PRIVACY POLICY AND COOKIE POLICY

Cookie Consent

The website uses cookies to improve your experience while navigating through it. Of these, cookies, which are sorted as needed, are stored in your browser, as they are essential for the operation of the basic functions of the website. We also use third-party cookies to help us analyse and understand how you use this website. These cookies will only be stored in your browser with your consent. You can also disable these cookies. But turning off some of these cookies can affect your browsing experience.

We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

DEFINITIONS

Our Privacy Policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016h (hereinafter: GDPR)), the Council of Europe Conventions and terms used in national legislation. Our Privacy Policy should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to begin by explaining the used terminology.

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Automated decision making is when a decision is made which is based solely on a automated processing (including profiling) which produces legal effects or significantly affects individual.

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

NAME AND ADDRESS OF THE CONTROLLER

Controller for the purposes of the GDPR, other data protection laws applicable in Member states of the European Union and other provisions related to data protection is: Marita Wrong. We do not have Data Protection Officer as we do not process personal data to such an extent that this obligation should be fulfilled, but you can always contact us by e-mail at maritawrong@gmail.com

 

LAWFUL BASIS FOR PROCESSING AND WHY DO WE USE YOUR PERSONAL DATA

We process personal data only for the purposes for which it was collected and in accordance with this Privacy Policy. We take reasonable steps to ensure that the personal data we process is accurate, complete and current, but we depend on you to update or correct your personal data when necessary.

The lawful bases for processing personal data are set out in Article 6 of the GDPR. Whenever we process your personal data one of these below stated lawful bases applies for below stated purposes.

On the basis of explicit individual’s voluntary consent, we process personal data such as for below stated purposes:

  • response to the completion of the contact form for the demand,

  • subscribing to e-news (unsubscribing from e-news is possible at any time by clicking on unsubscribe button, stated in the received e-news),

  • participation in promotional campaigns published on the Site,

  • the possibility of completing an order in the online store, for example, for the products you have added to the shopping cart, are not deleted, or the data from the order in preparation (this is allowed by cookies),

  • user registration in Marita Wrong online store,

  • to review job applications, you have signed up for.

We process personal data on the basis of contract when it’s necessary such as for below stated purposes:

  • concluding and implementing of the contract,

  • informing individuals about successful orders,

  • resolving complaints and other refunds, relating to the order.

When necessary, for our legitimate  interests, we process personal data on the basis of legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, as for below stated purposes:

  • optimization of the Site,

  • to ensure the network and information security of the IT systems,

  • to prevent fraud,

  • sending e-news if you have become our customer with a purchase and have not indicated that you do not want to receive notifications (basis of paragraph 2 of Article 158 of ZEKom-1),

  • On the basis of laws and in accordance with relevant legislation (among others: Code of Obligations (OZ), Consumer Protection Act (ZVPot), Value Added Tax Act (ZDDV-1), Tax Certification of Invoices Act (ZDavPR), Act on Accounting (ZR), Electronic Communications Act (ZEKom), Money Laundering Prevention and Financing of Terrorism Act (ZPPDFT-1),

  • retention of personal data regarding the purchase in accordance with applicable law, such us a fulfilment of tax obligation.

WHAT KIND OF PERSONAL DATA DO WE COLLECT?

We ask for and collect the following personal data:

  • contact information we obtain from you (name and surname, phone number, address, postal code, country, e-mail address, company name, which enables identification of individual).

  • Identification data related to the creation of the user account (name and surname, username and password that is encrypted),

  • data related to the fulfilment of the contract (delivery time, method of payment, data on complaints, invoice issued),

  • information required to issue an invoice (name and surname, address, postal code, country, tax number, if the purchase is made from a legal entity),

  • information on the use of our Site,

  • IP address,

  • CV, motivational letter, which may contain your personal data, in case you fill and add those attachments when you file job application.

We are not responsible for the accuracy of the personal data you enter.

Your share of your personal data is not a condition for the use of our services, but without of at least certain personal data, we cannot perform our services and, among other things send you your ordered goods. If you believe that someone has shared with us your personal data and do not want that we process it, please let us know at maritawrong@gmail.com. All your personal data will be stored only for as long as is necessary to achieve the purpose for which it was collected, or we will store it only for the period that is prescribed by law in certain cases.

We also process non-personal information (information that, alone, cannot be used to identify or contact you. You may be asked to submit non-personal information with personal information or separately):

We collect anonymous data from every visitor to monitor traffic and fix bugs. This information is used to help us understand who uses our Site, to improve and market our Site in general and our online products and services in particular. We collect information like web requests, the data sent in response to such requests, the browser type, the browser language, a timestamp for the request and other anonymous statistical data involving the use of our Site. This information by itself cannot be used to identify or contact you. We may combine automatically collected and other non-personal information with personal data. In that case we will treat the combined information as personal data under this Privacy Policy. Non-personal data is recorded automatically.

