Privacy Policy

What is a Privacy Policy?

We would like to provide you with details concerning our processing of your personal data in order to give you full knowledge and comfort in using our website.

Since we operate in the online sector, we know how important it is to protect your personal data. Therefore, we make particular efforts to protect your privacy and information you provide us with.
We carefully select and apply appropriate technical measures, in particular programming and organisational measures, to ensure protection of the personal data we process. Our website uses encrypted data transmission (SSL), which ensures protection of your identity.

In our Privacy Policy you will find all key information regarding our processing of your personal data.

Please read it, we promise it won’t take more than a few minutes.

 

Who is the administrator of the website: www.karolinaholda.eu?

The administrator of the website is Karolina Hołda, conducting business activity under the business name Karolina Hołda, entered to the Central Registration and Information on Economic Activity (CEIDG) maintained by the Minister of Economy, with its registered office in Katowice, at ul. Gawronów 22, 40 – 527 Katowice, Poland, Taxpayer Identification (NIP) Number: 9542753396, National Official Register of Business Entities (REGON) Number: 360848984 (i.e.: We).

 

 

PERSONAL DATA

 

What legal act governs the processing of your personal data?

Your personal data are collected and processed by us in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1), commonly referred to as: GDPR. In the scope not regulated by the GDPR, the processing of personal data is governed by the Personal Data Protection Act of 10 May 2018.

 

Who is the controller of your personal data?

The controller of your personal data is Karolina Hołda, conducting business activity under the business name Karolina Hołda, entered to the Central Registration and Information on Economic Activity (CEIDG) maintained by the Minister of Economy, with its registered office in Katowice, at ul. Gawronów 22, 40 – 527 Katowice, Poland, Taxpayer Identification (NIP) Number: 9542753396, National Official Register of Business Entities (REGON) Number: 360848984, email: [email protected].

You can contact us about your personal data using the e-mail address: [email protected].

 

 

HOW DO WE PROCESS YOUR PERSONAL DATA, THAT YOU PROVIDE TO US.

 

What personal data do we process and for what purposes?

On our website we offer a variety of services as part of which we process different personal data on different legal grounds.

Objective Personal data Legal basis for processing Data retention time
conclusion and performance of a contract first name, last name, address for correspondence, tax identification number, e-mail address, telephone number, payment card number article 6(1)(b) of the GDPR, i.e. processing in order to take action at your request, prior to conclusion of a contract, and processing necessary for the performance of a contract to which you are party until the expiry of the limitation period for claims concerning the performance of the contract
creating and maintaining an account first name, last name, e-mail address, telephone number, address for correspondence article 6(1)(b) of the GDPR, i.e. processing in order to take action at your request, prior to conclusion of a contract, and processing necessary for the performance of a contract to which you are party until the expiry of the limitation period for claims concerning the performance of the contract
newsletter e-mail address, first name Article 6(1)(a) of the GDPR, i.e. processing based on the consent given by you to the processing of your personal data until the day you withdraw your consent to personal data processing
loyalty program e-mail address, first name, last name, telephone number Article 6(1)(a) of the GDPR, i.e. processing based on the consent given by you to the processing of your personal data until the moment you withdraw your consent to personal data processing
traffic analysis on the online shop website name, address for correspondence Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing our legitimate interest in analysing customer traffic on the shop website until you object to the processing of your personal data
direct marketing of Goods and own services, including remarketing name, address for correspondence Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing our legitimate interest in direct marketing of its own services, including remarketing until you object to the processing of your personal data
determination, pursuit and enforcement of claims and defence against claims in proceedings conducted before courts and other state authorities first name, last name, address for correspondence, PESEL number, tax identification number (NIP), national business registry number (REGON), e-mail address, telephone number, IP number, bank account number, payment card number article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing our legitimate interest in establishing, pursuing and enforcing claims and defending against claims in proceedings conducted before courts and other state authorities until the expiry of the limitation period for claims concerning the performance of the contract
fulfilling legal obligations arising from legal regulations, in particular tax and accounting regulations first name, last name, company name, PESEL number, tax identification number (NIP) or national business registry number (REGON), e-mail address, telephone number, address for correspondence, payment card number Article 6(1)(c) of the GDPR, i.e. processing is necessary to fulfil legal obligations incumbent of the Controller, resulting from legal regulations, in particular tax and accounting regulations
until the expiry of the legal obligations imposed on the Controller which justify the processing of personal data

Voluntary provision of personal data

Provision of the required personal data is voluntary, but it is necessary for us to provide services to you (e.g. to provide a newsletter service or to create an account).

Recipients of personal data

For the proper functioning of the Online Shop, including the implementation of Sales Agreements concluded, it is necessary for the Administrator to use the services of external entities (e.g. a software provider, courier or payment processor). The administrator uses only the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.

