PRIVACY AND COOKIES POLICY FOR NOVAROMA.COM.PL STORE
(HEREINAFTER REFERRED TO AS: "THE POLICY")
- GENERAL PROVISIONS
- The following document is an appendix to the Terms and Conditions of the online store
NOVAROMA.COM.PL
(hereinafter referred to as: "Online Store"). By using the services of the Online Store, the Customer entrusts the Seller with their personal data. This Policy serves only as an aid to understand what information and data are collected and for what purpose, and how they are used. Customers' personal data are important, so it is important to read the following document carefully, as it specifies the rules and methods of processing and protecting customers' personal data. - The service collects personal data necessary for the provision and development of services offered therein.
- Personal data collected through the Online Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR), the Personal Data Protection Act of 10 May 2018, and other currently applicable personal data protection laws.
- The following document is an appendix to the Terms and Conditions of the online store
- PERSONAL DATA CONTROLLER
- The personal data controller collected through the Online Store is the Seller, i.e., VVitesse Kamil Wielgat with its registered office in Elbląg (82-300) at Aleja Józefa Piłsudskiego 15a, entered into CEIDG, NIP 5782849159, REGON 542701421 (hereinafter referred to as: "Controller").
- Contact with the Controller is possible via the online store's email address: kamilmadoria@gmail.com
- For all matters concerning the protection of personal data and the exercise of rights arising from their protection, you can contact us at the following details:
- Email address: kamilmadoria@gmail.com
- Correspondence address: VVitesse Kamil Wielgat, Aleja Józefa Piłsudskiego 15a, 82-300 Elbląg.
- Address for returns/exchanges/withdrawal from the contract: VVitesse Kamil Wielgat, Aleja Józefa Piłsudskiego 15a, 82-300 Elbląg.
- PERSONAL DATA COLLECTED, PROCESSED AND STORED BY THE CONTROLLER
- Personal data means any information relating to an identified or identifiable living natural person. Individual pieces of information which, when combined, can lead to the identification of a person, also constitute personal data (hereinafter referred to as: "Personal Data").
- Depending on which functionality of the Online Store the User or Customer uses, the Controller collects, processes and stores, among others, the following Personal Data of Users and Customers:
- first and last name,
- residential address,
- delivery address (if different from residential address),
- tax identification number (NIP),
- email address,
- phone number (mobile, landline),
- date of birth,
- PESEL (in cases required by law),
- bank account number,
- information about the internet browser used,
- location data (e.g., location settings on a mobile phone),
- IP address,
- cookie identifier,
- other Personal Data voluntarily provided by the User or Customer.
- PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
The Personal Data of the Online Store Customer (listed in points 1 - 10 below) are processed for various purposes depending on which functionalities of the Online Store the User or Customer uses, in particular for the purpose of providing services available in the Online Store and for accounting purposes such as:
- ACCOUNT REGISTRATION IN THE ONLINE STORE
Both personal data provided by the Customer during Account registration in the Online Store, as well as other data acquired by the Controller in connection with the Customer's activity in the Online Store and use of the Online Store's services (in particular: first and last name; email address; contact phone number; address [street, house number, apartment number, postal code, city, country], residence/business/headquarters address [if different from delivery address], bank account number, and for non-consumer Customers, additionally company name and tax identification number [NIP]) are processed for the following purposes:
- maintaining the Customer's Account in the Online Store, so that they have the ability to: place subsequent orders without re-filling the form containing their personal data, view their order history, modify consents they have given in the Online Store, as well as enable them to use other services available in the Online Store [legal basis: Art. 6 sec. 1 lit. b) GDPR, i.e., necessity for the performance of a contract];
- marketing activities of the Controller as well as analysis of the Customer's activity in the Online Store through actions that do not significantly affect the Customer's decisions regarding placing an order for Online Store services in the form of presenting advertisements or offers to the Customer - taking into account their preferences - based on the above-mentioned analysis [legal basis: Art. 6 sec. 1 lit. f) GDPR], i.e., the legitimate interest of the Controller or a third party];
- protection and pursuit of claims that may arise within the relationship between the Customer and the Controller and other purposes that are necessary for the realization of the legitimate interests of the Controller or a third party [legal basis: Art. 6 sec. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Controller or a third party].
The Personal Data Controller of the Customer is the entity indicated in point II of this Policy.
Providing Personal Data by the Customer is their right, not an obligation.
