The capitalized terms used below mean:
a. Administrator - Verona Products Professional Sp. z o. o. with its registered office at: Al. Krakowska 2, 02-284 Warsaw, District Court for the Capital City of Warsaw in Warsaw, XXI Commercial Division of the National Court Register, under the number KRS 0000167637, REGON: 01552787900000, NIP: 8371658005, with a share capital of PLN 3,396,000.00;
b. Online Store - an internet platform available at goodsoul.eu allowing for retail sale of Products and providing electronic services offered by the Administrator, via the Internet, handled by the Administrator;
c. Personal data - all information concerning an identified or identifiable natural person within the meaning of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repeal Directive 95/46/EC (General Data Protection Regulation; Official Journal of the EU, Series L No. 119, 4.5.2016, pp. 1-88);
d. Newsletter - A service provided in the Online Store;
e. Account - a set of resources in the Administrator's IT system marked with an individual name (Login) and Password provided by the Client, allowing the Client to take advantage of additional functionalities/services. The Client gains access to the Account using the Login and Password. The Client logs in to the Account after registering in the Online Store. The Account allows saving and storing information concerning the Client's address data for shipping Products, tracking an Order's status, accessing the history of Orders, as well as other services provided by the Administrator;
f. User - any person who in any way uses the website of the Online Store, including as its Client;
g. Client - A User of the goodsoul.eu website who intends to purchase products in the goodsoul.eu store who is a natural person with full legal capacity, and in cases provided for by generally applicable law also a natural person with limited legal capacity residing in Poland or a legal person, an organizational unit without legal personality with its registered office in Poland, granted legal capacity by the law, for which electronic services may be provided or which, on the terms set out in these Regulations, intends to conclude a Sales Contract with the Administrator;
h. Regulations of the online store - Regulations posted on the website at https://goodsoul.eu/gb/page/3-store-regulations;
j. Product Opinion - a personal opinion, comment, or other statement expressed by a Client, containing the Client's subjective opinion concerning a Product;
k. GDPR - Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
2.1. The Administrator of personal data processed as part of the goodsoul.eu Online Store is: Verona Products Professional Sp. z o. o. with its registered office at: Al. Krakowska 2, 02-284 Warsaw, District Court for the Capital City of Warsaw in Warsaw, XXI Commercial Division of the National Court Register, under the number KRS 0000167637, REGON: 01552787900000, NIP: 8371658005, with a share capital of PLN 3,396,000.00.
2.2. In matters related to the protection of Personal Data, you can contact the Data Administrator:
a. in writing at the following address: Verona Products Professional Sp. z o. o. Al. Krakowska 2, 02-284 Warsaw,
b. via e-mail at: [email protected];
c. by phone at: +22 577 52 00
2.3. Contact to the Personal Data Inspector: [email protected]
3. PERSONAL DATA
3.1. Each User of the Online Store browsing the content within the Online Store may share data, both allowing for identification (including personal data) as well as anonymous data. The Data Administrator makes every effort to ensure the confidentiality, integrity, and security of the provided data, as well as protects that data against access by third parties without an explicit legal basis. With regard to the processing of personal data, the Data Administrator applies in particular to the principles set out in the GDPR.
3.2. The Data Administrator will collect Users' data, including their Personal Data, for specific, clearly defined, and legitimate purposes and is not going to treat that data in a manner inconsistent with these purposes. If it is necessary to collect data for a specific purpose, the Data Administrator will inform the person concerned about it, trying to provide the complete information clause concerning data processing in time or - if possible - before collecting the data.
3.3. The Data Administrator undertakes to collect only the data that is adequate, relevant, and not exceeding beyond the purpose for which it is collected.
3.4. Through the Online Store's website, the Administrator may obtain the following data:
a. provided by Users on the basis of the Regulations of the Online Store, provided when the User takes advantage of the functions of the Online Store, data of persons contacting the Administrator using the Administrator's contact details or the contact form available on the website of the Online Store, and in particular data of persons:
i. providing their data by filling in the Newsletter form available online on the Website,
ii. data of persons who have a registered Account in the Online Store;
iii. data of persons placing an Order in the Online Store;
b. third parties previously provided with data by a User at the time when that person places an order at the address of a third party, providing that person's personal data, i.e. name, surname, address, and telephone number, as well as when the Client decides to receive a VAT invoice and provides data of another natural person who runs a sole proprietorship. In the event of obtaining personal data from a person whom that data does not apply to, then in relation to that person the Administrator is obliged to fulfil the obligation under Art. 14 of the GDPR.
