Privacy & Cookies Policy
- 1. The Policy
- 2. The Administrator
- 3. Data Care
- 4. The purpose of data management
- 5. The scope of information
- 6. Providing Data
- 7. The Legal Basis
- 8. Profiling
- 9. Transfer of Data
- 10. Transfer of Data to third countries (outside the European Economic Area)
- 11. Customer’s Rights
- 12. Data storage period
- 13. Cookies file
- 14. Indemnity
- 15. Contact Us
- 16. Data Protection
- 17. Links to other websites
- 18. Changing the Policy
1. The Policy
The information contained in the Policy is general. Detailed information regarding the processing of specific personal data is available during their collection , each time in the content of the information clause placed in a visible and easily accessible place. This applies in particular to information about the purpose and legal basis of the processing of personal data, the period of their storage and the recipients to whom they are transferred.
All words, phrases and abbreviations appearing on this page and beginning with a capital letter (e.g. Seller, Online Shop, Electronic Service) should be understood in accordance with their definition contained in the Regulations of the Online Shop available on the vitamin360.com Online Shop.
In case of any doubts or contradictions between the Policy and the consents given by a given regardless of the provisions of the Policy, always the basis for taking and determining by the Administrator the scope of activities are voluntary consents or provisions of law. In the event of such a conflict between the Policy and the content of the information clauses provided by the Administrator when collecting personal data (usually under the forms in the Online Store and the information that a customer should follow is provided to him within the aforementioned information clauses.
2. The Administrator
The administrator of personal data collected:
- via the Online Shop (including using cookies or similar technology) or other communication channels with the Customer;
- obtained on the basis of the Customer’s activity on the Internet, in Application
is the company Vitamin360 a.s. with registered office in Dunajská Streda (address of the registered office: Priemyselná 6734 Dunajská Streda 929 01, Szlovákia), IČO: 44 189 923, VAT: SK 2022616068 (contact at the above-mentioned address, e-mail address: firstname.lastname@example.org or telephone number: +4219 17 526 010
. – payment as per standard connection – according to the price list of the relevant operator) – hereinafter referred to as the “Administrator” and being also the Seller.
In case of giving additional consent, our business partners (listed below in paragraph 15) can become the administrators of your Personal Data obtained through the usage of technologies like cookies.
3. Data care
Customer’s personal data is processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (UE.L Journal of Laws No. 119, item 1) (hereinafter also: “GDPR”) and other currently applicable rules , i.e. throughout the entire period of data processing, legal provisions on the protection of personal data. Personal data means information about an identified or identifiable physical person (hereinafter: “Personal Data”). An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name, identification number, location data, internet identifier or one or more specific factors determining physical, physiological, genetic, psychological, economic, cultural or social identity of a natural person.
The Administrator takes special care to protect the interests of the data subjects, and in particular ensures that the data collected by him are:
- processed in accordance with the law, fairly and transparently for the data subject;
- collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- correct and updated as necessary;
- kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed;
- processed in a manner that ensures adequate security of Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.
As indicated in the introduction, realizing how important the privacy of customers is, the Administrator protects not only users visiting the Online Shop or using an App, but also Customers who provided their personal data to the Administrator using other communication channels, i.e.:
- the website https://www.facebook.com and any other websites marked or co-branded with the Facebook brand (including sub-domains, international versions, widgets and versions for mobile phones), whose operating principles are based on regulations made available in particular to https://www.facebook.com/legal/terms, rovided by Facebook Inc., respectively or Facebook Ireland Limited (hereinafter also “Facebook Service”), including via the Facebook Lead Ads function aimed at direct marketing of the Administrator’s own products or services. The rules for the protection and use of Personal Data by the Facebook Service are available, for example, at: https://www.facebook.com/policy.php. The Administrator has no influence on the content of the legal regulations of the Facebook Website, including Personal Data.
- applications enabling advertising campaigns, including competitions, to be carried out by the Administrator of the Facebook Website.