If the Customer does not provide the necessary Personal Data during registration, this prevents the registration of an Account in the Online Store.
As a rule, the Customer's Personal Data will be processed by the Controller for the period for which the Customer will use the Account (however, they may be deleted three years after the Customer's last activity within the Online Store), and in the case of marketing activities - until an objection is raised, unless legal provisions oblige the Controller to process these data for a longer period or they will be stored longer in case of potential claims, for the period of their limitation specified by law, in particular the civil code, or in case of other purposes resulting from the realization of the Controller's legitimate interests (in each case - the longer retention period of Personal Data applies).
Information about the recipients of Personal Data is described in detail in point VIII of this Policy.
Information about the possible transfer of Customers' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The rights of the Customer in connection with the processing of their Personal Data are described in detail in point X of this Policy.
- PLACING AN ORDER IN THE ONLINE STORE
Personal Data provided by the Customer in connection with placing an order, as well as other data collected in connection with their activity in the Online Store and the use of our services (in particular: first and last name; email address; contact phone number; address [street, house number, apartment number, postal code, city, country], residence/business/headquarters address [if different from delivery address], bank account number, and for non-consumer Customers, additionally company name and tax identification number [NIP]) are or may be processed for the following purposes:
- fulfillment of Customer orders and performance of the contract concluded with them – in particular, confirmation of its placement and reservation (if such option is available and chosen by the Customer) or shipment to the address indicated by the Customer or to the chosen product collection point, as well as contacting them in this matter if necessary [legal basis: Art. 6 sec. 1 lit. b) GDPR, i.e., necessity for the performance of a sales contract which the Customer concludes after placing an order or a reservation contract (if such option is available and chosen)];
- marketing and analytical activities, as well as statistical activities of the Controller or its partners (third parties listed in point 11 of the Cookies Policy) or other so-called third parties with whom we cooperate, e.g., presenting advertisements and offers (discounts) to the Customer, also tailored to their interests based on profiling through analysis of the Customer's activity, including purchase history, which allows the Controller to better adapt to specific, general groups of our Customers, but also to the preferences of a specific Customer placing an order. However, the Controller's actions do not significantly affect the Customer's purchasing decisions [legal basis: Art. 6 sec. 1 lit. f) GDPR, i.e., the legitimate interest of the Controller or a third party];
- pursuit and defense of claims that may arise within the relationship between the Customer and the Controller and other purposes that are necessary for the realization of the legitimate interests of the Controller or a third party [legal basis: Art. 6 sec. 1 lit. c) GDPR, i.e., legitimate interest pursued by the Controller or a third party];
- issuance and storage of invoices and other accounting documents and consideration of both complaints and returns within the period and form specified by legal provisions [legal basis: Art. 6 sec. 1 lit. c) GDPR, i.e., necessity for compliance with a legal obligation to which the Controller is subject].
The Personal Data Controller of the Customer is the entity indicated in point II of this Policy.
Providing Personal Data is voluntary, but necessary to place an order.
The Customer's Personal Data will be processed by the Controller for the purpose of order fulfillment for the duration of the contract, as well as for the time required by law (e.g., tax, accounting), in the case of marketing activities - until the Customer raises an objection, unless a longer period results from their storage in case of potential claims, for the limitation period specified by law, in particular the civil code, or in case of other purposes resulting from the realization of our legitimate interests. In each case, the longer retention period of Personal Data applies.
Information about the recipients of Personal Data is described in detail in point VIII of this Policy.
Information about the possible transfer of Customers' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The rights of the Customer in connection with the processing of their Personal Data are described in detail in point X of this Policy.
- LODGING A COMPLAINT
Personal Data provided by the Customer in connection with lodging a complaint using the Complaint Form (first and last name, address, contact phone number, email address, bank account number), as well as other data collected during any subsequent communication, are or may be processed for the following purposes:- consideration of the Customer's complaint, keeping accounting records and settlements related to the complaints considered [legal basis: Art. 6 sec. 1 lit. c) GDPR, i.e., necessity for compliance with a legal obligation to which the Controller is subject];
- defense and pursuit of claims that may arise within the relationship between the Customer and the Controller and other purposes that are necessary for the realization of the legitimate interests of the Controller or a third party [legal basis: Art. 6 sec. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Controller or a third party].
The Personal Data Controller of the Customer is the entity indicated in point II of this Policy.
Providing Personal Data is voluntary, but necessary to lodge a complaint.