d. collected automatically:
i. due to data security and in order to optimize the ease of use of the Online Store, the Data Administrator may also collect data, including information concerning the used web browser, operating system, domain name of the website visited before entering the Online Store website, number of visits and time spent on the Website, as well as the specific subpages visited;
ii. automatically collected data is not related to data from other sources; the Data Administrator undertakes all necessary actions to ensure that the indicated data collected automatically does not identify natural persons, i.e. that the data does not have the nature of personal data; however, the Data Administrator reserves the right to retrospectively verify the data collected automatically and to take all necessary actions within the limits of the law aimed at establishing the source of the data, in justified cases - in particular in the event of signs of illegal use of information or other unlawful activities.
3.5. As part of its activities, the Administrator collects and processes Users' Personal Data based on the following legal grounds:
3.5.1. Art. 6 section 1 letter a) GDPR - the processing of personal data takes place on the basis of consent for the purpose of:
18.104.22.168. sending marketing content;
22.214.171.124. sending a newsletter;
126.96.36.199. receiving additional benefits in the event that the Client who has an Account provides a date of birth;
188.8.131.52. each time specified in the content of the granted consent.
3.5.2. Art. 6 section 1 letter b) GDPR - processing is necessary to perform the contract or take action at the request of the data subject before concluding the contract, which means that the processing of personal data takes place for the purpose of:
184.108.40.206. providing services by electronic means (newsletter, contact form, livechat), communication with the User within the scope specified in the Regulations of the Online Store, as well as in other regulations binding the User, the Client, and the Administrator;
220.127.116.11. handling and implementing complaint procedures;
18.104.22.168. handling and returning Products purchased in the Online Store;
22.214.171.124. implementing an Order, in terms of personal data indicated as mandatory in the order form;
126.96.36.199. carrying out communication using the contact form on the website of the Online Store;
188.8.131.52. performing the obligations imposed on the Administrator related to creating and maintaining an Account;
184.108.40.206. handling inquiries of Clients, Users submitted during the Order submission process;
220.127.116.11. providing services by electronic means, including enabling the Client to express a Product Opinion;
3.5.3. Art. 6 section 1 letter c) GDPR - processing is necessary in order to fulfil the legal obligations incumbent on the Administrator, in particular obligations concerning financial reporting as well as related to investigating or the possibility of pursuing civil law claims or criminal or administrative liability by the Administrator, User, or third parties; as well as in connection with submitting a complaint or withdrawing from a contract and returning an Order;
3.5.4. Art. 6 section 1 letter f) GDPR, which means that the processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, which may include:
18.104.22.168. the need to consider an individual case reported by the User, including answering a query;
22.214.171.124. for the Administrator's analytical and statistical purposes consisting in conducting analyses and statistics of a Client's and User's activity on the website of the Online Store;
126.96.36.199. determining, investigating, and defending against claims, considering submitted complaints regarding services offered by the Data Administrator, processing personal data provided by the Administrator's contractors of natural persons dedicated for performing the contract concluded between the contractor and the Data Administrator.
3.6. The processing of Users' personal data is carried out on a voluntary basis, however, depending on the circumstances, the User's refusal to provide the Administrator with such data or the request to delete the data may prevent the Administrator from performing the service or establishing contact with the User, Client. In the case of Personal Data provided optionally (with consent), there are no consequences related to not providing that data.
3.7. Recipients of Personal Data may be, in particular, entities processing personal data at the request of the Data Administrator, including IT and hosting service providers, entities providing telecommunications services, entities providing accounting and marketing services, entities providing advisory services, including legal, tax, and other services, livechat service providers, mailing system providers, contractors of the Data Administrator, if it is necessary for performing a contract for providing electronic services, entities from the capital group to which the Data Administrator belongs. If such an obligation results from applicable law, the Administrator may also disclose the personal data of a Participant, Client to third parties, especially authorized state authorities. The administrator may also disclose personal data to the public when publishing a given person's Product Opinion.
3.8. Personal data may be processed, respectively, for the duration of a contract for providing electronic services or for the time necessary to consider an individual case, reported by a User via contact details or via the contact form available on the Online Store’s website, as well as later, i.e. for a period of time required by applicable law, including in connection with storing documents necessary for tax purposes or until the claims are time-barred - depending on which period will be longer. With respect to the provisions set out in the previous sentence, personal data may be processed, stored for the period of:
3.8.1. providing services, including creating an Account in the Online Store;
3.8.2. implementing an order placed in the Online Store;
3.8.3. necessary for handling a complaint, as well as for the time necessary for the expiry of rights in this respect;
3.8.4. until the prior consent is withdrawn;
3.8.5. until an effective objection to the processing of personal data is submitted in a situation when the processing takes place on the basis of the Administrator's legitimate interest.
