PRIVACY AND COOKIES POLICY

CLARIFICATION OF TERMS AND DEFINITIONS:

• Administrator – SUPERKOBIETY ONLAJNU SP. Z O. O. based in Poznań 61-680 ul. Wiesiołkowa 24, entered into the Register of Entrepreneurs of the National Court Register under the KRS number: 0000898508, REGON: 388819475, NIP: 9721316778.

• Personal Data – information about an identified or identifiable natural person through one or several specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including the device’s IP, location data, internet identifier, and information collected through cookies and other similar technologies.

• Policy – this Privacy Policy.

• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

• User – any entity visiting the website and using it.

• Store – an online store available at www.karolinakizinska.com through which purchases can be made.

• Newsletter – a free electronic service provided by the Administrator to the User by sending electronic letters through which the Administrator informs about news, services, products, and other elements relevant from the Administrator’s perspective.

• User Account or Account – a user account created on the online store platform, allowing access to product purchases.

CONTACT THE PERSONAL DATA ADMINISTRATOR

The administrator of personal data is SUPERKOBIETY ONLAJNU SP. Z O. O. based in Poznań 61-680 ul. Wiesiołkowa 24, entered into the Register of Entrepreneurs of the National Court Register under the KRS number: 0000898508, REGON: 388819475, NIP: 9721316778.

In all matters related to the processing of personal data, you can contact me via:

• e-mail: hello@karolinakizinska.pl;

• traditional mail: SUPERKOBIETY ONLAJNU SP. Z O. O., 61-680 Poznań, ul. Wiesiołkowa 24;

• telephone: +48 577 555 920.

PURPOSES, LEGAL BASIS, PROCESSING PERIOD, OBLIGATION AND VOLUNTARINESS OF PROVIDING DATA

In connection with the operation of the Store, I process the personal data of its Users. Below, I have provided detailed information regarding the purposes, legal basis, processing periods, and the obligation or voluntary nature of data provision.

