Privacy policy

The controller responsible for the processing of personal data is:

Grazyna Osiecka-Jaśkiewicz

Szczęśliwicka 68/5

02-353 Warsaw

grazyna.osiecka@gmail.com

Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below you will find detailed information on the handling of your data.

1. ACCESS DATA AND HOSTING

You can visit our website without providing any personal data. Each time a page is called up, the server automatically saves only the so-called server logs, e.g. the name of the requested file, your IP address, the date and time of the call-up, the amount of data transferred and the requesting Internet service provider (so-called access logs) and documents the call-up.

This data is analysed exclusively to ensure the proper functioning of our website and to improve our offer. The above serves, in accordance with Article 6(1)(f) of the DPA, to safeguard our legitimate interest in the optimal, correct presentation of our website and offer. All access data is deleted within seven days of the end of your visit to the website.

HOSTING

The website hosting and display services are partly provided on our behalf by our service providers under a data processing entrustment. Unless otherwise stated in this privacy policy, all access data and data collected in the forms provided for this purpose on our website will be processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact us. You will find our contact details under „Our contact details and your rights”.

2. COLLECTION AND PROCESSING OF DATA FOR CONTRACT PERFORMANCE, CONTACT AND CUSTOMER ACCOUNT CREATION PURPOSES

We only collect personal data if you provide it to us voluntarily by placing your order or by contacting us (e.g. via the contact form or by e-mail). Mandatory fields are marked as such because the data they contain are necessary for the performance of the contract or the processing of the matter on which you are contacting us. Without their provision, you cannot complete your order or contact us. What data is collected is a direct result of the forms into which the data is entered. We use the data you have provided in accordance with Article 6(1)(b) of the RODO in order to fulfil the contract and respond to your requests. In addition, if, pursuant to Article 6(1)(a) RODO, you provide your consent to set up a customer account - we will process your personal data necessary for this purpose. You will find further information regarding the processing of your data, in particular with regard to the transfer of data to our service providers for order processing, payment and dispatch, in the following sections of this privacy policy.

After the complete fulfilment of the contract or the deletion of your customer account, the processing of your data will be restricted and, after the expiry of the retention periods stipulated by tax law and the Accounting Act, the data will be deleted (Art. 6(1)(c) DPA), unless you expressly consent (Art. 6(1)(a) DPA) to the continued use of the data or, in accordance with the applicable legal provisions, we reserve the right to continue to use the data for guilty purposes, in which case we inform you of this privacy policy. Your customer account can be deleted at any time. To do so, please send a message to our contact address indicated under „Our contact details and your rights” or use the corresponding function in the settings of your customer account.

3. TRANSMISSION OF DATA FOR DELIVERY

In order to fulfil the contract (Art. 6(1)(b) RODO), we pass on your data to the shipping company selected by you during the ordering process and commissioned to deliver the ordered products.

4. DATA PROCESSING FOR PAYMENT PROCESSING

For the purpose of processing payments in our online shop, we cooperate with external service providers handling electronic online payments and pass on your data to the payment processing company selected by you during the ordering process. The above is for the purpose of fulfilling the contract (Art. 6(1)(b) RODO).

PROCESSING OF DATA TO PREVENT FRAUD AND OPTIMISE PAYMENTS

In certain situations, we may pass on additional information to our service providers, which may be used by them together with the information necessary to process payments. These service providers then act on our behalf as processors and provide us with services for fraud prevention and optimisation of payment processes (e.g. invoicing, analysis of disputed payments, accounting support). In accordance with Article 6(1)(f) of the DPA, this serves our legitimate interests in terms of protection against fraud and abuse and in terms of efficient payment management.

5. COOKIES AND SIMILAR TECHNOLOGIES

GENERAL INFORMATION

In order to make your visit to our website more attractive and to enable you to use its key functions, we use technological tools for this purpose, including so-called cookies. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted when your browser session ends, i.e. when you close your browser (so-called session cookies). Other cookies are stored on your terminal device and enable us to recognise your browser the next time you visit the website (so-called persistent cookies). We use technologies that are absolutely necessary to ensure the correct and optimal use of the necessary functions of our website (e.g. the shopping basket function). These technologies process data such as, for example, your IP address, the time of your visit to the website, device and browser information, as well as information about the use of our website (e.g. the contents of the shopping basket). This serves, in accordance with Article 6(1)(f) of the DPA, to fulfil our legitimate interest in optimally presenting our offer.

In addition, we also use technology tools to comply with legal obligations to which we are subject (e.g. to prove that we have received your consent to process your personal data), as well as for web analytics and online marketing purposes. Further information on this, including the relevant legal basis for processing your data, can be found in the following sections of this privacy policy.

