Skip to content

Cart

Your cart is empty

PRIVACY POLICY

1. What is the privacy policy
This Privacy Policy of the online store vandanovak.com ("Privacy Policy", "Policy") is informational in nature, which means that it is not a source of obligations for customers of the online store. This document is intended to fulfill the information obligation imposed on personal data processors by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR").
The information contained in this Privacy Policy is of a general nature, while detailed information regarding the processing of specific personal data is provided each time it is obtained in the content of the information clause placed on the websites when performing shopping activities. In this Policy, we try not to use terms whose meaning differs from their accepted meaning in everyday language. In case of doubt, it should be considered that the terms defined in our Terms and Conditions of the online store are used in this Privacy Policy with the same meaning.

2. Data controller
The Controller of the personal data is a company under the name of Vanda Novak spółka z ograniczoną odpowiedzialnością, registered in the Register of Entrepreneurs of the National Court Register under the KRS number 0000712700, NIP: 6751632399, REGON: 369217883 with its registered office in Kraków (31-511), 11 Rakowicka Street, with the share capital of PLN 10,950. The Customer's personal data is processed in accordance with the GDPR and other currently applicable data protection laws, including in particular the Act of May 10, 2018 on the Protection of Personal Data.

3. Contacting the data controller
Contact with data controller is possible: via the email address shop@vandanovak.com, by phone at +48 518 263 621 and by post office to: Vanda Novak sp. z. o. o.. Rakowicka 11 St., 31-511 Krakow

4. Purposes and legal basis of data processing
The Controller processes data for the following purposes, on the following legal grounds under the GDPR:
I. conclusion and execution of a contract for the provision of services for the creation and maintenance of a customer's online account - data is processed in particular to enable the customer to make purchases without having to fill out data forms each time, as well as to access the history of purchases, manage the data provided, manage the consents granted, enable the use of other services available on the website - Article 6(1)(b) of GDPR,
II. conclusion and execution of the sale contract of the offered products - the data is processed in order to enable the Controller to execute the Customer's order and to execute the concluded contract - in particular to confirm its placement, to reserve or send to the customer the selected product, to execute the payment, including on the reception and processing of complaints, warranty or guarantee claims - Article 6(1)(b) GDPR,
III. fulfillment of obligations under the law – the data is processed in the event that the law in force in Poland stipulates so, in particular in order to fulfill obligations under tax law, accounting law - Article 6(1)(c) GDPR,
IV. asserting and defending against claims - data is processed to enable the seller to assert claims arising from contracts entered into in connection with the store's operations, as well as to defend against claims by customers or third parties, including the disposal of overdue claims against customers - Article 6(1)(f) GDPR,
V. ensuring the proper and safe use of the online store - data is collected to ensure the smooth and safe operation of the website, including for the purpose of uncovering and prosecuting fraud, torts or crimes committed by customers or third parties, as well as for the purpose of making the necessary analyses and comparisons in this regard, insofar as the law imposes such obligations on the Controller - Article 6(1)(c) GDPR,
VI. marketing activities - data is processed for the purpose of presenting commercial information (offers, advertisements, or discounts concerning the products or services of the Controller or its individual partners or intended for all recipients, in particular for the purpose of fulfilling the newsletter contract; and also for the purpose of enabling promotional activities, including contests and to ensure that contest winners can be selected and prizes can be realized - Article 6(1)(a) of the GDPR.

