LeCollet Privacy and Cookie Policy
§1 PERSONAL DATA ADMINISTRATOR AND GENERAL INFORMATION
1. The terms used in the Online Store Regulations apply accordingly in this Privacy Policy. 2. The owner and operator of the Online Store and the Administrator of Users' Personal Data is LeCollet Maya Bohosiewicz Spółka Komandytowo-Akcyjna with its registered office in Warsaw, ul. Adama Naruszewicza 5 lok. 3, 02-627 Warsaw, entered in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS number: 0000961736, NIP: 7010832970, REGON: 380751186, hereinafter referred to as the ‘Administrator’ or ‘Service Provider’ or ‘Controller’.
3. Direct contact with the Service Provider and all electronic correspondence regarding the operation of the Online Store should be sent: 1) by telephone – at the following number: 880 405 066, 2) to the following e-mail address: info@lecollet.pl, 3) by traditional post: ul. Adama Naruszewicza 5 lok. 3, 02-627 Warsaw.
4. The data controller is responsible for the security of the personal data provided and for processing it in accordance with the law.
5. Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as ‘GDPR’) and other currently applicable provisions of law on the protection of personal data.
6. The personal data controller has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing of personal data. These measures are applied taking into account the nature, scope, context and purposes of data processing and the risk of infringement of the rights of data subjects, and are aimed in particular at protecting personal data against accidental or unlawful destruction, loss, modification, unauthorised disclosure or access. The Service Provider ensures that the processing of personal data is carried out in accordance with applicable law, in compliance with the principles of fairness, lawfulness and transparency. 7. The Administrator informs about the use of cookies and other similar internet technologies in Part II of the Policy.
PART I – PROCESSING OF PERSONAL DATA
The provision of personal data is, as a rule, voluntary, but in certain cases it is necessary for the conclusion and performance of a Sales Agreement, a Service Agreement, an Agreement for the Provision of Electronic Services, or for the fulfilment of legal obligations incumbent on the Administrator. Failure to provide personal data marked as necessary may result in the inability to fulfil obligations under the law. In each case, the scope of the required data is adequate for the purpose of its processing. Refusal to provide data may result in the refusal to perform the Sales Agreement, the Service Agreement, the Agreement for the Provision of Electronic Services or their incomplete performance.
§2 TYPES OF PERSONAL DATA PROCESSED
1. The Service Provider collects/processes the following personal data in particular in the Online Shop:
- first name and surname – for the purpose of using the Online Shop;
- telephone number – necessary for contact purposes;
- e-mail address – basic identification data of the User constituting their login to the Account. Users who subscribe to the Newsletter will also receive the Newsletter;
- payment details;
- age – date of birth for the purpose of confirming the User's age;
- device IP address – information resulting from the general rules of Internet connections, such as IP address (and other information contained in system logs) is used by the Administrator for technical and IT purposes. IP addresses may also be used for statistical purposes, including in particular to collect general demographic information;
- Cookies and other information stored in the log file, including data about the User's mobile device – for the purpose of ensuring security, optimisation or adaptation of the Online Store's functioning to individual needs; technical details can be found in
2. The source of the personal data processed is the User who provided their data for the purpose of completing the sale or providing the service.
§3 PURPOSES OF PERSONAL DATA PROCESSING
- Your data may be processed by the Controller for the following purposes:
1) To fulfil Orders and provide Services available to registered and logged-in Users, and to ensure the proper quality of the above-mentioned services (legal basis – Article 6(1)(b) of the GDPR) – ‘performance of a contract’.
2) To fulfil the Administrator's legal obligations, e.g. financial settlements and accounting reporting, including issuing and storing invoices, archiving tax documentation (legal basis: Article 6(1)(c) of the GDPR) – ‘legal obligation’.
3) Improving the quality of services provided, including User satisfaction surveys (legal basis: Article 6(1)(f) of the GDPR) – ‘legitimate interest’, which is to improve User service standards.
4) In connection with the provision of the Newsletter Service on the basis of the provisions of the Regulations pursuant to Article 6(1)(b) of the GDPR - ‘performance of a contract’, until the subject matter of the contract has been fully performed or until its termination or expiry.
5) in the case of the User using services provided for a fee, in order to fulfil the legal obligations incumbent on the Controller and Article 9(2)(a) of the GDPR) – ‘performance of a contract’, including those resulting from accounting and tax laws, pursuant to Article 6(1)(c) of the GDPR in connection with the wording of these laws, for the period resulting from the provisions contained therein.
6) providing answers – based on the need to pursue the legitimate interest of the Online Store in the form of responding to questions asked by the User, and therefore on the basis of Article 6(1)(f) of the GDPR, until the question is answered or until the User effectively objects to the processing of their data.