Purpose of processing	Legal basis for processing	Processing Period Voluntariness/Obligation of Data Provision
Execution of sales contract and orders.	Art. 6(1)(b) GDPR Data processing is necessary for the performance of a contract to which the data subject is party.	The Administrator will process personal data for the time necessary to complete the order and execute the sales contract, and then until the expiration of the limitation period for claims under the concluded contract. Furthermore, after the expiration of this period, data may still be processed for archival and statistical purposes, especially to identify the returning customers. Providing personal data is a condition for the performance and conclusion of the contract; it is voluntary, and the consequence of not providing it will be the inability to execute the sales contract.
Conclusion and execution of the Service Account Agreement.	Art. 6(1)(b) GDPR Data processing is necessary until the limitation period for claims arising from the Service Account Agreement expires.	The Administrator will process personal data until the expiration of claims arising from the Account Service Agreement. Providing personal data is a condition for the conclusion and performance of the Account Service Agreement; it is voluntary, and the consequence of not providing it will be the inability to conclude and perform the aforementioned agreement, including the creation of an Account.
Fulfillment of tax obligations.	Art. 6(1)(b) GDPR Processing is necessary for the fulfillment of a legal obligation imposed on the Administrator, in this case obligations arising from tax law.	The Administrator will process personal data for the period required by legal provisions obliging the Administrator to keep accounting records (5 years, counting from the beginning of the year following the fiscal year to which the data pertains). Providing personal data is voluntary but necessary to fulfill the tax obligations imposed on the Administrator, and the consequence of not providing data will be the inability of the Administrator to fulfill the aforementioned obligations.
Telephone contact regarding the execution of the agreement.	Art. 6(1)(b) GDPR Data processing is neessary throughout the contract term.	The Administrator will process personal data for the duration of the agreement. Providing personal data is voluntary but necessary for contact regarding matters related to the execution of the agreement, and the consequence of not providing data will be the inability to contact for the aforementioned purpose.
Handling complaints and claims related to the agreement.	Art. 6(1)(b) GDPR Processing is necessary for the conclusion and/or execution of the agreement, and based on Art. 6(1)(c) GDPR Obligation arising from legal provisions.	The Administrator will process personal data for the time necessary to carry out the complaint procedure or claims related to the contract. Complaints and claims related to the contract may also be archived to demonstrate the course of the complaint process or contract-related claims in the future. Providing personal data is a condition for processing complaints/claims related to the contract; it is voluntary, and the consequence of not providing it will be the inability to process the complaint and withdraw from the contract.
Use of cookies on the website.	Art. 6(1)(a) GDPR (consent) Processing is necessary for the use of cookies on the website based on the consent given before the full loading of the website.	The Administrator will process personal data until the consent is withdrawn. Providing data is voluntary.
Managing Administrator profiles on Facebook services (including groups), Instagram, and YouTube.	Art. 6(1)(f) GDPR Processing is necessary for the legitimate interests pursued by the Administrator, consisting of promoting its own brand and, if necessary, pursuing claims and defending against claims.	The Administrator will process personal data until an effective objection is raised or the processing goal is achieved. Please be informed that the personal data processed for the described purpose is used solely for the User’s interaction with the Administrator’s profile, and for your other interactions with: Facebook, Instagram, personal data is processed by Meta Platforms Ireland Limited based on its established terms of service and privacy policy; YouTube, personal data is processed by Google LLC based on its established terms of service and privacy policy ; Any questions regarding the use of the above-mentioned services should be directed to these entities directly. Providing data is voluntary but necessary for using Facebook, Instagram, YouTube; failure to provide them will result in the inability to use Administrator’s profiles on these platforms.
Fulfillment of obligations related to personal data protection.	Art. 6(1)(c) GDPR Processing is necessary to fulfill a legal obligation incumbent on the Administrator, in this case, obligations arising from data protection regulations.	The Administrator will process personal data until the expiration of the limitation periods for claims arising from the violation of personal data protection regulations. Providing data is voluntary but necessary for the correct fulfillment by the Administrator of obligations arising from the provisions of the GDPR, and the consequence of not providing them will be the inability to properly exercise rights arising from the GDPR.
Establishment, pursuit, or defense against claims.	Art. 6(1)(f) GDPR Processing is necessary for the purposes of the legitimate interests pursued by the Administrator, in this case, the establishment, pursuit, or defense against claims that may arise in connection with the provision of services or the use of the website.	The Administrator will process personal data for the period of the legitimate interest pursued by the Administrator, but no longer than the statute of limitations for claims that may be raised against the Administrator. Providing data is voluntary but necessary to establish, pursue, and defend against claims, and the consequence of not providing them will be the inability of the Administrator to undertake the aforementioned actions.
Mail handling.	Art. 6(1)(f) GDPR The processing is necessary for the purposes of the legitimate interests pursued by the Administrator, in this case, maintaining contact with individuals and providing responses to inquiries. Subsequently, the correspondence is stored for a period of time for evidential purposes, securing claims, or defending against them, which also constitutes a legitimate interest as referred to in Article 6(1)(f) of the GDPR.	The Administrator will process personal data for the duration of the legally justified interest pursued by the Administrator, but no longer than the statute of limitations for claims that may be raised against the Administrator. Providing data is voluntary but necessary for the determination, pursuit, and defense of claims. The consequence of not providing them will be the inability of the Administrator to undertake the aforementioned actions.
Analysis of User activity on the Website.	Art. 6(1)(f) GDPR Processing is necessary for the realization of the Administrator’s legitimate interest, in this case, obtaining information about the User’s activity on the website.	The Administrator will process personal data until effective objection is raised or the purpose of processing is achieved. Providing data is voluntary but necessary to obtain information about activity on the website; failure to provide them will result in the inability to obtain the aforementioned information.
Conclusion and execution of the Newsletter Delivery Agreement.	Art. 6(1)(b) GDPR Processing is necessary for the performance of the Digital Content Delivery Agreement concluded with the person to whom the data relates, or to take action for its conclusion. Art. 6(1)(f) GDPR Processing is necessary for the purposes of the legitimate interests pursued by the Administrator, in this case, for archival purposes, for the potential defense, establishment, or pursuit of claims related to the agreement.	The Administrator will process personal data for the time necessary to carry out the complaint procedure or claims related to the agreement. Complaints and claims related to the agreement may also be archived for the purpose of documenting the course of the complaint process or claims in the future. Providing personal data is voluntary but necessary to receive the Newsletter, and the consequence of not providing them will be the inability to receive the Newsletter.
Posting User opinions about services.	Art. 6(1)(a) GDPR Processing is necessary for the purpose of posting the User’s opinions about the services of the Administrator based on the voluntary consent of the User.	The Administrator will process personal data until the consent is withdrawn. Providing data is voluntary but necessary to post opinions about the services of the Administrator, and the consequence of not providing them will be the inability to post opinions about the services.
Creating a profile for marketing purposes and directing direct marketing (e.g. ads on the Facebook social networking site) tailored to preferences.	Art. 6(1)(f) GDPR Processing is necessary for the legitimate interests pursued by the Administrator, in this case, conducting marketing activities tailored to the preferences of the recipients.	The Administrator will process personal data until an effective objection is raised or the purpose of processing is achieved. Providing personal data is voluntary but necessary for the realization of the aforementioned purpose, and the consequence of not providing them will be the inability of the Administrator to carry out marketing activities tailored to the preferences of the recipients.

