This document defines the rules for the processing and protection of personal data of the Website Customers available at www.izabelalapinska.com
The Controller of personal data (hereinafter referred to as Personal Data) of Customers – natural persons – and users (persons the data refer to) of the Website is “Frywolitka” Sp. z o.o. with its registered office in Warsaw, at Dymińska 2/112 01-519 Warsaw, e-mail: firstname.lastname@example.org, entered into the register of entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register under the KRS number 0000731505, NIP number 1130015696, REGON number 380212331.
Personal Data – this is information about an identified or identifiable natural person, the data refer to, i.e. the person who can be directly or indirectly identified, in particular on the basis of a feature such as: name and surname, identification number, location data, internet identifier or one or more characteristics which define the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
Cookies – means IT data, in particular small text files, saved and stored on devices through which the User uses the Website pages.
Website – means the website or application under which the Controller runs the website, operating in the domain (s): www.izabelalapinska.com
User – means an entity for which electronic services may be provided in accordance with the Regulations and legal provisions or with whom an Agreement for the provision of electronic services may be concluded.
The Controller processes the Personal Data of persons to whom they relate in accordance with applicable regulations, in particular Polish law and Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to processing of personal data and on the free movement such data and the repeal of Directive 95/46/EC (General Data Protection Regulation, GDPR).
The scope and purpose of collecting personal data
We collect and process Personal Data for the following purposes:
- Maintaining and servicing the Website user account
- In order to perform the contract regarding the maintenance and service of the Website User’s account, and this applies to the data provided in the registration form
- The legal basis for our processing of the above-mentioned data is the necessity to perform the contract regarding the User’s account and take action at the User’s request (Article 6 (1) (b) of the GDPR.
- Order fulfillment
- In order to fulfill the User’s order, we will process the personal data provided by the User in the order;
- The legal basis for our processing of the above-mentioned data is necessary to perform the contract regarding this order and take action at your request (Article 6 (1) (b) of the GDPR.
- Compliance with legal obligations
- In order to comply with the obligations imposed on us by the law, e.g. by the Accounting Act or tax regulations (e.g. issuing and storing invoices and accounting documents), we will process the User’s data from the order, from the User’s account
- The legal basis for the processing of the above-mentioned data is a legal obligation imposed on us (Article 6 (1) (c) of the GDPR.
- Analysis of preferences and behavior as well as creating a customer profile for marketing purposes (profiling) and direct marketing – applies to persons using the User’s account
- Analysis and creating a profile for marketing purposes: To learn about personal preferences and behavior in order to provide the User with information about products, news and special offers offered by the Website. To create it, we will process the User’s personal data provided in the account registration form, information related to the User’s activity as part of the User’s account in the last 24 months (order history), the frequency and manner of using the User’s account (i.e. via the mobile application/via the website), the User’s opinions and suggestions, location data (if such an option is enabled by the User on her/his device or browser), cookies and similar technologies for collecting data on user activity, i.e. places visited and User activity on our websites, technical information about the User’s device (IP / MAC address, operating system and browser type
- Direct marketing: For direct marketing, i.e. informing the User about products, news and special offers offered by the Website, we will process data from the User’s profile;
- The legal basis for the processing of the above-mentioned data is a pursuance of legitimate interest which involves examining the User’s preferences and behavior by the Website for the purposes of preparing and presenting information about products, news and our special offers to the User, which in our opinion may interest the User and will be tailored to the needs (profiling) and direct marketing of our products referred to above (Article 6 (1) (f) of the GDPR).
- Analysis of preferences and behavior as well as creating a customer profile for marketing purposes (profiling) and direct marketing – applies to people who do not use the Website’s user account
- Analyzing and creating a customer profile for marketing purposes: To know User’s personal preferences and behavior in order to present information about products, news and special offers offered by us, which we believe may be of interest to the User and will be tailored to her/his needs, if the consent for it is expressed, we will create a customer profile (profiling). To create it, we will process the name, surname, e-mail address, telephone number, last order history from the last 24 months, method of ordering (mobile application / website);
- The legal basis for the processing of the above-mentioned data is your consent (Article 6 (1) (a) of the GDPR).
- Marketing communication
- We will direct the User with marketing messages about products, news and special offers offered by us via communication channels (e.g. e-mail, SMS), to which the User has previously given her/his voluntary consent. The consent may be withdrawn at any time, as easily as it was given. Withdrawal of consent does not affect the lawfulness of activities performed before its withdrawal.
- Establishing and pursuing claims and defense against claims
- In order to establish or pursue claims by us, as well as to defend against such claims, we will process User’s data from the order, User’s account (if any), as well as data related to complaints and plaints;
- The legal basis for processing of the above-mentioned data is our legitimate interest involving the possibility of establishing and pursuing claims or defending against such claims (Article 6 (1) (f) of the GDPR).
- Handling inquiries, complaints or suggestions
- In order to handle the User’s inquiry, complaint or suggestion, we will process the data provided in the inquiry, complaint or suggestion;
- The legal basis for the processing of the above-mentioned data is necessary to perform the contract (Article 6 (1) (b) of the GDPR) or our legitimate interest involving the possibility of providing the User with a reply (Article 6 (1) (f)).