7) marketing products and services – based on the pursuit of the Online Store's legitimate interests in the form of direct marketing of products and services, including sending the Newsletter, i.e. Article 6(1)(f) of the GDPR.
8) Creating statistics and summaries that will serve to improve the effectiveness of the Online Store's marketing activities and build a business strategy – the vast majority of such statistics are created on the basis of non-personal data or anonymised data. If personal data is used for this purpose, its processing will be based on the need to pursue the legitimate interest of the Online Store in the form of analytical and statistical activities aimed at the development of the Administrator, i.e. on the basis of Article 6(1)(f) of the GDPR, until the User effectively objects to the processing of their data.
9) Compliance with legal obligations, e.g. keeping accounting and tax records as well as archiving them (legal basis - Article 6(1)(c) of the GDPR) - ‘legal obligation’. 10)Performance of a concluded sales contract or service contract and provision of related services, pursuit or defence against any claims related thereto (legal basis - Article 6(1)(f) of the GDPR) - ‘legitimate interest’; the deadlines for pursuing claims under the agreement are specified in detail in the Civil Code, consumer regulations and other legal provisions governing the conduct of such proceedings.
11) Improving the quality of services provided, including User satisfaction surveys (legal basis: Article 6(1)(f) of the GDPR) – ‘legitimate interest’, which is to improve the standards of User service.
§4 PERIODS OF PERSONAL DATA PROCESSING
1. Personal data is processed by the Controller for the time necessary to achieve the purposes listed in §2. The Controller has the right to process personal data for the period necessary to achieve the above-mentioned purposes. Depending on the legal basis, this will be, respectively:1) the time necessary to perform the Agreement, 2) the time necessary to fulfil legal obligations and the time during which data must be stored in accordance with legal regulations, e.g. tax regulations, as a rule up to 6 years from the date of termination of the paid Service, 3) the limitation period for claims – as a rule, up to 6 years from the date of conclusion of the Sales Agreement or performance of the service, 4) until an effective objection to the processing of data based on the legitimate interest of the Controller is lodged
2. Personal data may be processed for a period longer than that indicated above only if such a right or obligation is imposed on the Controller by specific legal provisions or if the service we provide to the User is of a continuous nature, e.g. subscription to the Newsletter or maintenance of an Account.
§5 RECIPIENTS OF PERSONAL DATA
- The Administrator does not transfer data in every case and not to all persons indicated in the Privacy Policy Users or categories of Users – the Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
- In connection with the provision of services, personal data will be disclosed to external entities supporting the Administrator's activities, including in particular: 1) suppliers responsible for the operation of IT systems (IT support for the Online Shop, e-mail hosting, maintenance and server services), 2) entities such as banks and payment operators - handling electronic payments or payment cards - in the case of a User who uses electronic payments or a payment card, the Administrator provides the collected personal data to a selected entity handling the above payments on behalf of the Administrator to the extent necessary to handle a given payment, 3) marketing agencies and IT system providers supporting marketing (in the scope of marketing services – including entities described in detail in this Privacy Policy, i.e. Google), 4) accounting, legal and advisory service providers providing the Administrator with accounting, legal or advisory support (in particular, an accounting office, law firm or debt collection company), if required for a given processing purpose.
- The recipients of the data may also include providers of social plugins, scripts and other similar tools that enable the browser of a person visiting the Online Store to download content from the providers of the aforementioned plugins and, for this purpose, transfer the visitor's personal data to these providers, including: Meta Platforms Ireland Ltd. – The Administrator uses Facebook and Instagram social plugins on the Online Store website, and therefore collects and shares the personal data of Users of the Online Store website with Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy policy available at: https://www.facebook.com/about/privacy/. The data includes information about the use of the Online Store – including information about the device, websites visited, purchases, advertisements displayed and the manner of using the services – regardless of whether the Online Store User has a Facebook account and is logged into Facebook.
- The recipients of the data may also include public authorities and entities performing public tasks, e.g. in the event of a fraud report – the competent judicial authorities, as well as within the scope and for the purposes resulting from legal provisions, e.g. conducting control proceedings at the Administrator, the Polish Act on Counteracting Money Laundering.
- In connection with the Administrator's use of tools supporting the functioning of the Online Store and the implementation of marketing and analytical activities, made available in particular by entities such as Google, Users' personal data may be transferred to third countries, i.e. outside the European Economic Area (EEA), including in particular to the United States of America (USA) or other countries where entities cooperating with the Administrator maintain IT infrastructure used for the processing of personal data. The transfer of personal data outside the EEA is carried out with the appropriate safeguards provided for in the provisions of the GDPR, ensuring an adequate level of personal data protection.
