PRIVACY AND COOKIES POLICY
ONLINE STORE SKLEP.HANNASTYLE.COM.PL
1. What document are you dealing with?
The information contained in the Policy is of a general nature. Detailed information on the processing of specific personal data is made available each time they are obtained in the content of the information clause placed in a visible and easily accessible place. This applies in particular to information on the purpose and legal basis of the processing of personal data, the period of their storage and recipients to whom they are transferred.
All words, expressions and abbreviations appearing on this website and beginning with a capital letter (eg Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Regulations of the Online Store available in the Online Store sklep.hannastyle.com.pl.
In the event of doubts or contradictions between the Policy and the consents granted by a given person, regardless of the provisions of the Policy, the basis for the Administrator to undertake and define the scope of activities are always voluntarily granted consents or legal provisions. In the event of such a contradiction between the Policy and the content of the information clauses provided by the Administrator when collecting personal data (usually under the forms in the Online Store), the information that the Customer should follow is provided to him under the information clauses mentioned above.
2. Who is the Administrator of your Data?
3. How do we take care of your data?
The Customer's personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (Journal of Laws UE.L No. 119, p. 1) (hereinafter also: "GDPR") and other currently applicable, i.e. for the entire period of processing certain data, the provisions of the law on the protection of personal data. Personal data means information about an identified or identifiable natural person (hereinafter: "Personal Data"). An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific physical, physiological, genetic, mental factors, the economic, cultural or social identity of a natural person.
The administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are:
- processed in accordance with the law, fairly and transparently for the data subject;
- collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with these purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- correct and, if necessary, updated;
- stored in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed;
- processed in a manner ensuring adequate security of Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.
As indicated in the introduction, being aware of the importance of the privacy of customers, the Administrator protects not only visitors to the Online Store, but also customers who have provided their Personal Data to the Administrator using other communication channels, i.e .:
the website https://www.facebook.com and any other websites marked or co-branded with Facebook (including subdomains, international versions, widgets and versions for mobile phones), the operating principles of which are based on the regulations made available in particular at https : //www.facebook.com/legal/terms, provided respectively by Facebook Inc. or Facebook Ireland Limited (hereinafter also: "Facebook Website"), including using the Facebook Lead Ads function aimed at direct marketing of the Administrator's own products or services. The rules for the protection and use of Personal Data by the Facebook Website are available, for example, at: https://www.facebook.com/policy.php. The administrator has no influence on the content of the legal regulations of the Facebook Website, including Personal Data.
applications enabling the Administrator to run advertising campaigns on the Facebook Website, including contests.
4. For what purposes is information about you used?
Each time, the purpose and scope of data processed by the Administrator result from the consent of the Customer or legal provisions and are further specified as a result of actions taken by the Customer in the Online Store or as part of other communication channels with the Customer. For example: (I) The Customer's Personal Data may be processed in order to grant, present or provide him with offers and promotions dedicated to him, as much as possible tailored to his preferences (which may have a significant impact on him) only if the Customer has consented to it (not available to people who have not given such consent); (II) if the Customer decides not to purchase via the Online Store, and makes only the Reservation of selected Products through it, his Personal Data will not be made available to the carrier carrying out the shipment at the request of the Administrator.
