Facebook Instagram Youtube
Search User
[gtranslate]
Search User

Privacy Policy

§ 1

GENERAL PROVISIONS

  1. The Controller of the personal data collected through the online store www.lawkiorganic.com is Rafał Jacek, operating the online store at www.lawkiorganic.com, with its registered office and service address at: Ławki 41, 14-405 Wilczeta, Poland, e-mail address: shop@lawkiorganic.com, telephone number: +48 552 216 003 (hereinafter referred to as the “Controller” or the “Service Provider”).

    Personal data collected by the Controller via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

    Any words or expressions written in this Privacy Policy with a capital letter shall be understood in accordance with their definitions contained in the Regulations of the Online Store www.lawkiorganic.com.

§ 2

TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

PURPOSE OF PROCESSING AND LEGAL BASIS
The Administrator processes the personal data of the Store’s Service Users at www.lawkiorganic.com in the following cases:

  • Account registration in the Store – for the purpose of creating and managing an individual account, pursuant to Article 6(1)(b) of the GDPR (performance of a contract for the provision of electronic services in accordance with the Store’s Terms and Conditions).

  • Placing an Order in the Store – for the purpose of performing the Sales Agreement, pursuant to Article 6(1)(b) of the GDPR (performance of a sales contract).

  • Newsletter subscription – for the purpose of sending commercial information by electronic means. Personal data is processed after obtaining separate consent, pursuant to Article 6(1)(a) of the GDPR.

  • Using the Review System – to enable the Customer to express their opinion about the Product purchased in the Store and the Sales Agreement concluded with the Seller, pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the entrepreneur).

  • Using the Contact Form – for the purpose of sending a message to the Administrator, pursuant to Article 6(1)(f) of the GDPR (legitimate interest of the entrepreneur).

TYPE OF PERSONAL DATA PROCESSED
The Service User provides the following data in the case of:

  • Account: email address

  • Order: first name and surname, address, Tax Identification Number (NIP), email address, phone number

  • Newsletter: first name and surname, email address

  • Review System: first name and surname, email address

  • Contact Form: first name and surname, email address, phone number

DATA RETENTION PERIOD
The personal data of Service Users is stored by the Administrator:

  • When processing is based on contract performance – for as long as necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims. Unless otherwise provided by specific regulations, the limitation period is six years, and for claims concerning periodic benefits and claims related to business activities – three years.

  • When processing is based on consent – until the consent is withdrawn, and after its withdrawal for a period corresponding to the limitation period for claims that may be raised by or against the Administrator. Unless otherwise provided by specific regulations, the limitation period is six years, and for claims concerning periodic benefits and claims related to business activities – three years.

While using the Store, additional information may be collected, in particular: the IP address assigned to the Service User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.

After giving separate consent pursuant to Article 6(1)(a) of the GDPR, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes – respectively in connection with Article 10(2) of the Act of 18 July 2002 on the Provision of Electronic Services or Article 172(1) of the Act of 16 July 2004 – Telecommunications Law, including marketing carried out as a result of profiling, provided that the Service User has given appropriate consent.

Navigation data may also be collected from Service Users, including information about links and references they choose to click or other activities undertaken in the Store. The legal basis for such activities is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.

Providing personal data by the Service User is voluntary.

The Administrator exercises special care to protect the interests of data subjects and, in particular, ensures that the data collected by them are:

  • processed lawfully,

  • collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,

  • substantively correct and adequate in relation to the purposes for which they are processed, and stored in a form that permits identification of the persons concerned for no longer than is necessary to achieve the purpose of processing.

§ 3

SHARING PERSONAL DATA

Personal data of the Store’s Service Users is transferred to service providers used by the Administrator in operating the Store, in particular to:

  • entities responsible for delivering Products,
  • payment system providers,
  • customer review and survey system providers,
  • the accounting office,
  • the hosting provider,
  • providers of software enabling business operations,
  • entities providing mailing systems,
  • providers of software necessary to operate the online store.

Service providers (referred to in point 1 of this paragraph) to whom personal data is transferred – depending on contractual arrangements and circumstances – either act on the instructions of the Administrator with regard to the purposes and methods of processing such data (data processors) or independently determine the purposes and methods of their processing (data controllers).

The personal data of Service Users is stored exclusively within the territory of the European Economic Area (EEA), subject to § 5 point 5 and § 6 of the Privacy Policy.