The Customer's Personal Data will be processed by the Controller for the purpose of considering the complaint, unless legal provisions (e.g., accounting) oblige the Controller to process these data for a longer period or the Controller will store them longer in case the Customer has any claims against the Controller, for the limitation period specified by law, in particular the civil code, or in case of other purposes resulting from the realization of the Controller's legitimate interests. In each case, the longer retention period of Personal Data applies.
Information about the recipients of Personal Data is described in detail in point VIII of this Policy.
Information about the possible transfer of Customers' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The rights of the Customer in connection with the processing of their Personal Data are described in detail in point X of this Policy.
- EXERCISING THE RIGHT OF WITHDRAWAL FROM THE CONTRACT
Personal Data provided by the Customer in connection with exercising their right to withdraw from the contract using the Withdrawal Form (first and last name, address, bank account number), are or may be processed for the following purposes:
- assessment by the Controller of the validity of the Customer's exercise of their right to withdraw from the contract (verification of whether the goods sent with the form show signs of use, are packed in original packaging, and have all original tags), keeping accounting records and settlements related to the complaints considered [legal basis: Art. 6 sec. 1 lit. c) GDPR, i.e., necessity for compliance with a legal obligation to which the Controller is subject];
- defense and pursuit of claims that may arise within the relationship between the Customer and the Controller and other purposes that are necessary for the realization of the legitimate interests of the Controller or a third party [legal basis: Art. 6 sec. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Controller or a third party].
The Personal Data Controller of the Customer is the entity indicated in point II of this Policy.
Providing Personal Data is voluntary, but necessary to exercise the right of withdrawal from the Contract.
The Customer's Personal Data will be processed by the Controller for the purpose of assessing the validity of the Customer's exercise of their right to withdraw from the contract, unless legal provisions (e.g., accounting) oblige the Controller to process these data for a longer period or the Controller will store them longer in case the Customer has any claims against the Controller, for the limitation period specified by law, in particular the civil code, or in case of other purposes resulting from the realization of the Controller's legitimate interests. In each case, the longer retention period of Personal Data applies.
Information about the recipients of Personal Data is described in detail in point VIII of this Policy.
Information about the possible transfer of Customers' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The rights of the Customer in connection with the processing of their Personal Data are described in detail in point X of this Policy.
- UTILIZING THE OPTION OF GOODS EXCHANGE
Personal Data provided by the Customer in connection with their use of the option to exchange goods (first and last name, address, email address), are or may be processed for the following purposes:
- assessment of the validity of the Customer's use of the option to exchange goods (verification of whether the exchanged goods show signs of use, are packed in original packaging, and have all original tags), keeping accounting records and settlements related to goods exchanges [legal basis: Art. 6 sec. 1 lit. c) GDPR, i.e., necessity for compliance with a legal obligation to which the Controller is subject];
- defense and pursuit of claims that may arise within the relationship between the Customer and the Controller and other purposes that are necessary for the realization of the legitimate interests of the Controller or a third party [legal basis: Art. 6 sec. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Controller or a third party].
The Personal Data Controller of the Customer is the entity indicated in point II of this Policy.
Providing Personal Data is voluntary, but necessary to utilize the exchange option.
The Customer's Personal Data will be processed by the Controller for the purpose of assessing the validity of the Customer's use of the option to exchange goods, unless legal provisions (e.g., accounting) oblige the Controller to process these data for a longer period or the Controller will store them longer in case the Customer has any claims against the Controller, for the limitation period specified by law, in particular the civil code, or in case of other purposes resulting from the realization of the Controller's legitimate interests. In each case, the longer retention period of Personal Data applies.
Information about the recipients of Personal Data is described in detail in point VIII of this Policy.
Information about the possible transfer of Customers' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The rights of the Customer in connection with the processing of their Personal Data are described in detail in point X of this Policy.
- ACCOUNT REGISTRATION IN THE ONLINE STORE
- CONTACT FORM
The Client's Personal Data provided by them via the Contact Form (in particular: name and email address) and other data collected during any subsequent communication, are or may be processed for the following purposes:
- communication with the Client and answering their message [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator];
- depending on the content of the message addressed to the Administrator:
➝ taking action at the Client's request before concluding a contract [legal basis: Art. 6 para. 1 lit. b) GDPR, i.e., necessity for taking action before concluding a contract];
➝ marketing, analytical, and statistical activities of the Administrator or partners (third parties listed in point 11 of the Cookie Policy) or other so-called third parties with whom we cooperate [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest of the Administrator or a third party];
➝ defense and pursuit of claims that may arise in the relationship between the Client and the Administrator, and other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator or by a third party].