4. The purpose of data management
Each time, the purpose and scope of data processed by the Administrator result from the consent of the Customer or the law and are further specified as a result of actions taken by the Customer in the Online Shop or other communication channels with the Customer. For example: Customer Personal Data may be processed in order to grant, present or give him dedicated offers and promotions, as high as possible tailored to his preferences(which may have a significant impact on it) only if the Client has given consent (not available to people who have not given such consent);
Possible purposes of processing Customer’s Personal Data by the Administrator are in particular:
a) conclusion and implementation of the Sales Agreement on Provision of Services (Account),or taking action at the request of the future Customer before its conclusion (We process your data to run your Account so that you can enjoy the benefits it offers, such as placing orders without having to fill out forms each time, access your purchase history, manage your consents in the service etc. and enable you to use other services available on our website);
b) conclusion and implementation of a Sales or Reservation Agreement, or taking action at the request of a future Customer before its conclusion (your personal data is needed for the implementation of your order and performance of the contract – in particular, confirmation of its submission and booking or sending selected product to you, as well as if necessary, contact you in this matter);
c) accepting and processing complaints;
d) conducting the competition, in particular selecting the winners of the competition and the implementation of prizes;
e) presenting advertisements, offers or promotions (discounts) regarding the products or services of the Administrator and its partners (current list available on Online Store) intended for all recipients, in particular for the purpose of implementing the contract for the provision of the Newsletter;
f) assessment and analysis of customer activity and information, including as part of the automated processing of Personal Data (profiling), to present general advertisements, offers or promotions (discounts), regarding the products or services of the Administrator and its partners, in a manner adapted to the interests the client (without, however, significantly affecting his / her decisions), in particular for the purpose of implementing the contract for the provision of the Newsletter, and market and statistical analysis;
g) pursuing claims and defense against claims, including third parties – if you use most of the functionality of the Online Store and Application;
h) to fulfil legal obligations resulting from regulations, e.g. tax and accounting regulations, especially in the case of paid contracts;
i) keeping correspondence with clients, including providing answers to clients’ messages.
In the case of an adult Client, with his additional consent, Personal Data may also be processed in order to present, create, award and implement dedicated ads, offers or promotions (rebates) for the Client’s products or services and its partners, as high as possible adjusted to his preferences (profiling), as a result of automated decision-making, which may cause legal effects or have a material effect on him, for example through a short-term rebate for a specific product only recently reviewed in our store ( this option is not available to people who are not adults or who are of age but have not consented to this).
5. The scope of information
The Administrator may process in particular the following Customer Personal Data:
a) using the Online Shop or Application:
- Personal Data provided in the form when registering an Account, placing orders or making a Booking in the Online Shop (in particular: name and surname, e-mail address, contact telephone number, address [street, house number, apartment number, postal code, city, country) ], address of residence / business activity / registered office [if different from the delivery address], bank account number, and in the case of Customers who are not consumers additionally the company name and tax identification number [NIP]) and other data collected when using the Online Shop;
Personal Data provided in order to use the newsletter, provided when using the contact form, or provided when making a complaint;
- Personal Data provided in order to participate in contests;
- Other Data, in particular obtained on the basis of the Customer’s activity on the Internet, belonging to Vitamin360 a.s., including those obtained via the Online Shop, Application or other communication channels with the Customer using cookies and similar technologies,
b) Supplementing the data contained in the Facebook Lead Ads form, the User provides the Administrator with the Personal Data indicated in the form, which may include in particular: name, surname, e-mail address, telephone number;
c) Supplementing the data contained in the application forms enabling the Administrator to run advertising campaigns / contests on the Facebook Website, the User provides the Administrator with the personal data indicated in the form, including in particular: name, surname, correspondence address, e-mail address, phone number.
6. Providing Data
Providing Personal Data by the Customer in the Online Store is voluntary, however, it is necessary to use certain functionalities of our store, for example, to place an Order and settle by the Customer (conclusion and performance of the Sales Agreement), Account registration or making a Booking (conclusion and performance of the Agreement on Provision of Services) sign up for the newsletter or use our forms.