Non-personal data is recorded automatically. We use this information to measure the attractiveness of the website and to improve the content and usability. Under no circumstances will we pass on personal data to a third party or allow a third party to inspect personal data without the express permission of the individual, unless required to do so by the state authorities and such an obligation is required by law. Until you entrust us with personal information (such as first and last name, e-mail address, etc.), all information we automatically obtain when you use the Site are anonymous information, and we cannot identify an individual with it.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA WITH?

We are not in the business of selling your personal data.  We do share personal data with third parties, which may be processors of your personal data only as set forth in this Privacy Policy.

We may share it with:

  • based on your consent, we may share your personal data with those third parties for whom you have given your consent,

  • service providers as we use some other third-party service providers to offer or facilitate services on our behalf. These services may include, among other things, helping us to provide services that you request, create or maintain our databases, to research and analyse the people who request our services or products, services or information from us, taking care of the shipment of products to you, of communication or helping us respond to inquiries and send out emails on our behalf. We will share your personal data as necessary for such third-party services providers to provide the applicable service to us or on our behalf,

  • we may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your personal data to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your personal data may protect the rights, property, or our’s safety or safety of another person. We will disclose personal data that that law enforcement agencies require in particular case to be disclosed,

  • we may disclose your personal data to comply with a law, regulation or compulsory legal request, to protect the safety of any person from death or serious bodily injury, prevent fraud or misuse of products or services or its users or to protect our property rights. We will disclose personal data to government entities or third parties based on judgments of courts or tribunals or decisions of administrative authorities or another binding act. We will disclose personal data that previously mentioned entities require in particular case to be disclosed.

THIRD COUNTRIES

The personal data collected may also be transferred to other countries outside of the EU/EEA, e.g. for the provision of e-mailing services, undertaking with such contractual partners to comply with the standard contractual provisions issued by the European Commission and available on: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02010D0087-20161217&from=SL.

CHILDREN DATA

We are committed to protecting the online privacy of children and making the internet safe. We do not provide products and services to children, or knowingly collect or solicit personal data from children under 15 years of age. Any communication we get that is identified as being from a child under 15 will not be kept by us. We encourage parents or guardians of children under 15 to regularly check and monitor their children’s use of email and other activities online.

AUTOMATED DECISION MAKING AND PROFILING

We do not process personal data for automated decision making and profiling.

HOW DO WE KEEP YOUR PERSONAL DATA SECURE?

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data. We restrict access to personal data to our employees, service providers and agents who need to know such information in order to operate, develop or improve our products and services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. We use secure socket layer (“SSL”) technology to encrypt and protect the security of your personal data, including but not limited to your credit card number, when it is sent over the Internet. Therefore, while we strive to protect your personal data, we cannot guarantee its absolute security. We are not responsible for the functionality, privacy or security measures of any other organization.

Note that our Site offers links to other websites not owned or operated by us. Your use of these third-party services is entirely optional and at you risk. We are not responsible for the privacy policies and/or practices of these third-party services.

HOW CAN YOU UPDATE OR REMOVE YOUR PERSONAL DATA OR OPT-OUT?

You can update or remove your personal data or opt-out at any time.

  • updates: If you still wish to use our products and services and your relevant personal data (name, e-mail, postal address, telephone number, etc.) changes, please let us know at maritawrong@gmail.com,

  • personal data removal: If you wish to completely remove your data from our databases, please send us a deletion request at maritawrong@gmail.com,

  • Opt-out: If you do not like to receive our newsletter or other marketing material e-mails, you can unsubscribe any time with the “unsubscribe” link within any marketing e-mail you receive from us. We will be sad to see you go, but we respect your privacy.

Any request that you send to maritawrong@gmail.com may take up to 10 days to process and become effective.

After receiving your withdrawal of consent, we will stop processing your personal data and will delete it. We will let you know that your withdrawal was took into account. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal.

