Privacy Policy

The Privacy Policy describes the rules for processing information about Users of the Online Store, including Personal Data, cookies and other, similar mechanisms.

 

            § 1 Definitions

All capitalized terms not defined below have the meaning given to them in the Online Store Statute.

  1. Policy – this Privacy Policy of the Online Store.
  2. Administrator – entrepreneur running a business under the company Wojtas-Krzanowski Marcin with its registered office in Warsaw at Terespolska 4/375, 03-813 Warszawa, Polska, entered into the register of entrepreneurs of the Central Registration and Information on Economic Activity under the number NIP PL1133001217 and number REGON 383899156. Contact with the Administrator is possible through e-mail: “shop@venrinn.com”.
  3. Personal Data – any information enabling the identification of a natural person by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, including the device IP number, location data, online identifier and information collected via cookies and other similar technology.
  4. RODO – Regulation 2016/679 of the European Parliament and of the Council (EU) of 7th of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ WE.
  5. User – any natural person visiting or using at least one Service or functionality available on the Online Store website.

 

            § 2 Introductory provisions

  1. This Policy is for informational purposes only and thus does not constitute a source of obligations for the Users of the Online Store. The Policy contains primarily the rules regarding the processing of Personal Data by the Administrator, including the basis, purposes and scope of processing Personal Data and the rights of persons whose Personal Data is processed, as well as information on the cookies and similar analytical tools used by the Online Store.
  2. The Administrator takes special care to protect the interests of persons whose Personal Data they process relates to, and in particular is responsible for and ensures that the Personal Data collected is:
    1. processed in accordance with applicable law, in particular in accordance with the GDPR
    2. collected and processed appropriately for the specified purposes and not subject to further processing incompatible with these purposes
    3. stored in a form that allows identification of the Users to whom they relate and no longer than is necessary to achieve the purposes of processing
    4. processed in a way that ensures appropriate security using appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage
  3. Using the Online Store is voluntary, as is providing Personal Data by the User, subject to the following:
    1. basic functionality of the Online Store – the basic functioning of the Online Store website depends on the consent to the transfer of Personal Data in the form of cookies, without which the User would not be able to use the Online Store. These files enable basic functionality of the website, such as selecting the language of the website display or remembering the list of products added to the cart
    2. concluding Agreements – providing Personal Data within the scope indicated in this Policy and in the Online Store Statute is a contractual requirement necessary to conclude a Sales Agreement between the Client and the Seller. The desire to conclude an Agreement obliges the User to provide the indicated Personal Data to the Administrator, and refusal to provide such data will result in the inability to conclude an Agreement
    3. statutory obligations – due to certain statutory obligations arising from generally applicable law (e.g., maintaining tax or accounting records), the Administrator is obligated to process Personal Data. Refusal to provide the User's Personal Data in this respect will prevent the Administrator from fulfilling these obligations
  4. Given the risk of violations of the rights and freedoms of natural persons of varying likelihood and severity, the Administrator ensures that the highest degree of care is exercised when processing and storing Personal Data provided. To this end, the Administrator implements appropriate technical and organizational measures to prevent unauthorized third parties from modifying or obtaining Personal Data. These measures are reviewed and updated as necessary.

 

            § 3 Purposes and legal basis for processing Personal Data

  1. The need to process Personal Data by the Administrator arises each time as a consequence of actions undertaken by the User on the Online Store website and requires the existence of at least one of the grounds indicated in §3.2 of this Policy.
  2. The Administrator may process Personal Data within the framework of the implementation of the indicated purposes, on the basis and for the periods:

Purpose of processing Personal Data

Legal basis

Period of storage of Personal Data

Order Processing, Conclusion of Sales Agreement

Agreement concluded with the Client – Article 6, paragraph 1, letter b) of the GDPR

The period necessary to implement or otherwise terminate the concluded Agreement

User Account Management

Granting consent by the User – Article 6, paragraph 1, letter f) of the GDPR

Until the User withdraws consent (deletes the Account) or the Service is discontinued

Contact with the User, handling inquiries

Ensuring communication with persons sending correspondence – Article 6 paragraph 1, letter f) of the GDPR

