ONLINE SHOP PRIVACY POLICY
effective from 01.10.2022.
- INTRODUCTORY INFORMATION ON PRIVACY POLICY
- This Privacy Policy (hereinafter: the Policy) is informative, which means that it does not create obligations for you, and one of its main functions is to fulfil your duty of information and to be transparent about the basis and manner in which your personal data is processed and your rights in relation to it.
- The content of the Policy applies to you when you use our website at URL: www.sibotesty.pl (hereinafter: the Website).
- We take the protection of personal data with particular seriousness. When collecting and using personal data, we ensure that we comply with the General Data Protection Regulation, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Official Journal of the EU.L. 2016 No. 119, p. 1) (hereinafter: RODO), and other applicable data protection regulations, respectively.
- We provide detailed information on the processing of personal data by means of additional information clauses, insofar as we have deemed it justified in the respective processing of personal data. In the following section of the Policy you will find information related to the use of the Website, on the type of data, the purpose of the processing and the functionalities in the use of which it is collected.
- In the event of any doubt or contradiction between the Policy and the content of the supplementary information provided by us in a particular case, the data subject shall be guided by the information received under the information clause. Irrespective of the Policy, our data processing activities shall always be based on the relevant provisions of the law in force in the Republic of Poland.
- PERSONAL DATA CONTROLLER, CONTACT
- The administrator of the personal data of the Website, i.e. the entity responsible for ensuring the security of your personal data, is: Patrycja Maniukiewicz-Caban running a business under the name Poradnia Dietetyki Klinicznej Dr. Patrycja Maniukiewicz-Caban, Grabiszyńska nr 85a lok. 4, 53-503 Wrocław, NIP: 9730609698, e-mail address: sibotesty@gmail.com, tel: 601656747 (hereinafter: Administrator).
- If you have questions or concerns about the Administrator’s processing of your personal data in connection with your use of the Website, or if you wish to make a request regarding the exercise of your rights in this regard, you may contact the Administrator electronically by writing to: sibotesty@gmail.com.
- The Administrator is committed to ensuring that you are satisfied with its services and offers. However, please be aware that you have a number of rights that will allow you to influence the way the Controller processes your data and, in some cases, cause such processing to cease. We would therefore like to remind you that under the RODO, the data subject has:
- The right to access your personal data, including obtaining a copy of your data,
- The right to request the rectification of your personal data,
- The right to erasure of your personal data (the so-called right to be forgotten),
- The right to restrict the processing of your personal data,
- The right to portability of your personal data (if processed under contract or consent),
- The right to object (to the processing of your personal data, to direct marketing, to profiling, to processing carried out on the basis of the legitimate interest of the Controller),
- the right to lodge a complaint with the supervisory authority for the protection of personal data (in Poland this is the President of the Office for Personal Data Protection),
- if your data is processed on the basis of consent – you have the right to withdraw it (which does not affect the lawfulness of the processing carried out on the basis of consent before withdrawal).
- In order to exercise the above rights, as well as in connection with a request to provide you with more information as to what data we hold about you and for what purposes we process it, please contact us as indicated in paragraph II(2) of the Policy.
- INFORMATION ON PROCESSING OF PERSONAL DATA
- The Administrator collects your personal data when you complete an order form in the online shop, use the contact forms on the Website, sign up for the Newsletter or otherwise contact the Administrator.
- It is not compulsory for you to provide personal data, but failure to do so will result in us not being able to perform the activities for which the data is required. This is, for example, necessary in order to conclude and perform a contract on your behalf, such as a contract for the sale of our products within the framework of the online shop we operate.
- Where the use of your personal data is not necessary for the performance of a contract, performance of a legal obligation or does not constitute a legitimate interest of the Controller, we may ask you to consent to certain uses. Giving such consent may take the form of checking a box while browsing the Website or in any other way that indicates, in the given context, that you have accepted the Administrator’s proposed processing of your personal data.