Possible purposes of processing Customer Personal Data by the Administrator are in particular:
conclusion and implementation of the Agreement for the Provision of Services (Account) or taking action at the request of a future Customer before its conclusion (we process your data in order to maintain your Account so that you can enjoy the benefits it offers, e.g. placing orders without having to fill in forms each time, access to your purchase history, managing your consents on the website etc. and enabling you to use other services available on our website);
conclusion and implementation of the Sales Agreement, or taking action at the request of the future Customer before its conclusion (your personal data is needed for the implementation of your order and performance of the concluded contract - in particular, confirmation of its submission and booking or sending the selected product to you, as well as in the event of the need to contact you on this matter);
receiving and considering complaints;
conducting the competition, in particular selecting the winners of the competition and the implementation of prizes;
presenting advertisements, offers or promotions (discounts) regarding products or services of the Administrator and its partners (the current list of which is provided as part of the Online Store) intended for all recipients, in particular for the purpose of implementing the contract for the provision of the Newsletter;
evaluation and analysis of the activity and information about the Customer, including as part of the automated processing of Personal Data (profiling), in order to present general advertisements, offers or promotions (discounts) regarding the products or services of the Administrator and its partners, in a manner adapted to the interests of a given The customer (without significantly affecting his decisions), in particular for the purpose of implementing the contract for the provision of the Newsletter, and for market and statistical analyzes
pursuing claims and defending against claims, also of third parties - in the case of using most of the functionalities of the Online Store;
fulfillment of legal obligations resulting from regulations, e.g. tax and accounting regulations, especially in the case of paid contracts;
conducting correspondence with customers, including replying to customer messages.
In the case of an adult Customer, with his additional consent, Personal Data may also be processed for the purpose of presenting, creating, granting and implementing advertisements, offers or promotions (discounts) dedicated to a given Customer regarding the Administrator's and its partners' products or services, to the highest possible extent adjusted to his preferences (profiling), as a result of automated decision-making, which may have legal effects on him or similarly significantly affect him, e.g. through a short-term discount dedicated exclusively to such a person, which he has recently viewed in our store (option inaccessible to people who are underage or are of legal age but have not consented to such action).
5. What information do we use about you?
The Administrator may process, in particular, the following Personal Data of Customers:
using the Online Store:
Personal Data provided in the form when registering the Account, placing Orders in the Online Store (in particular: name and surname; e-mail address; contact telephone number; address [street, house number, apartment number, zip code, city, country], home address / running a business / registered office [if different from the delivery address], bank account number, and in the case of non-consumer customers, additionally the company name and tax identification number [NIP]) and other data collected while using the Online Store;
Personal Data provided in order to use the newsletter, provided when using the contact form or provided when submitting a complaint;
Personal Data provided in order to participate in contests;
Other data, in particular obtained based on the Customer's activity on the Internet, including those obtained via the Online Store or other communication channels with the Customer, using cookies and similar technologies
by completing the data contained in the Facebook Lead Ads form, the User provides the Administrator with the Personal Data indicated in the form, which may include in particular: name, surname, e-mail address, telephone number; supplementing the data contained in the application forms enabling the Administrator to carry out advertising campaigns / competitions on the Facebook Website, the User provides the Administrator with the Personal Data indicated in the form, which may include in particular: name, surname, correspondence address, e-mail address, telephone number.
6. Are you obliged to provide us with your data and what are the possible consequences of not providing them?
Providing Personal Data by the Customer in the Online Store is voluntary, but it is necessary to use certain functionalities of our store, for example, to place an Order by the Customer and its settlement (conclusion and performance of the Sales Agreement), Account registration or making a Reservation (conclusion and performance of the Agreement on Provision of Services), subscribing to the newsletter or using our forms.
Each time, the scope of data required to conclude an appropriate contract is indicated previously in the Online Store (we mark the data the provision of which is necessary to conclude the contract / use a specific functionality), as part of other communication channels with the Customer or in the Regulations. The consequence of not providing Personal Data may be the inability to effectively perform the above activities.
7. On what legal basis do we use information about you?
The basis for the processing of the Customer's Personal Data is primarily the need to perform the contract to which he is a party or the need to take action at his request before its conclusion (Article 6 (1) (b) of the GDPR). This mainly applies to Personal Data provided in the form when registering an Account, placing Orders and concluding a Sales Agreement in the Online Store, as well as when subscribing to the newsletter. Also in the case of Personal Data provided to us in connection with the Customer's complaint, the legal basis for their processing is the necessity to perform / service the contract for the sale of the advertised goods.
