Vivena-Natura LLC with its registered office in ul.Wroclawska 68; 59-230 Prochowice; entered into the register of entrepreneurs held by the District Court in Wroclaw-Fabryczna, IX Commercial Department of the National Court Register under KRS number 0000332212, NIP: 691-24-38-746; holding paid-up share capital of PLN 1 500 000 – is your data controller for the purpose of using the Service.
THE INFORMATION HOW WE MIGHT PROCESS YOUR DATA, WHO IS YOUR DATA CONTROLLER AND HOW YOU CAN CONTACT US
If you have any questions related to the processing of your personal data or your rights, contact us via the vivena.pl User Account panel or use the link ‘Contact’ in a footer of the website vivena.pl, – via e-mail to the data protection lead: email@example.com
“WHAT DATA DO WE PROCESS, FOR WHAT PURPOSES AND WHAT ARE THE LEGAL BASES?
CREATING AN ACCOUNT AND USER AUTHENTICATION IN THE SERVICE
The scope of data: personal data given in a registration form to the Service, which is an email address and password. The Lawful basis: the necessity of processing in order to implement the agreement (article 6, paragraph 1(b) of the GDPR).
SENDING A NEWSLETTER
The scope of data: personal data provided in a registration form to the Service, which is an email address. The Lawful basis for processing is the necessity of processing in order to implement the agreement (article 6, paragraph 1(b) of the GDPR).
OTHER PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA:
Service features’ Usage Statistics and ensuring IT systems’ security. The scope of data: we are processing the data relating to your Service activity for the following purposes: page views and time spent on our website and its subpages, data related to your search history, your IP address, location, device ID, and data related to a web browser and operating system.
The Lawful basis: legally justified interests of the Controller (article 6, paragraph 1(f) of the GDPR), which is to facilitate using the electronically supplied services and improve the functionalities of provided services.
Determining, pursuing and enforcement of claims
The scope of data: for this purpose we can use some data from your profile, such as: first name, surname, date of birth, data necessary to use our services, if claims are a result of the way you use our services, other data which are necessary to prove the claim, including the extent of the loss suffered.
The Lawful basis: Justified interest of the Controller (article 6, paragraph 1(f) of GDPR), in order to establish, exercise or defend legal claims in courts and other state authorities.
Complaints and requests handling, answering queries
The scope of data: for this purpose we can use some data from your profile, but also the data necessary to use our services, which are the subject of a complaint or request, data contained in the documents attached to the complaint or request.
The lawful basis: the justified interest of the Controller (article 6, paragraph 1(f) of the GDPR), consisting of improving the functionalities of services provided electronically and fostering good relations with Users and logged out Users, based on reliability and loyalty.
Performing a legal obligation
The scope of data: for this purpose we can use your profile data as well as the data regarding the use of our services.
The lawful basis: obligations under the laws (art. 6 sec. 1 letter c of GDPR) including: provisions of Community law (European Union Law) or Polish law relating to operators providing e-services.
The scope of data: the personal data regarding terminal device and a network terminal address (IP number, device number and other)
The lawful basis: Justified interest of the Controller (article 6, paragraph 1(f) of GDPR) consisting of providing services and the necessity of security against fraud.
Apart from the above, we can process your data for the following purposes: to transfer the data to archive, audits and investigative procedures, implementing business/management control mechanisms, other statistical surveys, historical or scientific research,”
We transfer your data to the following categories of collectors:
INTERNET SERVICE PROVIDERS We transfer your data to the internet service providers. They process your data only on our request. They provide us with cloud hosting services, online sales and marketing systems, email delivery services, Service traffic analysis, marketing campaigns performance analysis. The list of our service providers can be found here (the list is constantly updated.):
- home.pl S.A. ul. Zbożowa 4, 70-653 Szczecin, POLAND, NIP: 852-21-03-252 – cloud hosting services, email delivery services, Service traffic analysis.
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Nr VAT: IE6388047V – online marketing, email delivery serives, Service traffic analysis, marketing campaigns performance analysis.