DATA PROCESSING RIGHTS

I kindly inform that Users have the following rights:

• Access to personal data.

• Rectification of personal data.

• Erasure of personal data.

• Restriction of personal data processing.

• Objection to personal data processing.

• to be forgotten, where permitted by other applicable laws,

• to receive a copy of the data,

• to data portability.

These rights are not absolute, and in certain situations, I may legally refuse to fulfill them. However, any such refusal will be based on a thorough analysis and will only occur when necessary.

Regarding the right to object, Users have the right to object at any time to the processing of personal data based on the legitimate interest of the data administrator. It is important to note that, according to regulations, objection may be refused if the administrator demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject or if there are grounds for establishing, pursuing, or defending legal claims.

Users can exercise their rights by sending an email to: hello@karolinakizinska.pl or by postal mail to: ul. Wiesiołkowa 24 61-680 Poznań.

To prevent the violation of rights or freedoms resulting from the breach of the User’s personal data security, please note that I will not fulfill any rights arising from Articles 15-21 of the GDPR during telephone conversations.

Every User has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that the processing carried out by the Administrator violates legal provisions.”

PROFILING

I do not make decisions based solely on automated processing, including profiling, that would have legal effects on the User or similarly significantly affect them.

CATEGORIES OF RECIPIENTS

In connection with my activities, I will disclose User personal data to the following entities:

• state authorities or other entities authorized under the law, if necessary to fulfill legal obligations;

• entities supporting me in my business activities at my request, especially external entities: hosting providers storing data on servers, newsletter service providers, fast payment service providers, a company providing tools for analyzing activity on the Website (Google Analytics), entities providing accounting and IT services, couriers, and other subcontractors who need access to the data.

• other subcontractors who have access to the data, if the scope of their activities requires such access.

I continually conduct risk analysis to ensure that personal data is processed securely, ensuring that only authorized individuals have access to the data and only to the extent necessary for their tasks. I ensure that all operations on personal data are recorded and performed only by authorized collaborators. I take all necessary actions to ensure that my subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

I use external providers such as Google and Facebook, among others:

• Google LLC based in California, USA, and Google Ireland Ltd – entities responsible for analyzing traffic on this website. Data transfer to the USA is based on an agreement containing Standard Contractual Clauses, accepted by the European Commission;

• Meta Platforms, Inc. based in California, USA, and Meta Platforms Ireland Ltd – these entities are responsible for the operation of the Facebook social media platform plugin and the Facebook fan page. They process personal data when the User has an active Facebook account. Data transfer to the USA is based on an agreement containing Standard Contractual Clauses, accepted by the European Commission.

Currently, services offered by Google and Facebook are mainly provided by entities located in the European Union. The purpose and scope of data collection, further processing, and use by service providers are described in the privacy policies indicated below:

• Google LLC: https://policies.google.com/privacy?hl=pl

• Facebook: https://www.facebook.com/privacy/explanation

• Instagram: https://help.instagram.com/519522125107875?helpref=page_content

• YouTube: https://support.google.com/youtube/answer/7671399

• GetResponse: https://www.getresponse.pl/informacje-prawne/polityka-prywatnosci

• Vimeo, Lnc:  https://vimeo.com/features/video-privacy

SOCIAL MEDIA

I have profiles on internet platforms, and my website contains plugins for the following services: Facebook, Instagram, YouTube. Through the plugin, you can directly connect to my profiles on the specified services. Services may then obtain information that the User has visited the site from their IP address. Note that even if the User is not logged in, social media services can obtain information about the IP address. I do not have information from social platforms about data collection and how it is used. For additional information regarding privacy on social media services, please contact them directly and review their privacy policy. If the User does not want the social media service to obtain information about their visits to my site, it is recommended to log out of social media platforms beforehand.

INFORMATION CLAUSE FOR PERSONS VISITING THE FAN PAGE, INCLUDING GROUPS ON FACEBOOK AND INSTAGRAM.