§6 USER RIGHTS
1. In order to exercise your rights under the provisions on personal data protection, correspondence should be sent to the address provided in § 1(3)(1)-(3). The Controller may request additional information necessary to confirm the identity of the person submitting the request or demand.
2. Every entity whose data is processed by the Administrator has the right to: 1) access personal data, including requesting a copy thereof, 2) request the rectification or supplementation of personal data, 3) delete personal data (the right to be forgotten), 4) restrict the processing of personal data, 5) the right to transfer personal data to another controller if the processing is based on a contract [(Article 6(1)(b) of the GDPR] or consent [(Article 6(1)(a) of the GDPR], 6) the right to object to the processing of personal data, 7) in particular to direct marketing based on Article 6(1)(f) of the GDPR. The right to object to the processing of personal data for purposes based on Article 6(1)(f) of the GDPR on grounds relating to a particular situation, 8) the right to lodge a complaint with the President of the Personal Data Protection Office, 9) withdraw consent at any time if the processing is based on consent (Article 6(1) (a) of the GDPR). Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
3. If it is found that the processing of Personal Data is in breach of applicable regulations, the data subject has the right to lodge a complaint with the Supervisory Authority. The complaint may be lodged with the data protection authority competent for the place of residence of the data subject or with the authority competent for the registered office of the Controller. Contact details of the Supervisory Authority: Personal Data Protection Office, kancelaria@uodo.gov.pl.
4. The right to erasure of Personal Data – the so-called ‘right to be forgotten’ may be exercised in the following situations: 1) the personal data are no longer necessary for the purposes for which they were collected, 2) consent to processing has been withdrawn and the Controller has no basis for processing them, 3) an objection has been raised against the processing of data by the Controller, 4) the data has been processed unlawfully, 5) there is a legal obligation to erase the data, 6) the personal data has been collected in relation to the provision of information society services. 5. The right to restrict processing may be exercised when: 1) the data subject questions the accuracy of the data – for the time necessary to verify its accuracy, 2) the processing is unlawful, but the data subject objects to its erasure and requests only the restriction of its processing, 3) The Controller no longer needs the personal data for processing purposes, but they are required by the data subject to establish, pursue or defend legal claims, 4) where an objection to the processing of data has been lodged – until the validity of the objection has been assessed.
6. The Controller shall respond to the request/application immediately, but no later than within 30 days of receipt, with the possibility of extending this period in cases provided for in the GDPR.
§7 ADDITIONAL INFORMATION ON DATA PROCESSING
1. Personal Data may be processed for the purposes of so-called ordinary profiling (e.g. tailoring messages and banners to interests) – in order to better tailor the information and marketing messages about the Controller to the User.
2. The Controller uses personal data to tailor information, promotional and marketing content relating to the Online Store to the individual preferences and interests of the User. Profiling is carried out using automated IT systems and does not significantly affect the User's situation, in particular their decision-making process, and does not produce legal effects. Despite profiling, the data subject is free to decide whether they want to make a purchase in the Online Shop.
PART II COOKIES POLICY§8 COOKIES
1. The Service Provider uses cookies and other internet technologies to collect only anonymous statistical data about Users. The information obtained through these technologies is not assigned to a specific person and does not allow them to be identified.
2. Cookies are used to tailor the content of websites to the User's preferences and to optimize the use of websites. They are also used to create anonymous statistics that help understand how the user uses websites, which allows improving their structure and content, excluding personal identification of the user.
3. The Service Provider uses Cookies for the following purposes: 1) maintaining the User's session after logging in, so that the User does not have to re-enter their login and password on every subpage of the Online Store; 2) collecting statistical data on the use of the Online Store in order to improve its structure, navigation, and content; 3) displaying content in a way that prevents the same information from being presented multiple times to the same User and presenting content tailored to their interests; 4) conducting marketing activities, including reaching the User, with their prior consent, with advertising content broadcast via partner advertising systems outside the Online Store belonging to the Service Provider; 5) ensuring the security of using the Online Store, preventing abuse, and enabling efficient communication with the User.
4. The Service Provider uses the following types of files: 1) session cookies – Cookies that allow you to remember your choices, used, among other things, when logging in. They remain on the end device until you log out, leave the website and application, or turn off the software (web browser); 2) persistent – Cookies stored on the end device for the time specified in the cookie parameters or until they are deleted.