The Administrator of the Client's Personal Data is the entity indicated in point II of this Policy.
Providing Personal Data is voluntary but necessary for effective communication with the Administrator.
As a rule, the Client's Personal Data will be processed by the Administrator until communication with the Client ends, and in the case of marketing activities - until they object, unless legal provisions (e.g., accounting) oblige the Administrator to process this data longer or the Administrator will store it longer in case the Client has any claims against the Administrator, for the period of their limitation specified by law, in particular the Civil Code, or for other purposes resulting from the realization of the Administrator's legitimate interests. In each case, the longer data retention period applies.
Information on the recipients of Personal Data is described in detail in point VIII of this Policy.
Information on the potential transfer of Clients' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The Client's rights regarding the processing of their Personal Data are described in detail in point X of this Policy.
- NEWSLETTER
The Client's Personal Data provided by them in connection with subscribing to the Newsletter are or may be processed for the following purposes:- performance of the Newsletter service agreement [legal basis: Art. 6 para. 1 lit. b) GDPR, i.e., necessity for the performance of the concluded agreement (e.g., to send the Client attractive advertisements and offers (discounts) via email)];
- marketing, analytical, and statistical activities of the Administrator or partners (third parties listed in point 11 of the Cookie Policy) or other so-called third parties with whom the Administrator cooperates, e.g., presenting advertisements and offers (discounts), also tailored to interests based on profiling through activities that do not significantly influence the Client's decisions regarding placing an order for Online Store services in the form of presenting advertisements or offers - considering their preferences - based on the aforementioned analysis [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest of the Administrator or a third party];
- defense and pursuit of claims that may arise in the relationship between the Client and the Administrator, and other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator or by a third party].
The Administrator of the Client's Personal Data is the entity indicated in point II of this Policy.
Providing Personal Data is voluntary but necessary to subscribe to the Newsletter.
As a rule, the Client's Personal Data will be processed by the Administrator until they unsubscribe from the Newsletter, and in the case of marketing activities - until the Client objects, unless legal provisions (e.g., accounting) oblige the Administrator to process this data longer or the Administrator will store it longer in case the Client has any claims against the Administrator, for the period of their limitation specified by law, in particular the Civil Code, or for other purposes resulting from the realization of the Administrator's legitimate interests. In each case, the longer data retention period applies.
Information on the recipients of Personal Data is described in detail in point VIII of this Policy.
Information on the potential transfer of Clients' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The Client's rights regarding the processing of their Personal Data are described in detail in point X of this Policy.
- SOCIAL MEDIA PROFILES
Personal Data that the Client leaves when visiting social media profiles (including comments, likes, online identifiers) are or may be processed for the following purposes:
- marketing and analytical activities of the Administrator in the form of enabling activity on the profile, effective management of the profile, by presenting information about initiatives and other activities, and in connection with promoting various types of events, services, and products, including partners, i.e., third parties listed in point 11 of the Cookie Policy [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator];
- defense and pursuit of claims that may arise in the relationship between the Client and the Administrator, and other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator or by a third party].
The Administrator of the Client's Personal Data is the entity indicated in point II of this Policy.
Providing Personal Data is voluntary but necessary to fully use the functionalities of social media profiles. Personal Data will be processed for the period necessary to achieve the aforementioned purposes or until an effective objection is raised, as well as for the period required by law (e.g., tax, accounting), unless a longer period results from their storage in case of potential claims, for the limitation period specified by law, in particular the Civil Code, or for other purposes resulting from the realization of our legitimate interests. In each case, the longer data retention period applies.
Information on the recipients of Personal Data is described in detail in point VIII of this Policy.
Information on the potential transfer of Clients' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The Client's rights regarding the processing of their Personal Data are described in detail in point X of this Policy.
- PRODUCT AVAILABILITY NOTIFICATION
Personal Data - such as email address - provided in connection with the desire to use the product availability notification service are or may be processed for the following purposes:
- sending a product availability notification [legal basis: Art. 6 para. 1 lit. b) GDPR, i.e., necessity for the performance of the service agreement in the form of a product availability notification];
- marketing and analytical activities of the Administrator [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator];
- defense and pursuit of claims that may arise in the relationship between the Client and the Administrator, and other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator or by a third party].