Each time, the scope of data required to conclude an appropriate contract is indicated in the Online Shop, (we mark the data, the application of which is necessary to conclude the contract / use a certain functionality) as part of other communication channels with the Customer or in the Regulations. The consequence of not submitting Personal Data may be the inability to effectively perform the above-mentioned activities.
7. The legal basis
The basis for the processing of the Customer’s Personal Data is primarily the necessity to perform the contract to which he is a party or the need to take action at his request prior to its conclusion (Article 6 paragraph 1 letter b) of GDPR). This applies mainly to Personal Data provided in the form when registering an Account, placing Orders and concluding the Sale Agreement ,or making Reservations in the Online Shop. as well as when subscribing to the newsletter. Also in the case of Personal Data provided to us in connection with the Customer’s complaint, the legal basis for their processing is the necessity to perform / service the contract for the sale of advertised goods.
In the case of data processing operations for the aforementioned marketing purposes, with the exception of those that are implemented as part of the newsletter, which operates on the basis of the regulations, the basis for such processing is the fulfillment of the objectives resulting from the legally legitimate interests pursued by the Administrator or his partners (Article 6 paragraph 1 letter f)RODO) of the GDPR), whereas in this case partners do not participate in processing of Client’s personal data. On the other hand the range in which Administrator’s partners can access this information – lawful basis of such processing is Client’s voluntary consent (Article 6 paragraph 1 letter f)RODO). In turn, the presentation, creation, award and implementation of advertisements, offers or promotions (rebates), which are based only on automated processing, including profiling, as much as possible, tailored to the Customer’s preferences, which may significantly influence Customer’s consumer decision are based on a voluntary consent of the Customer (Article 6 (1) (a) of the GDPR)(Article 22 paragraph 2 letter C). However, this applies only to mature Clients.
a) voluntarily expressed consents – for example, persons joining contests, persons using contact forms (Article 6 (1) (a) of the GDPR);
b) applicable law when processing is necessary to fulfill the legal obligation of the Administrator e.g. when based on tax regulations or accounting one, The Administrator settles concluded sales contracts (Article 6 (1) (c) of the GDPR);
c) indispensable for purposes other than those mentioned above resulting from legitimate interests pursued by the Administrator or by a third party, in particular to determine, assert or defend claims, market and statistical analyses (Article 6 (1) (f) RODO).
The Administrator for the purpose of presenting general advertisements, offers or promotions (discounts), intended for all Clients, in a manner adapted to the interests of a given client, may read his preferences, e.g. by analyzing how often he visits the Online Shop. This allows a better understanding of the client’s expectations and adaptation to his needs- however, it does not significantly affect his decisions. Thanks to the use of advanced technologies by the Administrator, the above activities will often be performed by the system in an automated manner, thanks to which the content sent will be the most up-to-date and the client will be able to quickly become familiar with them.
In the case of adult customers, the analysis of interests or preferences will also be used to create, award and implement dedicated and customized ads, offers or promotions (discounts) in an automated manner, which may cause legal effects or have a similar effect on it, potentially limiting access to other clients (this option is not available to customers who are not adults and did not consent to such activities of the Administrator).It differs from ordinary “Profiling” ( i.e. adapting our messages, banners to your interests), because such activity can significantly influence your decisions as a consumer, so e.g. it may result in creating individual limited-time offer based on history of your purchases and online behaviour on our website, this offer will not be available to other customers. The more often a client uses the services of the Administrator and purchases its products, the better promotions and surprises can be prepared for him.
The Administrator may also process information about the Customer’s preferences, which may sometimes have the nature of Personal Data, and were granted to the Administrator by the Customer voluntarily through the functionality of the Application, including to limit the presented Products or Promotion to a specific pack (e.g. 90 capsules) or to specific categories (e.g., Men’s / Women’s / Children’s products).
9. Transfer of data
The catalogue of recipients of the data also results from the consent of the client, or from the law, and is clarified as a result of actions taken by him in the Online Shop or Application.