5. Profiling
The Controller, for the purpose of presenting advertisements, offers or discounts intended for all Customers, in a manner tailored to the interests of a given Customer, may learn about the Customer's preferences, e.g. by analyzing such data as the frequency of visits to the online store, the type of products/services used by the customer, the value of purchases made, the frequency of visits to the stationary store, the place of residence and delivery of products, the chosen method of payment/delivery, etc. This action of the Controller allows to better understand the customer's expectations and adapt to his needs. The above actions of the Controller are carried out with the help of technologies that enable automated processing of customer data. Importantly, profiling does not have legal effects on the customer or in any other significant way affect the customer.
Obtaining data in this way makes it possible to decide on:
a) the type of products presented to the customer offered to him or her first on the websites,
b) the content of advertisements or offers presented or sent to the customer,
c) offering the customer special discounts or benefits related to the purchase of certain products,
d) offering a participation in a marketing or promotional action to the Customer.
Decisions on the above-mentioned matters may be made either by persons acting under the authority of the Controller, or automatically, using technology contained in the software used by the Controller. Decisions made do not have legal effects on the customer and do not deprive him or limit his accessibility to any products and services offered by the online store. However, the result of the above actions may be to offer special solutions to the customer, e.g. a favorable, temporary offer addressed exclusively to an individually selected customer created on the basis of the customer's purchase history and behavior on the website, to which other customers will not have access.
In this context, profiling may affect customer behavior, and in some cases the impact of profiling may be determined to be material. Therefore, the Controller recognizes that profiling requires the customer's consent in each case. Failure to provide consent will result in the inability to target the customer with offers, advertisements, invitations to participate in promotional or marketing actions formulated according to the customer's preferences. A customer who has given consent to profiling, and in relation to whom the decision specified above has been made, has the right to obtain human intervention from the Controller, to express his or her own position and to challenge the decision, and above all has the right to withdraw consent to sending such content.

6. Types of personal data processed
In particular, the Controller may process the following personal data of customers using the online store:
a) personal data provided in the form when registering an account or placing orders in the online store without creating an account, or to use the newsletter or to participate in marketing campaigns, or provided in the course of a conversation with a representative of the Controller for any other purpose, namely: name and surname; e-mail address; contact telephone number; delivery address [street, house number, apartment number, postal code, city, country], residence/business/site address [if different from delivery address], bank account number, payment card number, and in the case of non-consumer customers, additionally company name and tax identification number) and other data collected in the course of using the online store, such as the type of product ordered, shoe size;
b) data obtained based on the customer's activity on the Internet or in stationary stores belonging to the Controller, including those obtained through the online store or other channels of communication with the customer, using cookies and similar technologies, such as the duration of the customer's activity in the online store, IP address, the customer's order history, the type of terminal equipment used by the customer.

7. Freedom of providing personal data
The provision of personal data by the customer in the online store is voluntary. However, it should be borne in mind that the provision of certain personal data may, however, be necessary to use particular functions of the store. Failure to provide personal data may prevent, in particular, the proper execution of a contract for the provision of online account services, a contract for the sale of products, a contract for the provision of newsletter services, as well as the execution of marketing and promotional activities. Therefore, the scope of data required to conclude the relevant contract is indicated each time on the pages of the online store (the data required to conclude a contract/use a specific functionality is clearly marked). The consequence of failure to provide personal data may be the inability to effectively perform the activities that the customer intends to use.

8. Data recipients
External entities to which the Customer's personal data may be transferred fall into the following categories:
a) entities assisting in the operation of the online store (accounting, IT specialists operating the system, entities providing hosting services, legal advisors, debt collectors) - in order to perform their duties;
b) entities performing services related to the operation of the store (organizing marketing actions, promotions, operating the hotline, providing support in handling correspondence with customers) in order to perform their duties;
c) entities performing delivery (suppliers, couriers, postal companies, carriers) - in order to deliver the ordered products;
d) entities of public administration, courts and judicial authorities in order to perform their statutory duties and to assert claims;
e) payment system operators (Przelewy 24, Stripe, PayPal, cashless and card payment organizations, banks) - to process payments.
All of the entities listed above process the Customer's data on the basis of the concluded data processing agreements and guarantee an adequate level of personal data protection.

9. Transfer of data to the countries outside the EEA
The Controller may transfer personal data to third countries, i.e., countries outside the European Economic Area. Your data may be transferred only to third countries or entities for which an adequate level of data protection has been established by a decision of the European Commission. The list of countries as to which the European Commission has issued a decision confirming that the third country provides an adequate degree of protection can be found here.
In scope of the transfer of personal data to the United States, on July 10, 2023, the European Commission issued a decision on July 10, 2023, finding an adequate level of protection for personal data provided by the so-called "EU-US Data Privacy Framework." The list of the Data Privacy Framework can be found here.
In the absence of a decision by the European Commission finding an adequate level of protection as defined in Article 45(3) of the GDPR, your personal data may be transferred to a third country only on the basis of: binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the Polish supervisory authority and approved by the Commission, an approved code of conduct or an approved certification mechanism (Article 46 of the GDPR).