The Administrator of Personal Data is the entity indicated in point II of this Policy.
Providing Personal Data is voluntary, but necessary to receive a product availability notification.
Personal Data will be processed for the period necessary to notify product availability (this period may vary depending on the chosen product), and in the case of marketing activities - until an objection is raised, unless legal provisions oblige to process this data longer or they will be stored longer in case of potential claims, for the period of their limitation specified by law, in particular the Civil Code, or for other purposes resulting from the realization of our legitimate interests. In each case, the longer data retention period applies.Information on the recipients of Personal Data is described in detail in point VIII of this Policy.
Information on the potential transfer of Clients' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The Client's rights regarding the processing of their Personal Data are described in detail in point X of this Policy.
- ORGANIZATION OF CONTESTS
In case of deciding to participate in a contest organized by the Administrator, Personal Data are or may be processed for the following purposes:
- conducting the contest, selecting winners, and awarding prizes [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator];
- fulfillment of legal obligations incumbent on the Administrator, in particular those resulting from provisions regulating tax obligations [legal basis: Art. 6 para. 1 lit. c) GDPR, i.e., necessity for the fulfillment of a legal obligation incumbent on the Administrator];
- marketing and analytical activities of the Administrator or partners (third parties listed in point 11 of the Cookie Policy) or other so-called third parties with whom the Administrator cooperates, e.g., presenting advertisements and offers (discounts), tailored to interests based on profiling through activities that do not significantly influence decisions regarding placing an order for Online Store services in the form of presenting advertisements or offers - considering their preferences - based on the aforementioned analysis [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest of the Administrator or a third party];
- defense and pursuit of claims that may arise in the relationship between contest participants and the Administrator, and other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator or by a third party].
The Administrator of the Personal Data of contest participants is the entity indicated in point II of this Policy.
Providing Personal Data is voluntary, but necessary to participate in the organized contest.The Personal Data of contest participants will be processed for the period necessary to conduct the contest, select winners, and award prizes, and in the case of marketing activities - until they object, unless legal provisions oblige to process this data longer or they will be stored longer in case of potential claims, for the period of their limitation specified by law, in particular the Civil Code, or for other purposes resulting from the realization of our legitimate interests. In each case, the longer data retention period applies.
Information on the recipients of Personal Data is described in detail in point VIII of this Policy.
Information on the potential transfer of Clients' Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The Client's rights regarding the processing of their Personal Data are described in detail in point X of this Policy.
- CUSTOMER SATISFACTION SURVEY
Personal Data provided to the Administrator in connection with the satisfaction survey of the services provided are or may be processed by us for the following purposes:
- customer satisfaction surveys (e.g., by using various types of questionnaires), improving the Online Store or Application and the quality of services offered by the Administrator [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator or by a third party];
- defense and pursuit of claims that may arise in the relationship between individuals providing their Personal Data to the Administrator and the Administrator, and other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator or by a third party].
The Administrator of the Personal Data of individuals participating in the Client satisfaction survey is the entity indicated in point II of this Policy.
Providing Personal Data by the aforementioned individuals is voluntary, but necessary to participate in the satisfaction survey. Providing them allows us to learn their opinion on the services provided, which enables us to improve the Online Store or Application.
The Personal Data of individuals participating in the Client satisfaction survey will be processed for the period necessary to conduct the satisfaction survey and develop and implement solutions aimed at improving the Online Store or Application and the quality of services provided, unless legal provisions oblige the Administrator to process this data longer or the Administrator will store it longer in case of potential claims, for the period of their limitation specified by law, in particular the Civil Code, or for other purposes resulting from the realization of our legitimate interests. In each case, the longer data retention period applies.
Information on the recipients of Personal Data is described in detail in point VIII of this Policy.
Information on the potential transfer of Personal Data of individuals participating in the Client satisfaction survey to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The rights of individuals participating in the Client satisfaction survey regarding the processing of their Personal Data are described in detail in point X of this Policy.
- LIVECHAT
Personal Data of individuals using LiveChat, e.g., Messenger, an instant messenger founded by Facebook, are or may be processed for the following purposes:
- handling inquiries via chat [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator];
- taking action at the request of individuals using LiveChat before concluding an appropriate agreement - depending on the content of the message sent [legal basis: Art. 6 para. 1 lit. b) GDPR, i.e., necessity for taking action before concluding a contract];
- marketing and analytical activities of the Administrator or partners (third parties listed in point 11 of the Cookie Policy) or other so-called third parties [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest of the Administrator or a third party];
- defense and pursuit of claims that may arise in the relationship between individuals using LiveChat who provide their Personal Data to the Administrator and the Administrator, and other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6 para. 1 lit. f) GDPR, i.e., legitimate interest pursued by the Administrator or by a third party].
