We care about your privacy. Therefore, we collect and process your data only if it is necessary, and only such data that you provide to us.
§ 1 PERSONAL DATA PROTECTION
We process your personal data in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”).
WHO IS THE CONTROLLER OF YOUR DATA?
The Controller of your personal data provided while using the Store or during the use of Social Media platforms belonging to the Store, in particular the data you provide to us in the process of placing an order, user registration or when subscribing to our Newsletter is:
conducting business activity under the name SAVONA
ul. Rynek Kościuszki 8/1, post code: 15-426 Białystok, Poland
Tax ID no. (polish NIP): 5213916346, National Business Registry Number (polish REGON): 050608688
e-mail address: firstname.lastname@example.org
(hereinafter referred to as the: “Seller” or “Controller”)
WHAT DATA DOES THE STORE COLLECT AND CAN I REFUSE TO PROVIDE DATA?
We collect and process only such personal data, i.e. the data based on which the user can be identified, which the user provides himself e.g. in the process of placing an order.
Browsing the website of our Store does not require registration or providing any personal data.
Providing personal data is voluntary. However, refusal to provide personal data may hinder or make completely impossible to process an order or to conduct some of the services offered by the Controller. For example, failure to provide name, surname and an e-mail address will make it impossible to place an order (and thus to conclude a contract), while in case of the Newsletter service, failure to provide an e-mail will prevent its sending.
WHAT ARE YOUR RIGHTS IN CONNECTION WITH THE PROCESSING OF PERSONAL DATA BY THE CONTROLLER?
As the data subject, i.e. a user whose personal data we process, you have the right to:
- access your personal data;
- request rectification of your personal data;
- erasure of your personal data (e.g. if there are no legal grounds for processing) or right to restriction of their processing;
- object to the processing of your personal data;
- data portability, pursuant to Article 20 of GDPR;
- withdrawal of consent to the processing of your data, if the consent was the basis for their processing by the Controller; and
- to lodge a complaint with a supervisory authority.
Any requests in this regard may be submitted directly to the Controller, in any form that will be convenient for you, e.g. by an e-mail, contact form, post. The Controller’s contact details are provided at the beginning of this Policy. Please remember that these rights are not absolute and do not apply to all processing of your personal data. For more information and to learn the limitations on your rights, please check the details of Articles 16 – 21 of GDPR.
Each time you make the above requests, we will reply to them within one month, adequately justifying further actions resulting from legal obligations.
Notwithstanding the above, you always have the right to lodge a complaint to the supervisory authority, which is: in Poland – the President of the Office for Personal Data Protection, in other European Union countries – the national supervisory authority, respectively. In such a case, however, we encourage you to contact the Controller in advance to clarify your doubts.
You can also always turn to the Controller with a request to provide information on what data the Controller holds about you and for what purposes it processes the data (right of access to personal data).
Notwithstanding the above, please find below more detailed information on rules of data processing by the Controller, as well as on what rights you have in relation to your personal data and for what purposes we process your personal data.
FOR WHAT PURPOSES, ON WHAT LEGAL BASIS AND FOR HOW LONG WE
PROCESS YOUR PERSONAL DATA?
We do not process your personal data by automated means (no profiling takes place).
We process your personal data only for the following purposes and based on the indicated legal grounds:
I. Fulfilment of orders placed in our Store
To place an order in the Store, we will ask you to provide us with the data necessary to process the order, such as your name and surname, billing / shipping address, an e-mail address (where we will send the order confirmation), as well as a phone number (voluntarily) to facilitate delivery by the selected carrier (when choosing the InPost Paczkomat option, it will be necessary for delivery, however this option may only apply for deliveries within Poland).
For orders placed as part of your business activity, we will also ask you to provide your full company name, registered address, and tax identification number.
Providing this data is voluntary, but necessary to place the order or for proper delivery in case of certain delivery methods.
The data provided in connection with your order will therefore be processed for following purposes: processing your order (Article 6 para 1 letter b) of GDPR, issuing an invoice (Article 6 para 1 letter c) of GDPR), including the invoice in our accounting records (Article 6 para 1 letter c) of GDPR), for the purpose of dealing with potential product complaints, including to be able to prove certain facts by the Controller if this proves necessary (evidential purposes) (Article 6 para 1 letters b) and c) of GDPR). We may also process your data for archival and statistical purposes (Article 6 para 1 letter f) of GDPR).
Order data will be processed for the time necessary to process the order and thereafter until the expiry of the limitation period for claims under the concluded contract. In addition, after the expiry of this period, the personal data may still be processed for statistical purposes. Please also note, that as a Seller, the Controller is obliged to store billing documents with your personal data for a period of 5 years from the end of the tax year in which the tax obligation arose.
In the case of order data, you do not have the opportunity to rectify this data after the order has been processed. You also cannot object to the processing of your data or request to erasure your data until the expiry of the limitation period for contractual claims. Likewise, you may not object to data processing and request erasure of data contained in invoices or other billing documents that require the name of the buyer. However, after the expiry of the limitation period for claims under the concluded contract, you may object to the processing of your data for statistical purposes, as well as request deletion of your data from the Controller’s database.