In the case of data processing operations for the aforementioned marketing purposes, except for those that are carried out as part of the newsletter, which operates on the basis of the regulations, the basis for such processing is the fulfillment of goals resulting from legitimate interests pursued by the Administrator or its partners (Article 6 (1) 1 letter f) of the GDPR), in which case the partners do not take part in the processing of the Customer's data. On the other hand, to the extent that the Administrator's partners may also have direct access to this information - the legal basis for such processing is the Customer's voluntary consent (Article 6 (1) (a) of the GDPR). In turn, presenting, creating, granting and implementing advertisements, offers or promotions (discounts) dedicated to a given Customer, which are based solely on automated processing, including profiling, as much as possible adapted to his preferences, which may significantly affect decisions consumer goods, the basis is the consent voluntarily expressed by the customer (art.6 par.1 lit.a), art. 22 sec. 2 lit. c) GDPR). However, this only applies to adult customers.
For other (other) purposes, the Customer's Personal Data may be processed on the basis of:
voluntarily expressed consents - e.g. persons entering competitions (Article 6 (1) (a) of the GDPR);
applicable law - when processing is necessary to fulfill the legal obligation incumbent on the Administrator, e.g. when on the basis of tax or accounting regulations, the Administrator settles concluded sales contracts (Article 6 (1) (c) of the GDPR);
indispensability for purposes other than those listed above, resulting from legitimate interests pursued by the Administrator or by a third party, in particular to establish, investigate or defend claims, conduct correspondence with customers, also via contact forms (including replying to customer messages), market and statistical analyzes (Article 6 (1) (f) of the GDPR).
8. Is your data subject to profiling and what does it mean for you?
For the purposes of presenting general advertisements, offers or promotions (discounts), intended for all customers, in a manner tailored to the interests of a given customer, the administrator may learn about his preferences, e.g. by analyzing how often he visits the online store and whether and what products buys or books in stationary stores owned by Hanna Style sc. This allows for a better understanding of the client's expectations and adaptation to his needs, without significantly affecting his decisions. Thanks to the use of advanced technologies by the Administrator, the above activities will often be carried out by the system in an automated manner, thanks to which the content sent will be the most up-to-date and the Customer will be able to read them quickly.
In the case of adult customers, the aforementioned analysis of interests or preferences will also serve the purpose of creating, granting, implementing dedicated and possibly highly customized advertisements, offers or promotions (discounts), in an automated manner, which may have legal or similar effects on them. influence it, potentially limiting access to them for other Clients (this option is not available to Clients who are not of legal age and have not consented to such actions of the Administrator). From the usual "profiling" (i.e., for example, adjusting our messages, banners to your interests), our activities are distinguished by the fact that their result may significantly affect your choices as a consumer, i.e., for example, their result may be very beneficial, time-consuming an offer addressed only to you based on your purchase history and behavior on our website, to which our other customers will not have access. The more often a given customer uses the Administrator's services and purchases its products, the better promotions and surprises can be prepared for him.
The Administrator may also process information regarding the Customer's preferences, which may sometimes be Personal Data, and were provided to the Administrator by the Customer voluntarily through the functionality of the Application, including to limit the presented Products or Promotion to a specific size (e.g. underwear size) or to specific categories. (eg. Men's / Women's / Children's Products).
9. Who can we transfer your data to?
Each time, the catalog of recipients of Personal Data processed by the Administrator results primarily from the scope of services used by the Customer.
The catalog of data recipients also results from the consent of the Customer or from the provisions of law, and is made more precise as a result of actions taken by him in the Online Store or the Application.
The Administrator's partners may participate in the processing of Personal Data to a limited extent, in particular who technically help to efficiently run the Online Store, including communication with our Customers (e.g. they support us in sending e-mails, and in the case of advertising activities - also in marketing campaigns. ), providers of hosting services or ICT services, carriers or intermediaries carrying out shipments of Orders, entities handling electronic payments or payment by credit card in the Online Store, companies, entities responsible for external tools, including www.sendinblue.com (for the newsletter) that service the software , support the Administrator in marketing campaigns, as well as providers of legal and advisory services.
