Privacy and cookies policy of zielarniasuwalska.pl online store

This document sets out the terms and conditions for the processing of personal data (hereinafter also referred to as “data”) and cookies in the area of the zielarniasuwalska.pl online store, operated through the website, made available at the URL: zielarniasuwalska.pl, hereinafter referred to as the “Store”.

TABLE OF CONTENTS

§1. HOW TO CONTACT THE DATA CONTROLLER

The administrator of the personal data processed within the scope of the Store is Agnieszka Żukowska, conducting business activity under the name of Zielarnia Agnieszka Żukowska, with registered office in Suwałki (16-400) at ul. Tadeusza Kościuszki 112C/U2 registered in the Central Register and Information on Business Activity conducted by the Minister of Development, under the NIP number 6671674243 and REGON number 200861322.

The Data Controller can be contacted at telephone number: 730 30 90 30 and using the e-mail address: kontakt@zielarniasuwalska.pl.

§2. ON WHAT BASIS DO WE PROCESS YOUR DATA

When collecting personal data, we always inform about the legal basis for its processing. It stems from the provisions of RODO (Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of natural persons in relation to the processing of personal data on the free movement of such data and the repeal of Directive 95/46/EC – the General Data Protection Regulation). When we inform you about:

  • 6(1)(a) RODO – this means that we process personal data on the basis of consent received,
  • 6(1)(b) RODO – this means that we process personal data because it is necessary for the performance of a contract or for taking action prior to entering into a contract, upon request received,
  • 6(1)(c) RODO – this means that we process personal data in order to fulfill a legal obligation,
  • 6(1)(f) RODO – this means that we process personal data in order to pursue legitimate interests.

§3. INFORMATION ABOUT THE PROCESSING OF DATA FOR THE PURPOSE OF CONCLUDING AND PERFORMING CONTRACTS, POSSIBLE CLAIM AND DEFENSE AGAINST THEM

  1. We may process personal data necessary for the performance of the contract concluded with you. However, even before the conclusion of the contract, we may process personal data necessary to take action on your request. The processing of this data is based on Art. 6(1)(b) RODO.
  2. During the performance of the contract and after its execution, we process the personal data of a party to the contract for the purpose of possible processing of claims, as well as their investigation. Our legitimate interest is, for example, the possibility of responding to a possible complaint, which we are obliged to do under separate provisions of civil law. In such a case, we will process personal data based on the legitimate interest of defending against or asserting possible claims. The processing of this data is based on Art. 6(1)(f) RODO.
  3. We will store this data for the period necessary for the fulfillment of the designated purposes, no later than the statute of limitations for claims under separate laws.
  4. You have the right to access, rectify, erase, restrict processing of your data, the right to data portability, as well as the right to lodge a complaint with a supervisory authority. In the situation of data processing for the purpose specified in point 2, you also have the right to object to its processing.
  5. Provision of this data is voluntary, but failure to provide this data will prevent the conclusion of the contract or its implementation.
  6. The recipients of this data are our web host, email service provider, IT service provider, shipping service provider, accounting and invoicing software service provider, electronic payment service provider, banking service provider, telecommunications service provider, legal, consulting and collection service provider, and other service providers we use for the designated purpose.

§4. INFORMATION ON DATA PROCESSING FOR THE PURPOSE OF SENDING THE NEWSLETTER

  1. We allow you to subscribe to the list of recipients of our newsletter. If you have used this functionality, we process your personal data just for the purpose of sending it. The newsletter may contain advertising, commercial or marketing content.
  2. The processing of this data is carried out on the basis of Art. 6(1)(f) RODO.
  3. You have the right to unsubscribe from the newsletter at any time.
  4. We will keep your data until you unsubscribe or until we stop sending the newsletter.
  5. You have the right to access, rectify, erase, restrict processing of your data, the right to data portability, the right to object to processing, and the right to lodge a complaint with a supervisory authority.
  6. Providing this data is voluntary, but failure to provide this data will prevent the newsletter from being sent.
  7. The recipients of this data are our web host, IT service provider, email service provider and newsletter sending service provider.

§5. INFORMATION ON DATA PROCESSING FOR THE PURPOSE OF SENDING NOTIFICATIONS

  1. We allow you to subscribe to the list of recipients of our notifications, displayed via your web browser. If you have used this functionality, we process your personal data just for the purpose of sending it. Notifications may contain advertising, commercial or marketing content.
  2. The processing of this data is based on your consent and thus Art. 6(1)(a) RODO.
  3. You have the right to revoke the consent you have given at any time. However, the withdrawal of consent does not affect the lawfulness of previous data processing.
  4. We will keep your data until you withdraw the consent you have given us. In case you never withdraw it, we will process your data until we stop sending you notifications.
  5. You can revoke your consent to data processing in your web browser.
  6. You have the right to access, rectify, erase, restrict processing of your data, the right to data portability, as well as the right to lodge a complaint with the supervisory authority.
  7. Provision of this data is voluntary, but failure to provide this data will prevent the sending of notifications.
  8. The recipients of this data are: our web host and the provider of the notification sending service.

