Privacy Policy
The protection of private information regarding Users of the website https://www.loreza.pl/ (hereinafter referred to as the "Website") is extremely important to us, therefore we make every effort to ensure that you are safe when visiting our Website.
Please read this document (hereinafter referred to as the "Privacy Policy"), which explains how we protect your personal data when you visit the Website. Each time you use the Website, you are subject to this Privacy Policy. Therefore, we ask you to review it each time you access the Website.
This privacy policy presents, among others: the rules of contact with Wioletta Jankowska, running a business under the name HANDEL ODZIEŻĄ Wioletta Jankowska entered into the Central Register and Information on Business Activity (hereinafter referred to as the "Seller"), the rules of collecting, storing and processing personal data by the Seller, the sources of personal data, the scope and purpose of personal data processing, the period for which personal data are processed and the rights of individuals regarding their personal data.
Dictionary
The following terms shall be understood as:
- “Privacy Policy” – this shall be understood as this document called “Privacy Policy”;
- “Seller” - this shall be understood as Wioletta Jankowska, conducting business activity under the name HANDEL ODZIEŻĄ Wioletta Jankowska, entered into the Central Register and Information on Business Activity;
- “Online Store” – this shall be understood as the website available at https://www.loreza.pl/;
- "Customer" – this shall be understood as a natural person acting on his/her own behalf or on behalf of a legal person or an organizational unit without legal personality but having legal capacity under the Act, and who has used the Online Store by browsing the website available at https://www.loreza.pl/ or by sending his/her personal data in order to register an Individual Account in the Online Store or to place an order in the Online Store or to subscribe to the Newsletter;
- "Individual Account" - a panel assigned individually to the Customer after registering data in the Online Store system, marked with an individual name (login) and password provided by the Customer in the Seller's IT system, allowing the Customer to use additional functionalities of the Online Store;
- “Order Form” – a form through which the Customer orders the Goods offered by the Seller in the Online Store and specifies the method of delivery, in which the Customer provides the following data: name, surname, address, e-mail address, telephone number;
- “Account registration” – this shall be understood as a form used to register the Customer in the Online Store in order to create an Individual Account via the Online Store, through which the User provides the following personal data: name, surname, e-mail address, password;
- “Logging in to the Individual Account” – this shall be understood as a form used to log the Customer into the Individual Account in the Online Store – after the Customer has completed Registration – through which the Customer provides the following personal data: e-mail address, password;
- "Contact Form" - this shall be understood as a form used to contact the Seller in order to obtain detailed information regarding the Seller's activities, available on the Website in the "Contact" tab, through which the User provides the name and e-mail address;
- "Services" – means the following actions of the Seller undertaken as a result of the Customer providing personal data: sending the Newsletter via e-mail address in the event of the Customer's consent to subscribe to the Newsletter or concluding a sales agreement between the Seller and the Customer, or maintaining an Individual Account or sending a return message containing detailed information regarding the order placed by the Customer;
- "Newsletter" – this shall be understood as an information bulletin regarding new products and promotions in the Online Store, to which the Customer has agreed to subscribe by providing his/her e-mail address in the "Newsletter" tab;
§ 1. Introductory provisions
1. This Online Store is operated by the Seller.
2. This Privacy Policy is effective from September 19, 2018, and specifies, among other things, the rules for contacting the Seller, the rules for collecting, storing, and processing personal data by the Seller, including data that you may enter through the Online Store website by completing the Order Form and during the Account Registration process; the sources of personal data acquisition, the scope and purpose of personal data processing, the period for which personal data are processed, and the rights of individuals regarding their personal data.
3. This privacy policy is not directed at persons under the age of 16, and we do not knowingly collect personal data from such persons.
5. The Online Store may contain external links (hyperlinks) to websites, plug-ins, or applications belonging to other entities. Clicking on these links or granting permission to connect may result in the collection or sharing of your data. We have no control over these websites and are not responsible for their privacy policies. After leaving our Online Store, we encourage you to read the privacy policies of each website you visit.