10. Are your data also transferred to third countries (outside the European Economic Area)?
As part of the Administrator's use of tools supporting his current activity, provided, for example, by Google, the Customer's Personal Data may be transferred to a country outside the European Economic Area, in particular to the United States of America (USA) or another country where the entity cooperates with it maintains tools for the processing of Personal Data in cooperation with the Administrator.
Adequate security of the transferred Personal Data has been ensured by the Administrator through the use of standard data protection clauses adopted pursuant to the decisions of the European Commission and data entrustment agreements for processing that meet the requirements of the GDPR. In the case of data transfer from Europe to the USA, some entities located there may additionally ensure an appropriate level of data protection in the so-called dams. Privacy Shield (more information is available at: https://www.privacyshield.gov/).
The Customer has the right to obtain a copy of the security measures applied by the Administrator regarding the transfer of Personal Data to a third country by contacting us.
11. What are your rights?
Each customer is entitled at any time to:
- lodging a complaint to the President of the Personal Data Protection Office;
- transfer of Personal Data that he provided to the Administrator and which are processed in an automated manner, and the processing takes place on the basis of consent or on the basis of a contract, e.g. to another administrator;
- access to Personal Data (including, for example, receiving information which Personal Data is processed);
- requests for rectification and restriction of processing (e.g. if Personal Data is incorrect) or deletion of Personal Data (e.g. if they were processed unlawfully);
- withdrawal of any consent given to the Administrator at any time, but the withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law before its withdrawal.
- object to the processing of Personal Data concerning him, carried out in order to implement the legitimate interests of the Administrator or a third party, including in particular processing for marketing purposes, including profiling (if there are no other valid, legitimate grounds for processing superior to the interests of the Customer).
12. For how long will we keep your data?
Personal Data may be stored for the period of using the Online Store (and may be deleted after three years from the last activity of the Customer in the Online Store), in the case of marketing activities - until the Customer objects, and if they are related to cookie technology and similar, depending on technical issues, until these files are deleted using the browser / device settings (while deleting files is not always the same as deleting Personal Data obtained through these files, hence the possibility of objection).
If the processing of Personal Data depends on the consent of the Customer, Personal Data may be processed until it is withdrawn.
In any case:
Personal data will also be stored when the law (e.g. accounting or tax regulations) obliges the Administrator to process them;
We will store Personal Data longer in the event that the Customer has any claims against the Administrator, in order to pursue claims by the Administrator, or to assert or defend against claims of third parties, for the period of limitation specified by law, in particular the Civil Code.
Depending on the scope of Personal Data and the purposes of their processing, they may be stored for a different period.
In each case, the longer period of storage of Personal Data is decisive.
13. Will commercial information be sent to you (eg to your e-mail address)?
The administrator has the technical ability to communicate with the customer remotely (e.g. e-mail).
Commercial information related to the commercial activity conducted by the Administrator may be sent only on the basis of the consent expressed by the Customer, including the acceptance of the newsletter service regulations.
Who are cookies related to?
Due to the fact that the cookie technology used by the Administrator (or with functionality similar to cookies) collects information about every person visiting the Online Store, including as part of the Application, the following provisions of the Policy apply to people who use the Online Store and the Application regardless of whether they remain its customers (place Orders, reserve Products or have an Account) (hereinafter also the "Visitor").
What technology do we use?
The Online Store uses technology that stores and accesses information on a computer or other device connected to the network (in particular using cookies or related solutions), in order to ensure maximum comfort when using the Online Store, including for statistical purposes and for adjusting the advertising content of the Administrator, its partners and advertisers to the interests of the Visitor. When visiting the Online Store, including as part of the Application, data on the Visitor's Internet activity may be automatically collected.
Due to the fact that the Administrator may use solutions with functionality similar to cookies - the following provisions of the Policy should also be applied accordingly to these technologies.
What are cookies?