JOINT DATA ADMINISTRATION

In accordance with the case law of the Court of Justice of the European Union, the creator of the fan page on Facebook: https://www.facebook.com/ZarabiajWInternecieNaSwojejWiedzy
groups: https://www.facebook.com/groups/280231959982429
https://www.facebook.com/groups/2271612302974932
and Instagram: https://www.instagram.com/superkobietyonlajnu/ jointly administers personal data with Facebook/Instagram. Therefore, the joint administrators of Users’ personal data is: SUPERKOBIETY ONLAJNU SP. Z O. O. based in Poznań 61-680 ul. Wiesiołkowa 24, entered into the Register of Entrepreneurs of the National Court Register under the KRS number: 0000898508, REGON: 388819475, NIP: 9721316778. Details regarding the processing of personal data by the Facebook service can be found here: https://pl-pl.facebook.com/privacy/explanation

Instagram can be found here: https://help.instagram.com/519522125107875?helpref=page_content.

CONTACT REGARDING DATA PROCESSING

For all matters related to personal data protection, you can contact me at:

• e-mail: hello@karolinakizinska.pl;

• traditional mail: SUPERKOBIETY ONLAJNU SP. Z O. O., 61-680 Poznań, ul. Wiesiołkowa 24;

• telephone: +48 577 555 920,

or directly with the administrator of the Facebook/Instagram service.

WHAT PERSONAL DATA I PROCESS

I process personal data of individuals who:

• have subscribed to the fan page by clicking the “Like” or “Follow” icon;

• have joined groups;

• have posted their comments under any of the posts on the fan page;

• have used the Messenger option to contact me.

I will process the following categories of Users’ personal data:

• basic identification data (name and surname) to the extent published by the User on their own/private profile on the Facebook social media platform;

• other data published by the User on the Facebook/Instagram profile and in groups, including images (profile picture, if embedded);

• other data published by the User during a conversation conducted through the Messenger application;

• anonymous statistical data regarding Users visiting the fan page, collected through cookies, each containing a unique User code that can be associated with data on the connection of Users registered on Facebook, which is downloaded and processed when the fan page is opened.

PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

I will process User personal data for the following purposes:

• managing this fan page on the Facebook/Instagram social media platform and informing about my activities, promoting various events, products, and services, building and maintaining a community associated with me, as well as communicating through the available functionalities of the Facebook/Instagram service (comments, Messenger messages), which is my legitimate interest (legal basis under Art. 6(1)(f) of the GDPR);

• marketing activities; I use the Facebook Leads Ads advertising system, which allows directing ads to specific target groups, which is my legitimate interest (legal basis under Art. 6(1)(f) of the GDPR);

• statistical analysis of the functioning, popularity, and usage of the fan page, which is my legitimate interest (legal basis under Art. 6(1)(f) of the GDPR);

• potential establishment, investigation, or defense against claims, which is my legitimate interest (legal basis under Art. 6(1)(f) of the GDPR);

• taking actions aimed at concluding a contract due to interest in products and services (legal basis under Art. 6(1)(b) of the GDPR).

DURATION OF PERSONAL DATA PROCESSING

The processing period of data is related to the purposes and legal bases for processing them. Accordingly:

• Data processed based on the legitimate interest of the administrator will be processed until effective objection is raised or the interest ceases;

• Data processed for the purpose of pursuing or defending against claims will be processed for a period equal to the limitation period of these claims;

• Personal data collected by Facebook, such as post history and Messenger application activity, is subject to retention according to Facebook’s Terms and Conditions;

• Statistical data regarding visitors to the fan page, available through ‘Facebook Insights,’ will be processed for the duration of their availability on the Facebook service.

RECIPIENTS OF PERSONAL DATA

Regarding the personal data of the User available on the Facebook/Instagram service, I do not provide them to any third parties or transfer them outside the infrastructure of the Facebook/Instagram service.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

I do not transfer User personal data to third countries or international organizations. We do not have control over how Facebook/Instagram handles personal data. Relevant information in this regard should be sought in the privacy policy of Facebook/Instagram.

ADVERTISING ON FACEBOOK

We use the Facebook Ads advertising system. This tool allows us to direct ads to specific target groups. Target group settings allow for advanced ad targeting, but operations in this regard do not involve the processing of personal data. The information we use within the tools offered by the Facebook service does not allow for User identification.

STATISTICS RELATED TO FAN PAGE MANAGEMENT

As part of the tools available to the fan page administrator, I have access to statistical information provided by Facebook regarding User behavior. I analyze this information to optimize my fan page for user experience and the effectiveness of conducted activities. The information is anonymized and processed in a way that does not constitute personal data.