5. By accepting this Privacy Policy, the Customer declares that he or she has read its content, accepts its terms and undertakes to comply with them.
§ 2. Cookies
1. The Website uses "cookies." After the User enters the Website, a message appears informing them of the Website's use of cookies. The message remains visible to the User until they accept the Website's use of cookies. Acceptance occurs by clicking the "I accept" box.
2. Precise information regarding Cookies, indicating what Cookies are and how they are used by the Website, is available after the User clicks the box marked: "Cookie Policy" which appears simultaneously with the message about the use of Cookies by the Website and in the "Cookie Policy" tab on the Website.
§ 3. Personal data
1. Personal data is information about an identified or identifiable natural person. Data that has been anonymized in such a way that the data subject cannot or no longer be identified is not considered personal data.
2. The administrator of personal data obtained from Customers is the Seller.
3. Personal data are processed in accordance with the law and in accordance with the principles of fairness, transparency and adequacy.
4. The Online Store does not collect or process personal data for the purpose of transferring or selling it to third parties for marketing purposes. The Seller also does not send messages on behalf of third parties.
5. We may collect, process, store and transfer different types of your personal data, which we have grouped as follows:
Identity Data, including your name and username or similar identifier.
Contact Details, including billing address, delivery address, email address, and telephone number.
Transaction Data, including completed transactions and payments.
Technical Data, including IP address, login data, browser type and version, time zone and location settings, plug-in types and versions, operating system and other technologies used by you on the devices you use to access the Website.
Account Data, including username and password and order history.
Usage Data, information about how you use the Online Store website and what Services you use.
Marketing and Communications Data, including your preferences in receiving commercial information and communications from us.
6. When you use our Online Store, it may automatically collect Technical Data about your devices and online activities and behavior patterns. We collect this personal data through cookies and other technologies, in accordance with the "Cookie Policy" available on our Online Store website.
§ 4. Purpose and basis of processing your personal data
1. If you provide personal data, it will be used in accordance with the purpose for which it was provided. Below, we provide a detailed description of the purposes/activities for processing your personal data, broken down by data category and the legal basis for personal data processing.
Processing purpose/activity
Type of personal data
Basis for processing
Creating a customer account
Identity Data
Contact Details
Conclusion and performance of the contract
Order fulfillment
Identity Data
Contact Details
Account Details
Conclusion and performance of the contract
Product availability notification
Contact Details
Taking action before concluding a contract
Enabling newsletter subscription
Identity Data
Contact Details
Conclusion and performance of the contract
Consent to the sending of commercial information by electronic means and consent to direct marketing carried out using telecommunications terminal equipment.
Customer Relationship Management:
Notification of changes to regulations and policies
Request for an assessment or to complete a survey
Identity Data
Contact Details
Account Details
Marketing and Communication Data
Execution of the contract
Our legal obligation
Legitimate interest of the controller (having up-to-date data and analysing how customers use our services)
Managing and ensuring the security of the Seller and its Online Store (system diagnostics and maintenance, data analysis, testing, server management and hosting)
Identity Data
Contact Details
Technical Data
Legitimate interest of the controller (conducting business, managing IT processes, ensuring network security, preventing fraud)
Our legal obligation
Ensuring appropriate content of the Online Store website and advertisements, as well as analyzing the effectiveness of advertising campaigns
Identity Data
Contact Details
Account Details
Usage Data
Marketing and Communication Data
Technical Data
Legitimate interest of the controller (verification of how customers use our services, in order to develop and improve the quality of service provision and to create marketing strategies)
Providing the Customer with feedback regarding detailed information about the order placed by the Customer
Contact details
Taking action before concluding a contract
Execution of the contract
2. Providing personal data is voluntary, however, the lack of consent to the processing of personal data prevents the registration of an account and the processing of orders.