- DBMS Sp. z o.o. ul. GWIAŹDZISTA 71 /10, 01-651 WARSZAWA, POLAND, NIP: 5272644702 – cookie data, sending email messages, analyzing traffic on the Services.
Location. Our providers are located mainly in Poland and other countries of the European Economic Agreement (EEA), for example, in Ireland. Some of our providers are based outside the EEA area. In consideration of transferring your data outside the EEA area, we ensured that our providers guarantee the high level of personal data protection. The guarantees result particularly from the obligation to adhere to standard contractual clauses adopted by the Commission (EU) or participation in ‘Privacy Shield’ Program established by Commission Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield.
You have the right to request us to forward copies of standard contractual clauses. STATE AUTHORITIES We share your data if requested by authorised state authorities, especially prosecutor offices, Police, the President of the Office of Personal Data Protection, the President of the Office of Competition and Consumer Protection, and the President of the Office of Electronic Communication.
“HOW LONG DO WE STORE YOUR PERSONAL DATA?
We store your data as long as you have an Account in our Service to provide you with the Account service and related functionalities as well as other services in compliance with Terms and Conditions, and also for marketing purposes. After deleting your Account your data will be anonymised except the following information: first name, surname, email address, transaction history and information about given consents (these data will be stored for 90 days for consideration of complaints and claims purposes).”
WHAT ARE YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA PROCESSING?
We ensure the implementation of your rights listed below. You can exercise your rights by reporting your request: via User Account Panel vivena.pl, or via the link in a footage of vivena.pl by contacting our employee responsible for personal data protection – via email: firstname.lastname@example.org
The right to object to your personal data processing
You have the right to raise an objection to your personal data processing, including profiling, at any moment, if we process your data on the grounds of Justified interest of the Controller. For example, if we process your data for marketing purposes of our products and services and also our clients, for keeping statistics of usage of specific Service functionalities and improving user experience, and satisfaction surveys. If your objections are legally justified, and there is no legitimate grounds for processing of your personal data, we will erase the personal data which you objected to process. The lawful basis: Art. 21 GDPR
The right to erase your personal data (‘the right to be forgotten’)
You have the right to demand to delete some or all of your personal data. This demand is treated as a demand to delete your Account.
You have the right to erase your personal data if: you have withdrawn the consent on which processing is based; your personal data is no longer necessary for the purposes for which it has been collected or otherwise processed; you raise an objection against processing your data for direct marketing purposes; you raise an objection against processing your data for keeping service usage statistics and satisfaction surveys, and your objection is legally justified;
Your personal data have been unlawfully processed. Despite the demand to erase personal data, regarding objection or withdrawing a consent, we can store the personal data that are necessary for the establishment, exercise or defence of legal claims. This shall apply, in particular, to the personal data: first name, surname, email address, application history which are stored in purposes of handling complaints and claims in relation to our service usage. The lawful basis: Art. 17 GDPR
The right to restrict personal data processing
You have the right to request that processing of your personal data is restricted. If you make such a request, we will prevent you from using the functionalities and services, which use would involve processing the data relating to your request, until the request is processed. We shall not send you any communications including marketing ones.
You have the right the right to request that processing of your personal data is restricted in following cases: you contest the accuracy of the personal data – we will restrict their processing for a period allowing us to verify the accuracy of your personal data, but no longer than 7 days; the processing is unlawful and instead of the erasure of your personal data you request the restriction of their use; your personal data is no longer necessary for the purposes they were collected or processed, but they are required by you for the establishment, exercise or defence of legal claims; if you have objected to your personal data use – pending the verification whether, in this particular situation, the legitimate grounds of the controller override those of the data subject. The Lawful basis: Art 18 GDPR
The right to access personal data
You have the right to obtain from us the confirmation as to whether or not your personal data are being processed, and, where that is the case: get an access to this data; get an information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the rights based on GDPR and the right to lodge a complaint with a supervisory authority; any available information as to their source, the existence of automated decision-making, including profiling, and the appropriate safeguards when personal data are transferred outside the European Union; receive a copy of your personal data. The lawful basis: Art. 15 GDPR
The right to rectification
You have the right to rectify and complete any inaccurate personal data concerning you. For this purpose you can use the Settings tab (Privacy Settings). With regard to the rest of the data you have the right to request rectification of inaccurate personal data and have incomplete personal data completed. The lawful basis: Art. 16 GDPR
The right to data portability
You have the right to receive your personal data, which you have provided to us, and transmit these data to another data controller of your choice without hindrance, for example, to an operator of similar services. You have the right to request that we transmit your data to another controller directly, if it is technically possible. Your personal data will be sent in a file in a structured, commonly used and machine-readable format which will make it possible to send the received data to another data controller. The lawful basis: Art. 20 GDPR
How long do we need to fulfil your request?