§ 4

THE RIGHT TO CONTROL, ACCESS AND CORRECT YOUR OWN DATA

A data subject has the right to access the content of their personal data and the right to rectification, erasure, restriction of processing, data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Legal basis for the Service User’s requests:

  • Right of access – Article 15 of the GDPR
  • Right to rectification – Article 16 of the GDPR
  • Right to erasure (the “right to be forgotten”) – Article 17 of the GDPR
  • Right to restriction of processing – Article 18 of the GDPR
  • Right to data portability – Article 20 of the GDPR
  • Right to object – Article 21 of the GDPR
  • Right to withdraw consent – Article 7(3) of the GDPR

To exercise the rights referred to above, an appropriate email may be sent to: shop@lawkiorganic.com

If a Service User exercises the rights described above, the Administrator shall comply with the request or refuse to comply without undue delay, and no later than within one month of receiving it. However, if—due to the complex nature of the request or the number of requests—the Administrator is unable to comply within one month, the request shall be fulfilled within a further two months. In such a case, the Service User will be informed within one month of receiving the request about the intended extension of the deadline and the reasons for it.

If it is determined that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.

§ 5

COOKIES

The Administrator’s website uses “cookies” files.

The installation of “cookies” is necessary for the proper provision of services on the Store’s website. Cookies contain information essential for the proper functioning of the website and also enable the preparation of general statistics regarding website visits.

Two types of “cookies” are used on the website: “session” and “persistent” cookies.

  • Session cookies are temporary files stored on the Service User’s end device until they log out (leave the website).
  • Persistent cookies are stored on the Service User’s end device for the period specified in the cookie parameters or until they are deleted by the Service User.

The Administrator uses its own cookies to better understand how Service Users interact with the website’s content. These files collect information about how the Service User uses the website, the type of website from which the Service User was redirected, as well as the number of visits and the duration of the Service User’s visit to the website. This information does not record specific personal data of the Service User but is used to compile statistics on website usage.

The Administrator also uses external cookies to collect general and anonymous statistical data through analytical tools such as Google Analytics (external cookie administrator: Google LLC, based in the USA).

Cookies may also be used by advertising networks (in particular the Google network) to display advertisements tailored to the way the Service User uses the Store. For this purpose, they may store information about the Service User’s navigation path or the time spent on a given page.

The Service User has the right to decide on the access of “cookies” to their computer by:

  • selecting the types of cookies to which they consent immediately after entering the Store’s website and when the cookie notification appears,
  • changing the settings in their browser window. Detailed information on the possibilities and methods of handling “cookies” is also available in the software (web browser) settings.

§ 6

ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE STORE

  1. The Store uses so-called social media plugins (“plugins”) of social networking services. When displaying the website www.lawkiorganic.com containing such a plugin, the Service User’s browser establishes a direct connection with the servers of Facebook, Instagram, and YouTube.

  2. The content of the plugin is transmitted directly by the respective service provider to the Service User’s browser and integrated into the website. Through this integration, the service providers receive information that the Service User’s browser has displayed the website www.lawkiorganic.com, even if the Service User does not have a profile with the given provider or is not currently logged in.

    Such information (including the Service User’s IP address) is sent by the browser directly to the server of the respective service provider (some servers are located in the USA) and stored there.

  3. If the Service User logs in to one of the above-mentioned social media services, that service provider will be able to directly associate the visit to www.lawkiorganic.com with the Service User’s profile on the respective social networking platform.
  4. If the Service User uses a given plugin, for example by clicking the “Like” or “Share” button, the relevant information will also be sent directly to the server of the respective service provider and stored there.
  5. The purpose and scope of data collection, as well as the further processing and use of such data by the service providers, including contact details, the Service User’s rights in this regard, and the options available to ensure the protection of the Service User’s privacy, are described in the privacy policies of the respective service providers.
    1. https://www.facebook.com/policy.php
    2. https://help.instagram.com/519522125107875?helpref=page_content
    3. https://policies.google.com/privacy?hl=pl&gl=ZZ.

  6. If the Service User does not want social media services to assign the data collected during visits to www.lawkiorganic.com directly to their profile on a given platform, they must log out of that service before visiting www.lawkiorganic.com.

    The Service User may also completely prevent plugins from loading on the website by using appropriate browser extensions, for example by blocking scripts with tools such as NoScript.

  7. The Administrator uses remarketing tools on the website, namely Google Ads. Their use involves the use of cookies from Google LLC related to the Google Ads service.

    Within the cookie settings management mechanism, the Service User has the option to decide whether the Service Provider may use Google Ads (external cookie administrator: Google LLC, based in the USA) in relation to them.

§ 7

FINAL PROVISIONS

  1. The Administrator applies technical and organizational measures to ensure the protection of processed personal data appropriate to the risks and categories of data subject to protection. In particular, the Administrator safeguards the data against disclosure to unauthorized persons, acquisition by unauthorized individuals, processing in violation of applicable regulations, as well as alteration, loss, damage, or destruction.

  2. The Administrator provides appropriate technical measures to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically.
  3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other applicable provisions of Polish law shall apply accordingly.