The protection of the privacy of users of the https://cream-deluxe.shop/ website (hereinafter: “Website”) is of particular importance to us. Therefore, all users of the Website (i.e. visitors) are guaranteed high standards of privacy protection. IVM FIMRA HANDLOWA Sp. z o.o. based in Łódź, as the personal data controller, cares about the security of personal data provided by the users.

I.                   Personal data processing / Controller

“Personal Data” is any information that identifies the user directly, for example, your surname, first name or email address, phone number that you provide when using the contact forms or other functionalities available on the Website; indirectly, for example, Physical Address (MAC addres), IP address or cookie identifiers,

The Controller of the personal data of the Website users processed in accordance with this Privacy Policy is IVM Firma Handlowa Sp. z o.o. based in Łódź, Aleja T. Kościuszki street 101, 90-441 Łódź, Poland, entered in the Register of Entrepreneurs kept by the District Court for Łódź-Śródmieście in Łódź, XX Business Division of the National Court Register under number 0001012820, REGON: 52415237100000, NIP: 7272865829, with a share capital of PLN 5.000 (in words: five thousand zlotys and 00/100) hereinafter referred to as the “Controller” or the “Company”.

The personal data of Website users will be processed by the Controller in accordance with the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).

If you have any questions about the Controller’s processing of your personal data, you may contact us at: contact@ivm-firma.pl or by post to the Company’s address.

Pursuant to Article 13(1) and (2) and Article 14(1) and (2) of the GDPR applicable in all EU Member States as of 25 May 2018, we hereby wish to inform you of the manner and purpose for which we process your Personal Data, as well as of your rights relating to the protection of your data.

II.                 Scope of personal data processing

 

When using certain services of the Website, you may be asked to provide your personal data. The required scope of personal data is determined on a case-by-case basis according to the needs of the specific service or functionality of the Website that you intend to use. The data provided through the Website is collected by the Controller directly from the data subjects.

If you use the Website for the sole purpose of getting to know its contents, the Controller may collect certain information about you using cookies, of which you will be informed each time by the Controller. Information on the cookies used on the Website is also contained in section VIII of this Privacy Policy. If the Controller requires the provision of personal data in order to use the functions offered by the Website, the provision of such data is always fully voluntary; however, failure to provide personal data will prevent the use of the Website in accordance with the functionalities offered (including additional functionalities made available on the site).

III.                Purposes and legal basis of data processing

The Controller will only collect and process your personal data in accordance with the provisions of this Privacy Policy. Any data provided by you will be used by the Controller only for the following purposes:

a)      to provide visitor services and to contact you, including to inform you of any changes regarding the products and services offered on the Website or to prepare the process of concluding contracts with the Company’s customers (e-mail and traditional correspondence, telephone contact) – the legal basis for data processing is Article 6(1)(b) or (f) GDPR, with the legitimate interest being relationship building and customer service;

b)      in connection with the conclusion of trade contracts in the course of its business, the Company obtains data from the counterparties regarding the persons representing the Parties in order to conclude the contract and to fulfil contractual obligations, including financial obligations. The obtaining of such data is possible already at the request for proposal stage, at the offer stage, at the stage of negotiating the terms and conditions of a contract, a contract with annexes and annexes amending the terms and conditions of a contract, as well as in the correspondence related to the performance of contracts – the processing of personal data is necessary for the performance of a contract with the Party you represent or upon a request to take action on behalf of the Party before signing such a contract (Article 6(1)(b) GDPR), as well as necessary to comply with the Company’s legal obligations to keep accounting and tax records (Article 6(1)(c) GDPR), and may also be necessary for purposes arising from the Company’s legitimate interests pursued by the Company, i.e. the assertion of claims and defence against claims pursuant to Article 6(1)(f) GDPR,

c.      to process personal data in order to comply with any legal obligations incumbent on the Company – the legal basis for the processing is Article 6(1)(c) GDPR (in particular, accounting and tax obligations, as well as those related to compliance with relevant European and national regulations on the use of our services via the Website);