In relation to your order data, you have the right to data portability referred to in Article 20 of GDPR. It consists in the fact that you have the right to receive from the Controller an extract of the personal data processed by the Controller, in a structured form in accordance with the requirements of GDPR.
If you want to receive our Newsletter and keep up to date with news, great offers, or you simply want to know what’s new with us (e.g. backstage news), you can subscribe to our Newsletter. Subscribing to the Newsletter takes place via the Newsletter subscription form and requires providing your e-mail address and name. Providing these data is voluntary, but necessary to subscribe to the Newsletter.
Data provided during subscription to the Newsletter will be used only for the purposes of the Newsletter service. The legal basis for processing your personal data in this case is the implementation of a legitimate interest pursued by the Controller, which is direct marketing of own products (Art. 6 para 1 letter f) of GDPR).
The data will be processed for the duration of the Newsletter service offered by the Controller unless you unsubscribe from the Newsletter earlier or object to the processing of your personal data in this scope. Please note that unsubscribing from the Newsletter does not result in complete removal of your data from the Controller’s database. Although we will no longer send you the Newsletter, your data will still be stored in the mailing system in order to defend against possible claims related to the sending of the Newsletter (art. 6 para 1 letter c) and f) of GDPR).
You can rectify your data stored in the Newsletter database at any time. You also have the right to data portability as referred to in Article 20 of GDPR.
III. Contact with the Store
By initiating contact with us via email or the contact form on the Store website, or via social media platforms, you provide us – as the sender of the message – with your name and, depending on the means of communication, your email address or profile name. Providing this data is voluntary, but necessary to establish contact.
Your data is processed in this case for the purpose of communicating with you and responding to your enquiry, and the basis for processing is Article 6 para 1 letter a) of GDPR, i.e. your consent resulting from the initiation of contact. In the case of enquiries about products from the Store before you place an order, the legal basis is also Article 6 para 1) letter b) of GDPR (processing is necessary to take steps prior to entering into a contract). The legal basis for post-contact processing is the Controller’s legitimate interest of archiving the correspondence for the purpose of showing its course in the future (Article 6 para 1 letter f) of GDPR).
The content of correspondence conducted in this way may be archived. We cannot explicitly state when it will be deleted. However, you always have the right to request the history of the correspondence (if it has been archived) as well as to request its deletion, unless its archiving would be justified by an overriding interest of the Controller, e.g. the defense against potential claims on your part.
IV. Comments on Facebook, Instagram
Whenever you leave a comment on social media platforms managed by the Store, you naturally leave a trace of our profile in the form of your profile name on the respective social media platform. The basis for data processing in this case is Article 6 para 1 letter a) of GDPR, i.e. your consent to interact on social media platforms.
In this case, your data will be processed as long as the Controller runs a business, including as long as he runs his social media platforms, unless you ask for the removal of your comment, which will result in removing your data from the database.
You also have the right to request the deletion of your data from the social media platforms. You can also exercise these rights within your Facebook or Instagram user account directly against the owner of these social media platforms, who in this case is joint controller of your personal data.
You also have the right to data portability referred to in Article 20 of GDPR.
V. Maintaining a registered user account in the Store
Regardless of whether you place an order in our Store or not, you can create an account of a registered user of the Store (free service provided by the Seller). Placing orders in our Store also requires the prior creation of a registered user account. Having an account in our Store is free of charge. On your account you will have access to e.g. order history, order fulfillment status. Within your registered user account it will be also possible to manage your marketing consent given when signing up for the Newsletter.
In order to create a registered user account, you need to provide your first name, surname, e-mail address.
The data provided in connection with user registration will be processed for the purpose of performance of the contract on provision of electronic services by the Seller – establishment, maintenance, and management of a registered user account (Article 6 para 1 letter b) of GDPR), handling possible complaints regarding account (Article 6 para 1 letters b) and c) of GDPR), as well as possibly for archival and statistical purposes (Article 6 para 1 letter f) of GDPR).
Your data will be processed for as long as the Controller is in business unless you delete your account earlier. In the latter case, however, your data will still be processed until the expiry of the limitation period for claims under the concluded contract for the provision of electronic services.
In the case of and within the scope of the registered user account service, you always can request rectification or completion of your data, and this for as long as you hold a registered user account in our Store. However, you may not object to data processing or request deletion of data until the expiry of the limitation period for claims under the contract. After the expiry of the limitation period for claims under the registered user account service, your data will be deleted from the Controller’s database.
Also, in this case, you have the right to data portability as referred to in Article 20 of GDPR.
TO WHOM MAY WE DISCLOSE YOUR PERSONAL DATA (DATA RECIPIENTS)?
Your personal data may be disclosed to the Controller’s subcontractors, but only if this proves necessary for the performance of the contract with you, or another purpose of the processing.