DATA PROCESSING RIGHTS

I inform you about the User’s rights regarding the processing of personal data, including the right to access, correct, delete, limit processing, object to processing, be forgotten, receive a copy of data, data portability, and the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

COOKIE POLICY

WHAT ARE COOKIES

Cookies are small files or other information stored on the User’s device or accessed from the User’s device that helps me collect data about User activity.

BASIS FOR USING COOKIES

I use cookies based on the User’s consent. During the first visit to my website, the User will be asked to consent to the use of non-essential cookies.

COOKIE SETTINGS

A special mechanism for managing cookies has been implemented on the website. The User can give consent to all non-essential cookies by selecting the ‘Accept‘ option or refuse consent – ‘Reject All‘ for non-essential cookies or ‘Change settings‘ to choose consent for specific categories of purposes. If the User does not consent to these cookies, I will not use them. Providing any personal data related to cookies is voluntary, and the User can withdraw consent at any time.

If the User does not consent to these cookie files, I will not use them. Therefore, providing any personal data related to the cookie file is voluntary, and the User can withdraw their consent at any time.

Depending on the type of cookie file, the User can withdraw the consent previously given for cookie files in one of two ways:

• By changing the settings of the internet browser. Most internet browsers are set by default to accept all cookie files. However, the User has the option to configure the browser settings so that information about cookie files is displayed before they are saved, or cookie files are categorically rejected. Detailed information about various available settings for cookie files and related changes in the most popular internet browsers can be found by clicking the appropriate link below:

1. • Google Chrome: https://support.google.com/accounts/answer/61416?hl=en

1. • Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

1. • Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

1. • Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

1. • Opera: http://www.opera.com/help/tutorials/security/privacy/

1. • Safari: https://support.apple.com/kb/PH19214?locale=cs_CZ&viewlocale=en_US

It should be noted that any changes to the settings of the Internet browser will apply only to that specific Internet browser for which they were changed. In the case of using more than one internet browser on a given device, the settings must be changed separately for each browser and each device.

Additional information about cookie files may be available within the ‘help’ function of the browser or operating system, or in the device’s user manual.

• By using the cookie tool provided by me on this website, the User can access the cookie tools at any time and can repeatedly change cookie settings.

COOKIE STORAGE TIME

I may place both persistent and temporary files on the User’s device. Temporary files are usually deleted upon closing the browser, while closing the browser does not remove persistent files.

TYPES OF COOKIES USED ON THE SITE

I use four types of cookies on the website: essential, functional, analytical, and advertising. Only the last three categories require the User’s consent. Essential cookies do not require User consent because they ensure the continuous display of website content.

TRACKING TECHNOLOGIES ON THE WEBSITE

My website uses tracking technologies in the form of social plugins, such as Facebook, Instagram, YouTube, Vimeo, as well as analytical and marketing tools. I use services such as:

Google Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services assist the Administrator in compiling statistics and analyzing traffic on the website. The collected data is processed within the scope of the aforementioned services to generate statistics helpful in administering the website and analyzing traffic. It is possible for an individual to easily block the sharing of information about their activity on the website with Google Analytics. To achieve this, one can, for example, install a browser add-on provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=pl. Cookies used by Google Analytics remain on the User’s end device for a period of up to 2 years.

Facebook Pixel provided by Facebook Ireland Limited. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). These services enable the Administrator to anonymously analyze the actions of visitors to the website in order to create their profile and deliver advertisements tailored to their anticipated interests, even when they visit other websites. The operation of the Facebook Pixel can be managed through ad settings in the user’s account on the Facebook portal: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. Cookies used by the Facebook Pixel remain on the User’s end device for a period of up to 3 months.

More information about the cookies used by social media tools supporting my website can be found by clicking on the links provided below:

• Facebook: https://www.facebook.com/privacy/policies/cookies/?entry_point=cookie_policy_redir
  ect&entry=0

• Instagram: https://privacycenter.instagram.com/policies/cookies/

• YouTube: https://policies.google.com/technologies/cookies?hl=pl

• Vimeo: https://vimeo.com/cookie_policy

SERVER LOGS

Using the website involves sending queries to the server on which the website is located.

Each query directed to the server is recorded in server logs, including IP address, server date and time, information about the web browser, and operating system used.

Server log data is not associated with specific individuals using the service and is used as auxiliary material for administrative purposes.

Server logs are used for website administration, and their content is not disclosed to anyone except individuals and entities authorized to administer the server.

CHANGES TO THE PRIVACY POLICY

The Policy is regularly reviewed and updated as needed. The current version of the Policy is effective from January 1, 2023.