DEFINITIONS
• Administrator – a natural or legal person, public authority, unit, or other entity that, alone or jointly with others, determines the purposes and means of processing personal data. In this Privacy Policy and Cookies Policy, the Administrator refers to LOVE SAINTS AGNES DZWONEK, ul. gen. Zygmunta Waltera Jankego 249, 40-616 Katowice, NIP: 6381656811
• Cookies – textual data collected in the form of files placed on the User’s Device,
• Personal Data – any information relating to an identified or identifiable living natural person, including the IP address of the device, location data, online identifier, and information collected via cookies and other similar technologies,
• Policy – this Privacy Policy and Cookies Policy containing information on the processing of personal data and the use of cookies,
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC,
• Personal Data Protection Act – the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000, as amended),
• Service / Website – the website operated by the Administrator under the name lovesaints.pl,
• User – a natural person to whom the Administrator provides services electronically via the Service, as well as a person visiting the Website/online store,
• Device – an electronic device through which the User accesses the Website.
TYPES OF PROCESSED PERSONAL DATA, PURPOSES, AND LEGAL BASIS
1. The Administrator processes the following categories of User’s personal data:
a) First and last name,
b) Email address,
c) Phone number.
2. The Administrator processes personal data through the Website for the following purposes:
a) Ensuring security within the Service and customizing content (Article 6(1)(f) GDPR);
b) Responding to inquiries, providing requested offers, and handling correspondence for resolving issues or fulfilling submitted orders based on User consent (Article 6(1)(a) GDPR);
c) Delivering and displaying content on the Website – for this purpose, the Administrator collects personal data such as IP address and cookies (Article 6(1)(f) GDPR);
d) Establishing, defending, and pursuing claims – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) GDPR) in protecting their rights;
e) Allowing the User to submit opinions about the services provided by the Administrator (Article 6(1)(a) GDPR);
f) Using cookies on the Website and its subpages (Article 6(1)(a) GDPR);
g) Analytical and statistical purposes – verifying User activity within the Service to improve functionalities, optimize services, products, and Website features (Article 6(1)(f) GDPR);
h) Managing the newsletter (Article 6(1)(a) GDPR and Article 6(1)(f) GDPR);
i) Registering an account, verifying the User’s identity, and fulfilling the agreement for electronic service provision in accordance with the Act of 18 July 2002 on the provision of electronic services, particularly by enabling the User to use their account – based on acceptance of the Terms of Service (Article 6(1)(b) GDPR);
j) Communicating with the User to provide essential information and build positive and reliable relationships, which is a legitimate interest of the Administrator (Article 6(1)(f) GDPR);
k) Promoting the Administrator’s and/or Partners’ products and/or services by sending marketing information (newsletter) electronically, provided the User consents to receiving such notifications via email (Article 6(1)(a) GDPR);
l) Providing access to industry-related updates directly linked to the Administrator’s operations, provided the User consents to receiving such notifications via email (Article 6(1)(a) GDPR);
m) Using the contact form service on the Website – the legal basis for processing is the necessity to fulfill the agreement for service provision (Article 6(1)(b) GDPR); for optional data provided, the legal basis is User consent (Article 6(1)(a) GDPR).
3. In each of the above cases (point 2), providing data is voluntary but necessary to conclude an agreement or use other functionalities of the Service.
4. During the use of the Website, additional information may be collected, particularly: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and type of operating system.
5. Navigation data may also be collected from Users, including information about links and references they choose to click or other activities undertaken on the Website. Legal basis – legitimate interest (Article 6(1)(f) GDPR), aimed at facilitating the use of electronic services and improving their functionality.
PERIOD OF PERSONAL DATA PROCESSING
1. If the basis for processing personal data is the User’s consent, the User’s personal data will be processed by the Administrator until the consent is withdrawn. After the consent is withdrawn, the data will be processed for a period corresponding to the statute of limitations for claims that the Administrator may assert or that may be asserted against the Administrator. Unless a specific provision states otherwise, the statute of limitations is six years, and for periodic claims or claims related to business operations – three years.
2. If the basis for processing personal data is the performance of a contract, the User’s personal data will be processed by the Administrator as long as it is necessary to perform the contract, and thereafter for a period corresponding to the statute of limitations for claims that the Administrator may assert or that may be asserted against the Administrator. Unless a specific provision states otherwise, the statute of limitations is six years, and for periodic claims or claims related to business operations – three years.
3. Data related to traffic analysis collected through cookies and similar technologies may be stored until the cookie expires. Some cookies never expire; therefore, the data retention period will be equivalent to the time necessary for the Administrator to achieve the purposes for which the data is collected, i.e., ensuring security and analyzing historical data related to website traffic.
4. The data processing period may be extended if processing is necessary to establish and pursue claims or defend against claims, and thereafter only if and to the extent required by law. After the processing period has expired, the data will be irreversibly deleted or anonymized.