10. Data retention period
The data storage period depends on the purpose for which the data was collected, according to the information indicated below.
a) Data collected for the purpose of concluding and implementing a contract for the provision of services for the creation and maintenance of a customer's online account - for the duration of the contract and thereafter for the maximum period for the assertion of any civil claims arising from this contract, until their execution, expiration or statute of limitations;
b) Data collected for the purpose of concluding and executing a contract for the sale of products - for the duration of the contract and thereafter for the maximum period for the assertion of any civil claims arising from this contract, until their execution, expiration or statute of limitations;
c) Data collected for the purpose of asserting claims and defending against claims - for the maximum period of assertion of any civil claims arising from the conclusion and performance of the contract;
d) Performance of legal obligations - for the period required by law, including in particular tax law and accounting law;
e) Data collected for the purpose of performing direct marketing activities not carried out by electronic means - for the duration of the contract concluded with the customer;
f) Data collected for the purpose of performing other marketing activities - for the period until the customer's consent is withdrawn;
g) Profiling - for the period until the customer's consent is withdrawn.

11. Customer's rights
1. Each customer has the right at any time to:
a) To be informed about the processing of personal data;
b) To access personal data (including, but not limited to, receiving information on which personal data are processed);
c) To request rectification and restriction of processing (e.g., if personal data is incorrect) or deletion of personal data;
d) Revoke any consent given to the Controller at any time, whereby revocation of consent does not affect processing carried out by the Controller in accordance with the law prior to its revocation;
e) Transfer of data;
f) Object to the processing of personal data concerning him/her carried out for the purpose of pursuing the legitimate interests of the controller or a third party, including, in particular, to processing for marketing purposes, including profiling (if there are no other valid legitimate grounds for processing overriding the interests of the customer);
g) File a complaint to a supervisory authority (i.e. President of the Personal Data Protection Office, address: Stawki 2, 00-193 Warsaw, Poland (www.uodo.gov.pl).

COOKIES POLICY
1. The Controller informs that the website uses "cookies" (cookies), which are installed on the customer’s terminal equipment. These are computer data, usually small text files, which can be read both by the Controller’s system and by the systems of other entities whose services are used by the Controller (for example, Meta Platforms Ireland Ltd or Google LLC).
2. Cookies enable:
a) Adaptation of the online store's web pages to the needs of customers,
b) Maintaining the customer's session (after logging in), thanks to which the customer does not have to log in again on each subsequent page or subpage of the store,
c) Profiling to personalize marketing messages,
d) Ensuring the security and reliability of the online store.
3. For the purposes specified above, by means of cookies, from the moment the customer connects to the online store, the Controller processes data concerning the number (including IP) and type of the customer's terminal equipment, as well as the time of the customer's connection to the store and other exploitation data concerning the customer's activity on the websites.
4. The Controller uses the following tools that use cookies:
• Google Analytics - tracking website traffic,
• Google Tag Manager - extended tracking of user activity on the site,
• Facebook - analyzing user activity for promotional activities by the Facebook platform (Meta Platforms Ireland Ltd.),
• Klavio - tracking user activity for newsletter sending system,
• WPML - site language settings,
• Instagram - social plug-in, user activity tracking for promotional activities by Instagram platform (Meta Platforms Ireland Ltd.).
5. The customer may independently and at any time change the settings for cookies, specifying the conditions for their storage and access by cookies to the customer's device. The customer may change the settings referred to in the preceding sentence through the settings of the Internet browser or through the configuration of the service. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the settings of the web browser or inform about each time cookies are placed on the customer's device. Detailed information about the possibility and methods of handling cookies is available in the settings of the customer's software (web browser). The customer can delete cookies at any time using the available functions in the web browser he/she uses; however, it should be remembered that limiting the use of cookies, may affect some of the functionality available in the online store.