Privacy policy

Dear Guest,

We highly respect your privacy, therefore, in accordance with the letter of European law, we have prepared the following document, in which we present in a legible, clear and transparent manner the rules for the processing and protection of your personal data applicable in our M A N D A L A S Concept Store.

From the individual chapters marked with paragraphs, you will learn, among others, what data is necessary to process your orders, and which provide you with convenient access to all the store's functions and our unique promotions and special offers.

Depending on whether you are a Subscriber to our newsletter, a Customer, an Entrepreneur cooperating with us, or a Member of our club, various sub-points apply to you, but we encourage you to familiarize yourself with all of them.

The sole proprietor of the Online Store and the administrator of personal data of Customers - natural persons - and users to whom these data relate is Ewa Nowacka-Piechowiak, running a business under the name Mandalas to ENJOY Ewa Nowacka-Piechowiak, with its registered office in Poznań (60 - 464), at ul. Lądecka 9, NIP number 7792236258. hereinafter referred to as the Administrator and being the Seller at the same time.

Personal data collected by the Administrator via the Online Store are processed in accordance with:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (referred to as "GDPR", "GDPR" or "General Data Protection Regulation", applicable from May 25, 2018;
  • and other currently applicable, i.e. throughout the processing of specific data, provisions of the law on the protection of personal data.

Personal data means information about an identified or identifiable natural person (hereinafter referred to as Personal Data).

An identifiable natural person is a person who can be identified, directly or indirectly, in particular on the basis of an identifier such as name and surname, identification number, online identifier, location data, one or more specific factors determining the physical, genetic, mental, economic, cultural or social identity of a natural person.

The Administrator takes special care to respect the privacy of customers visiting her Online Store.

§ I. TYPE OF PROCESSED DATA, PURPOSES AND LEGAL BASIS

1. The administrator collects information regarding:

  • natural persons performing a legal act not directly related to their activity;
  • natural persons conducting business or professional activity on their own behalf;
  • and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, conducting business or professional activity on their own behalf, hereinafter referred to as Clients.

2. The purposes of processing Customers' Personal Data by the Administrator are in particular:

  1. registering an account in the Online Store in order to create an individual account and manage this account. Legal basis - necessary to perform the contract for the provision of the Account service - art. 6 sec. 1 lit. b GDPR;
  2. placing an order in the Online Store in order to perform the sales contract. Legal basis - necessary to perform the sales contract - art. 6 sec. 1 lit. b GDPR;
  3. subscription to the Newsletter, in order to perform the contract, the subject of which is a service provided electronically. Legal basis - consent of the data subject to perform the contract for the provision of the Newsletter service - art. 6 sec. 1 lit. and the GDPR.

3. When registering an account for the Newsletter service in the Online Store, the Customer provides the following data:

  • e-mail adress.

4. When placing an order in the Online Store, the Customer provides the following data:

  • first and last name;
  • address data: zip code and city, country, street, house/apartment number;
  • e-mail adress;
  • phone number.

5. Entrepreneurs provide the above data and additionally:

  • entrepreneur's company name;
  • tax identification number

6. To use the Newsletter service, the Customer provides the following data:

  • e-mail adress;
  • phone number.

7. When using the Online Store, additional information may also be downloaded, including: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain, browser type, access time, operating system type.

8. Navigation data may also be collected from customers, including information about links and references that they decide to click or other activities performed in our Online Store. Legal basis - legitimate interest - art. 6 sec. 1 lit. f GDPR, enabling better use of services provided electronically.

9. In order to establish, pursue and enforce claims, some personal data provided by the Customer as part of using the functionality may also be processed, including: name, surname, data on the use of services, if the claims result from the manner in which the Customer uses services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - legitimate interest - art. 6 sec. 1 lit. f of the GDPR, consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.

10. Personal data collected by the Administrator are provided to her voluntarily, in connection with concluded sales contracts, or the provision of services via the Online Store, with the proviso that failure to provide the data specified in the data forms in the Registration process prevents Registration and setting up a Customer Account, and in the situation of placing an order without registering the Customer Account will prevent the submission and execution of the order.

§ II. PERIOD OF STORAGE OF PERSONAL DATA AND INFORMATION ON WHOM THEY MAY BE PROVIDED

1. The catalog of recipients of Personal Data processed by the Administrator results primarily from the scope of services used by the Customer.

  • The Customer's personal data is transferred to service providers used by the Administrator when running the Online Store. The Administrator's service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are subject to the Administrator's instructions as to the purposes and methods of data processing - processors - or independently determine the purposes and methods of their processing - administrators.
  1. Processing entities - the Administrator uses suppliers who process personal data only at the Administrator's request, and these include, among others, providers of hosting or ICT services, accounting services, providing systems for marketing, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns , marketing campaign companies, software service companies.
  2. Administrators - The Administrator also uses suppliers who do not act solely on his instructions and set the goals and methods of using Customers' personal data on their own. They provide electronic payment services and banking services.