If you make your request for the exercise of the rights listed above, we shall without undue delay fulfil or reject the request, within one month after we have received it. However, if due to the complexity or number of your demands, we won’t be able to fulfil you request within one month, we will fulfil it within the next two months and inform you about it beforehand. Due to techinical reasons, we need 24 hours in order to update your Settings in our systems. It may occur that you get an email from which you unsubscribed during our system updates.
Making complaints, enquiries and requests
You can submit complaints, enquiries and requests regarding your personal data and exercise of your rights. If you think there was a personal data breach, you have the right to make a complaint at any time to the President of the Office of Personal Data Protection.
HOW DO WE ENSURE YOUR DATA IS SAFE?
We make best efforts to ensure your personal data security. We take the security of your data seriously, thus we use encrypted data transmission(SSL) during registration and logging in process. It protects your identifying data and makes it much harder to get the access to your account by unauthorised systems or users. Your data is stored in a cloud hosting as in Personal data outsourcing agreement. A backup copy of your data is made periodically and stored on discs of the servers which are located in our head office.
Access to your data is allowed only to our employees who have been authorised to access it. Other employees don‘t have access to your data.
The website does not gather any information automatically, with the exception of information in cookies. Cookies are IT data, especially text files, which are stored on a user’s terminal device and used to acess our Store’s website. Cookies usually include the name of the website they come from, date of expiry, and a unique number. A subject storing cookies on the user’s terminal device and getting access to them is the operator of our Store.
Cookies are used for the following purposes: to adjust web content to User’s preferences and provide better user experience; especially they allow to recognise Users’ terminal device and retrieve all the information required to show the website adjusted to User’s needs; producing statistics in order to help us understand how our Users use the website, which allowes us to improve their structure and content. We use two types of cookies: ‘session‘ cookies and ‘persistent‘ cookies. ‘Session‘ cookies are temporary files, which are stored on a User’s terminal device until leaving the website or closing the browser. ‘Persistent‘ cookies are stored on the user’s terminal device until it reaches a defined expiration date or are deleted by the User. There are following cookie types on our Website: ‘necessary‘ cookies, which allow you to use our Services, for example, authentication cookies used with the services requiring authentication in our Store; ‘security‘ cookies, for example, used to fraud detection during authentication when using our Store; ‘performance‘ cookies providing us with the information how visitors use our websites; ‘functionality‘ cookies, allowing us to ‘remember‘ user’s choice of settings and personalise user interface, for example, user’s language or location, font size, website layout etc.; ‘advertising’ cookies are used to deliver adverts more relevant to you and your interests. In a lot of cases, web browsing software (internet browser) automatically accepts cookies in the User’s terminal device. Store Users can change their cookie settings anytime. The settings can be changed, especially to block cookies in a browser settings or notify the user when cookies are being sent to Shop User’s device. The details about the cookies handling are available in settings of web browsing software (internet browser). The Store Operator informs, that cookies restriction may influence some functionalities available on our websites. Cookie files are stored in User’s terminal device and can be also used by advertisers and partners cooperating with the Store Operator. More information on cookies can be found on www.wszystkoociasteczkach.pl or in the section ‘Help’ on the browser’s menu.
The document was recently updated on 18th May 2018.