§6. INFORMATION ON DATA PROCESSING FOR DIRECT MARKETING PURPOSES

  1. We may process your personal data for direct marketing purposes. This happens, for example, when we respond to your message with details of our offerings.
  2. The processing of this data is carried out on the basis of Art. 6(1)(f) RODO.
  3. We will keep your data until the time necessary for the purpose of fulfillment.
  4. You have the right to access, rectify, erase, restrict processing of your data, the right to data portability, the right to object to data processing, and the right to lodge a complaint with a supervisory authority.
  5. Provision of this data is voluntary, and failure to provide this data will prevent the implementation of direct marketing activities.
  6. Recipients of this data are: our web host, IT service provider, email service provider.

§7. INFORMATION ON DATA PROCESSING FOR SECURITY PURPOSES

  1. From the moment you launch our website, we process data such as:
    • The public IP address of the device from which the request came,
    • browser type and language,
    • date and time of inquiry,
    • The number of bytes sent by the server,
    • The URL of the previously visited page, in case the visit occurred using this link,
    • information about errors that occurred in the execution of the request.
  2. Our legitimate interest in this processing is to keep server event logs and protect the Store from potential hacking attacks and other abuses. Including, the ability to determine the IP address of a person performing an unauthorized activity in the Store area, such as attempting to break security, or publishing prohibited content, or attempting unauthorized activities using our servers.
  3. The processing of this data is carried out on the basis of Art. 6(1)(f) RODO.
  4. We will store this data for the period necessary for the fulfillment of the designated purposes, no later than the statute of limitations for claims under separate laws.
  5. You have the right to access, rectify, delete, restrict processing of your data, object to its processing, as well as the right to lodge a complaint with a supervisory authority.
  6. Providing this data is a condition for using the Store. Failure to provide this data will prevent the use of the Store.
  7. The recipient of this data is our web host and IT service provider.

§8. INFORMATION ON DATA PROCESSING FOR NOTIFICATION OF GOODS

  1. The store has the functionality of sending a notification of the selected goods to the e-mail address entered by the user.
  2. Our legitimate interest in this processing is to fulfill your request, and subsequently to safeguard the Store against potential abuse.
  3. The processing of this data is carried out on the basis of Art. 6(1)(f) RODO.
  4. We will store this data for the period necessary for the fulfillment of the designated purposes, no later than the statute of limitations for claims under separate laws.
  5. The data subject has the right to access, rectify, erase, restrict processing of his/her data, object to its processing, as well as the right to lodge a complaint with the supervisory authority.
  6. Providing this data is a condition for sending the notification. Failure to provide this data will prevent this action.
  7. The recipient of this data is our web host and IT service provider.

§9. INFORMATION ON DATA RECIPIENTS

When processing personal data, we use third-party services. Therefore, the recipients of your personal data may be third parties. When collecting personal data, we always inform you about these recipients, but for the primacy of readability of the message, we do so briefly. Therefore, we hereby clarify that when we inform about particular categories of recipients, they are the following:

  • Shipping service provider / couriers: DPD Polska Sp. z o.o., ul. Mineralna 15, 02-274 Warsaw; InPost Sp. z o.o. with its headquarters in Krakow, ul. Wielicka 28, 30-552 Kraków; Poczta Polska Spółka Akcyjna, ul. Rodziny Hiszpańskich 8, 00-940 Warsaw.
  • IT service provider: AlphaNet Sp. z o. o., 4a Małobądzka St., 41-214 Sosnowiec.
  • Hosting provider: AlphaNet Sp. z o. o., 4a Małobądzka St., 41-214 Sosnowiec.
  • Email service provider: AlphaNet Sp. z o. o., 4a Małobądzka St., 41-214 Sosnowiec; Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States.
  • Telecommunications service provider: PHU “ADI Lan-Net” Małgorzata Bagan, ul.Utrata 4C, 16-400 Suwałki; P4 Sp. z o.o., ul. Taśmowa 7, 02-677 Warsaw; M2M ICT services. Maciej Rafał Mackiewicz, ul. Minkiewicza 3, 16-400 Suwałki.
  • Accounting service provider: Wojciech Jasionowski Accounting Office, ul. Utrata 1B, 16-400 Suwałki.
  • Provider of invoice processing software: SYMPLEX, ul. Śląska 45, 57-300 Kłodzko.
  • Provider of legal / consulting / collection services – these service providers are established on a case-by-case basis, when each need arises.
  • Banking service provider: ING Bank Śląski S.A., ul. Sokolska 34, 40-086 Katowice.
  • Electronic payment service provider: ING Bank Śląski S.A., ul. Sokolska 34, 40-086 Katowice; Twisto Polska Sp. z o.o., ul. Puławska 2, 02-566 Warsaw; PayU S.A., ul. Grunwaldzka 182, 60-166 Poznań.