The Administrator of the Personal Data of individuals using LiveChat is the entity indicated in point II of this Policy.
Providing Personal Data by the aforementioned individuals is voluntary, but necessary to use LiveChat functionality (i.e., to communicate effectively with the Online Store via Messenger).
The Personal Data of individuals using LiveChat will be processed until communication with the aforementioned individuals ends, and in the case of marketing activities - until they object, unless legal provisions oblige to process this data longer or they will be stored longer in case of potential claims, for the period of their limitation specified by law, in particular the Civil Code, or for other purposes resulting from the realization of our legitimate interests. In each case, the longer data retention period applies.
Information on the recipients of Personal Data is described in detail in point VIII of this Policy.
Information on the potential transfer of Personal Data of individuals using LiveChat to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The rights of individuals using LiveChat regarding the processing of their Personal Data are described in detail in point X of this Policy.
- VOUCHER
Personal Data provided by the Customer in connection with the purchase of a Voucher (in particular: first name and last name; email address; contact phone number; address [street, house number, apartment number, postal code, city, country], residence/business/registered office address [if different from delivery address], bank account number, and for non-consumer Customers additionally company name and tax identification number [NIP]) are or may be processed for the following purposes:
- order fulfillment and performance of the contract concluded with the customer – in particular, confirming the order and shipping to the address indicated by the Customer or to the chosen pick-up point, as well as, if necessary, contacting them regarding the matter [legal basis: Art. 6 para. 1 lit. b) GDPR, i.e., necessity for the performance of the sales contract concluded by the Customer after placing the order or the reservation contract (if such option is available and chosen)];
- pursuit and defense of claims that may arise within the relationship between the Customer and the Administrator, and other purposes necessary for the realization of the Administrator's or a third party's legitimate interests [legal basis: Art. 6 para. 1 lit. c) GDPR, i.e., legitimate interest pursued by the Administrator or by a third party];
- issuing and storing invoices and other accounting documents, as well as processing complaints and returns within the time and manner specified by law [legal basis: Art. 6 para. 1 lit. c) GDPR, i.e., necessity for compliance with a legal obligation to which the Administrator is subject].
The Administrator of the Customer's Personal Data is the entity indicated in point II of this Policy.
The provision of Personal Data is voluntary, but necessary to purchase a Voucher.
Customer's Personal Data will be processed by the Administrator for the purpose of order fulfillment for the duration of the contract, and also for the period required by law (e.g., tax, accounting regulations), in the case of marketing activities - until the Customer objects, unless a longer period results from their storage in the event of possible claims, for the statute of limitations period specified by law, in particular the civil code, or in the event of other purposes resulting from the realization of our legitimate interests. In each case, the longer Personal Data storage period applies.
Information about the recipients of Personal Data is described in detail in point VIII of this Policy.
Information about any transfer of Customer Personal Data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
The rights available to the Customer in connection with the processing of their Personal Data are described in detail in point X of this Policy.
- The Administrator attaches great importance to the security and legality of the personal data processing of both Online Store Customers and individuals visiting the Online Store (hereinafter referred to as: "Persons"), while ensuring convenience in using the Online Store. The personal data of the aforementioned persons are processed in accordance with the provisions listed in point I of this Policy.
- Additionally, the Administrator also protects individuals who have provided their Personal Data to the Administrator using other communication channels, i.e.:
- the website https://www.facebook.com and other sites marked or co-marked with the Facebook brand (including subdomains, international versions, widgets, and mobile versions), whose operation is based on regulations available, among others, at: https://www.facebook.com/legal/terms, which are provided respectively by Facebook Inc. or Facebook Ireland Limited (hereinafter referred to as: "Facebook Service"), including through the Facebook Lead Ads function aimed at direct marketing of the Administrator's own products or services. The rules for the protection and use of Personal Data by the Facebook Service are available, for example, on the page: https://www.facebook.com/policy.php. (The Administrator has no influence on the content of the legal regulations posted on the Facebook Service),
- applications enabling the Administrator to conduct advertising campaigns, including contests, within the Facebook Service.