5. Due to the purpose of Cookies and other similar technologies, we use the following types: 1) necessary for the operation of the Online Store - enabling the use of the Online Store, e.g., authentication cookies used for services that require authentication; 2) used to ensure security - e.g., used to detect authentication abuse; 3) functional - enabling the “remembering” of settings selected by the User and personalization of the interface, e.g., in terms of the selected language; 4) advertising/marketing cookies - enabling the delivery of advertising content tailored to the User's interests; 5) statistical/analytical - used to analyze how Users use the Online Store; 6) web push notification technology - used to communicate with the User, requiring separate consent given by the User in the web browser they use;
6. The placement and use of Cookies and other Internet technologies is not harmful to the User's mobile device (i.e., computer, phone, or tablet) and does not cause any changes to the device's configuration or to the installed software and applications. 8. Usually, software used for browsing websites (web browser) allows, by default, the storage of information in the form of Cookies and other similar technologies on the end device, i.e. the one actually used by the User. By adjusting the software settings, the User agrees to the use of Cookies in the above-mentioned scope and for the above-mentioned purposes. This consent can be withdrawn at any time by changing the settings. Failure to make changes means that the above-mentioned information may be placed and stored on the end device.
9. Restricting or disabling the use of Cookies and other similar technologies may prevent you from using certain features available in the Online Store.
10. From the web browser used by the User, it is possible to independently manage cookies, i.e. perform actions such as: 1) accepting the use of Cookies, which allows for full use of the options offered by websites; 2) managing Cookies at the level of individual, selected websites; 3) specifying settings for different types of Cookies, e.g. accepting permanent or session files, etc.; 4) blocking or deleting Cookies.
11. To learn more about managing Cookies in a given software, the User should select the appropriate link:
- Internet Explorer
- Chrome
- Safari
- Firefox
- Opera
Mobile devices:
- Android
- Safari
§9 OTHER TECHNOLOGIES AND AUTOMATICALLY COLLECTED DATA
1. Using the Online Store involves sending queries to the server, which are automatically recorded in event logs, where data about User sessions is stored. In particular, this includes: IP address, device type and name, date and time of visiting our website, information about the web browser and operating system. The data stored in event logs is not associated with specific entities. The analysis of event logs enables, in particular, the detection of threats, ensuring the appropriate security of the Online Store, and compiling statistics in order to better understand how Users use the Online Store.
2. Data concerning user sessions is used to diagnose problems related to the functioning of the Online Store and to analyze possible security breaches, to manage the Online Store, and to compile statistics [(Article 6(1)(f) of the GDPR) – “legitimate interest”].
3. The Service Provider uses the services of the following external companies, which provide the Service Provider with marketing or analytical tools. These entities have their own privacy policies and practices regarding the use of Internet technologies, therefore, in order to better understand these rules, the User should read the Privacy Policy and Cookie Policy of each of these entities: Google Analytics Google Analytics are files used by Google to analyze how the Online Store is used. They are used to create statistics and reports on the functioning of the website. Google does not use the collected data to identify the user or combine this information to enable user identification. Detailed information can be found at: https://www.google.com/intl/pl/policies/privacy/partners Shopify Shopify is a trading platform that enables the management of the Online Store. It uses cookies to ensure the proper functioning of the Online Store, in particular to: maintain the user's session, handle the ordering and payment process, remember the user's preferences, ensure security, and prevent abuse. Detailed information can be found at: https://www.shopify.com/pl/legal/privacy.
4. In addition, the Online Store contains embedded buttons, tools, or content that direct users to the services of other companies, including social media plugins (e.g., Instagram, Facebook) – the use of these applications may result in the transfer of information to the aforementioned external entities via internet technologies. In the case of social media, it is a co-administrator of the data obtained in this manner. META pixels Meta/Instagram pixels are tools that enable the measurement of the effectiveness of advertising campaigns carried out by the Administrator on Facebook. The tool allows for advanced data analytics in order to optimize the Administrator's activities, also using other tools offered by Facebook. The Administrator and Meta have agreed that Meta is responsible for ensuring the enforcement of the rights of data subjects in accordance with Articles 15-20 of the GDPR with regard to personal data stored by Meta after joint processing. The arrangements for joint administration between the Administrator and Meta are available at: https://www.facebook.com/legal/controller_addendum More information about how Meta Platforms Ireland Limited processes personal data, the legal basis for doing so, and how data subjects can exercise their rights against Meta can be found at: https://www.facebook.com/about/privacy
§10 CHANGES TO THE PRIVACY POLICY
1. The Policy is reviewed on an ongoing basis and updated as necessary. In the event of an update to the Policy, the User will be notified by displaying information or by sending an email to the User.
2. In some cases, the User may be notified in advance of an update to the Policy, including by requiring acceptance of the Policy in the Account, with the proviso that use of the Online Store will signify acceptance of the updated version of the Policy.