- In connection with your use of the Website, we have identified the following purposes and grounds for processing your personal data:
- we process your data because it is necessary for the conclusion and performance of the contract you have concluded with us (Art. 6(1)(b) RODO), viz:
- order processing and VAT invoicing
When ordering any product on the Website, you provide us with the data necessary to process your order, such as your name, surname, company, street and number, postal code, VAT number, city, country, telephone number and e-mail address. The provision of the data is voluntary, but necessary to place the order. Data provided to us in connection with an order is processed for the purpose of processing the order, issuing an invoice and including it in the accounting documentation, and may also be used for archiving and statistical purposes. Order data will be processed for the time necessary for the processing of the order and thereafter until the expiry of the limitation period for contractual claims. After the expiry of this period, the data may still be processed by us for statistical purposes. We are obliged to store invoices for a period of five years from the end of the fiscal year in which the VAT invoice was issued. In the case of data provided for the purpose of processing an order, you may not object to the processing of the data and request the deletion of the data until the expiry of the limitation period for contractual claims.
- complaints and returns
When you make a complaint or return a product, you provide us with personal data contained in the body of your statement; this may include, in particular, your name, company, address, telephone number, e-mail address, order number and, if applicable, your bank account number. The provision of this data is voluntary, but necessary in order to make a complaint or return a product. The data provided to us in connection with making a complaint or returning a product is used for the purpose of processing the complaint procedure or registering the return. The data will be processed for the time necessary for the complaint procedure or return. In the case of data contained in complaints and product returns, you do not have the opportunity to object to the processing of your data or to request the deletion of your data until the expiry of the limitation period for contractual claims.
- contact using the contact form
When you contact us via the contact form, you provide us with at least your name and e-mail address, optionally a telephone number. It is up to you whether you provide additional data in the content. The provision of data is voluntary, but necessary in order to get in touch with us. Your data is processed in this case for the purpose of contacting you. The basis for processing your data is your consent. If the enquiry you address to us is related to the need to prepare an offer in line with your needs or to provide you with information about us and our range of services, we act within the framework of the Administrator’s legitimate interest, which is the Administrator’s own marketing of our services, especially concerning the building and development of relationships with our customers and the pursuit of sales of our services. Depending on the content of the correspondence, we act on your request prior to concluding a possible contract with us (e.g. sending you a tailored offer of our services, carrying out other activities aimed at concluding a contract). Depending on the matter on which we communicate, we process your personal data for the period necessary for our correspondence with you and thereafter for a maximum period of 24 months or for the period for the establishment, defence, assertion or limitation of possible claims arising from such correspondence or for the duration of possible proceedings, in accordance with the applicable legislation. The above information shall remain appropriately up-to-date when you contact us at the contact address of our e-mail address indicated on the Website, by omitting the Contact Form.
- we process your personal data for the purposes of our legitimate interest (Art. 6(1)(f) RODO), i.e.:
- to contact you, including for the purposes of providing services;
- the performance of contracts with our contractors (e.g. distributors), where you are the designated contact person;
- to handle requests you address to us that are not directly related to the performance of a contract or your interest in our offerings;
- the defence and assertion of claims arising from contracts concluded by us;
- for analytical purposes, including monitoring and analysis of Site traffic and statistical measurements;
- for archival (evidential) purposes in pursuit of our legitimate interest in safeguarding information in the event of a legal need to prove the facts;
- in order for us to offer you products and services directly (direct marketing), including matching them to your needs, i.e. profiling;
- use of external online tools on the Website;
The above cases, in addition to situations where personal data is provided by you voluntarily, may also involve the automatic collection and partial storage of information about you in cookies (or other similar technologies). In addition to cookies, we may alsȯ automatically collect́ data customarily collected by web system administrators as part of so-called logs or log files. The information contained in the logs may̨ includé, among other things, the IP address of the visitor to the Website, location, type of platform/end device (e.g. mobile device) and internet browser, internet provider and the address of the page from which the visitor accessed our Website. You can find more information about this later in the Policy. Using the external tools indicated later in this Policy, we use the data collected to keep statistics on the traffic on our Website, such as the number and length of visits to our Website, transitions between subpages, counting the number of re-visits to our Website, etc. The information collected in this way is used for the purpose of providing statistics on our Website. The information collected in this way is used to evaluate the use of the Website and to improve the quality of its operation. We do not combine it with personal data provided to us in a non-automated manner by the user of the Website (e.g. via a contact form).