§10. INFORMATION ON TRANSFER OF DATA TO THIRD COUNTRIES

  1. Because we use third-party providers, your personal data may be transferred outside the European Economic Area zone, namely to a country: United States of America (USA).
  2. The European Commission has found that some countries outside the European Economic Area (EEA) adequately protect personal data.
  3. Since the country to which we transfer personal data has not been recognized as a secure country, the transfer of data is based on a contract that includes standard data protection clauses adopted by the European Commission.

§11. ABSOLUTE RIGHTS OF THE PERSONS WHOSE DATA IS PROCESSED

When we write about rights related to the processing of your personal data, we refer to the rights described below. The possibility of exercising the following rights is independent of the legal basis for processing your personal data.

Right of access to data

You have the right to obtain confirmation from us as to whether we are processing personal data concerning you. If we do, you have the right to obtain access to that data, as well as to receive additional information about:

  • processing purposes,
  • categories of relevant data,
  • Recipients or categories of recipients to whom the data have been or will be disclosed, in particular recipients in third countries or international organizations,
  • as far as possible, the planned period of data storage, and when this is not possible, about the criteria for determining this period,
  • The right to request that we rectify, erase or restrict the processing of your data, to object to such processing, and the right to lodge a complaint with a supervisory authority,
  • The source of the data, if your data was not collected from you,
  • automated decision-making, including profiling, and the principles of such decision-making, as well as the meaning and expected consequences of such processing for you.

Upon receipt of such a request, we are required to provide a copy of the personal data being processed. If such a request is received electronically and if we do not receive any other objection, we will also provide the information electronically.

Right to rectify data

You have the right to request that we promptly rectify personal data concerning you that is inaccurate. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by providing an additional statement.

The right to erasure (to be forgotten)

You have the right to request that we immediately delete personal data concerning you. We are then obliged to delete your personal data without undue delay if one of the following circumstances applies:

  • you have withdrawn your consent to process your personal data and we have no other basis for processing it,
  • you have made an effective objection to the processing of data concerning you,
  • Your personal data was processed illegally,
  • Your personal data must be deleted in order to comply with a legal obligation,
  • Your data was collected in connection with offering information society services.

Phe right to restrict processing

You have the right to request us to restrict processing in the following cases:

  • when you question the accuracy of the data – for a period of time that allows us to check its accuracy,
  • processing is unlawful, and you object to the deletion of the data, requesting instead a restriction on its use,
  • we no longer need your personal data for the purposes of processing, but you need them to establish, assert or defend your claims,
  • you have objected to the processing of your data – until we determine whether the legitimate grounds on our side override the grounds for your objection.

Automated decisions, including profiling

You have the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on you or similarly significantly affects you.

The law does not apply if this decision:

  • is necessary for the conclusion or performance of the contract between you and us,
  • is permitted by the law of the Union or the law of the Republic of Poland and which provides for appropriate measures to protect your rights, freedoms and legitimate interests, or
  • Is based on your explicit consent.

The right to file a complaint

You have the right to lodge a complaint in connection with the processing of your personal data, to the supervisory authority: President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, tel. 22 531 03 00, fax. 22 531 03 01, e-mail: kancelaria@uodo.gov.pl.

§12. RELATIVE RIGHTS OF DATA SUBJECTS

When we write about rights related to the processing of your personal data, we refer to the rights described below. The possibility of exercising them depends in each case on the legal basis for processing your personal data.

Right to withdraw consent to processing

In the event that we process your personal data on the basis of your consent to do so, you have the right to withdraw your consent at any time. Naturally, revoking the consent you have given does not affect the lawfulness of prior processing of your personal data.

Right to data portability

You have the right to receive your personal data provided to us, in a structured and commonly used machine-readable format. You also have the right to send this personal data to another controller without hindrance from us, if the processing takes place:

  • On the basis of consent or by contract, and
  • in an automated manner.

When exercising the right to data portability, you have the right to request that we send your personal data directly to another controller, as long as this is technically possible. This right must not adversely affect the rights and freedoms of others.