- The Administrator takes all kinds of measures to protect against improper and uncontrolled use of Personal Data, inter alia, makes every effort to protect Personal Data entrusted to it by Persons from unauthorized access, unauthorized modification, disclosure, and destruction, in particular:
- compliance with applicable laws, including data protection regulations – and if such a need arises – will cooperate with data protection authorities and authorized law enforcement agencies. (in the absence of data protection regulations, the Seller is obliged to act in accordance with generally accepted data protection principles and principles of social coexistence),
- controlling the methods of collecting, storing, and processing information, including applying physical security measures to protect against unauthorized system access,
- access to Personal Data entrusted by Individuals is restricted, meaning only employees, contractors, and representatives who need access to process it for order fulfillment purposes have it (by virtue of the agreement, the aforementioned entities are obliged to maintain strict confidentiality, allowing the Administrator to control and verify how they fulfill their entrusted duties, and in case of non-fulfillment of the aforementioned obligations, they may face consequences),
- securing data sets against unauthorized access,
- SSL certificate on the Online Store pages where Personal Data is provided
- data encryption for authorizing the user of the Online Store's functionalities,
- Account access only after providing an individual login and password.
- The provision of Personal Data by individuals visiting the Online Store or Applications, Live Chats, as well as Online Store Customers, is voluntary, but necessary to use specific functionalities of the Online Store. The consequence of not providing Personal Data may be the inability to successfully perform the aforementioned actions.
- Detailed information on the above is described in point IV, sub-points 1-12 of this Policy.
- Due to the need to present general advertisements, offers, or promotions (discounts) intended for all potential Customers, tailored to the preferences of a given Customer, the Administrator may become acquainted with their preferences through profiling, e.g., by analyzing the frequency of their visits to the Online Store and whether and what products they buy or reserve in the Online Store, e.g., what size of clothing they buy, whether it is women's or men's clothing. This action of the Administrator allows for a better understanding of the Customer's expectations and adaptation to their needs, in a way that does not significantly affect their purchasing decisions. The aforementioned actions of the Administrator are in most cases automated, thanks to which the sent content is as current and tailored to the Customer's preferences as possible.
- Analysis of visits and activities of individuals visiting the Online Store and its Customers, as well as collected information about the use of the Online Store, may also help in identifying ad fraud. Information on the above is also described in point IV, sub-points 2, 7, and 10 of this Policy.
- The Administrator has exclusive access to Personal Data of both individuals visiting the Online Store and its Customers.
- The catalog of recipients of Personal Data processed by the Administrator depends primarily on the range of services used by the person visiting the Online Store or its Customer. Additionally, it also results from the consent of the aforementioned persons or from legal provisions.
- Access to the Customer's Personal Data may be entrusted to other entities through which payments for purchases in the Online Store are made, which collect, process, and store Personal Data in accordance with their Regulations, and to entities responsible for delivering goods to the Customer. Access to the Customer's Personal Data is granted to the aforementioned entities to the extent necessary and only to the extent that ensures the performance of their services so that the Customer can purchase, receive, and pay for the goods.
- The ability to process Personal Data to a limited extent may also be held by entities that technically help to efficiently run the Online Store, including communication with customers (e.g., sending emails, also in marketing campaigns), hosting or IT service providers, software maintenance companies, companies supporting marketing campaigns), as well as legal and advisory service providers.
- The Administrator has the right, and in cases specified by law also the statutory obligation, to transfer selected or all information concerning Online Store Customers to public authorities or third parties who request such information based on applicable Polish law.
- As part of the Administrator's use of tools supporting its ongoing operations, provided, for example, by Google, Customer's Personal Data may be transferred to a so-called "Third Country" where the collaborating entity maintains tools for processing Personal Data in cooperation with the Administrator.
- The Administrator ensures adequate security of transferred Personal Data by applying standard data protection clauses adopted by decision of the European Commission and data processing agreements that meet GDPR requirements.
- In the event of data transfer to a country outside the European Economic Area, the Administrator makes every effort to ensure that its partners are able to provide an adequate level of protection by implementing additional Personal Data security measures.
- The data subject whose data is transferred to a Third Country has the right to obtain a copy of the safeguards applied by the Administrator regarding the transfer of Personal Data to a third country, by contacting the Administrator I (contact details in point II of this Policy).