Your personal data in the above cases will be stored for no longer than necessary. Accordingly, this will be: in the situation of direct marketing of our products and services – for the duration of the contract and then for the period of the provision of warranty and/or post-warranty service or until you object to their processing for this purpose or we determine that they have become obsolete; the assertion and defence of claims – for the period in which the claims in question become time-barred. Where we process your personal data on the basis of your consent to certain uses, your data will be processed until you withdraw your consent, but for no longer than the purpose for which the data was collected.
- we process your personal data on the basis of your consent (Article 6(1)(a) RODO), i.e.:
for marketing activities consisting of sending you, at your e-mail address or contacting you at the telephone number provided, information about our current activities, i.e. in particular new products and offers for their sale. You have the right to withdraw (revoke) your consent at any time. If applicable, you can use the unsubscribe option which is available in every email containing a commercial offer sent on the basis of your marketing consent. If there is no such link in the commercial communication sent to you, you can send an email about revoking your consent to marketing activities to: sibotesty@gmail.com,
- in certain situations we are obliged by law to process your personal data (Article 6(1)(c) RODO), i.e.:
In particular, this applies to tax and accounting regulations, as well as other regulations prescribed by applicable law. In these cases, we will retain your personal data for as long as we comply with our obligations, for as long as we are required by law to retain the data or for as long as we may incur the legal consequences of failing to comply with the obligation.
Your personal data will be processed by the Administrator by automated means, including the use of IT software allowing us to manage our customer base, but such processing will not result in any decisions affecting your person that have legal, financial or other similar effects. Such processing may involve, for example, creating appropriate categories of our customers and presenting offers to them taking into account their preferences.
- OTHER PROCESSING INFORMATION
- The Administrator may entrust the processing of your personal data to third parties to whom he/she subcontracts the performance of specific activities related to ensuring the proper functioning of the Website. The entities to which the Administrator subcontracts the processing of personal data shall guarantee the application of appropriate measures for the protection and security of personal data as required by law.
- The administrator may disclose your personal data:
- to entities processing data on its behalf, involved in the performance of activities by the Controller, i.e.:
- entities servicing the IT systems and equipment we use;
- our business partners, advertising agencies and other intermediaries to sell our products and services or to organise marketing campaigns;
- subcontractors who support us, e.g. in mail handling or customer service processes;
- to entities providing us with consultancy, advisory, auditing, legal, tax, accounting assistance;
- other data controllers processing the data on their own behalf, i.e.:
- to postal or courier operators;
- entities that cooperate with us in handling accounting, tax, legal matters – to the extent that they become a separate data controller;
- to debt buyers or debt collectors – if you do not pay our invoices on time;
- on the basis of applicable law, your data may be made available to entities entitled to obtain such data (e.g. law enforcement agencies).
- If we receive a request for rectification, erasure or restriction of the processing of personal data, we will inform the recipients to whom the personal data have been disclosed, unless this proves impossible or requires a disproportionate effort, and we will inform you of these recipients upon your request concerning your personal data.
- Before we transfer data to entities that process personal data on our behalf (e.g. our subcontractors, IT service providers), we enter into entrustment agreements with such entities for the processing of personal data, requiring them to maintain confidentiality and security and data protection measures, and the processing of personal data is carried out in accordance with our processing instructions.
- Links to other websites may periodically appear within the Site. Such websites operate independently of the Administrator’s Website and may not be supervised by the Administrator. These websites may have their own privacy policies; we recommend that you familiarise yourself with them. The Administrator is not responsible for the data handling policies of these websites.
