§ 1. General Regulations
1. The following Privacy Policy of the Online Store www.gonature.pl is directed at the Online Store Customers and specifies the type, range and method of using the data, the rights and obligations of the Customer and the protection of personal data. Absence of consent by the Customer of the following Privacy Policy is tantamount to the inability to use the services of the Online Store.
2. The Privacy Policy i san integral part of the Online Store Regulations, and the definitions in the Regulations are applicable to the following Privacy Policy, unless specific expressions or phrases are otherwise defined in the following Privacy Policy.
3. Regulations of the Online Store are available at www.gonature.pl
4. The administrator of personal data provided by the Shop's Customers is GoNature Sp. z o.o. with headquarters located at Poznań at Plac Andersa 7, NIP (VATIN) PL7792477677, REGON 369010366, entered in the Register of Entrepreneurs kept by the Poznań District Court - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the number KRS 0000710090, with share capital of PLN 50,000, -mail: info@gonature.pl - hereinafter referred to as the "Administrator" and also being the "Service Provider" of the Online Store.
5. The Customer’s personal data is processed in accordance with the protection of personal data Act of 10th May 2018, and the GDPR Regulation of 27th April 2016.
6. The Online Store may contain links to other websites. After switching to other websites, the Administrator encourages to read the applied privacy policy of that given website.
7. The administrator applies technical and organisational measures to protect the processed personal data, appropriate to the threats and category of data being protected, in particular, protects data from unauthorized access, unauthorized removal, processing in violation of applicable laws and changes, loss, damage or destruction.
8. The Administrator provides the following technical measures to prevent the unauthorized access and modification of electronically sent personal data:
a. Securing the data set against unauthorized access.
b. Access to the Account is only granted after providing an individual login and password.
c. SSL certificate.
§ 2. The purpose and range of data collection and data recipients
1. Each time the purpose, range, and recipients of the data, processed by the Administrator, is a result of actions undertaken by the Customer at the Online Store.
2. The Administrator processes the Customer’s personal data for one of the several following reasons:
a. conclusion of a contract for the provision of electronic services with the Customer (eg. an Individual Customer Account) and in connection with the performance of this contract - the basis for processing customer's personal data is the necessity to perform a contract, which the customer is a party, or take action on its request before its conclusion (art. 6 (1) b of the GDPR Regulation).
b. conclusion of a Sales Agreement with the Customer and in connection with the performance of the following contact – the basis for the Customer’s personal data processing is the need to perform a contact that the Customer is a party to, or take action the at the Customer’s request prior to its conclusion (Art. 6 (1) point b of the Regulation)
c. direct marketing of the Administrator's own products or services – the basis for processing the Customer's personal data is the legitimate interest of the Administrator, which consists of marketing activities (Article 6 (1) point f of the GDPR Regulation), subject to point d.
d. direct marketing in the form of sending commercial and marketing information in a Newsletter - the basis for processing the customer's personal data is the Customer's consent to the processing of their personal data for such purpose, i.e. consent to receive the Newsletter (Article 6 (1) point a) of the GDPR Regulation ).
e. handling and processing of customer complaints – the basis for the Customer’s personal data processing is the need to comply with the Administrator’s legal obligation (Article 6 (1) point c of the GDPR Regulation).
f. statistical and analytical - the basis for processing the Customer’s personal data is the legitimate interest of the Administrator, which consists in conducting analyses of customer behaviour and activity, as well as their preferences aiming to improve the quality and adequacy of the functionalities and services provided (Art. 6 (1) point f of the GDPR Regulation).
g. any determination, investigation or defence of claims that may be raised by the Administrator or which may be raised against the Administrator - the basis for processing the Customer's personal data is the legitimate interest of the Administrator which is to protect his rights (Art. 6 (1) point f of the GDPR Regulation).
h. Fulfilment of statutory obligations incumbent upon the Administrator, in particular resulting from tax and accounting regulations – the basis for processing the Customer’s personal data is the need to comply withe the legal obligation of the Administrator (Art. 6 (1) point c of the GDPR Regulation).
3. The Customer submits his personal data to the Administrator on a voluntary basis, and provided that the failure to hand over specified data prevents Registration and the creation of an individual Customer Account, as well as prevents the Customer from placing and processing their order, which inhibits concluding the Sales Agreement.
4. The Customer may withdraw their consent, to receive commercial and marketing information, by e-mail in the form of a Newsletter at any time by sending a relevant request to GoNature Sp. z o.o., via e-mail to the following address: info@gonature.pl or a written request to the following address: GoNature Sp. z o.o., Plac Ansersa 7, 61-894 Poznań.
5. The Administrator, using the Online Store, may process the following personal data of the Customer: name and surname; e-mail address; date of birth; contact telephone number; delivery address (street, house number, apartment number, zip code, city, country); address of residence/ business/ headquarters (if different from the delivery address). In the case of non-consumer Clients, the Administrator may additionally process the Customer’s business name and their Tax Identification Number (NIP). Additionally, for statistical and analytical reasons, the Administrator may process: The Customer’s IP address, screen resolution, type of device, name and version of the Customer’s internet browser, quantity and type of ordered products, date and time of ordered products, customer payment method, comments and supplementary information regarding the Customer’s order, Customer’s activity history within the Online Shop Website.