In the processing of Personal Data, the Administrator’s partners may participate to a limited extent, in particular who technically help to run the Online Shop efficiently, or the Application, including communication with our clients (e.g. they support us in sending e-mails, and in the case of advertising activities – also in marketing campaigns), hosting services or telephone and IT services providers, carriers or agents performing orders, entities handling electronic payments or payments payment card in the Online Shop, companies that service the software, support the Administrator in marketing campaigns, as well as a provider of legal and consulting services.
On the above principles Customer’s Personal Data may be also transferred to companies from the eobuwie.pl Group referred to in point 20 below.
10. Transfer of Data to third countries (outside the European Economic Area)
As part of the Administrator’s use of the tools supporting his current activity, provided by e.g Google Customer’s Personal Data may be transferred to a country outside the European Economic Area, in particular to the United States of America (USA) or another country where an entity cooperating with it maintains tools for processing Personal Data in cooperation with the Administrator.
Appropriate security of the Personal Data provided was provided by the Administrator through the use of standard data protection clauses adopted pursuant to the European Commission’s decision and contracts for entrusting processing data that meet the requirements of the GDPR.M/p>
In the case of transmission of data from Europe to the USA, some entities located there may additionally provide an adequate level of data protection in the dams of the so-called Privacy Shield (more information is available at: https://www.privacyshield.gov/).
The customer has the right to obtain a copy of the Personal Data transferred to a third country, by contacting us.
11. Customer’s Rights
Each customer has the right to:
- lodging a complaint to the President of the Office for the Protection of Personal Data;
- transfer of Personal Data that has been provided to the Administrator, and which are processed in an automated manner, and the processing takes place on the basis of consent or under a contract, e.g. to another administrator;
- access to Personal Data (including, for example, receiving information that Personal Data is processed);
- requests for rectification and limitation of processing (e.g. if Personal Data is incorrect) or deletion of Personal Data (e.g. if they were processed unlawfully);
- withdrawal of any consent given to the Administrator, at any time to lodge an objection, the withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law before its withdrawal;
- objecting to the processing of Personal Data relating to it in order to implement the legitimate interests of the Administrator or a third party, including in particular processing for marketing purposes, including profiling (if there are no other valid legitimate grounds for processing superior to the interests of the client).
12. Data storage period
Personal Data may be stored for the period of use of the Online Shop (but can be deleted three years after the Customer’s last activity as part of the Online Shop). For marketing activities – until the Customer raises an objection, if they are related to the technology of cookies and similar, depending on the technical issues, depending on time of deletion of these files while using the browser / device settings (although deleting files is not always the same as deleting Personal Data obtained through these files, hence the possibility of opposition).
If the processing of Personal Data depends on the consent of the Customer, the Personal Data may be processed until it is withdrawn.
a) Personal Data will also be stored when the law (eg accounting or tax regulations) will oblige the Administrator to process them;
b) We will store Personal Data longer in case the Client had any claims against the Administrator in order to pursue claims by the Administrator, or to assert or defend against claims of third parties, during the prescription period defined by law, in particular the Civil Code.
13. Sending commercial information
The Administrator has the technical ability to communicate with the client remotely (e.g. e-mail).
Commercial information related to the Administrator’s or entities that cooperate with it (including entities from the vitamin360.com Group), commercial activities may be sent only on the basis of the consent given by the Customer, including after accepting the regulations of the newsletter service.
You agree to indemnify and hold Vitamin360 and our parents, affiliates (and their franchisees and licensees), and subsidiaries, officers, directors, employees, successors and assigns, harmless from any claim, loss or demand, including reasonable attorneys’ fees, made by any third party due to or arising out of your use of our Web Site, your connection to our Web Site, your violation of these Terms and Conditions, or your violation of any rights of another party. This indemnity survives termination of these Terms and Conditions.
15. Cookies file
1. Who do the “cookie” files refer to?
Due to the fact that the cookies technology( or of functionality similar to cookies) used by the Administrator collects information about every person visiting the Online Shop, including within the Application, the following provisions of the Policy apply to people who use the Online Shop, regardless of whether they remain its clients (place orders, reserve products or have an account) ( hereinafter also “Visitor.”).