- Our partners are mainly based in countries in the European Economic Area (EEA) or in Switzerland, which is deemed to meet an adequate level of data protection. Some of our partners e.g. Google, or Facebook are based outside the EEA. In connection with the transfer of your data outside the EEA, we verify that the Partners provide guarantees of a high level of protection of personal data. These guarantees arise in particular from the obligation to apply the standard contractual clauses adopted by the EU Commission applying the provisions of Article 46(2) of the RODO. You have the right to request a copy of the standard contractual clauses from us by addressing a request to us.
- GENERAL INFORMATION ABOUT THE SITE AND ITS OPERATION
- The Administrator shall make every effort to ensure a high level of security of the personal data processed. Any incidents affecting data security, including suspicions of sharing files containing viruses and other files of a similar nature or other than files of destructive mechanisms should be reported to the e-mail address: sibotesty@gmail.com.
- The Administrator shall apply technical and organisational measures to ensure the protection of the processed personal data appropriate to the risks and the category of data protected, and in particular shall protect the data against their disclosure to unauthorised persons, against their taking by an unauthorised person, against their processing in violation of the applicable regulations, and against their alteration, loss, damage or destruction. Furthermore, the Administrator shall take special care that the personal information is:
- correct and processed in a lawful manner,
- obtained only for specific purposes and not further processed in a way incompatible with those purposes,
- adequate, appropriate and not excessive,
- accurate and up-to-date,
- not kept longer than necessary,
- processed in accordance with the rights of the persons (to whom they relate), including the right to reserve access,
- safely stored,
- not transferred without adequate protection.
- Personal data are stored in a database in which technical and organisational measures have been applied to ensure the protection of the processed data in accordance with the requirements set out by generally applicable legislation on the protection of personal data. Access to the database is allowed only to persons having authorisations granted by the Administrator.
- The Administrator has appropriate policies and procedures in place to safeguard personal information from unauthorised loss, misuse, alteration or destruction. Every effort is made to ensure that access to users’ personal data is limited to those who have a need to know the information. Persons who have access to the data are obliged to maintain its confidentiality.
- The controller also applies technical measures to protect personal data, these are in particular:
- SSL – each subpage of the Website is accessible using an encrypted connection between the user’s browser and the server hosting the page. The encrypted connection is enforced on the Site;
- access to data – only designated persons have access to the collected information, using a login and password.
- access to information in external tools – only designated persons have access to information stored in external tools, using a login and password.
- The Website uses cookies and other similar technologies, details of which can be found later in this Policy (VIII. COOKIES AND OTHER SIMILAR TECHNOLOGIES).
- EXTERNAL TOOLS USED ON THE WEBSITE
- The Administrator uses the following tools on the Website:
- Google Analytics – we use the Google Analytics tool on the Website in order to keep statistics (e.g. number and length of visits to our website, transitions between individual pages, re-visits to our website, etc.). The Google Analytics tool can be and is used on every subpage of the Website. Detailed information on the security and privacy of the data used in connection with the use of Google Analytics can be found on this page. If you do not wish us to track your behaviour on our website using the Google Analytics tool, you can block it at any time using the tool provided by Google. You can find more information on how to use this tool here.
- COOKIES AND OTHER SIMILAR TECHNOLOGIES
- By using the Website, you consent to the use of cookies – small files sent by our web server that you visit and stored on the terminal device you use to browse our Website. Cookies consist of a string of letters and numbers which may contain data and other information to enable us to fulfil the following purposes:
- correct display of the Website in your browser, these cookies are necessary for the correct operation of key processes of the Website, in particular the ordering process;
- ensuring the security of the Website – correct logging into the webshop, maintaining user sessions, detecting unwanted activities on the website, remembering goods added to the basket;
- improving the performance and operation of the Website and analytics – these cookies collect statistical data, for example on the number of visits to individual pages on our Website;
- customising the functionality of the Website – including personalisation of your settings, such as language, region, font colour, etc., and for remembering the settings you have chosen;
- display advertisements for the goods and services we offer, tailored to your interests.