A cookie is a small text information sent by the server and saved on the side of the Visitor's device (usually on the hard drive of the computer or on the mobile device). It stores information that the Online Store may need to adapt to the ways in which the Visitor uses it and to collect statistical data about the Online Store (e.g. about which pages were visited, what elements are downloaded) and data. the domain name of the Internet service provider or the Visitor's country of origin. The technology that stores and accesses the Visitor's ID makes it possible to save the preferences of an unlogged Visitor.
Do cookies collect your personal data?
When a Visitor uses the Online Store, cookies are used to identify his browser or device - cookies collect various types of information that, as a rule, do not constitute personal data (they do not allow the identification of the Visitor). Some information, depending on their content and method of use, may, however, be associated with a specific person - assigning certain behaviors to a specific Visitor, e.g. by linking them with the data provided when registering an Account in the Online Store - and thus be considered personal data .
In relation to information collected by cookies that may be associated with a specific person, the provisions of the Policy relating to Personal Data apply, in particular regarding the rights of the data subject. Information on information collected by cookies is also made available, inter alia, in the content of the information clause placed in a visible and easily accessible place during the first visit to the Online Store.
The cookies used are primarily to facilitate the use of the Online Store and the Application by the Visitor, for example, by "remembering" the information provided once, so that the visitor does not have to provide it every time, and they are also used to adapt their content, including the advertisements presented, to her preferences. Cookies are also used to increase the usability and personalization of the content of the Online Store and Application, including the presentation, creation, award and implementation of advertisements, offers or promotions (discounts) dedicated to a given Visitor in accordance with their interests (applies only when they are of legal age and expressed consent to such action).
Using the cookie technology used in the Online Store, it is possible for the Administrator to familiarize himself with the preferences of the Visitor - e.g. by analyzing how often he visits the Online Store and whether and what products he buys in stationary stores belonging to Hanna Style sc. Analyzing online behavior helps better understand the habits and expectations of Visitors and adapt to their needs and interests. Thanks to this technology, it is possible to present Visitors with advertisements tailored to their needs and interests (for example, advertising resulting from recently browsing only underwear in the "pregnancy" category) and to prepare better promotions and surprises for adult Visitors who agreed to it.
Based on cookies, the Administrator also uses technology that allows you to reach Visitors who have previously visited the Online Store or the Application while using other websites with the advertising message.
Can you object to the use of information from cookies?
The Visitor may object to the Administrator's actions taken for the purpose described above. If the Visitor expresses his consent, including the presentation, creation, granting and implementation of dedicated advertisements, offers or promotions (discounts) tailored to his preferences, it may be withdrawn at any time - however, this will not affect the lawfulness of processing, which was made on the basis of consent before its withdrawal.
What kind of cookies do we use and are they harmful?
Cookies used in the Online Store are not harmful to the Visitor or the computer / terminal device used by them, therefore we recommend that you do not disable them in browsers. Two types of cookies are used in the Online Store: session cookies, which remain on the Visitor's computer or mobile device until logging out of the website or turning off the software (web browser) and permanent cookies, which remain on the Visitor's device for the time specified in the file parameters cookies or until they are manually deleted in the web browser.
How long will the information collected by cookies be stored?
Depending primarily on the purposes and legal basis for the processing of Personal Data collected by cookies, they may be stored for the time indicated in point. 12 Policies.
The Personal Data collected by cookies concerning a Visitor who is not a Customer will be stored until an objection is raised. The Administrator may delete Personal Data if they are not used for marketing purposes for 3 years, unless the law requires the Administrator to process Personal Data longer.
Part of the Personal Data may be stored longer in the event that the Visitor has any claims against the Administrator or for the purpose of pursuing claims by the Administrator or defending against claims (also third parties), for the period of limitation specified by law, in particular the Civil Code.
In each case, the longer period of storage of Personal Data is decisive.
Third party cookies.
The cookies used by the Administrator are primarily used to optimize the service of the Visitor when using the Online Store or the Application. The administrator, however, cooperates with other companies in the scope of their marketing (advertising) activities. For the purposes of this cooperation, the browser or other software installed on the Visitor's device also saves cookies from entities conducting such marketing activities, which may become the administrator of the Customer's personal data. Cookies sent by these entities are to ensure that the Visitor is presented only with advertisements that correspond to his individual interests and needs. In the opinion of the Administrator, displaying personalized advertising is more attractive for the Visitor than advertising unrelated to their needs. Without these files, it would not be possible, because it is the companies cooperating with the Administrator that provide advertising content to Visitors.