- Surveying the satisfaction of our customers and determining the quality of our products
- In order to survey the satisfaction of our Users and determine the quality of our service, we will process the data indicated in the survey, which we may ask each User to complete;
- The legal basis for the processing of the above-mentioned data is our legitimate interest in obtaining relevant information in order to improve the quality of our products and services (Article 6 (1) (f)).
Cookies are small text files containing a unique identifier that are stored on a computer or mobile device, so that the device can be recognized when using a specific website or mobile application. They can only be used for the duration of the User’s visit, or they can be used to measure the User’s interaction with the services and content over a period of time. Cookies help to provide important functions and functionality of our Website and to improve the quality of their use by the User.
|Improving the way our Website works||Cookies allow us to improve the way our Website works, so that we can personalize the customer experience and enable the User to take advantage of many useful functions that they offer.
|Improving the performance of our Website||Cookies can help us understand how our Website is used, for example, to inform us if error messages appear while using them.
These cookies collect data that is mostly aggregated and anonymised.
|Delivery of relevant online advertising, including adverising via social media
These cookies may collect information about the User’s online behavior, such as the IP address, the website from which the connection was made, and information about the User’s purchase history or basket content. This means that the User may see our advertisements on our Website and on the websites of other organizations. Our Website may also display advertisements from other organizations.
|Measure the effectiveness of our marketing communications, including online advertising||Cookies can tell us if you have seen a specific advertisement and how much time has elapsed since it was displayed. This information allows us to measure the effectiveness of our online advertising campaigns and to control how many times the advertisement has been displayed to the User.
The User may independently and at any time change the settings for Cookies, specifying the conditions for their storage and access by Cookies to the User’s Device. Changes to the settings referred to in the previous sentence can be made by the User using the web browser settings or by using the service configuration. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to be informed about them each time Cookies are placed on the User’s device. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings.
THE PERIOD OF PERSONAL DATA PROCESSING
- The period of data processing by the Controller depends on the type of service provided and the purpose of processing. The data processing period may also result from the regulations, if they constitute the basis for processing. In the case of data processing on the basis of the Controller’s legitimate interest – e.g. for security reasons – the data is processed for a period enabling its implementation or until an effective objection to data processing is raised. If the processing is based on consent, the data is processed until its withdrawal. In the event that the basis for processing is necessary to conclude and perform the contract, the data will be processed until its termination.
- The period of data processing may be extended if the processing is necessary to establish, investigate or defend against possible claims, and after this period, only if and to the extent that it will be required by law. After the end of the processing period, the data is irretrievably deleted or anonymized.
RIGHTS RELATED TO PROCESSING OF PERSONAL DATA
Due to processing of data by the Controller, the User has a number of rights:
- you can obtain information on how and to what extent we process your data and, additionally, a copy of your personal data. If your request includes copies of the data, you will help us by indicating the copy of which data you would like to receive;
- you can request the rectification of your data (if it has been incorrectly saved or if it has changed), its deletion (if there is no basis for the Controller to process it) or restriction of processing (if you want the Controller to process your data only to a limited extent, until considering your objection or request for data rectification, as well as if you want the data to be stored in connection with your claims);
- you can request the transfer of your data that you have provided to us in a structured, commonly used and machine-readable format. You can provide the received data yourself to the Controller of your choice. In addition, if it is technically possible, while maintaining appropriate security standards, we can do it for you at your request;
- if the processing of your data by the Controller takes place on the basis of a legitimate interest, you can object to such processing;
- if you think that the processing of your data violates your rights, tell us about it. We try to respond to the comments and suggestions of our Users. You also have the right to lodge a complaint with the supervisory body [in Poland – the President of the Personal Data Protection Office (known as the Inspector General for Personal Data Protection until 25 May 2018)].
An application regarding the exercise of rights related to the processing of User’s Personal Data may be submitted:
- in writing to the following address: Showroom Izabela Lapinska, Mokotowska 40/5 00-543 Warsaw
- by e-mail to the following address: email@example.com.
The application should, if possible, precisely indicate what the request concerns, i.e. in particular:
- what right the person submitting the application wants to use;
- what kind of data processing the request concerns (e.g. using a specific service, activity on a specific website, receiving a newsletter containing commercial information to a specific email address, etc.);
- what processing purposes the request relates to (e.g. marketing purposes, analytical purposes, etc.).
If the Controller is not able to determine the content of the request or identify the person submitting the application on the basis of the submitted application, he will ask the applicant for additional information.
The response to the applications will be given within one month of its receipt. If it is necessary to extend this period, the Controller will inform the applicant about the reasons for such extension.
Changes to this policy and the reason
The Controller may change the Policy in the future, among others for the following important reasons:
- amendments to the applicable provisions, in particular in the field of Personal Data protection, telecommunications law, services provided electronically and regulating consumer rights, affecting the rights and obligations of the Controller or the rights and obligations of the data subject;
- development of functionalities or Electronic Services demanded by the progress of internet technology, including the use / implementation of new technological or technical solutions, affecting the scope of the Policy.
The Controller will each time place information about changes to the Policy on the Website. With every change, a new version of the Policy will appear with a new date.
This version of the Policy has been valid from 01.09.2020 r.