the deletion of cookies. It is also possible to automatically block cookies.
  3. Restrictions on the use of cookies may affect some functionalities available on the Online Store's websites.
  4. Cookies placed on the end device of the Customer/User and used may also be used by advertisers cooperating with the Online Store and its partners.
  5. Cookies may be used by the Google network to display ads tailored to how the Customer/User uses the Online Store. To this end, they may retain information about the user's navigation path or the time spent on a given page: https://policies.google.com/technologies/partner-sites.
  6. We recommend that the Customer/User read the privacy policies of these companies to understand the rules for using cookies used in statistics: Google Analytics Privacy Policy.
  7. Regarding information about the preferences of the Customer/User collected by the Google advertising network, the Customer/User can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/.
  8. On the Online Store's website, there are plugins that may transmit Customer/User data to Administrators such as, for example: .
  9. For the proper execution of the Distance Sales Agreement, the data Administrator may provide Customer/User data to courier entities. Currently available delivery methods in the Online Store can be found at the address: https://quality-spa.eu/en/delivery.html.
  10. For the proper execution of the Distance Sales Agreement, the Administrator may provide Customer/User data to online payment systems. Currently available prepayment methods in the Online Store can be found at the address: https://quality-spa.eu/en/payments.html.
  11. More information about terms and privacy can also be found on the page Google Privacy and Terms.

11. Newsletter

  1. The Customer may consent to receive commercial information electronically by selecting the appropriate option in the registration form or at a later date in the appropriate tab. If such consent is given, the Customer/User will receive at the email address provided the information (Newsletter) from the Online Store, as well as other commercial information sent by the Seller.
  2. The Customer may unsubscribe from receiving the Newsletter at any time on their own by unchecking the appropriate box on their Account page or by going to the form https://quality-spa.eu/en/newsletter.html, clicking the appropriate link included in the content of each Newsletter, or through the Customer Service Office.

12. Account

  1. The Customer/User may not post or provide unlawful content, including opinions and other data, to the Online Store.
  2. The Customer/User gains access to the Account after registration.
  3. As part of the registration, the Customer/User provides the type of account or gender, first name, last name, company name, VAT ID, data for issuing the sales document, shipping data, email address, and chooses a password. The Customer/User ensures that the data provided by him/her in the registration form is true. Registration requires a thorough reading of the Regulations and marking on the registration form that the Customer/User has read the Regulations and fully accepts all its provisions.
  4. At the moment of granting the Customer/User access to the Account, an indefinite contract for the provision of electronic services regarding the Account is concluded between the Seller and the Customer. The Consumer may withdraw from this contract under the terms specified in the Regulations.
  5. Registering an Account on one of the Online Store's pages also means registration that allows access to other pages where the Online Store is available.
  6. The Customer/User may terminate the electronic service agreement regarding the Account at any time with immediate effect by informing the Seller via email or in writing at the address of the data Administrator provided in section 1 point 2 of this Privacy and Cookies Policy.
  7. The Seller has the right to terminate the electronic service agreement regarding the Account in the event of cessation of the provision or transfer of the Online Store's service to a third party, violation by the Customer/User of the law or the provisions of the Regulations, as well as in the event of inactivity by the Customer/User for a period of 6 months. Termination of the agreement occurs with a seven-day notice period. The Seller may stipulate that re-registration of the Account will require the Seller's permission.
pixel