Right to object

In case we process your personal data on the basis of Art. 6(1)(f) of the RODO, you have the right to object to the processing of this data, on grounds related to your particular situation.

Then we are no longer allowed to process this personal data unless we can demonstrate the existence:

  • valid, legitimate grounds for processing, and these grounds must be overridden by the interests, rights and freedoms of your person, or
  • grounds for establishing, asserting or defending claims.

Also, if you object to the processing of your personal data for direct marketing purposes, then we will not be able to process it for such purposes.

§13. COOKIES – INTRODUCTION

The Store’s website uses cookies. These are commonly used, small files containing a string of characters that are sent to and stored on the end device (e.g. computer, laptop, tablet, smartphone) used when visiting the Store. The information is sent to the memory of the browser used, which sends it back the next time you visit the website. We can categorize cookies taking into account three methods of division.

In terms of the purposes of using cookies, we distinguish between three categories of them:

  • Necessary files – these files enable the proper operation of the website and its functionality, such as authentication or security cookies. Without saving them on your device, using the website will be impossible.
  • Analytical files – these files allow monitoring of opened web pages, traffic sources, time spent on the website. Without saving them, the use of website functionality will not be limited.
  • Advertising files – these files enable the display of personalized advertisements within or outside the website area. Without saving them, the use of the website functionality will not be limited.

In terms of their expiration time, we distinguish between two categories of cookies:

  • session files – existing until the end of a given session,
  • persistent files – existing after the session is completed.

In terms of distinguishing the entity that administers cookies, we distinguish:

  • our cookies,
  • third-party cookies.

§14. DATA CONTROLLER COOKIES

The cookies we administer allow:

  • access authentication,
  • maintaining a session after logging in,
  • Securing the Store against hacking attacks,
  • “remembering” by the browser the contents of the fields of completed forms (optional),
  • “remembering” by the browser of items added to the shopping cart.

This makes it easier and more pleasant to use the functionality of the Store.

§15. THIRD PARTY COOKIES

The use of third-party cookies is subject to the privacy and cookie policies of these third parties.

GOOGLE

We use cookies administered by Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States as part of the services:

  • Google Ads – advertising files, used to conduct and evaluate the quality of advertising campaigns, implemented using the Google Ads service,
  • Google Analytics – analytical files, used to study user behavior and traffic and compile traffic statistics,

Collected by Google Inc are anonymous and aggregate in nature. In particular, they do not contain identifying characteristics (understood as personal data) of the Store’s users. Using the aforementioned services, we collect such data as the sources of acquisition of users visiting the Store, as well as their behavior on the Store website, information on the devices and browsers they use, IP address, domain, demographic data (age, gender), interests and geographical data.

For more information in this area, click here: https://policies.google.com/technologies/cookies?hl=pl

The use of third-party cookies is subject to the privacy and cookie policies of these third parties. The current policies of third parties in this regard, can be found on the websites listed and here: https://www.e-regulaminy.pl/biuletyn/polityki-prywatnosci-i-plikow-cookies/.

§16. CONSENT TO THE USE AND MANAGEMENT OF COOKIES

Excluding the necessary cookies, their processing is based on the user’s consent.

Consent to the processing of cookies is voluntary and can be revoked at any time. However, please note that lack of consent to the use of certain cookies may result in restrictions on the use of the Store and its functionality, or even prevent such use.

Permission to process cookies can be granted:

  • by means of the software settings installed in the telecommunications terminal device used by the user,
  • by using the button containing a statement of consent to the processing of cookies or confirming that you have read its terms,
  • using the settings available in the website area.

§17. CACHE

When you use the Store’s website, we may automatically use the cache memory installed on your device. Within the local memory, it is possible to store data inter-sessionally, i.e. between consecutive visits to the Store’s website. The purpose of using the cache is to speed up the use of the Store, by eliminating the situation in which the same data would be repeatedly downloaded from the Store, thus overloading the user’s Internet connection. The cache may also store such data as your login password.

§18. LINKS TO OTHER WEBSITES OR SOFTWARE

The store may contain links to other websites or software. We are not responsible for the privacy and cookie processing policies of these websites or software. We recommend that you read the privacy and cookie policies of these websites or software after accessing them or before installing them.

§19. CHANGES TO PRIVACY AND COOKIES POLICY

  1. The privacy and cookies policy comes into effect on the date of publication on the Store’s website.
  2. The Privacy and Cookies Policy is amended by publishing its new content on the Store’s website.
  3. We will publish information about the change in the Privacy and Cookies Policy in the area of the Store’s website, no later than 3 days before the effective date of its new wording.
Download PDF