4. ONLINE STORE ACCOUNT AND ONLINE STORE PURCHASES
4.1. The Administrator provides the Users with the Account service in accordance with the Regulations of the Online Store. By creating an Account in the Online Store, the User provides the Administrator with data necessary for implementing a Sales Contracts in the Online Store, such as: name and surname, as well as e-mail address. This data will then be used to implement Sales Contracts for the User concerning Products in the Online Store, deliver them to the User, and carry out settlements by the Parties in this regard, including the issuing and further processing of related documents by the Administrator.
4.2. By creating an Account or at a later date, at the Administrator's request, the User may provide additional data to the Account, especially such as that person's date of birth, in order to obtain additional benefits.
4.3. A User may at any time delete some data from the Account or change that data and approve these changes, with the restriction that deleting any data necessary for implementing a Sales Contract in the Online Store from the Account is tantamount to the User's declaration of deleting the Account.
4.4. The Contract for providing the service of an Account may be terminated by the User at any time upon notice within 14 days by activating the "Delete Account" command made available to the User in the Account and available after logging in to the Account.
4.5. The Administrator allows Clients to carry out purchases in the Online Store without using an Account, as a "guest", provided that a Client provides the Administrator with data necessary for implementing a Sales Contract, such as: name and surname, e-mail address, and delivery address.
5. SPECIAL OFFERS
6.1. The Administrator provides the Users with a Newsletter service in accordance with the Regulations of the Online Store. A User ordering the service provides data to the Administrator by providing the User's e-mail address and giving the consent referred to below.
6.2. In the event that the Administrator launches the Newsletter, the User, who has decided to subscribe to the Newsletter, consents to the Administrator sending commercial information via the Newsletter within the meaning of the Act of 18 July 2002 on the provision of electronic services (i.e. Polish Journal of Laws of 2013, item 1422 as amended), at the e-mail address provided by the User.
6.3. The User may unsubscribe from the Newsletter service at any time by using the deactivation link at the end of each sent message.
6.4 The ordered Newsletter is sent only to the e-mail address provided by a User.
7. PROCESSING OF PERSONAL DATA IN SOCIAL NETWORKS
The Administrator may process the Personal Data of Participants or Clients of the Online Store as well as other persons visiting the Administrator's profiles concerning the Online Store, such as e.g. Instagram, Facebook, and YouTube in connection with handling these profiles. The processing of such Personal Data as part of these profiles takes place in order to promote the Online Store, distribute information concerning special offers, contests organized by the Administrator, and to promote products and services as part of the services provided in the Online Store. The Administrator is authorized, inter alia, to communicate with such persons through these social media profiles. The legal basis for the Administrator processing personal data for this purpose consists in the Administrator's legitimate interest (Art. 6 section 1 letter f, GDPR, which is manifested in promoting the image, brand, and Online Store belonging to the Administrator.
8. RIGHTS AVAILABLE TO DATA SUBJECTS
8.1. In accordance with the principles set out in the law on the protection of personal data and the scope provided for therein, each User has the right to access his or her personal data, the right to rectify/correct, delete or limit processing, the right to object to the processing of personal data, and the right to transfer this data, as well as the right to withdraw consent to the processing of personal data if the basis for processing consists in the consent of the data subject.
8.2. Implementing the rights referred to in point 8.1. above, may take place by submitting an appropriate application to the Administrator.
8.3. A User has the right to lodge a complaint related to the processing of that person's Personal Data by the Data Administrator to the President of the Office for Personal Data Protection (address: ul. Stawki 2, 00-193 Warsaw).
8.4. The behaviour of Users on the website of the Online Store and their purchasing preferences will be profiled in order to adjust the offers of services and products available on the website of the Online Store to the needs of the Users. A User may object to such use of data at any time.
8.5. Users' Personal Data may be transferred to third countries which are not members of the European Union and which do not ensure an adequate level of Personal Data protection. However, such transfer of Personal Data by the Administrator will only take place when the processor undertakes to comply with standard contractual clauses issued by the European Commission.
9. DATA PROTECTION
9.1. The Administrator ensures the safety of Personal Data through proper technical and organizational measures aimed at preventing unlawful data processing as well as accidental loss, destruction, and damage.