- The cookies used on our Website can be divided into session cookies, so-called temporary cookies, which remain on your device only while you are using the Website – they are deleted when you close your browser, and permanent cookies, which remain on your device as long as they have a set duration or until you delete them.
- You can block cookies from our Website directly in your browser settings at any time. Failure to do so implies your consent to their use. The additional external tools we use may use their own additional cookies. Please note that changing your cookie settings may affect the way our Website works. You can find more information on how to change your browser settings for privacy in the most popular browsers below:
Mobile devices:
Cookies / system | Characteristics | Supplier / Trusted partner | Storage time: |
Google Analytics | Automatic collection of information about your computer when you visit the Website. Purpose: To compile statistics and carry out analyses in order to optimise the Website. Gathering information about the user visiting the site and monitoring sales performance: Total sales, number of sessions generated, number of returning users, conversion rate, average order value, etc. | Google Ireland Limited Gordon House, Barrow Street, Dublin 4 D04 E5W5 | 12 months |
Google Search Console | Automatic collection of information about your computer when you visit the Website. Purpose: To compile statistics and carry out analyses in order to optimise the Website. | Google Ireland Limited Gordon House, Barrow Street, Dublin 4 D04 E5W5 | 12 months |
- On our Website, we use the “Facebook pixel”, whose provider is the owner of the social network Facebook, whose headquarters are located at: 1601 South California Avenue, Palo Alto, CA 94304, USA. So-called tracking pixels are integrated into our Website. When you visit our Website, the tracking pixel creates a direct connection between your browser and the Facebook server. Facebook receives information from your browser that your device has accessed our Website. If you are a Facebook user, Facebook may attribute your visit to our Website to your Facebook account. As administrator of the Website, we do not know the content of the transmitted data or their use by Facebook. We can only choose which groups of Facebook users to display our advertisements to (e.g. by age, interests), Facebook can also recognise whether our Facebook advertisement has been viewed by a user. This allows us to check the effectiveness of Facebook ads. If you do not want your data to be saved via the Facebook pixel, you can change your privacy settings on Facebook. You can also deactivate the Facebook pixel using the following link by clicking HERE. Broadcasting is permitted as standard contractual clauses of the European Union have been agreed with Facebook. The legal basis is a legitimate interest in accordance with Article 6(1)(f) RODO, namely the fulfilment of our legitimate business purposes, i.e. targeted advertising of our services.
- On our Website, we use the remarketing function of Google Inc. which allows us to target personalised advertisements to visitors to our Website. In order to analyse how visitors use the Website, which is the basis for creating interest-based advertising, Google uses cookies. You can find more information HERE, to deactivate the use of cookies by external providers you can use the settings available HERE. Find out more about how Google uses cookies and other technologies to display ads.
- Our Website enables the use of so-called “plug-ins” and other tools provided by social networks such as Facebook, Google, Instagram. When you use a particular plug-in, your browser establishes a connection to the server of its provider. Some of these servers my be located outside the European Economic Area (in the United States). The plug-in provider receives information that your browser has viewed our Website. This information, together with your IP address, is stored by the provider of the respective plug-in and, if you have a registered account with their service, is credited to that account. Some plug-ins, e.g. “like”, “share”, are responsible for transmitting the relevant information from your browser to the plug-in provider’s server for publication on the provider’s website. In this respect, it is the plug-in provider who decides on the purposes and means of processing your personal data, and you can find more details about your rights in this respect using the links below:
- The Administrator also processes anonymised usage data related to the use of the Website (so-called logs – IP address, domain) to generate statistics to help administer the Website. This data is aggregated and anonymous, i.e. it does not contain identifying characteristics of visitors to the Website. The logs are not disclosed to third parties.
- FINAL PROVISIONS
- The Administrator reserves the right to introduce changes to the Policy. Changes will be introduced if required by applicable law or if the technological conditions of the Website change.
- Date this Privacy Policy was last updated: 01.10.2022 r.