2. What technology do we use?
The Online Shop uses technology that Shops and accesses information on a computer or other device connected to the network (in particular using cookies or related solutions), in order to ensure maximum comfort when using the Online Shop, including for statistical purposes and for adapting to the interests of Visitor to the advertising content presented, the administrator’s partners and advertisers. During the visit to the Online Shop, data on the Internet activity of the Visitor may be automatically collected.
Due to the fact that the Administrator may use solutions with functionality similar to cookies – the following provisions of the Policy should be applied accordingly to these technologies.
3. What are “cookies”?
A cookie file is small text information sent by the server and stored on the side of the Visitor’s device (usually on the hard drive of the computer or on a mobile device). It Shops information that the Online Shop may need to adapt to the ways the Visitor uses it and to collect statistics about the Online Shop, including the Application (e.g. about which websites were visited, which elements are downloaded) and data about the domain name of the internet service provider or the country of origin of the Visitor. The technology that Shops and gains access to the Visitor’s ID enables the Application to work off-line and save the preferences of the logged-in Visitor. The application keeps the current ID of the Visitor until the User logs in to the Application, changes the Application site to the Online Shop operating in another country or uninstall (remove) the Application from the mobile device.
4. Do “cookies” collect your personal data?
When the Visitor uses the Online Shop, cookies are used to identify its browser or device – they can collect all kinds of information which, as a rule, do not constitute personal data (do not allow the identification of the Visitor). Some information, depending on their content and use, may, however, be associated with a specific person – assigning certain behaviours to a specific Visitor, e.g. by linking them to the data provided during the registration of an Account in the Online Shop – and thereby be considered as personal data.
In relation to information collected by cookies, which may be linked to a specific person, the provisions of the Policy relating to Personal Data apply, in particular regarding the rights of the data subject. An information on information collected by cookies is also made available, among others in the content of the information clause placed in a visible and easily accessible place during the first visit to the Online Shop.
5. On what legal basis do we use “cookies”?
Obtaining and storing information using cookies is possible on the basis of the consent of the Visitor. By default, web browsers or other software installed on a computer or other device connected to the network allow cookies to be placed on such devices by default, and thus to collect information about Visitors. On the web browser’s settings or within privacy settings on our website , the consent expressed on the use of cookie technology, including our business partners, may be modified or revoked at any time (but this can result in some functions of the Store not working properly) . Withdrawal of consent does not affect the legality of the processing, which was made on the basis of consent before its withdrawal (detailed information on how to withdraw consent is presented in the next sections of this Policy). The basis for processing such obtained data is the justified interest of the Administrator – what is the need to provide the highest quality content presented by the Administrator by adjusting them to the preferences of Visitors and marketing – including direct – Administrator’s products and services or his partners, whereas in this case partners do not participate in processing of Client’s personal data. On the other hand the range in which Administrator’s partners can access this information – lawful basis of such processing is Client’s voluntary consent.
The cookies used are primarily to make it easier for the Visitor to use the Online Shop and the Application, for example, by “remembering” information once so that it does not have to be provided every time, as well as to adjust their content, including advertising, to her preferences. Cookies are also used to increase the usability and personalization of the content of the Online Shop and Application sites, including the presentation, creation, award and implementation of advertisements, offers or promotions (discounts) dedicated to a given Visitor in accordance with its interests (applies only if it is of age and agreed to such action).
6. What are the cookies used for?
By using the cookies technology in the Online Shop, it is possible to get familiar by the Administrator with the visitor’s preferences – for example, by analysing how often he visits the Online Shop, or if and what products he buys in eobuwie.pl offline Shops. Analysis of online behaviour helps to better understand the habits and expectations of Visitors and to adapt to their needs and interests. Thanks to this technology, it is possible to present to Visitors advertisements suited to their needs and interests (for example, advertising resulting from recent browsing only in the “shoes” category) and preparation for adult Visitors who agreed, better promotions and surprises.
Based on cookies, the Administrator also uses technology that allows reaching with the advertising message to Visitors who have visited the Online Shop or Application while using their websites.