YOUR RIGHTS AS THE DATA SUBJECT

In relation to your personal data that we process, you have the right:

  • to withdraw consent to processing of your personal data at any time. If you only wish to update your personal data, you can do that in your Site account,

  • to obtain confirmation whether we process your personal data,

  • to access: to request confirmation whether we process your personal data relating to you, and if so, to request a copy of that personal data, to ask about purposes of processing, categories of personal data concerned, whether personal data is transferred to a third country or international organization etc.,

  • to rectification: to request that we rectify or update any personal data that is inaccurate, incomplete or outdated,

  • to erasure (Right to be forgotten): to request that we erase your personal data in certain circumstances, such as when the processing of personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed or where we collected personal data on the basis of your consent and you withdraw your consent etc.,

  • of restriction of processing: to request that we restrict the use of your personal data in certain circumstances, such as when accuracy of the personal data is contested by you,

  • to data portability: to request that we provide a copy of your personal data to you in structured, commonly used and machine-readable format in certain circumstances and you have the right to transmit that personal data to another controller in certain circumstances,

  • to object at any time to processing of personal data for our legitimate interest, to direct marketing and profiling connected with direct marketing,

  • to state that the decision based solely on the automated processing of your personal data, including the creating of profiles, that has legal effects relating to you or significantly affects you in a similar way, does not apply to you. If the decision (1) is necessary for entering into, or the performance of, a contract between the you and Marita Wrong, or (2) it is based on your explicit consent, we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of controller, to express his or her point of view and contest the decision

For all stated rights, you may, at any time, contact us:

We shall promptly ensure that the request is complied with immediately, but no later than in one (1 month. You will receive requested personal data in a structured, machine-readable and generally applicable way. First copy of your personal data in electronic or hard is free of charge, each additional copy we may charge a fee to cover cost of preparing the copy.

DATA RETENTION

We store your personal data for as long as is needed for its purpose. We may store anonymized information longer, but only in a way that it cannot be tracked back to you. We store personal data in accordance with applicable law.

Retention for personal data may vary depending on the applicable sectoral legislation (eg. tax, accounting legislation). In the case where the applicable sectoral legislation establishes mandatory duration for retention of personal data, we will delete if after the expiration of that mandatory duration.

When personal data is no longer needed, we shall delete it using reasonable measures to protect the personal data from unauthorized access or use.

COOKIES AND TRACKING TECHNOLOGY

Cookies are small text files placed on your hard drive. We use cookies or similar technologies (pixels etc.) to personalize your online experience and improve our services to you. For example, cookies will remember and process the items in your shopping cart on our Site. This saves you time, since you are not required to re-enter the same information each time you visit our Site. You can modify your browser settings to control whether your computer accepts or declines cookies. If you choose to decline cookies, you may not be able to use certain interactive features of our Site. Note that you can always go back and delete cookies from your browser; however, that means that any settings or preferences controlled by those cookies will also be deleted and you may need to recreate them. The law states that we can store cookies on your device if they are strictly necessary for the operation of the Site. For all other types of cookies (unnecessary cookies; e.g. analytics cookies), we need your prior informed consent.

The cookie records your setting that you do not want to record cookies

 

Below you will find Third-Party explained technologies that allow us to improve the overall user experience and tailor it to suit your browsing history. These technologies all take advantage of cookies; the details of which are provided below and you can opt out from them.

GOOGLE ANALYTICS

On our Site, we have the component of Google Analytics. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising. You can read more about Google Analytics privacy policy here: https://analytics.google.com/analytics/web/provision/#/provision.

GOOGLE reCAPTCHA

We use Google reCAPTCHA to protect our website from abuse. Google reCAPTCHA uses advanced risk analysis techniques, which allows us to distinguish between so-called "bots" and people. More information about Google's reCAPTCHA can be found here: https://developers.google.com/recaptcha/.

MANAGING AND DELETING COOKIES

If you want to change the way cookies are used in your browser, including blocking or deleting them, you can do so by changing your browser settings accordingly. To manage cookies, most browsers allow you to accept or reject all cookies, accept only a certain type of cookie, or alert an individual that a website wants to store a cookie. Cookies stored by the browser can be easily deleted. If you change or delete your browser's cookie file, change or reward your browser or device, you may need to disable cookies again. The process for managing and deleting cookies varies from browser to browser.

NOTIFICATION

By using this Site, you agree that the Site sets necessary cookies on your computer or mobile device.

SECURITY

We strive to ensure the security of personal data. Your personal information is protected at all times from loss, destruction, falsification, manipulation and unauthorized access or unauthorized disclosure. We use an appropriate level of protection and have reasonable physical, electronic and administrative measures in place to protect the data collected.

Despite efforts to ensure security, there may be an intrusion into our system. In the event that the personal data of an individual is altered, disclosed or destroyed, we will notify the individual via e-mail.

UPDATES TO THIS PRIVACY POLICY

We may amend this Privacy Policy from time to time. Use of personal data we collect now is subject to the Privacy Policy in effect at the time such personal data is used. If we make changes in the way we collect or use personal data, we will notify you by posting an announcement on Site. You are bound by the changes to the Privacy Policy when you use services after such changes have been first posted. This Privacy Policy was last updated on 09.03.2022.