In the help menu of your browser, you will find explanations on how to change your cookie settings. These are available at the following links: Microsoft Edge™ [https://support.microsoft.com/pl-pl/help/4027947/microsoft-edge-delete-cookies] / Safari™ [https://support.apple.com/pl-pl/guide/safari/sfri11471/mac] / Chrome™ [https://support.google.com/chrome/answer/95647?hl=pl&hlrm=en] / Firefox™ [https://support.mozilla.org/pl/products/firefox/protect-your-privacy/cookies] / Opera™ [https://help.opera.com/pl/latest/web-preferences/#cookies]

Where consent has been given to us by you for the use of certain technological tools (Article 6(1)(a) RODO), this may be withdrawn by you at any time. To withdraw your consent, please contact us via the contact address indicated under „Our contact details and your rights”.

6. USE OF COOKIES AND SIMILAR TECHNOLOGICAL TOOLS FOR WEB ANALYTICS AND MARKETING PURPOSES

Insofar as you have given your consent (Article 6(1)(a) of the RODO), we use the cookies and other similar technological tools of external service providers indicated below on our website. Once the purpose of the processing has been fulfilled and the use of the respective technology tool has ended, the data collected through the use of these tools will be deleted. The consent given may be withdrawn by you at any time. For details on the possibility to revoke consent and your right to object, please see „Cookies and similar technologies”. You will find further information on the pages of the individual service providers. If you have questions about our service providers and the basis of our cooperation with them, please contact us. You will find contact details under „Our contact details and your rights”.

USE OF GOOGLE SERVICES

We use the technology tools indicated below from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland („Google”). The information automatically collected by Google technologies regarding the use of our website is usually transmitted to and stored on the server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The European Commission has not issued a decision on the adequacy of data protection for the USA. Our cooperation is based on the standard data protection clauses adopted by the European Commission. In the event that your IP address is processed as part of the use of Google's technology tools, your IP address is truncated before being stored on Google's servers thanks to the enabled IP anonymisation. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there. Unless otherwise specified for the individual Google technologies described in this privacy policy, data processing takes place on the basis of a personal data co-management agreement with Google in accordance with Article 26 of the DPA. For further information on the processing of data by Google, please refer to the privacy policy on Google's website [http://policies.google.com/privacy?hl=pl].

GOOGLE ANALYTICS

For the purpose of analysing the use of our website, we use Google Analytics, a web analytics tool from Google, which automatically processes your data (IP address, time of visit, device and browser information, as well as information on the use of our website) for this purpose and creates pseudonymised user profiles on the basis of this data. Cookies may be used for this purpose. Your IP address is generally not combined with other data collected by Google. The processing of data within the scope of Google Analytics takes place on the basis of a data entrustment agreement with Google.

GOOGLE ADS

With the help of Google Ads, we promote our website in search results and on third-party websites. For this purpose, when you visit our website, a Google remarketing cookie is automatically stored on your device which, on the basis of the pages you visit, enables ads to be displayed based on your interests by processing your data (IP address, time of visit, device and browser information, as well as information regarding the use of our website) using a pseudonymous identifier (ID). Further data processing only takes place if you have activated the option to personalise advertisements in your Google account settings. In this case - if you are logged into Google at the same time during your visit to our website, Google will use your data together with the data collected from Google Analytics to create and define so-called target group lists for remarketing purposes on different devices.

USE OF FACEBOOK SERVICES

FACEBOOK PIXEL

We use the Facebook Pixel tool provided by Facebook Ireland Ltd [https://pl-pl.facebook.com/facebookdublin/], 4 Grand Canal Square, Dublin 2, Ireland („Facebook”). The scope of functionality we use for the Facebook Pixel tool is indicated below. The Facebook Pixel automatically collects and saves data (your IP address, the time of your visit to the website, device and browser information, as well as information about your use of our website, e.g. your visit to the website or your registration for the newsletter). From this data, pseudonymised user profiles are then created.

To this end, when you visit our website, the Facebook Pixel stores a cookie on your device which, by means of a pseudonymised Cookie-ID, enables your browser to be automatically recognised when you visit other websites. Facebook will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services relating to your use of the websites, in particular for the purposes of personalising advertising. The information automatically collected by Facebook technologies regarding your use of our website is usually sent to a server of Facebook, Inc. 1601 Willow Road, Menlo Park, California 94025, USA and stored there. In relation to the USA, the European Commission has not issued a decision stating an adequate level of data protection. Our cooperation is based on the standard data protection clauses adopted by the European Commission. Data processing is carried out in accordance with Article 26 of the RODO on the basis of joint arrangements between the joint controllers. To the extent that the transfer of data to the USA is our responsibility, our cooperation is based on the standard data protection clauses of the European Commission. Further information on Facebook's data processing can be found in Facebook's privacy policy [https://pl-pl.facebook.com/policy.php].

an adequate level of data protection. You can find more information on the data protection principles of Trusted Shops GmbH here [https://www.trustedshops.pl/dane-firmy-ochrona-danych/].

7. SOCIAL MEDIA

SOCIAL MEDIA PLUG-INS: FACEBOOK, INSTAGRAM, PINTEREST

So-called social network plug-ins (buttons) are used on our website. These plug-ins are accessible via an HTML link, which ensures that when you visit our website containing such plug-ins (buttons), no automatic, direct connection to the servers of the operator of the respective social network is established. When you click on one of the buttons (plug-ins), a new window will open in your browser displaying the page of the respective social network where you can approve the use of the respective button, e.g. „Like” or „Share”.

