Privacy Policy
This document is an integral part of the Store’s regulations.
A. Basic information
- The purpose of this privacy policy is to define the rules, how to process and use your personal data and other information related to your activity in the Store, as well as to provide information on your rights in relation to personal data provided by you in accordance with art. 13 section 1 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (hereinafter referred to as the GDPR).
- Please read the privacy policy carefully. We assume that by entering this site, using it and sending us any personal data you accept the terms of this privacy policy.
- Please note that by leaving this site (e.g. by linking to a site in a different domain), you are entering an area where this privacy policy does not apply. The administrator is not responsible for the privacy policy rules applicable on websites operated by other entities.
B. Personal data administrator
- The administrator of personal data collected through the Store is Wiktoria Szczęch, website address: www.wiktoriasofia.com, e-mail address: hi@wiktoriasofia.com, hereinafter referred to as the Administrator and also being the Managing Party.
- The Administrator makes special care that all personal data are processed in accordance with the purpose for which they were collected and used in accordance with the premises and categories of processed data allowed by law.
C. The purposes of processing personal data and the legal basis for processing
- Personal data collected in the Store are processed for the following purposes:
- If you agree to receive marketing communications, your personal data will be used to provide information about the Administrator’s products and services, Administrator’s Partners and Sellers offering their goods through the Store. Providing personal data as well as expressing such consent is voluntary. However, the lack of it makes it impossible to receive marketing communication.
- If you set up a User Account in the Store, personal data will be processed for the administrative service of this account. Providing this data is necessary to set up and maintain a User Account.
- If you place an Order for a Product offered by one of the Sellers, personal data will be processed for the purpose of processing this Order and for accounting purposes (including invoicing), the implementation of a complaint or warranty, but also for the Administrator’s justified purposes as a data administrator, including direct marketing of his products and services, organization of loyalty programs, competitions and promotional campaigns, conducting court, arbitration and mediation proceedings. Providing this data is necessary for the conclusion and implementation of the contract.
- If you enter a contact form in the Store and provide your personal data through this communication channel, these data will be processed in order to contact you in the form you indicated in relation to your demand.
- Carrying out research and analysis of the Store in terms of its functioning, improvement of operation or estimation of the main interests and needs of the visitors.
- Your personal data provided for the Store are also used for the purposes of fulfilling the services you ordered, for the optimization of these services and for technical purposes related to server administration. In addition, some data, in particular IP addresses, are used to collect general, statistical demographic information (e.g. about the region from which the connection takes place).
- To the extent necessary to perform the sales contract concluded with the Seller or the contract for the provision of services concluded with the Administrator, as well as to the extent necessary for the Seller or the Administrator to take action at your request, fulfill the legal obligation and for the purposes of legitimate interests pursued by Seller or Administrator (establishing and defending and pursuing claims, creating statements, analyses and statistics, verifying payment credibility, handling complaints and notifications, technical support, financial settlements, including issuing accounting documents), the processing of your personal data is based on the law, i.e. art. 6 clause 1 letter b) and letter c) and letter f) GDPR, without you having to consent to their processing. In all other respects, your personal data will be processed on the basis of your consent.
- To the extent that your personal data is collected on the basis of a legal provision, i.e. art. 6 clause 1 letter b) and letter. c) and letter f) GDPR the absence of all the personal data required by you may result in refusal to conclude a sales contract with the Seller or a contract for the provision of services offered by the Administrator, or constitute a significant impediment to the conclusion of such a contract. To the extent that your personal data is collected based on your consent, providing personal data is voluntary. However, your refusal to consent for marketing purposes or withdrawal of this consent will prevent the Administrator from informing you about new offers and promotions.
D. The scope of sharing personal data
- The administrator declares that he does not sell, share or transfer your personal data collected for processing to other persons or institutions, unless it happens with your clear consent or at your request, or at the request of state authorities authorized by law for the needs of their proceedings or activities related to security or defence, for statutory tasks carried out for the public good or when it is necessary to fulfil the legally justified purposes of the Administrator.
- Your personal data processed by the Administrator may, however, be available to Sellers offering their goods in the Store, Administrator’s Partners, hosting service provider in the scope of maintaining the Store’s website and implementing marketing campaigns related to the Store, for carriers, entities performing electronic payments, banks and for companies serving the Administrator from the financial and legal side. In no case will the entity for which your personal data be available become the administrator of that data.
- The administrator may also disclose, to the cooperating websites, business partners or advertising agencies, the general statistical statements based on the personal data obtained. These rankings mainly relate to the audience of the Store and do not allow individual users to be identified (anonymized data). Such information may be used, for example, to monitor the audience of the Store.
- Your personal data is not transferred outside the European Economic Area. The transfer of personal data outside the European Economic Area may, however, take place when it is necessary to perform the service you ordered or deal you concluded. This also applies if the implementation of the service or contract will require the participation of Administrator subcontractors having their headquarters outside the European Economic Area.
- Personal data within the European Union are protected under common legislation on the protection of personal data. In other countries, these data may not be protected to the same extent. We are required to make sure, before transferring your personal data to a country outside the European Economic Area, that this country will provide adequate protection of your rights. The European Economic Area includes European Union countries as well as Norway, Iceland and Liechtenstein. Countries outside the European Economic Area may not provide the same level of information protection as the countries in this area.