3. One of the ways we process personal data is through profiling. We may use your Identity, Contact, Technical, Usage, and Account Data to create a profile of our Customers' preferences and, based on that, tailor our services and the content they receive from us. This allows us to decide which of our Services may be appropriate for you.
§ 5. Sharing your personal data and international transfers
1. For the purposes indicated in the preceding paragraph, we may share your personal data with external third parties, such as courier, marketing, accounting and IT companies providing services such as hosting and cloud computing, as well as with the Tax Office and other public authorities in the Republic of Poland.
2. If the Customer chooses payment via the PayU system, their personal data are transferred to the extent necessary to process the payment to PayU SA with its registered office in Poznań (60-166), at ul. Grunwaldzka 182, entered into the register of entrepreneurs maintained by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the KRS number 0000274399, then PayPro is the controller of the Customer's personal data.
3. If the Customer chooses to pay via the Pay Pal system, his/her personal data is transferred to the extent necessary for payment execution to PayPal (Europe) S.à rl & Cie, SCA with its registered office at L-1150 in Luxembourg, then PayPal is the controller of the Customer's personal data.
4. We require all third parties to maintain security measures in relation to your personal data and to process it in accordance with the law. We do not allow our suppliers to use your personal data for their own purposes and allow them to process it for specific purposes and in accordance with our instructions.
5. Because we use the services of other providers, for example for IT support, your personal data may be transferred outside the EEA. In such cases, we ensure a similar level of protection for your data by ensuring at least one of the following protection measures:
transfer of personal data to countries recognized by the European Commission as providing adequate protection of personal data,
the application of data protection clauses adopted by the European Commission, guaranteeing the same protection as in the European Union, or
Where we use service providers based in the United States, we may transfer data to them under the Privacy Shield framework, which requires them to provide similar protection to that provided within the European Union.
§ 6. Data security
1. The Seller processes the Customer's personal data in compliance with all data security principles, meeting legal requirements. We have implemented the necessary security measures to protect your data against accidental loss, unauthorized access, use, alteration, or disclosure. We limit access to your data to employees, agents, service providers, and other third parties to whom such disclosure is necessary for our business operations. They will process your personal data only in accordance with the Seller's instructions and are bound by confidentiality obligations.
2. The Seller has adopted appropriate procedures to deal with any suspected infringement. We will notify you and the relevant supervisory authority of an infringement when we are legally required to do so.
§ 7. Data processing time
1. Your personal data will be stored for a period no longer than the time necessary to fulfil the purpose for which it was collected (i.e. the time necessary to fulfil the order, maintain the Customer's account), unless a longer period results from the need to fulfil our legal, accounting or reporting obligations, and for the period necessary to pursue claims arising from the provisions of the Civil Code.
2. We process personal data processed for accounting and tax purposes for 5 years from the end of the calendar year in which the tax obligation arose.
3. Under certain circumstances, you may request the deletion of your personal data in accordance with § 9.
4. In certain circumstances, we may anonymise your personal data (ensuring that it can no longer be identified) for research and statistical purposes, in which case we may retain that data indefinitely without any further obligation to notify you.
§ 8. Customer rights related to personal data protection. Complaint to the supervisory authority
1. In certain situations, the Customer has the right to request the Seller to review, correct, amend, limit, rectify, or delete their personal data administered by the Seller, as well as the right to object to the processing of their personal data by the Seller. To do so, please send an email to: kontakt@loreza.pl.
2. Please note that we may not always be able to comply with your request to delete your personal data, particularly due to legal obligations or the pursuit of legal claims. In such cases, we will notify you of this after submitting your request. If you would like more information about the specific rights presented in this section, please contact us using the Seller's contact details.
3. The customer has the right to withdraw consent to the processing of personal data at any time by sending an email to kontakt@loreza.pl or by clicking the deactivation link provided in each newsletter or other marketing message. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. This means that withdrawal of consent applies to the future, not to data processing that occurred in the past, between the time consent was granted and the time it was withdrawn.