9.2. Personal Data transferred from the website to the operator's server has been secured with the SSL encrypted connection.
9.3. Third parties may process Personal Data at the Administrator's request, provided that in a relevant contract they undertake to apply proper security measures, including confidentiality.
10. POLICY CHANGES/FINAL PROVISIONS
11. COOKIE FILES
11.2. The collected information relates to the IP address, type of used web browser, language, type of operating system, supplier of internet services, information concerning the time and date, location, and other information sent to the website via the contact form.
11.3. Cookies identify the user, which allows tailoring the website content to individual needs. By remembering User preferences, they make it possible to tailor advertisements to the User.
11.4. The following cookies are used when using the goodsoul.eu website:
a) Session files that expire after a session ends, the duration and exact expiry parameters of which are determined by the browser you use and our analytical systems.
b) Persistent cookies that are not deleted when the browser window is closed, mainly so that information concerning the User's choices is not lost. Long-term active cookies are used to help us identify a new and returning user of the Websites.
11.5. The collected data is used for monitoring and verifying in what way users browse our website, in order to improve website functioning by ensuring more effective and problem-free navigation. We monitor user information using the following tool:
a. Google Analytics, which is used to perform the analysis and statistics of user behaviour. This tool collects data concerning cookies, needed primarily for statistical purposes, to verify how often individual Websites are visited. We also take advantage of this data to optimize and develop the Websites. Further details on the functioning of Google Analytics can be found at: https://support.google.com/analytics/answer/6004245;
b. Google Ads allowing to measure the effectiveness of advertising campaigns carried out by the Administrator, allowing for an analysis of such data as, for example, keywords or the number of unique users. The Google Adwords platform allows the Administrator's ads to be displayed to people who have visited the Website in the past. Information on data processing by Google in terms of the above mentioned service can be found at: https://policies.google.com/technologies/ads?hl=pl.
c. Facebook Pixel to measure the effectiveness of advertising campaigns carried out by the Administrator on Facebook. The tool allows for advanced data analysis in order to optimize the Administrator's actions also with the use of other tools offered by Facebook. Detailed information on data processing by Facebook can be found at: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content.
d. Google Search Console, which helps us understand how our Website is perceived by Users, monitors changes taking place on it and improves its efficiency. Google Search Console is used for statistical purposes, because it helps us in such activities as: positioning the website in the search engine, monitoring website traffic, monitoring errors in the website's code, as well as monitoring its general operation. Furthermore, Google Search Console optimizes the website in terms of positioning, helps to plan a strategy for promoting key phrases, informs about problems related to the server and malware, as well as registers problems with the website's readability and availability. Following details concerning how Google Search Console works can be found at: https://support.google.com/analytics/answer/1308617?hl=pl#zippy=%2Ctematy-w-tym-artykule
e. HotJar, which monitors and records Users’ behaviour on the Website. This tool records such data as navigation, page scrolling, cursor movement. Information concerning the location, used device, operating system, browser, and cookies are also collected. Hotjar does not collect or store any other data. More information concerning the Hotjar tool can be found at: https://www.hotjar.com/privacy. If you do not want your Website activity to be measured by Hotjar, use the link below: https://www.hotjar.com/opt-out. Remember that if you delete cookies in your browser after using this feature and return to our Websites, Hotjar monitoring will be enabled again.
11.6. Cookie file management instructions are available at http://www.allaboutcookies.org/manage-cookies
11.7. Users can disable cookies in their browser at any time - if they do not want these files to be stored on their computer or other device. Cookies can be disabled permanently or in relation with the current session. However, it should be taken into consideration that disabling cookies in the browser may have an impact on the functioning of the Website, as well as all other visited websites.
11.8. Information concerning deleting saved cookies, as well as changing browser settings in terms of saving cookies can be found at the following addresses:
a) Chrome: https://support.google.com/chrome/answer/95647?hl=pl
b) Firefox: https://support.mozilla.org/pl/kb/usuwanie-ciasteczek-i-danych-stron-firefox?redirectslug=usuwanie-ciasteczek&redirectlocale=pl
c) Internet Explorer: https://support.microsoft.com/pl-pl/help/278835/how-to-delete-cookie-files-in-internet-explorer
d) Opera: https://help.opera.com/pl/latest/web-preferences/#cookies
e) Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
11.9. A User, Client may verify the status of their current privacy settings for the used browser at any time by using the tools available at the following links: