Login

Cart

Your cart is empty

Privacy Policy

1.What is a privacy policy?
This Privacy Policy of the online store vandanovak.com ("Privacy Policy" and "Policy") is for information purposes only, which means that it is not a source of obligations for the Customers of the online store. This document is intended to fulfill the information obligation imposed on entities processing personal data by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of data, and repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR").
The information contained in this Privacy Policy is of a general nature, while detailed information regarding the processing of specific personal data is provided each time it is obtained in the content of the information clause placed on the websites during the performance of activities related to making purchases. In this Policy, we try not to use terms whose meaning differs from their meaning adopted in everyday language. In case of doubt, it should be assumed that the terms defined in our Regulations of the online store are used in this Privacy Policy with the same meaning.

2. Data administrator
The controller of personal data is the company under the name of Vanda Novak spółka z ograniczoną odpowiedzialnością, entered into the register of entrepreneurs of the national court register under the KRS number 0000712700, NIP: 6751632399, REGON: 369217883 with its registered office in Kraków (31-511), ul. Rakowicka 11, with the share capital of PLN 10,950. The Client's personal data are processed in accordance with the GDPR and other currently applicable provisions of the law on the protection of personal data, including in particular the Act of 10 May 2018 on the protection of personal data, Journal of Laws 2018, item 1000.

3. Contact with the data administrator
Contact with the personal data controller is possible: at the e-mail address shop@vandanovak.com and by traditional mail to the following address: Vanda Novak sp. zoo, ul. Rakowicka 11, 31-511 Kraków

4. Purposes and legal basis of data processing
The Administrator processes data for the following purposes, on the legal bases indicated below under the GDPR:
a) conclusion and performance of the contract for the provision of the service of creating and maintaining the Customer's online account - the data is processed in particular to enable the Customer to make purchases without having to fill in forms with data every time, as well as to access the purchase history, manage the data provided, manage the consents granted, enable the use of other services available on the website - art. 6 sec. 1 letter b of the GDPR,
b) conclusion and performance of the sales contract for the offered products - data are processed in order to enable the Administrator to fulfil the Customer's order and perform the concluded contract - in particular, confirmation of its submission, reservation or sending of the selected product to the Customer, execution of payments, including the receipt and consideration of complaints, claims under warranty or guarantee - art. 6 sec. 1 letter b of the GDPR,
c) implementation of obligations arising from legal provisions – data are processed when the law in force in Poland so provides, in particular for the purpose of implementing tax law obligations, accounting law – Article 6, paragraph 1, letter c of the GDPR,
d) pursuing claims and defending against claims – data are processed in order to enable the store to pursue claims arising from contracts concluded in connection with the store’s operations, as well as to defend against claims of Customers or third parties, including the disposal of overdue receivables against Customers – Article 6, paragraph 1, letter f of the GDPR,
e) ensuring proper and safe use of the online store - data is collected in order to ensure efficient and safe operation of the website, including for the purpose of disclosing and prosecuting abuses, unlawful acts or crimes committed by Customers or third parties, as well as for the purpose of making the necessary analyses and comparisons in this respect, provided that the law imposes such obligations on the Administrator - Article 6 paragraph 1 letter c of the GDPR,
f) marketing activities – data are processed for the purpose of presenting commercial information (offers, advertisements, or promotions (discounts) regarding the products or services of the administrator or its individual partners or intended for all recipients, in particular for the purpose of implementing the newsletter provision agreement; and also to enable promotional campaigns, including competitions and to ensure the possibility of selecting competition winners and realizing prizes – art. 6 sec. 1 let. a GDPR.

5. Profiling
For the purpose of presenting advertisements, offers or promotions (discounts) intended for all Customers, in a manner tailored to the interests of a given Customer, the Administrator may familiarize themselves with their preferences, e.g. by analyzing such data as the frequency of visits to the online store, the type of products/services used by the Customer, the value of purchases made, the frequency of visits to the stationary store, place of residence and delivery of products, selected method of payment/delivery, etc. Such action by the administrator allows for a better understanding of the Customer's expectations and adaptation to their needs. The above actions of the administrator are performed with the help of technologies enabling automated processing of the Customer's data. Importantly, profiling does not produce legal effects towards the Customer and does not affect the Customer in any other significant way.
Obtaining data in this way allows decisions to be made regarding:
a) the type of products presented by the Customer and offered to him first on the websites,
b) the content of advertisements or offers presented or sent to the Customer,
c) offering the Customer special discounts or benefits related to the purchase of specific products,
d) proposing the Client to participate in a marketing or promotional campaign. Decisions in the above-mentioned matters may be made either by persons acting under the authority of the administrator, or automatically, using the technology contained in the software used by the administrator. The decisions made do not have legal effects on the Client and do not deprive him or her of or limit his or her access to all products and services offered by the online store.
The above actions may, however, result in offering the Customer special solutions, e.g. a favourable, temporary offer addressed only to an individually selected Customer, created on the basis of their purchase history and behaviour on the website, to which other Customers will not have access. In this context, profiling may affect the Customer's behaviour, and in some cases the impact of profiling may be defined as significant. Therefore, the administrator considers that profiling requires the Customer's consent in each case. Failure to provide consent will result in the impossibility of sending the Customer offers, advertisements, invitations to participate in promotional or marketing campaigns formulated in accordance with the Customer's preferences. The Customer who has given consent to profiling, and in relation to whom the decision specified above has been made, has the right to obtain human intervention on the part of the administrator, to express their own position and to challenge this decision, and above all, has the right to withdraw consent to sending such content.


6. Types of data processed
The Administrator may process in particular the following personal data of Customers using the online store:
a) personal data provided in the form when registering an account or placing orders in the online store without creating an account, or in order to use the newsletter or to participate in marketing campaigns or provided during a conversation with a representative of the administrator for any other purpose, i.e.: first name and last name; e-mail address; contact telephone number; delivery address [street, house number, apartment number, postal code, town, country], address of residence/business/registered office [if different from the delivery address], bank account number, payment card number, and in the case of Customers who are not consumers, additionally the company name and tax identification number [NIP]) and other data collected during the use of the online store, such as the type of product ordered, shoe size;
b) data obtained based on the Customer's activity on the Internet or in stationary stores belonging to the administrator, including data obtained via the online store or other channels of communication with the Customer, using cookie and similar technologies, such as the time of the Customer's activity in the online store, IP address, Customer's order history, type of end device used by the Customer.

7. Voluntary provision of data
Providing personal data by the Customer in the online store is voluntary. However, it should be noted that providing certain personal data may be necessary to use individual functions of the store. Failure to provide personal data may prevent, in particular, the proper performance of the contract for the provision of the service of maintaining an online account, the contract for the sale of products, the contract for the provision of newsletter services, as well as the performance of marketing and promotional activities. Therefore, the scope of data required to conclude the appropriate contract is indicated each time on the online store's pages (data that is necessary to conclude the contract/use a specific functionality is clearly marked). The consequence of not providing personal data may be the inability to effectively perform the activities that the Customer intends to use.


8. Data recipients
External entities to which the Client’s personal data may be transferred belong to the following categories:
a) Entities assisting in running the online store (accounting, IT specialists operating the system, entities providing hosting services, legal advisors, debt collectors) – in order to perform their duties;
b) Entities performing services related to the store’s operations (organizing marketing campaigns, promotions, operating the hotline, providing support in handling correspondence with Customers) in order to perform their duties;
c) Entities performing delivery (deliveries, couriers, postal companies, carriers) – in order to deliver the ordered products;
d) Public administration entities, courts and judicial authorities for the purpose of performing statutory obligations and pursuing claims;
e) Entities operating the payment system (Przelewy24, Stripe, PayPal, organizations operating cashless payments and payments using payment cards, banks) – for the purpose of processing payments.
All entities listed above process Client data on the basis of concluded personal data processing agreements and guarantee an adequate level of personal data protection.

9. Transfer of data to third countries (outside the EEA)
The Administrator may transfer personal data to third countries, i.e. countries outside the European Economic Area. Your data may only be transferred to third countries or entities for which a decision of the European Commission has been found to have an adequate level of data protection. The list of countries for which the European Commission has issued a decision confirming that a third country ensures an adequate level of protection is available at this link.
With respect to the transfer of personal data to the United States, on July 10, 2023, the European Commission issued a decision on July 10, 2023, establishing an adequate level of protection for personal data provided by the so-called "EU-US Data Privacy Framework". The list of Data Protection Frameworks can be found at this link.
In the absence of a decision of the European Commission stating the adequate level of protection referred to in Article 45 paragraph 3 of the GDPR, your personal data may be transferred to a third country only on the basis of: binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the Polish supervisory authority and approved by the Commission, an approved code of conduct or an approved certification mechanism (Article 46 of the GDPR).

10. Data storage period
The period for which the data is stored depends on the purpose for which the data was collected, as indicated below.
a) Data collected for the purpose of concluding and implementing a contract for the provision of a service for creating and maintaining a Customer's online account - for the duration of the contract and then for the maximum period for pursuing any civil claims arising from this contract, until their implementation, expiration or limitation;
b) Data collected for the purpose of concluding and implementing a product sales contract – for the duration of the contract and then for the maximum period for pursuing any civil claims arising from this contract, until their implementation, expiry or limitation period;
c) Data collected for the purpose of pursuing claims and defending against claims – for the maximum period of pursuing possible civil claims related to the conclusion and performance of the contract;
Fulfillment of obligations arising from legal provisions – for the period required by law, including in particular tax law and accounting law;
d) Data collected for the purpose of performing direct marketing activities not performed by electronic means – for the duration of the contract concluded with the Client;
e) Data collected for the purpose of performing other marketing activities – for the period until the customer withdraws their consent;
f) Profiling – for the period until the Client withdraws his consent.

11. Customer rights
Every Client has the right at any time to:
a) To be informed about the processing of personal data;
b) Access to personal data (including, among others, receiving information about which personal data are being processed);
c) Request the rectification and restriction of processing (e.g. if the personal data is incorrect) or deletion of personal data;
d) Withdraw any consent given to the controller at any time, provided that the withdrawal of consent does not affect the processing carried out by the controller in accordance with the law before its withdrawal;
e) Data transfer;
f) Object to the processing of personal data concerning him/her carried out for the purpose of pursuing the legitimate interests of the administrator or a third party, in particular processing for marketing purposes, including profiling (if there are no other important legitimate grounds for processing that override the interests of the Client);
g) File a complaint with the supervisory authority (i.e. the President of the Personal Data Protection Office, address: ul. Stawki 2, 00-193 Warsaw (www.uodo.gov.pl).


COOKIE POLICY
1. The Administrator warns that the website uses "cookies" files, which are installed on the Client's end device. These are computer data, usually small text files, which can be read both by the administrator's system and by the systems of other entities whose services are used by the administrator (for example Meta Platforms Ireland Ltd or Google LLC).

2. Cookies enable:
a) Adapting the store's websites to the needs of customers,
b) Maintaining the Client's session (after logging in), thanks to which the Client does not have to log in at every
c) log in again on the next page or subpage of the store,
d) Profiling to personalize marketing messages,
e) Ensuring the security and reliability of the online store.

3. For the purposes specified above, using cookies, from the moment the Customer connects to the online store, the administrator processes data regarding the number (including IP) and type of the Customer's end device, as well as the time of the Customer's connection to the store and other operational data regarding the Customer's activity on the websites.

4. The Administrator uses the following tools that use cookies:
- Google Analytics - tracking website traffic,
- Google Tag Manager - extended tracking of user activity on the site,
- Facebook - user activity research for promotional purposes via the Facebook platform (Meta Platforms Ireland Ltd.),
- Klaviyo - tracking user activity for the purposes of the newsletter sending system,
- WPML - page language settings,
- Instagram – social plugin, user activity research for promotional purposes via the Instagram platform (Meta Platforms Ireland Ltd.)

5. The Customer may independently and at any time change the settings for cookies, specifying the conditions for their storage and access by cookies to the Customer's device. The Customer may change the settings referred to in the previous sentence using the web browser settings or by configuring the service. These settings may be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform each time cookies are placed on the Customer's device. Detailed information on the possibilities and methods of handling cookies is available in the Customer's software (web browser) settings. The Customer may delete cookies at any time using the available functions in the web browser they use, but it should be remembered that limiting the use of cookies may affect some functionalities available in the online store.

+48 502 177 712

shop@vandanovak.com

SSL Secure Payments

Fast delivery

Courier shipping worldwide