3. The Customer has the right to submit to the Seller a request to send his/her personal data, which are administered by the Seller, to another personal data controller, provided that technical and organizational requirements allow the transfer of such personal data.
4. The Seller shall, without undue delay – and in any case within one month of receiving the request – provide the Customer who has submitted one of the requests listed in this paragraph with information on the actions taken in connection with the request, or on any extension of the deadline due to the nature of the request or the number of requests, or on the reasons for not taking action, and on the possibility of filing a complaint with the supervisory authority and seeking legal remedies before a court.
5. The exercise of the rights set out above is free of charge; however, the Seller may charge the Customer a reasonable fee if the request(s) presented are clearly unfounded, repetitive, or excessive. In such cases, we may also refuse to comply with the request.
6. In order to fulfill individual requests, the Seller may request specific information from the Customer to verify their identity and ensure the exercise of certain rights. This is a security measure to ensure that personal data is not disclosed to unauthorized persons.
7. The Customer whose personal data is administered by the Seller has the right to lodge a complaint with a supervisory authority, in particular in the Member State:
a. your habitual residence,
b. your workplace, or
c. place of the alleged infringement,
if you believe that the processing of your personal data violates the GDPR. In the Republic of Poland, the complaint should be sent by post to the Office of the Inspector General for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, or via the Electronic Mailbox of the Office of the Inspector General for Personal Data Protection.
§ 9. INFORMATION FROM THE PERSONAL DATA CONTROLLER DRAWN UP PURSUANT TO ARTICLE 13 PARAGRAPHS 1 AND 2 OF THE GENERAL DATA PROTECTION REGULATION (GDPR)
Due to the entry into force and the need to apply Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation"), we present the following information regarding the principles of processing your personal data.
The online store processes your personal data for the following purposes:
A) transfer of your personal data to Bank Pekao SA ("Bank") in connection with:
a. the provision by the Bank to the Online Store of the service of providing infrastructure for handling online payments (legal basis: Article 6 paragraph 1 letter f) of the Regulation).
b. the Bank's processing and settlement of payments made by customers of the Online Store via the Internet using payment instruments (legal basis: Article 6 paragraph 1 letter f) of the Regulation).
c. in order for the Bank to verify the proper performance of agreements concluded with the Online Store, in particular to ensure the protection of payers’ interests in connection with the complaints they submit (legal basis: Article 6 paragraph 1 letter f) of the Regulation).
In connection with the processing of personal data for the purposes specified above, your personal data may be made available by the Online Store to other recipients or categories of recipients of personal data, which may be:
a) Bank Pekao SA
If you are providing your personal data to enter into a contract with the Online Store, providing your personal data is a condition for entering into that contract. Providing your personal data in this situation is voluntary, but failure to provide this data will result in the inability to enter into a contract with the Online Store.
If your personal data are transferred to the Bank in connection with the processing and settlement of payments made by you to the Online Store via the Internet using payment instruments, the provision of data is required in order to execute the payment and provide confirmation of its execution by the Bank to the Online Store.
If your personal data are transferred to the Bank for the purpose of verification by the Bank of the proper performance of contracts concluded with the Online Store, in particular to ensure the protection of payers’ interests in connection with the complaints they submit, the provision of such data is required to enable the performance of the contract concluded between the Online Store and the Bank.
§ 10. Final provisions, changes to the Privacy Policy, notification of changes
1. The Seller reserves the right to change this Privacy Policy, which change will take effect on the date the new Privacy Policy is posted on the Online Store website. Any significant changes to this Policy will be communicated by an appropriate notice appearing on the Online Store website.
2. The Seller's contact details are indicated in point 2 of the Glossary of this Privacy Policy.
3. In all matters related to the processing of your personal data by the Seller, please contact us at the e-mail address: kontakt@loreza.pl or at the telephone number provided on the Website.