E. The period of personal data processing
- Your personal data you provide to the Administrator based on the consent given will be processed until the consent is withdrawn or the purpose for which the data was collected ceases. The consent granted by you may be withdrawn at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
- Your personal data provided to the Administrator in connection with the conclusion and implementation of the contract will be processed for the period specified in applicable law, including tax regulations, but no longer than until the expiry of the period during which the Administrator may assert claims related to the concluded contract, unless that a longer period follows from legal provisions.
F. Security and storage of information and data processing rules
- The administrator ensures the security of your personal data thanks to the appropriate technical and organizational measures aimed at preventing unlawful processing of data and their accidental loss, destruction and damage.
- The Administrator makes special care that personal information is processed in accordance with the principles of personal data processing specified in the GDPR.
- Your personal data processed by the Administrator are not subject to automated decision making, including profiling.
G. Data acquisition
- By collecting any personal data, the Administrator notes from where they were obtained.
- Personal data may be obtained by the Administrator through the:
- Store’s user registration form – completed when creating a User Account in the Store,
- during telephone contacts – we do not record conversations with clients or contractors, but we can save personal data provided to us by telephone,
- when contacting via e-mail – the data of persons and companies contacting us can be saved to handle inquiries addressed to us by this way,
- during visits to the Store’s websites that record network traffic data and statistics on the frequency of visits such as the user’s IP address, URL visited before visiting our website, URL visited after visiting our website and visited pages – the Administrator is not able to directly determine Your identity based on this data,
- “cookies” created while browsing the Store’s pages.
H. Your rights
- The administrator respects the rights of each person related to the processing of their personal data. In particular, you have the following rights:
- to obtain information about the processing of your personal data,
- the right to access data, request rectification, supplementation and amendment,
- the right to delete data – “the right to be forgotten”,
- the right to limit data processing,
- the right to transfer data,
- the right to object to the processing of your data for justified purposes of the Administrator as a data administrator, including direct marketing of products and services and profiling.
- The Administrator reserves that if the absolute identification of a person is impossible, for example in relation to the scope of data provided by them, he may refuse to take action at the request of the data subject by informing them, unless that person provides additional information enabling them to be identified.
- Any user who has provided their personal data for the Store has the option of verifying or modifying it by logging into their User Account in the Store.
- Any user whose data is processed by the Administrator has the right to delete them (“the right to be forgotten”). The request for data deletion should be submitted by e-mail (e-mail address: hi@wiktoriasofia.coml)
- The administrator informs that there is no obligation to delete data (“right to be forgotten”) if the processing is necessary for:
- exercising the rights and freedom of expression and information,
- fulfilment of the legal duty of processing under EU or Polish law, or performance of a task carried out in the public interest,
- archival purposes in the public interest, scientific or historical research purposes or statistical purposes,
- to determine, pursue or defend claims.
- If you object to the further processing of your personal data for marketing purposes, the objection will be considered. The administrator may, however, leave selected data identifying your person in the Store only to avoid re-use of this data for the purposes of the objection.
- If personal data is processed on the basis of your consent or on the basis of a concluded contract, and the processing is carried out in an automated manner, you have the right to receive, at your request, the personal data concerning you in a structured, commonly used machine-readable format, as well as to request the transfer of the data in this format to the designated data administrator. When submitting a request for the transfer of your personal data, you must also specify whether personal data concerning you are to be deleted (“right to be forgotten”) by the Administrator and submit an appropriate request in this regard.
- You can benefit from your right to information and access to data no more than once every 6 months. At your request, the Administrator is required to provide the necessary information within 30 days. More frequent use of the right to information and access to data is subject to fees of PLN 49.20 paid to the Administrator’s account at mBank with the number 55 1140 2004 0000 3602 7708 1616 before the implementation of the submitted application. This fee constitutes reasonable costs incurred by the Administrator in connection with the exercise of the right of access and is admissible by law.
- You have the right to lodge a complaint to the supervisory body within the meaning of the GDPR if you feel that the processing of your personal data in the Store violates the provisions of the GDPR.
I. Use of “cookies”
- “Cookies” are small text files containing IT data and stored on the devices you use to browse the Store’s pages. They allow, among others, to identify the type of device and display websites tailored to individual preferences. These files usually contain the website address, storage time on the device and their own unique identifier.
- We use “cookies” to optimize the use of the Store’s pages. They are also used to collect statistical data that allows you to identify how you use the Store’s pages. This gives you the opportunity to later improve the structure and content of the Store, excluding personal identification of the user.
- Personal data collected using “cookies” can be collected only to perform specific functions and activities for you. Such data is encrypted in a way that prevents access by unauthorized persons.
- We use session (temporary) and permanent “cookies”. Session cookies are stored on your device until you log out of the Store or turn off your web browser. Permanent cookies are stored for a defined period of time, which is determined by the parameter contained in these files. You can manually delete them.
- Cookies used by the Administrator’s partners are subject to their own privacy policy.
- Internet browsers allow “cookies” to be placed on the end device by default. However, you can configure your browser in such a way as to block the automatic acceptance of “cookies” or to get every time information about sending a file to your device. Proper information about the use of “cookies” and possible configurations are available in the browser settings. The level of restrictions regarding the use of “cookies” may affect the availability and functionality offered on the Store’s website, up to blocking the possibility of its proper use.