During the period of active communication and for the duration of the legitimate interest pursued by the Administrator (the basic limitation period for claims related to conducting business activity under the Civil Code is three years, and for the Sales Agreement two years)

Complaint handling and other after-sales services, withdrawal from the Agreement

Handling complaints and implementing the procedure for withdrawal from the Agreement – Article 6, paragraph 1, letter f) of the GDPR

During the service process or withdrawal from the Agreement, and for the period of existence of a legitimate interest pursued by the Administrator (the basic limitation period for claims related to running a business under the Civil Code is three years, and for the Sales Agreement two years)

Accounting and bookkeeping obligation

Legal obligation to keep accounts – Article 6 paragraph 1, letter c) of the GDPR in connection with Article 74 paragraph 2 of the Accounting Act of 30 January 2018 (Dz.U. of 2018, item 395)

Five years from the beginning of the year following the financial year to which the Personal Data relates

Establishing, pursuing or defending claims raised by or against the Administrator

Prawnie uzasadniony interes Administratora – art. 6 ust. 1 lit. f) RODO
The legitimate interest of the Controller – Article 6, paragraph 1, letter f) of the GDPR

During the existence of a legitimate interest pursued by the Administrator, no longer than the limitation period for claims that may be brought against the Administrator (the basic limitation period for claims is six years)

Mailing list

Granting marketing consent by the User – Article 6, paragraph 1, letter f) of the GDPR

Until the User withdraws consent or discontinues the Service

Basic operation of the Online Store website

The legitimate interest of the Administrator – Article 6, paragraph 1, letter f) of the GDPR

During the existence of a legitimate interest pursued by the Administrator, but no longer than for the period of the legitimate interest pursued by the Administrator (the basic limitation period for claims related to conducting business activity under the Civil Code is three years, and for the Sales Agreement two years)

Statistics and analysis of traffic in the Online Store

The legitimate interest of the Administrator – Article 6, paragraph 1, letter f) of the GDPR

During the existence of a legitimate interest pursued by the Administrator, but no longer than for the period of the legitimate interest pursued by the Administrator (the basic limitation period for claims related to conducting business activity under the Civil Code is three years, and for the Sales Agreement two years)

Marketing

Granting marketing consent by the User – Article 6, paragraph 1, letter f) of the GDPR

Until the User withdraws consent

 

            § 4 Recipients of Personal Data

  1. In order to ensure the proper functioning of the Online Store, including, among other things, the execution of concluded Agreements, it is necessary for the Administrator to transfer certain Personal Data to external partners. The Administrator only uses services offered by entities that guarantee the implementation of appropriate technical and organizational measures, such that the processing meets the requirements of the GDPR and protects the rights of Users to whom the Personal Data pertains.
  2. The Administrator only transfers Personal Data when necessary to achieve a given processing purpose and only to the extent necessary to achieve it. In particular, this means that not all Personal Data is transferred to all partners, even if these partners are related to the processing purposes in certain contexts.
  3. Users' Personal Data may be transferred to the following recipients or groups of recipients:
    1. carriers, couriers – the Administrator makes the Client Personal Data available to the selected carrier or intermediary handling the delivery on behalf of the Seller to the extent necessary to deliver the Goods to the Client
    2. payment processing platforms – the Administrator provides the Client Personal Data to the selected payment processing platform on behalf of the Seller to the extent necessary for the Client to make the payment
    3. providers of technical, IT, or organizational solutions enabling the Administrator to operate the Online Store and provide Services electronically – the Administrator shares User Personal Data with a provider acting on its behalf only in the case and to the extent necessary to achieve a given processing purpose consistent with this Policy. In particular, this relates to the supply of computer software for operating the Online Store, email providers, hosting, and software for company management and technical support
    4. providers of accounting, bookkeeping, legal, and other advisory services enabling the Administrator to conduct business – the Administrator shares Client Personal Data with a provider acting on its or the Seller's behalf only when and to the extent necessary to achieve a given processing purpose. This applies in particular to accounting offices, law firms, and debt collection agencies
  4. Data protection law outside of the European Economic Area (EEA) differs from the level guaranteed by European law. Therefore, the Administrator transfers personal data outside the EEA only when necessary and with an adequate level of protection, primarily through cooperation with entities processing Personal Data in countries for which a relevant European Commission (EC) decision has been issued, the use of appropriate clauses recommended by the EC, and the application of corporate rules approved by the relevant supervisory authority.

 

            § 5 User Rights

  1. Users who provide their Personal Data to the Administrator have the following rights:
    1. access, rectification, restriction, deletion or transfer (including the „right to be forgotten”) – the User to whom the Personal Data relates, pursuant to Articles 15-21 of the GDPR, has the right to request from the Administrator access to their Personal Data, rectification, deletion, restriction of processing and transfer of their Personal Data
    2. withdrawal of consent at any time - the User to whom the Personal Data relates and whose Personal Data are processed by the Administrator on the basis of the consent expressed (Article 6 paragraph 1 letter a) or Article 9 paragraph 2 letter a) of the GDPR), has the right to withdraw the said consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
    3. file a complaint with a supervisory authority – the User whose Personal Data is processed has the right to file a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the Chairman of the Personal Data Protection Office
    4. objection – the User to whom the Personal Data pertains has the right to object at any time to the processing of their Personal Data for reasons relating to their particular situation under Article 6 paragraph 1 letter e) or Article 6 paragraph 1 letter f) of the GDPR. In such a case, the Administrator is no longer permitted to process the Personal Data unless they demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the User to whom the Personal Data pertain, or grounds for establishing, pursuing or defending legal claims
  2. In order to exercise the rights listed in this section of the Policy, please contact the Administrator:
    1. a. in writing, by sending an appropriate message to the following address: "ul. Terespolska 4 / 375, 03-813 Warsaw"
    2. or via e-mail to the address "shop@venrinn.com”

 

            § 6 Cookie files in the Online Store

  1. Cookie files are small information files in text form, sent by the server and saved on the device of the Online Store User.
  2. Most web browsers accept cookies by default. Each user has the ability to view, delete, and set detailed rules for the use of cookies (e.g. by partially or completely restricting their storage). Setting specific rules for cookies or deleting them may negatively impact the User's experience using the Online Store; for example, it may result in the inability to complete the order process. Detailed information on changing cookie settings and managing them is available in the help section of your web browser.
  3. Cookies that may be provided by the Online Store can be divided into the following types according to the criteria:
    1. due to the supplier
      1. own – created by the Online Store website
      2. belonging to third parties – other than the Administrator
    2. due to the storage period
      1. session – stored until leaving the Online Store website or closing the web browser
      2. persistent – stored for the time specified in the parameters of each cookie or until they are manually deleted
    3. due to the purpose of use
      1. necessary – enabling the proper functioning of the Online Store website
      2. functional and preferential – enabling the customization of the Online Store website to the User's preferences
      3. analytical and performance - storing information about how the User interacts with the Online Store website
      4. marketing, advertising and social media – storing information identifying a person as a User of the Online Store in order to display personalized advertisements or conduct other marketing activities, including on websites unrelated to the Online Store website
  4. The Administrator may process Personal Data contained in cookies when the User visits the Online Store website for the following purposes:
    1. identifying Users as logged in to the Online Store
    2. remembering the Goods added to the basket
    3. remembering data from forms, surveys or login details to the Online Store
    4. adapting the Online Store website to the User's individual preferences
    5. optimizing the experience of using the Online Store
    6. research on the behaviour of visitors to the Online Store through anonymous analysis of their activities in order to profile and provide them with advertisements tailored to their expected interests

 

            § 7 Final provisions

  1. This Policy is effective from the moment of its publication on the Online Store website.
  2. The Administrator reserves the right to change this Policy. Any changes to the Policy will be announced on the Online Store's website at least fourteen days before the change is implemented, and may be communicated to existing Users via email in justified cases (to Users with an account in the Store) within the aforementioned deadline.
  3. The Online Store website may contain links to other websites. This Policy applies only to the Online Store operated by the Administrator.
  4. This Policy has been prepared in two language versions: Polish and English. All language versions of the Policy are equivalent, but in the event of any ambiguities or unintended differences between the language versions, the Polish version of the Policy takes precedent.