d.      to comply with any contractual obligations in relation to the Controller’s business partners, which is our legitimate interest in processing the data – the legal basis for data processing is Article 6(1)(f) GDPR;

e.      for analytical purposes, development purposes, for the purpose of improvements (including to improve user experience), administration, maintenance, technical support and security of the Website, which is our legitimate interest in processing the data – the legal basis for data processing is Article 6(1)(f) GDPR;

f.       for the possible establishment, assertion or defence against claims, enforcement or investigation of potential violations of the terms of use of the Website or other actual or alleged unlawful activities, protection of the rights, property or security of the Website, Users, customers and employees of the Controller and other third parties, which is our legitimate interest in processing the data – the legal basis for the processing is Article 6(1)(f) GDPR;

g.      to use the contact forms provided by the Controller on the Website pages, including for the purpose of handling enquiries and requests made through the contact channel provided by the user – the legal basis for data processing is Article 6(1)(f) GDPR;

h.      to carry out activities for which we have obtained consent (the basis is Article 6(1)(a) GDPR) e.g. in order to collect consent to send a newsletter or to send commercial information by e-mail to your e-mail address, data will be processed in connection with Article 6(1)(f) GDPR, where the Company’s legitimate interest is the direct marketing of the Controller’s services or products.

IV.               Personal data recipients

 

Personal data of the Website users / Customers of the Company may be disclosed by the Controller:

a.          to other companies in the Controller’s capital group and to companies cooperating with the Controller, provided that the disclosure of such data is necessary in connection with the pursuit of the Controller’s interests;

b.          to persons authorised by the Controller, i.e. employees and contractors who need to have access to the personal data in order to perform their duties;

c.          your personal data may be disclosed to our partners and third party service providers and processed by them to enable them to perform the services commissioned by the Controller, including IT service providers, accounting or marketing service providers;

d.          to the public authorities or entities entitled to obtain the data on the basis of the applicable law, e.g. courts, law enforcement agencies or state institutions, upon their request, based on an appropriate legal basis. In the event of a data security breach, certain personal data may be subject to disclosure to authorities competent to protect it.

In the case of cooperation with the Controller’s partners or third-party providers, such third-party providers may be located both within the countries that are members of the EU and outside the European Economic Area (EEA).

Where our partners or providers are based outside the EEA, the Controller shall ensure that the transfer of data outside the EEA is carried out in accordance with the applicable laws in this respect. The level of data protection in countries outside the EEA may differ from that guaranteed by the European law. We may transfer data to our partners outside the EEA in particular on the basis of decisions issued by the European Commission or standard contractual clauses approved by the European Commission.

In the absence of a decision establishing an adequate level of protection as set out in Article 45(3) GDPR or the absence of appropriate safeguards as set out in Article 46 GDPR, Personal Data shall only be transferred by IVM Firma Handlowa Sp. z o.o. outside the EEA if:

a.             this is necessary for the performance of a contract concluded with the data subject or to take measures necessary for the conclusion of such a contract;

b.             this is necessary for the Company’s use of the online infrastructure/email, cloud or website;

c.             such an obligation is provided for in the provisions of Polish or European law or international agreements ratified by Poland;

d.             the data subject has been informed of the possible risks that, in the absence of an adequacy decision and in the absence of appropriate safeguards, the proposed transfer may entail for them, has expressly consented to the transfer.

All external parties are obliged to comply with the Controller’s guidelines and to implement appropriate technical and organisational measures to protect the personal data of the Website users or of the Company’s customers. Recipients of data may act as our processors (in which case they are fully subject to our instructions as to the processing of personal data) or as independent controllers (in which case you should also familiarise yourself with their personal data processing rules and regulations).