The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it. For example, if the Customer uses a personal pickup, his data will not be transferred to the carrier cooperating with the Administrator.

The personal data of the Service Users and Customers of the Online Shop may be transferred to the following recipients or categories of recipients:

• carriers / forwarders / courier brokers – in the case of a Customer who uses the Online Shop with the method of delivery of the Goods by post or courier, the Administrator provides the Customer’s collected personal data to the selected carrier, forwarder or intermediary performing the shipment at the request of the Administrator to the extent necessary to complete the delivery of the goods to the Customer.
• entities servicing electronic payments or payment by card – in the case of a Customer who uses the Online Shop with the method of electronic payments or with a payment by card, the Administrator provides the Customer’s collected personal data to the selected entity servicing the above payments in the Online Shop at the request of the Administrator to the extent necessary to handle payments made by the Customer.
• provider of the opinion poll system – in the case of a Customer who agreed to express an opinion on the concluded Sales Agreement, the Administrator provides the Customer’s collected personal data to the selected entity providing the system of opinion polls on the concluded Sales Agreements in the Online Shop at the request of the Administrator to the extent necessary for the Customer to express an opinion using the opinion poll system.
• service providers supplying the Administrator with technical, IT and organizational solutions, enabling the Administrator to run a business, including the Online Shop and the Electronic Services provided through it (in particular, computer software providers for running the Online Shop, e-mail and hosting providers and software providers for managing the company and providing technical assistance to the Administrator) – the Administrator provides the collected personal data of the Customer to a selected supplier acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
• providers of accounting, legal and advisory services providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) – the Administrator provides the collected personal data of the Customer to a selected supplier acting on his behalf only in the case and to the extent necessary to complete for a given purpose of data processing in accordance with this privacy policy.
• Facebook Ireland Ltd. – The Administrator uses the Facebook social plugins on the Online Shop website (e.g. the Like Button, Share or log in using Facebook login data) and therefore collects and provides personal data of the Customer using the Shop’s website to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland) to the extent and in accordance with the privacy rules available here: https://www.facebook.com/about/privacy/ (this data includes information about activities on the Online Shop website – including information about the device, websites visited, purchases, advertisements displayed and the method of using the services – regardless of whether the Service Recipient has a Facebook account and is logged in to Facebook).

 

Automated decision making (including profiling)

We use tools to send personalised advertisements to you. On the basis of actions you take in the Shop, in particular the choice of the content you view and the time you stay on the Shop subpages, we adjust and display marketing content tailored to you. The profiling allows us to provide marketing messages more tailored to your preferences, which is a benefit to us and to you, as it reduces marketing communications concerning goods and services that are not of interest to you.

 

WHAT RIGHTS DO YOU HAVE WITH REGARD TO OUR PROCESSING OF YOUR PERSONAL DATA?

Pursuant to the GDPR, you have the right to:
• request access to your personal data
• request rectification of your personal data
• request deletion of your personal data
• requests that the processing of your personal data is restricted
• object to the processing of your personal data
• requests transfer of your personal data

If you submit any of the above requests, without undue delay – and in any case within one month from receipt of the request – we will inform you of the actions taken in connection with your request.

If necessary, we can extend the one-month period by another two months due to the complexity of the request or the number of requests.

In any case, we will inform you within one month from receiving your request about any extension and give you the reasons for the delay.

Right of access to personal data (Article 15 of GDPR)

You have the right to be informed whether we are processing your personal data.

If we process your personal data, you have the right to:
• access your personal data,
• obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of these data, planned period of storage of your data or criteria for determining this period, your rights under the GDPR and about the right to lodge a complaint with the President of the Office for Personal Data Protection, about the source of these data, about automated decision making, including profiling, and about the safeguards applied in connection with the transfer of these data outside the European Union;
• receive a copy of your personal data.

If you wish to request access to your personal data, please send your request to: [email protected].

 

Right to correct your personal data (Article 16 of GDPR)

If your personal data are incorrect, you have the right to ask us to correct your personal data immediately. You also have the right to request that we supplement your personal data.
If you wish to request correction or supplementation of your personal data, please send your request to: [email protected].

 

The right to have your personal data deleted, i.e. the so-called “right to be forgotten” (Article 17 GDPR)

You have the right to request that your personal data be deleted when:
• your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• you have withdrawn a specific consent, to the extent that your personal data were processed on the basis of your consent;
• your personal data were processed illegally;
• you have raised objections to the processing of your personal data for the purposes of direct marketing, including profiling, to the extent that the processing of personal data is connected to direct marketing;
• you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by us or a third party.

Despite your request to delete your personal data, we may process your data further for the purpose of determining, pursuing or defending claims, of which you will be informed.
If you wish to request deletion of your personal data, please send your request to: [email protected].