2. Location - Service providers are based in Poland and in other countries of the European Economic Area (EEA).

3. Customers' personal data is stored:

  1. In a situation where the basis for the processing of personal data is the consent provided, the Customer's personal data are processed by the Administrator until the consent is revoked. After its cancellation, personal data is stored for a period corresponding to the period of limitation of claims that may be raised by the Administrator and which may be raised against him. Unless a special provision provides otherwise, the limitation period is 10 years, and for claims for periodic benefits and claims related to running a business, it is 3 years.
  2. In a situation where the basis for data processing is the performance of the contract, then the Customer's personal data are processed by the Administrator as long as it is necessary to perform the contract. After this time, personal data is processed for a period corresponding to the period of limitation of claims. Unless specific provisions provide otherwise, the limitation period is 10 years, for claims for periodic benefits and claims related to running a business - 3 years.

4. In the event of a purchase in the Online Store, personal data may be transferred, depending on the Customer's choice, to the following entities in order to deliver the products ordered in the Online Store, i.e. InPost and DPD Polska courier companies.

5. If the Customer of the Online Store chooses payment using the Przelewy24.pl payment system, her/his personal data is transferred to the extent necessary for the payment to be made to DialCom24 Sp. z o. o. 60-327 Poznań, ul. Kanclerska 15 NIP 781-173-38-52, REGON 634509164 District Court Poznań, VIII Department Commercial Register of the National Court Register No. KRS 0000306513.

6. Personal navigation data may be used to provide customers with better service, analyze statistical data and adapt the Online Store to customer preferences and to administer the Online Store.

7. If the Customer chooses the Newsletter subscription service, the Administrator will send information to her/his e-mail address or SMS messages to her/his mobile phone, containing commercial information about promotions, discounts, new products available in her Online Store.

8. In the event of a request to the Administrator to provide data, she will provide personal data to authorized state authorities, in particular organizational units of the Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ III. COOKIES AND IP ADDRESSES

1. The cookies used by the Administrator are primarily used to:

  • optimizing the service of visitors when using the Online Store;
  • developing statistics of visits to the presented products in the Online Store.

These files are saved by the Administrator on the device of the person visiting the Online Store, if the web browser allows it. Cookies usually contain the name of the domain they come from, their "expiration time" and an individual, randomly selected number identifying these files.

2. Two types of cookies are used in the Online Store:

  • Session cookies - after the end of the browser session or turning off the computer, the saved information is deleted from the device's memory. The session cookies mechanism does not allow for downloading any personal data and any confidential information from the Clients' computers;
  • Persistent cookies - are stored in the memory of the Customer's end device and remain until they are deleted or expire. The mechanism of persistent cookies does not allow for downloading any personal data and any confidential information from the Customer's computer.

3. The Administrator uses own cookies to:

  • authentication of the Customer in the Online Store and providing her/him with a Customer session after logging in to the Customer Account;
  • anonymous statistics and analyzes that help to understand how customers use the Online Store.

4. The Administrator uses external cookies to:

  • collecting static data via Google Analytics analytical tools - administrator of external cookies: Google Inc with its registered office in the USA;
  • presenting advertisements from Google AdSense - administrator of external cookies: Google Inc with its registered office in the USA;
  • promoting the Online Store on Facebook.com - administrator of external cookies: Facebook Inc based in the USA or Facebook Ireland based in Ireland.

5. The cookie mechanism is completely safe for the computers of the Online Store Customers.

  • The customer may independently and at any time change the settings for Cookies, specifying the conditions for their storage and access by Cookies to his device.
  • Changes to the settings in question can be made by the Customer using the web browser settings. These settings can be changed in particular in such a way as to block the automatic handling of Cookies in the web browser settings or to inform each time Cookies are placed on the Customer's Device.
  • Detailed information on the possibilities and ways of handling cookies are available in the web browser settings.
  • Blocking cookies may affect some of the functionalities available in the Online Store.

6. The Administrator may collect Customers' IP addresses.

  • The IP address is a number assigned to the computer of the person visiting the Online Store by the Internet service provider.
  • The IP address is used by the Administrator when diagnosing technical problems with the server, creating statistical analyzes and improving the Online Store.

7. The Online Store contains links and references to other websites on the Internet and the Administrator is not responsible for the privacy protection rules applicable on these websites.

§ IV. RIGHTS AND OBLIGATIONS OF THE PERSON WHOSE PERSONAL DATA CONCERN

1. The right to withdraw consent - legal basis art. 7 sec. 3 GDPR.

  1. The Customer has the right to withdraw any consent given to the Administrator.
  2. Withdrawal of consent takes effect from the moment of withdrawal of consent.
  3. Withdrawal of consent does not fundamentally affect the processing carried out by the Administrator in accordance with the law before its withdrawal.
  4. Withdrawal of consent does not cause any negative consequences for the Customer of the Online Store, but it may prevent further use of services or functionalities that can only be provided with consent.