6. For the reasons described in § 2 para. 2, with the exception of processing as to fulfil the legal obligation, the Administrator may profile the Customer's personal data, i.e. automatically analyse it, in order to obtain information on preferences and interests. However, this processing will not have legal effects or have a significant effect on the Customer.
7. Possible recipients of personal data of the Online Store Customers’ are:
a. in the case of a Customer who uses the courier delivery method at the Online Store - a selected carrier or intermediary performing the shipments at the request of the Administrator - to the extent necessary for the delivery.
b. In the case of a Customer who uses the Online Store’s payment method through PayLane Sp. z o.o. to the extent necessary for fulfil the payment.
c. entities that provide the Administrator with hosting, administration, maintenance and management services, as well as services in the field of message optimization - to the extent necessary for the implementation of the above-mentioned services.
d. law offices providing legal services to the Administrator - to the extent necessary for the implementation of the above-mentioned services,
e. entities providing accounting or auditing services to the Administrator - to the extent necessary for the implementation of the above-mentioned services.
f. entities providing debt collection services to the Administrator - to the extent necessary for the implementation of the services mentioned above.
g. other entities with whom the Administrator concluded a contract to entrust the processing of personal data.
8. The Customer’s personal data will be stored – depending on the range of activities undertaken by the Customer at the Online Store:
a. until the electronic service is terminated by the Administrator (eg. deleting an Individual Customer Account), and then for the period and within the range required by law, as well as the period resulting from the limitation of claims based on the contract with the Customer.
b. until the completion of the Sales Agreement, and then for the period and range required by law and for the period resulting from the limitation of claims based the contract with the Customer.
c. for personal data provided in relation to the Customer's complaint - for the period necessary to consider the complaint.
d. in the case of processing personal data based on the Administrator's legitimate interest, particularly for direct marketing purposes - until the Customer raises an objection to such processing. After this time, the data will no longer be processed for direct marketing, however, their further storage may be necessary to perform the contract or due to the law.
9. The customer has the right to access their data and the right to rectify, delete, limit processing, the right to transfer data, the right to withdraw consent at any time without affecting the lawfulness of processing (if processing takes place on the basis of consent), which was made on the basis of consent before its withdrawal.
10. The Customer has the right, at any time, to object - due to reasons related to their Particular situation - to the processing of personal data based on a legitimate interest of the Administrator or public interest (Art. 6 (1) point e and f of the GDPR Regulation), including profiling based on these provisions. The Administrator will no longer process such personal data unless he demonstrates the existence of legally valid grounds for processing that override the Customer's interests, rights and freedoms, or the grounds for determining, investigating or defending claims. If personal data is processed for direct marketing purposes, the Customer has the right to object at any time to the processing of personal data concerning them, for the needs of such marketing, including profiling, to the extent to which the processing is related to such direct marketing. If the Customer objects to the processing for direct marketing purposes, the Administrator will no longer process the Customer's personal data for such purposes.
11. The Customer has the right to lodge a complaint to the President of the Office of Personal Data Protection, in matters related to the processing of their personal data.
§ 3. The Cookie Policy
1. Cookie files (known as "cookies") are IT data, in particular text files, which are stored in the end device of the Shop’s Customer and are intended for using by the Store's websites. Cookies usually contain the name of the website from which they originate, their storage time on the end device and a unique number.
2. The entity inserting cookies on the terminal equipment of the Shop’s Customer and obtaining access to them is the Online Store.
3. Cookie files are used in order to:
a. Adjust the content of the Internet Store’s Website to Customer preferences and optimising the use of websites; in particular, these files allow recognition of the Store’s Customer device and properly display the website, tailored to their individual needs;
b. Creating statistics that help understand the use of the website by the Online Store’s Customers, which allows improving its structure and content;
c. Maintenance of the Websites’ Customer session (after logging in), thanks to which the Customer does not have to re-enter their login and password on every subpage of the Website;
4. The Shop uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the end device of the Client until the user leaves the website or disables the software (web browser). Persistent cookies are stored in the Customer's end device for the time specified in the cookie file parameters or until the Customer removes them.
5. As part of the Store the following types of cookies are used:
a. „Strictly necessary” cookie files, enabling the use of services available in the Online Store, e.g. authentication cookies used for services that require authentication within the Store;
b. Cookies used to ensure security, for example used to defect fraud within the area of the store’s authentication;
c. „Performance” cookie files, enabling the collection of information regarding the use of the Store’s websites;
d. „Functional” cookie files, which allow „remembering” the settings selected by the Customer and personalisation of the Customer’s interface, e.g. in terms of the language or region of the Customer’s origin, font size, website appearance, etc.;
e. „Advertising” cookie files, enabling delivery of advertising content tailored to the Customer’s interests.
6. In many cases, the software used to browse websites (web browser) by default allows the storage of cookies on the end device of the Customer. The Shop's customer can change the settings for cookies at any time. These settings can be changed in such a way, as to block the automatic handling of cookies on the web browser's settings or inform about their every posting in the Store's Customer device. Detailed information about the possibilities and ways of handling cookies is available in the software (web browser) settings.
7. The Store Operator informs that the restrictions regarding the use of cookie files may affect some of the functionalities available on the Store’s websites.
8. More information about cookie files is available at www.wszystkoociasteczkach.pl.