V.             Rights of data subjects

As the Website User you have the following rights with respect to personal data processed by the Controller:

 

a.              the right to access your personal data;

b.              the right to rectify your personal data if the data is inaccurate or incomplete;

c.              the right to delete your personal data;

d.              the right to object to the processing of your personal data. You have the right to object when the Controller’s processing of your data is based on the Controller’s legitimate interest, e.g. for profiling your data for marketing purposes. The Controller will cease to process the data for these purposes unless there are compelling legitimate grounds that override your interests, rights and freedoms or your data is necessary for the Controller to establish, assert or defend against claims, if any;

e.              if you have given your consent to the processing of personal data, you may withdraw your consent to further data processing at any time. You may withdraw your consent at any time by contacting the Controller at the email address set out in Section I of this Privacy Policy. The withdrawal of your consent does not affect the lawfulness of the processing carried out by the Controller before you withdrew your consent;

f.               the right to data portability of your personal data;

g.              the right to restrict the processing of your personal data;

h.              the right to lodge a complaint with the supervisory authority (the President of the Office for the Protection of Personal Data based in Warsaw ul. Stawki 2, 00-193 Warsaw).

VI.           Period of retention of personal data

 

The Controller will store and process the personal data of the Website users and of the Company’s customers for the period necessary to fulfil the purposes of the processing indicated in section III of this Privacy Policy or in accordance with mandatory legal provisions, i.e., for example, until the end of the contract between the Company and the customer. Once the purpose of the processing has been achieved, the Controller will delete or anonymise the personal data and, where it intends to process the data for analytical purposes, will pseudonymise the data in order to use the data to the extent adequate and necessary for the specified purposes of the processing, in such a way that the data subjects cannot be identified.

VII.      Security

The Controller applies appropriate and adequate technical and organisational measures to ensure an adequate level of security and integrity of your personal data, using proven technological standards to prevent unauthorised access to your personal data.

 

VIII.     Cookies

 

Cookies are small text files that the Website’s page saves on your computer or mobile device when you browse the Website. Cookies usually contain the name of the originating domain, its storage time on the terminal equipment and an individual, randomly selected, unique number identifying the file. The information collected by these files helps to customise the Website to the individual preferences and actual needs of users. They also provide the opportunity to compile general statistics on the use of the Website and to maintain the user’s session.

The entity placing cookies on the user’s terminal equipment and accessing them is the Controller.

The information collected through cookies is solely for the purpose of ensuring the proper functioning of the Website and for analytical, statistical and marketing purposes, as well as to tailor information to the Website user.

 

The Website uses the following cookies:

 

a.     “Necessary” cookies to enable the use of services offered on the Website, e.g. authentication cookies used for services requiring authentication on the Website;

b.     “Performance / Analytical” cookies that collect information about the use of a site, such as the pages visited by a given user and any error messages; they do not collect information that identifies the user and the data collected is aggregated so that it becomes anonymous. Analytical cookies are used to improve the performance of the Website;

c.     “Functional” cookies that allow the website to remember any choices you make on the pages (such as changing the font size, adjusting the page);

d.     “Advertising” cookies – in order to promote certain products, articles or services, we may use advertisements that display on other websites. This type of cookie is used to make advertising messages more relevant and tailored to the preferences of the Website users.

In many cases, the web browsing software (web browser) allows cookies to be stored on the user’s terminal device by default. You can change your cookie settings at any time. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the settings of your web browser or inform you each time they are placed on you device.

You may restrict or disable access of cookies to your computer; however, the Controller reserves that, despite the utmost care, in certain cases the non-use of cookies may lead to reduced functionality of the Website.

The Controller reserves the right to use third parties to compile statistics on the use of the Website. No data identifying users will be passed on to such entities.

IX.       Profiling

The data provided by users on the Controller’s websites will not be subject to automated decision-making or profiling.

X.        Information on the obligation to provide personal data

Any Personal Data provided to the Company is provided by you voluntarily, in connection with the use of the functionalities of the Website or the establishment of a relationship with the Data Controller or entering into a commercial relationship with the Data Controller. Failure to provide the necessary information will prevent the performance of contracts or the use of website functionalities (e.g. ordering newsletters or contact via contact forms).

XI.       Amendments

The Privacy Policy may be amended by the Controller at any time. In such case, the Controller shall publish an updated version of the Privacy Policy on the relevant Website page and inform the users of such changes and their effective date.