2. The right to object to data processing - legal basis art. 21 GDPR.

  1. The customer has the right to object at any time to the processing of her/his personal data, including profiling, if the Administrator processes her/his data based on a legitimate interest, e.g. marketing of products and services, keeping statistics on the use of individual functionalities of the Online Store and facilitating the use of Online Store, and customer satisfaction survey.
  2. Resignation from receiving commercial messages regarding products or services, sent via e-mail, will be the Customer's objection to the processing of her/his personal data, including profiling for these purposes.
  3. If the Customer's objection turns out to be justified and the Administrator has no other legal basis for the processing of personal data, the Customer's data will be deleted, to the processing of which the Customer has lodged this objection.

3. The right to delete data / the right to be forgotten - legal basis art. 17 GDPR.

  • The Customer has the right to send a request to delete all or some of her/his personal data.
  • The Customer has the right to request the deletion of personal data if:
  1. The Personal Data are no longer necessary for the purposes for which they were collected or for which they were processed;
  2. The Customer withdrew consent to the extent that the Customer's data was processed based on her/his consent;
  3. The Customer has objected to the use of his data for commercial or marketing purposes;
  4. Personal Data is processed unlawfully;
  5. Personal Data must be deleted in order to comply with a legal obligation provided for in European Union law or the law of a Member State to which the Administrator is subject;
  6. Personal Data has been collected in connection with offering information society services.
  • Despite the request to delete Personal Data, in connection with the objection or withdrawal of consent, the Administrator may retain some Personal Data to the extent that their processing is necessary to establish, pursue or defend claims, as well as to fulfill a legal obligation requiring their processing under Union or Member State law to which it is subject.

4. The right to limit data processing - legal basis art. 18 GDPR.

  • The Customer of the Online Store has the right to request the restriction of the processing of her/his data. Submitting such a request prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by this request.
  • The Customer of the Online Store has the right to request the restriction of the use of personal data in the following situations:
  1. in the event of non-compliance of their personal data, then the Administrator limits their use for the time needed to verify the correctness of this data;
  2. when the processing of data is unlawful and the Customer does not request their removal but limit their use;
  3. when the Customer's personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Customer to establish, pursue or defend claims;
  4. when he objected to the use of his data, then the restriction takes place for the time needed to consider whether, due to the particular situation, the protection of the interests, rights and freedoms of the Customer outweighs the interests pursued by the Administrator by processing the Customer's data.

5. Right of access to data - legal basis of Article 15 of the GDPR.

  • The Customer has the right to obtain confirmation from the Administrator whether she processes her/his personal data, and if so, the Customer has the right to:
  1. access his/her personal data;
  2. obtain information about the purposes of processing and recipients or categories of recipients of this data, the planned period of data storage or the criteria for determining this period, about the rights of the Customer under the GDPR and the right to lodge a complaint to the supervisory body, about the source of data, about automated decision-making, in including profiling and safeguards applied in connection with the transfer of such data outside the European Union;
  3. obtain a copy of her/his personal information.

6. The right to rectify data - legal basis art. 16 GDPR.

  • The customer has the right to request the Administrator to immediately rectify his personal data that are incorrect.
  • Taking into account the purposes of processing, the Customer has the right to request completion of incomplete personal data, including by submitting an additional statement, by sending an e-mail to the Administrator's e-mail address, i.e. [email protected]

7. The right to transfer data - legal basis art. 20 GDPR.

  • The customer has the right to receive her/his data, which he provided to the Administrator, and then send them to another personal data administrator of his choice.
  • The Customer of the Online Store also has the right to request that her/his personal data be sent by the Administrator directly to such an administrator, if it is technically possible. In this situation, the Administrator will send such Customer data in the CSV file format, which is a commonly used format.

8. If the Customer requests the fulfillment of her/his above rights, the Administrator has the right to fulfill them or refuse him, and he will do so immediately.

9. The Customer has the right to submit complaints, inquiries and requests to the Administrator regarding the processing of his Personal Data and the exercise of her/his rights.

10. The Customer has the right to request the Administrator to provide a copy of standard contractual clauses by sending an inquiry to the Administrator's e-mail address, i.e. [email protected]

11. The Customer has the right to lodge a complaint with the President of the Office for Personal Data Protection in the scope of violation of her/his rights to the protection of personal data or other rights granted under the GDPR.

§ V. SECURITY OF PERSONAL DATA

The Administrator declares that she makes every effort to provide customers with a high level of security in the use of the Online Store and for this purpose:

  1. applies technical and organizational measures required by law, in particular in the field of security of Personal Data processing;
  2. applies measures ensuring the ability to maintain the confidentiality, integrity, availability and resilience of processing systems and services at all times;
  3. applies measures ensuring the ability to quickly restore the availability of Personal Data and access to them in the event of a physical or technical incident;
  4. provides customers of the Online Store with a secure and encrypted connection when transferring personal data and when logging in to the Customer Account, using an SSL certificate.
  • All events affecting the security of information transfer, personal data, including the suspicion of sharing files containing viruses, should be reported to the Administrator via e-mail to the following e-mail address: [email protected]

§ VI. FINAL PROVISIONS

  • In matters not regulated in the Privacy Policy, the provisions of law regarding the processing of Personal Data, including the GDPR, shall apply.
  • The current version of the Privacy Policy is effective from December 31, 2022.

 

Logo Mandalas to ENJOY