USER RIGHTS RELATED TO THE PROCESSING OF THEIR PERSONAL DATA
1. A data subject has the right to access their personal data, as well as the right to request its rectification, deletion, restriction of processing, data portability, objection, and the right to withdraw consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
2. Legal grounds for the User’s requests:
a) Access to data – Article 15 GDPR,
b) Rectification of data – Article 16 GDPR,
c) Deletion of data (the so-called right to be forgotten) – Article 17 GDPR,
d) Restriction of processing – Article 18 GDPR,
e) Data portability – Article 20 GDPR,
f) Objection to processing based on the Administrator’s legitimate interest – Article 21 GDPR,
g) Withdrawal of consent – Article 7(3) GDPR.
3. The withdrawal of consent takes effect from the moment it is withdrawn. Withdrawal of consent does not entail any negative consequences for the User; however, it may prevent further use of services or functionalities that, by law, the Administrator may provide only with consent.
4. To exercise the rights referred to in points 1 and 2, contact the Administrator via email at: info@lovesaints.pl.
5. When exercising a right under the above provisions, the Administrator will fulfill the request or refuse to fulfill it promptly, but no later than within one month of its receipt. If, due to the complex nature of the request or the number of requests, the Administrator is unable to meet the request within one month, it will fulfill it within the next two months, informing the individual who submitted the request within one month of receiving the request about the extension of the deadline and the reasons for it.
6. The User may submit complaints, inquiries, and requests to the Administrator regarding the processing of their personal data and the exercise of their rights.
7. If it is determined that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.
DATA SECURITY
1. The User’s personal data is stored and protected with due care, in accordance with the internal procedures implemented by the Administrator.
2. The Administrator applies technical and organizational measures to ensure the protection of processed personal data appropriate to the risks and categories of data being protected. In particular, data is secured against unauthorized access, collection by unauthorized individuals, processing in violation of applicable regulations, and alteration, loss, damage, or destruction.
3. The Administrator takes particular care to protect the interests of data subjects and, in particular, ensures that the data collected:
a) is processed lawfully,
b) is collected for specified, lawful purposes and is not subject to further processing inconsistent with those purposes,
c) is factually accurate, adequate in relation to the purposes for which it is processed, and stored in a form that allows identification of the individuals to whom it pertains, no longer than is necessary to achieve the processing purpose.
COOKIES
1. The website uses cookies. Cookies (so-called “cookies”) are IT data, including text files, that a web browser can send to a server each time the website is visited and which are stored on the device used by the User. They can be read by the Administrator (“first-party cookies,” which the Administrator uses to ensure the proper functioning of this site) as well as by systems belonging to other entities whose services the Administrator uses (“third-party cookies”).
a) The Administrator uses first-party cookies for analysis, research, and viewership audits, particularly to create anonymous statistics that help understand how Users use the Website, allowing for improvements in its structure and content.
b) The Administrator uses third-party cookies to display a map on the Website indicating the location of the Administrator’s office using the online service maps.google.com (external cookie administrator: Google Inc., based in the USA).
2. The installation of cookies is necessary for the proper provision of services on the Website.
3. Cookies are saved by the Administrator on the User’s end device if the web browser allows it. A cookie file usually contains the name of the domain it originates from, its “expiration time,” and an individual, randomly selected number identifying that file. The information collected through such files helps adjust the Administrator’s offered products to the individual preferences and actual needs of visitors to the Website.
4. During the first visit to the Website, a message about the use of cookies is displayed. Failure to change the browser settings is equivalent to consenting to their use.
5. Types of cookies:
a) First-party cookies – files placed and read from the User’s Device by the Service’s telecommunication system.
b) Third-party cookies – files placed and read from the User’s Device by the telecommunication systems of external services.
c) Session cookies – files placed and read from the User’s Device by the Service during a single session of a given Device. After the session ends, the files are deleted from the User’s Device.
d) Persistent cookies – files placed and read from the User’s Device by the Service until they are manually deleted. These files are not automatically deleted after the session ends unless the User’s Device is configured to delete cookies after the session ends.
6. The cookies mechanism is safe for Users’ computers.
7. Changing cookie settings or deleting them is possible through the User’s browser. It is also possible to block the collection of User data during a visit to the Website by using the so-called incognito mode. Limiting or disabling the cookies used by the Administrator may affect some functionalities available on the Website.
8. Detailed information about the possibilities and ways of handling cookies is available in the software settings (web browser).
NEWSLETTER
1. By subscribing to the newsletter, the User provides the Administrator with the following personal data: email address. Providing this data is voluntary but necessary to subscribe to the newsletter.
2. The User can unsubscribe from the newsletter at any time. Unsubscribing is done by contacting the Administrator or clicking the appropriate link included in each message sent as part of the newsletter.
3. By subscribing to the newsletter, the User consents to receiving marketing and commercial information via electronic means of communication within the meaning of the Act on the Provision of Electronic Services.
IP ADDRESS
1. The Administrator may collect Users’ IP addresses. An IP address is a number assigned to a computer by an Internet service provider when visiting the Website. The IP number allows access to the Internet. In most cases, it is dynamically assigned, meaning it changes with each connection to the Internet and is therefore commonly treated as non-personal identifying information.
2. The Administrator uses the IP address for diagnosing technical server issues, creating statistical analyses, administering and improving the Website, and for security purposes. Additionally, it can be used to identify unwanted automated programs overloading the server or browsing the Website’s content.