- An individual visiting the Online Store, as well as its Customer, has the right to obtain clear and complete information about how their Personal Data is used and for what purposes it is needed.
- The aforementioned individuals are always clearly and comprehensively informed about the data collected by the Online Store, and how and to whom it is transferred (the administrator provides information about entities to contact in case of any doubts or comments, and the Administrator will take immediate action to clarify and resolve any doubts).
- The Customer has the right to access the content of their Personal Data provided to the Administrator, as well as to receive a copy of it. They can correct it (if incorrect), supplement it at any time, and also have the right to request that the Administrator remove it from its databases, or cease processing it, without providing any reason, not only when it was processed unlawfully.
- To exercise their rights, the Customer may at any time send an appropriate message to the Administrator's registered office address or email address, or in any other way that delivers/transmits such a request to the Seller.
- A request from the Customer to delete their Personal Data or to cease its processing by the Administrator may result in a complete inability to provide services by the Online Store or a severe limitation thereof.
- Furthermore, the Customer has an unlimited right to:
- lodge a complaint with the President of the Personal Data Protection Office (correspondence address: ul. Stawki 2, 00-193 Warsaw),
- data portability of Personal Data provided to the Administrator and processed by automated means, where processing is based on consent or a contract, e.g., to another administrator,
- withdraw any consent given to the Administrator at any time, provided that the withdrawal of consent does not affect the processing of their Personal Data carried out by the Administrator lawfully before its withdrawal,
- object to the processing of their Personal Data carried out for the purpose of the Administrator's or a third party's legitimate interests
- (in situations where the Customer's Personal Data is processed for direct marketing purposes) they have the right to object to the processing of their Personal Data for the aforementioned purposes, including profiling, to the extent that the processing is related to direct marketing (in the aforementioned situation, the Customer's Personal Data may not be processed for the aforementioned purposes).
- The Online Store does not automatically collect any information, except for information contained in cookie files. Cookies are IT data, in particular text files, which are stored on the end device of the Online Store User and are intended for using the Online Store's websites. Cookies usually contain the name of the website from which they originate, their storage time on the end device, and a unique number.
- Within the Online Store, two main types of cookies are used: "session" cookies and "persistent" cookies. "Session" cookies are temporary files that are stored on the User's end device until logging out, leaving the website, or turning off the software (web browser). "Persistent" cookies are stored on the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
- The Administrator uses cookies for the following purposes:
- service configuration - enabling the setting of functions and services on the site;
- authentication - enabling notification when a user is logged in, so the website can show appropriate information and features;
- carrying out processes necessary for the full functionality of websites - enabling the "remembering" of User-selected settings and personalization of the User interface, e.g., in terms of the selected language or region from which the User comes, font size, website appearance, etc.;
- analysis and research, and audience auditing - enabling the website administrator to better understand user preferences and, through their analysis, improve and develop products and services;
- providing advertising services - enabling the delivery of advertising content to Users that is more tailored to their interests.
- As part of marketing and analytical activities, the Administrator uses the services of the following third parties (Partners) who use cookies in the Online Store (this is a list of entities referred to in point IV of this Policy):
- Google Ireland Limited (Google Analytics, Google Ads) – for analytical and advertising purposes;
- Meta Platforms Ireland Limited (Facebook Pixel) – for marketing purposes and measuring ad effectiveness;
- Shopify International Ltd. – to ensure the proper functioning of the store platform and shopping cart.
- In many cases, software used for browsing websites (web browser) by default allows the storage of cookies on the User's end device. Online Store Users can change their cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform about their every placement on the Online Store User's device. Detailed information about the possibilities and ways of handling cookies is available in the software (web browser) settings.
- Subject to point IV, sub-points 1-12 of this Policy and point 2 below, Personal Data is stored for no longer than is necessary for the proper fulfillment of the order, i.e., delivery of the purchased goods to the Customer at the indicated correspondence address and enabling the sending of personalized commercial information. After the aforementioned period, Personal Data is stored solely for the purpose of securing possible claims.
- At any time, the Customer has the right to delete their Personal Data, which results in the Administrator ceasing to store their data.
The Online Store may contain links to other websites. The Administrator encourages you to familiarize yourself with the terms and conditions and privacy policies applicable to other websites. This Policy applies only to the specified actions of the Administrator.
- This version of the Policy is effective from March 12, 2026.
- The Administrator reserves the right to change the content of this Policy in the event of changes in applicable law, about which it will inform on the Online Store's website.