More information on the cookies of these entities can be found in their privacy policies.
How to delete / block cookies?
The Visitor may change the way cookies are used by managing the consent expressed as part of the privacy settings on our website or via the browser or the Application, including blocking or removing those that come from the Online Store (and other websites). For this purpose, the browser or Application settings must be changed. The method of removal differs depending on the web browser used. Information on how to delete cookies should be found in the "Help" tab of the selected web browser. Deleting cookies is not the same as deleting Personal Data by the Personal Data Administrator obtained through cookies.
For example, in Internet Explorer, cookies can be modified from the level: Tools -> Internet options -> Privacy; in Mozilla Firefox: Tools -> Options -> Privacy; while in Google Chrome: Settings -> Show advanced settings -> Privacy -> Content settings -> Cookies. Access paths may differ depending on the version of the browser used.
Detailed information on managing cookies on a mobile phone or other mobile device can be found in the user manual / user manual of the given phone or mobile device.
It is also possible to block cookies from third parties with the simultaneous acceptance of cookies used directly by the Administrator (option "block cookies of third party websites").
What are the consequences of deleting or blocking cookies?
15. How can you contact us?
You can contact the Administrator at any time by sending a message by traditional mail or e-mail to the Administrator's address indicated at the beginning of the Policy, or by phone at the telephone number indicated at the beginning of the Policy, as well as on the Facebook Website.
The Administrator stores correspondence for statistical purposes and for the best and fastest response to emerging inquiries, as well as in the scope of complaint settlements and possible decisions on administrative interventions in the indicated Account made on the basis of notifications. Addresses and data collected in this way will not be used for communication for purposes other than the implementation of the application.
In the event of contact with the Administrator in order to perform specific actions (e.g. submitting a complaint using the form), the Administrator may again request the person to provide data, including personal data, e.g. in the form of name, surname, e-mail address, etc. ., in order to confirm its identity and enable return contact in a given case and perform the requested action. Providing this data is not obligatory, but it may be necessary to perform activities or obtain information that is of interest to a given person.
16. How do we secure your data?
The administrator, taking into account the state of technical knowledge, the cost of implementation as well as the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probability and severity of the threat, applies appropriate technical and organizational measures ensuring protection of the processed Personal Data appropriate to the threats and data categories protected, and in particular, protects the data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable laws and change, loss, damage or destruction. Providing information on the technical and organizational measures applied to ensure the protection of processing externally may weaken their effectiveness, thus jeopardizing the proper protection of Personal Data.
The Administrator provides, for example, the following technical measures to prevent the acquisition and modification of Personal Data sent electronically by unauthorized persons:
Securing the data set against unauthorized access.
SSL certificate on the pages of the Online Store where Personal Data is provided.
Encryption of data used to authorize a person using the functionality of the Online Store.
Access to the Account only after providing an individual login and password.
17. Links to Other Websites
The Online Store may contain links to other websites. The administrator encourages you to read the regulations and privacy policies used for other websites. This Policy applies only to the Administrator's indicated activities.
18. Can this policy be changed and how will you find out?
The administrator may change the Policy in the future, among others for the following important reasons:
changes in applicable regulations, in particular in the field of Personal Data protection, telecommunications law, services provided electronically and regulating consumer rights, affecting the rights and obligations of the Administrator or the rights and obligations of the data subject;
development of functionalities or Electronic Services dictated by the progress of Internet technology, including the use / implementation of new technological or technical solutions, affecting the scope of the Policy.
The administrator will each time place information about changes to the Policy on the Online Store website. With each change, a new version of the Policy will appear with a new date.
19. From when is this version of the Policy effective?
This version of the Policy is effective from May 24, 2018.