 

Right to submit a request to restrict processing of your personal data (Article 18 of GDPR)

You have the right to request restriction of the processing of your personal data when:
• you are questioning the correctness of your personal data – in this case we will limit the processing of your personal data for a period of time that allows us to check the accuracy of the data;
• the processing of your data is unlawful, and instead of deleting your personal data you request limited processing of your personal data;
• your personal data are no longer needed for the purposes of processing, but is needed to establish, pursue or defend your claims;
• you have objected to the processing of your personal data – until it is determined whether our legitimate interests take precedence over the grounds for objection.

If you wish to request restricted processing of your personal data, please send your request to : [email protected].

Right to submit an objection to the processing of your personal data (Article 21 of GDPR)

You have the right to object to the processing of your personal data, including profiling, at any time, in connection with:
• processing necessary for the performance of a task carried out in the public interest or processing necessary for purposes resulting from legitimate interests pursued by the Controller or a third party;
• processing for direct marketing purposes.
If you wish to submit an objection to the processing of your personal data, please send your request to: [email protected].

Right to request transfer of your personal data (Article 20 of GDPR)

You have the right to receive your personal data from us in a structured, commonly used machine-readable format and to send data to another personal data controller.

As standard, we will provide you with your personal data in CSV format. If you prefer to have your data provided to you in a different format, please indicate your preferred format in your request. As far as possible, we will try to provide your data in your preferred format.

You can also request that we send your personal data directly to another controller (if technically possible).

If you wish to request transfer of your personal data, please send your request to: [email protected].

Can you revoke your consent to personal data processing?

You may revoke your consent to the processing of your personal data at any time.

Withdrawal of consent to personal data processing does not affect the legitimacy of processing carried out by us on the basis of your consent before it was withdrawn.

If you wish to withdraw consent to the processing of your personal data, please send your request to: [email protected].

If you wish to withdraw consent to the processing of your personal data to provide the newsletter service, you can unsubscribe here [link do strony unsuscribe].

Complaint to the supervisory authority

If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or where the alleged infringement was committed.

In Poland, the supervisory authority within the definition of the GDPR is the President of the Office for the Protection of Personal Data, who replaced the GIODO as of 25 May 2018.
You can find more information here.

 

 

Cookies

 

General information

While browsing the web pages of the Online Shop, HTTP cookies are used, hereinafter referred to as cookies, in other words small text data files, saved on your end-device while using the Online Shop. Their use is aimed at facilitating the operation of our Online Shop website.

These files allow us to identify the software you are using and tailor our Online Shop to your needs.

Cookies usually contain the name of the domain from which they come, duration of their storage on the device and values assigned to them.

 

Safety

Cookies we use are safe for your devices. Therefore, no viruses and no unwanted or malicious software can affect your devices via cookies.

 

Types of cookies

We use two types of cookies:

• Session cookies: stored and kept on your device until the web browser is closed. Saved information is then permanently deleted from the memory of your device.
This mechanism does not allow the acquisition of any personal data or confidential information from your device.
• Persistent cookies: stored and kept on your device until deleted. Closing the web browser or switching off the device does not cause them to be removed from your device. This mechanism does not allow the acquisition of any personal data or confidential information from your device.

 

Aims

We also use cookies of external entities for the following purposes:

• Online Shop configuration;
• to compile statistics, which allow us to understand how the users of the Online Shop use the Shop and to improve its structure and content with analytical tools: Google Analytics – through Google Ireland Ltd., registered in Ireland. Google’s privacy policy is available here: https://policies.google.com/privacy?fg=1;
• to profile Customers, and display content tailored to them in advertising networks with online advertising tools: Google Ads – through Google Ireland Ltd., registered in Ireland, Google’s privacy policy is available here: https://policies.google.com/privacy?fg=1;
• to collect information about the User’s behavior using the Facebook Pixel tool – through Meta Platforms Ireland Limited registered in Ireland, Facebook privacy policy is available here: https://www.facebook.com/help/cookies/;

To be familiar with rules for the use of cookies, we recommend that you read the privacy policies of the company mentioned above.

Cookies may be used by advertising networks, especially Google, to display ads tailored to your preferences. For this purpose, information about how you navigate the web or about the time of using the website, may be stored.

To browse and edit information on your preferences, collected by the advertising network of Google, you may use the tool available at this address: https://www.google.com/ads/preferences/.

You may change the cookie settings by yourself at any moment in the options of the web browser or service, to specify conditions for storing such files and granting access to your device via them. You may change these settings to block the automatic handling of cookies in the options of your web browser or to be informed every time they are stored on your device. Detailed information on the options and methods for handling cookies is available in the settings of your software (web browser).

Select currency
PLN Polish złoty
EUR Euro
    Your bag is emptyReturn to Shop
    Verified by MonsterInsights