Thus, your personal data may be provided to the following categories of data recipients: IT service providers – Internet Store software provider (WordPress) and operator, hosting service providers, e-mail service providers (hosting), courier service providers (including intermediary platforms such as furgonetka.pl), postal service providers, accountants, marketing service providers, Newsletter service providers, and companies providing electronic payment solutions (e.g. quick online payments, Paypal) and supporting our Store in handling shipments (storage, packaging, handling returns and complaints).
These companies guarantee appropriate measures to protect the confidentiality and security of personal data as required by law. Moreover, they may not use the personal data provided to them for purposes other than those for which they were entrusted to them by the Controller.
- Google LLC: https://policies.google.com/privacy?hl=en
- Facebook Ireland Ltd.: https://www.facebook.com/privacy/explanation
IS YOUR DATA SAFE?
We take all necessary steps and measures to ensure the security of your personal data and to prevent access by unauthorized persons.
In particular, only authorized persons who are obliged to keep your personal data confidential will have access to the users’ personal data.
On our Store website we use the mechanism of so called “cookies”.
WHAT ARE COOKIES?
“Cookies” are small text files that record online activity of the user. When you browse and use our Online Store, cookies are stored on your device, e.g. computer, tablet, laptop, smartphone.
We divide cookies into temporary (session) and permanent ones. Session Cookies are deleted when the internet browser session ends (when you close it). Permanent cookies, on the other hand, are stored on your terminal device and enable recognition of your browser the next time you visit the website.
However, we do not automatically collect any information other than that relating to your visit: your IP address, domain name, browser type, etc. This data is processed only for the purposes of administering the Store website, ensuring efficient operation of the Store, and are not associated with personal data of individual users.
In particular, cookies are not used to identify users, which means that we are not able to determine – based on cookies – the identity of the user visiting the Store. Cookies also do not change the configuration of your device, nor do they serve to install or uninstall any program or application on your device. Cookies also do not interfere with the integrity of your system or your data.
WHAT SPECIFICALLY ARE COOKIES USED FOR?
Cookies allow us, for example, to better customize the content of a website so that you can use it more comfortably. Cookies facilitate navigation on our website and allow us to personalize the interface of the site you are viewing – they remember the selected resolution, content layout or, for example, the selected language.
Cookies make it possible to maintain the user session after logging into the Store. Thanks to this, as a registered user you will not have to re-enter your username and password on each subpage of the Store.
Cookies also allow us to understand how our customers use our website, from where they were redirected to the Store website, the number of visits, the time of their visit (which in turn enables us to improve the structure, content and offer of the Store).
We may also use advertising cookies which enable us to provide users with advertising content more suited to their interests.
YOUR CONSENT TO COOKIES
The temporary storage of log files and cookies facilitates the use of our website.
Please note, however, that disabling cookies may cause difficulties or prevent proper and uninterrupted use of our Online Store.
THIRD PARTY COOKIES
Facebooka Pixel – we use the Facebook Pixel to manage Facebook ads and conduct remarketing activities. This is our legitimate interest – marketing of our own products and services. The Facebook Pixel is a small piece of code placed on our website. It helps to measure the effectiveness of ads, shows what actions Store users take and helps us to reach a specific group of people (Facebook Ads, Facebook Insights). However, the information collected within the Facebook Pixel is anonymous, i.e. it does not allow us to identify you. Please note, however, that Facebook may combine this information with other information about you collected as part of your use of Facebook and use it for its own purposes, including marketing.
You can also decide whether you agree to the use of the Facebook Pixel as part of the cookie settings accessible from the Store website.
Google Analytics – we use Google Analytics. This solution is used to analyze the statistics of our Online Store. Google Analytics uses its own cookies to analyze actions and behaviors of the Store’s users. The cookies are placed on the user’s computer and thanks to them we can see e.g. which website the user came from to the Store website. This tool is provided by Google Ireland Limited. Actions taken with the use of Google Analytics code are based on the Controller’s legitimate interest in the creation and use of statistics. Thanks to Google Analytics, we can improve our services and optimize the pages of the Store even better. As part of the use of the Google Analytics tool, however, we do not process any user data, so
we cannot identify you as a user.
If you are interested in the details related to the data processing within Google Analytics, we encourage you to read the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.
You can decide whether you consent to the use of Google Analytics as part of the cookie settings available on the Store website.
Social Media Referral Plugins – we use following social media referral plugins on the Store website: Instagram.
By clicking on the “Like” or “Share” button in relation to, for example, a post, product or photo, information about this activity will be sent directly to the server of the relevant social media provider and stored there. The purpose and scope of data collection, the principles of data processing by these service providers (owners of social media platforms), your rights in this regard as well as the possibility of changing the settings to ensure the protection of your privacy are described in the privacy policies of the respective service providers. The Controller has no influence on the data processed by these entities.
In addition, by clicking “Like” or “Share”, your activity will also be visible to the persons in your contact list of the respective social platform.
If you do not want that social media platforms associate the data collected during your visit to the Store’s website with your profile on a given social media page, simply log out before visiting the Store’s website.