7. Can you oppose the use of information from “cookies”?
The Visitor may oppose the Administrator’s actions undertaken for the purpose described above. If the Visitor agrees, therein to present, create, assign and implement dedicated advertisements, offers or promotions (sales) adapted to his preferences, it may be withdrawn at any time – but this will not affect the lawfulness of processing that has been carried out basis of consent before its withdrawal.
8. What kind of “cookies” are used by us, and are they harmful?
Cookies used in the Online Shop are not harmful to the Visitor or to the computer / terminal device used by one, therefore we recommend not to use them in browsers. The Online Shop uses two types of cookies: session cookies that remain stored on the visitor’s computer or mobile device until you log out of the website or disable the software (web browser) and persistent, which remain on the visitor’s device for the time specified in the parameters of file cookies or until they are manually removed in a web browser.
9. How long will the information collected by “cookies” be stored?
Depending primarily on the purposes and legal grounds for processing Personal Data collected by cookies, they may be stored for a specific time indicated in point. 13 of Policy.
The Personal Data collected about cookies for a Visitor who is not a Customer will be kept until opposition is filed. The Administrator can delete Personal Data if for 3 years they will not be used for marketing purposes, unless the law will oblige the Administrator to process Personal Data longer.
Part of the Personal Data may be stored longer in case the Visitor has any claims against the Administrator, or in order to assert claims by the Administrator or defend against claims also of third parties, during the prescription period defined by law, in particular the Civil Code.
In any case, a longer period of storage of Personal Data is decisive.
16. Contact Us
At any time, one can contact with the Administrator by sending a message by post or via e-mail to the Administrator’s address indicated at the beginning of the Policy, or by phone at the phone number indicated at the beginning of the Policy or on the Facebook Website.
The Administrator correspondence for statistical purposes and for the best and quickest response to appearing inquiries, as well as in the scope of complaint settlements and decisions made on the basis of notifications about administrative interventions in the indicated Account. The addresses and data collected in this way will not be used for communication for purposes other than the implementation of the application.
In the case of contact with the Administrator in order to perform specific actions (eg submit a complaint using the form), the Administrator may again ask the person to provide data, including personal data, e.g. in the form of name, surname, e-mail address, etc. to confirm its identity and allow for the return of contact in a given matter and to perform the requested action. Providing these data is not mandatory, but it may be necessary to perform activities or obtain information that is of interest to the person.
17. Data Protection
The Administrator, taking into account the state of technical knowledge, the cost of implementation and the nature, scope, context and purposes of processing and the risk of violating the rights or freedoms of individuals with different probability of occurrence and threat severity, apply appropriate technical and organizational measures to ensure protection of Personal Data processed for threats and categories of data covered by the protection, in particular, protects the data against their being made available to unauthorized persons, being taken away by an unauthorized person, processed in violation of applicable laws and changing, loss, damage or destruction. Providing information on technical and organizational measures that provide protection of processing outside may undermine their effectiveness, which jeopardizes the proper protection of Personal Data.
The Administrator provides for example, the following technical measures to prevent the unauthorized access and modification of Personal Data sent electronically:
- Securing the data set against unauthorized access.
- SSL certificate on the Online Shop pages where Personal Data is provided.
- Encryption of data used to authorize a person using the functionality of the Online Shop.
- Access to the Account only after providing an individual login and password
18. Links to other websites
The Online Shop may contain links to other websites. The administrator encourages you to read the terms and privacy policies used for other websites. This Policy applies only to the Administrator’s activities indicated.
19. Changing the Policy
The Administrator can change the Policy in the future – this may occur, among others for the following important reasons:
- changes in the binding provisions, in particular regarding the protection of Personal Data, telecommunications law, services provided electronically and regulating consumer rights, affecting the rights and obligations of the Administrator or the rights and obligations of the data subject;
- development of functionality or Electronic Services dictated by the progress of Internet technology, including the application / implementation of new technological or technical solutions affecting the scope of the Policy.
Each time the Administrator places information about changes in the Policy as part of the Online Shop and in the Application. With every change, the new version of the Policy will appear with a new date.
Last Updated: May 29, 2018