OUR ACTIVITY ON SOCIAL NETWORKS: FACEBOOK, INSTAGRAM, PINTEREST

If you have given your consent to the respective social network in this regard (Article 6(1)(a) RODO), when you visit our account/profile on the aforementioned social networks, your data will be automatically collected and stored for web analytics and marketing purposes. From this data, pseudonymised user profiles are created. These can be used, for example, to place so-called personalised advertisements within and outside the social networks, which are likely to correspond to your interests. Cookies are usually used for this purpose.

Detailed information regarding the processing and use of your data by the individual social networks, as well as information regarding your rights and the possibility to configure your privacy settings, as well as contact details for making an enquiry are described in the privacy policies of the individual social networks linked below. Should you require assistance in this regard, you may also contact us.

Facebook [https://pl-pl.facebook.com/about/privacy/]is a social networking service offered by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland („Facebook Ireland“). The automatically processed information regarding your activity and use of our Facebook fanpage is generally transmitted to and stored on the server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA. In relation to the USA, the European Commission has not issued a decision stating an adequate level of data protection. Our cooperation is based on the standard data protection clauses adopted by the European Commission. The processing of data in the context of visits to the Facebook fanpage is carried out in accordance with Article 26 RODO on the basis of the concluded joint arrangements of the joint controllers, which are available here [https://pl-pl.facebook.com/legal/terms/page_controller_addendum]. Further information regarding the processing of your personal data within the scope of your Facebook fanpage visit (information regarding the page statistics function) is available here [https://www.facebook.com/legal/terms/information_about_page_insights_data].

Instagram [https://help.instagram.com/519522125107875]is a social networking service offered by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland („Facebook Ireland“). The automatically processed information regarding your activity and use of our fanpage account on Instagram is generally transmitted to the server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA and stored there. In relation to the USA, the European Commission has not issued a decision stating an adequate level of data protection. Our cooperation is based on the standard data protection clauses adopted by the European Commission. The processing of data in the context of visits to the fanpage account on Instagram is carried out in accordance with Article 26 of the RODO on the basis of the concluded joint arrangements of the joint controllers. Further information regarding the processing of your personal data in the context of your Facebook fanpage visit (information regarding the page statistics function) is available here [http://pl-pl.facebook.com/about/privacy/].

Pinterest [https://policy.pinterest.com/pl/privacy-policy]is a social networking service offered by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland („Pinterest“). The automatically processed information regarding your activity and use of our profile on Pinterest is generally transmitted to the server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107 in the USA and stored there.

In relation to the US, the European Commission has not issued a decision finding an adequate level of data protection.

8.OUR CONTACT DETAILS AND YOUR RIGHTS

Data subjects have the following rights: * pursuant to Article 15 of the RODO: the right to be informed about the processing of data to the extent set out in that Article;

 * in accordance with Article 16 RODO: the right to rectify your inaccurate or incomplete personal data;

 * in accordance with Article 17 RODO: the so-called „right to be forgotten”, i.e. the right to erasure of your personal data stored with us, insofar as further processing is not necessary: * to exercise your right to freedom of expression and information;

* to comply with a legal obligation;

* for reasons of public interest;

* to establish, assert or defend claims;

* pursuant to Article 18 RODO: the right to restrict the processing of your personal data, insofar as: * the accuracy of this personal data is contested by you;

* processing is unlawful and you object to their deletion;

* we no longer need your personal data, but you need them to establish, assert or defend your claims;

* you have lodged an objection pursuant to Article 21 to the processing of your data;

* in accordance with Article 20 RODO: the right to receive the data provided to us in a structured, commonly used machine-readable format and to have it sent to another controller;

* in accordance with Article 77 RODO: the right to lodge a complaint with a supervisory authority (the President of the Office for the Protection of Personal Data „UODO”).

If you have any questions regarding the collection, processing and use of your personal data, or if you wish to request information, rectification, restriction of processing or deletion of your data, or if you wish to revoke consents given or object to the use of certain data, please contact:

Grażyna Osiecka-Jaśkiewicz

Szczęśliwicka 68/5

Warsaw 02-353

Poland

grazyna.osiecka@gmail.com Right to object

If we process personal data in the manner described in this privacy policy in order to safeguard our legitimate interests, then you may object to the processing of your data for this purpose - with effect for the future. If the processing takes place for direct marketing purposes, you may exercise your right to object at any time. If the processing takes place for other purposes, you only have the right to object for reasons arising from your specific situation.

Once you have exercised your right to object, we will not continue to process your personal data unless we can demonstrate that there are compelling legitimate grounds for the processing and these override your interests and rights, or where the processing is for the assertion, exercise or defence of legal claims.

The above sentence does not apply if the processing is carried out for direct marketing purposes. In this case, we will always stop further processing of your personal data once you have expressed your objection.