§ 1 Introduction
This Privacy Policy sets out the principles for the processing of personal data obtained through the online shop www.forestvitamin.pl (hereinafter referred to as the “Online Shop”).
The owner of the Internet Shop and, at the same time, the data administrator is Great Mass S.C. ul. Prosta 16A, 30-814 Kraków. NIP: PL 6799 30 36 561, REGON 121234075
Personal data collected by Great Mass S.C. through the Online Shop are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also known as RODO.
Great Mass S.C. takes special care to respect the privacy of Customers visiting the Online Shop.
§ 2 Type of data processed, purposes and legal basis
Great Mass S.C. collects information concerning natural persons performing a legal action not directly related to their activity, natural persons conducting a business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to which the Act grants legal capacity, conducting a business or professional activity on their own behalf, hereinafter collectively referred to as Customers.
Customers’ personal data are collected in the event of:
– registration of an account in the Online Shop, in order to create and manage an individual account. Legal basis: necessary for the performance of the contract for the provision of the Account service (Article 6(1)(b) RODO);
– the use of the contact form service on the Online Shop for the performance of the contract provided electronically. Legal basis: necessity for the performance of the contract
for the provision of the contact form service (Article 6(1)(b) RODO).
When registering an account with the Online Shop, the Customer provides:
– e-mail address;
– first and last name;
– telephone number.
When registering an account with the Online Shop, the Customer independently sets an individual password to access his/her account. The Customer may change the password at a later date.
In the case of Entrepreneurs, the above-mentioned scope of data is further extended by:
– Entrepreneur’s company;
– VAT number.
When using the Shop’s Website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
Navigation data may also be collected from Customers, including information about links and references they choose to click on or other actions they take in our Online Store. Legal basis – legitimate interest (Article 6(1)(f) RODO) to facilitate the use of electronically provided services and to improve the functionality of these services.
For the purpose of establishing, investigating and enforcing claims, certain personal data provided by the Customer as part of the use of the functionality on the Online Shop may be processed, such as name, surname, data on the use of the services, if the claims arise from the way the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – legitimate interest (Article 6(1)(f) RODO) to establish, assert and enforce claims and to defend against claims in proceedings before courts and other state authorities.
The provision of personal data to Great Mass S.C. is voluntary, in relation to concluded sales contracts or the provision of services via the Shop’s Website, with the proviso, however, that the failure to provide the data specified in the forms in the Registration process makes it impossible to register and set up a Customer Account, and in the case of placing an order without registering a Customer Account, it will make it impossible to place and complete the Customer’s order.
§ 3 To whom are data shared or entrusted and how long are they stored?
The Customer’s personal data is transferred to the service providers used by Great Mass S.C. in the operation of the Online Shop. The service providers to whom personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to the instructions of Great Mss S.C. . as to the purposes and means of processing such data (processors) or themselves determine the purposes and means of processing (controllers).
– Processors. Great Mass S.C. uses suppliers who process personal data exclusively on Great Mass S.C.’s instructions. These include, but are not limited to, suppliers providing hosting services, accounting services, suppliers of marketing systems, systems for analyzing traffic on the Online Shop, systems for analyzing the effectiveness of marketing campaigns;
– Administrators. Great Mass S.C. uses suppliers who do not act solely on instructions and determine themselves the purposes and uses of Customers’ personal data. They provide electronic payment and banking services.
– Location. The service providers are mainly based in Poland and in other countries of the European Economic Area (EEA).
Customers’ personal data is stored:
– If the basis for the processing of personal data is consent then the Customer’s personal data is processed by Great Mass S.C. as long as the consent is not revoked, and after revocation of the consent for a period of time corresponding to the period of limitation of claims that Great Mass S.C. may raise and that may be raised against it. Unless a specific provision provides otherwise, the limitation period is six years, and three years for claims for periodic benefits and claims relating to the conduct of business.
– Where the basis for data processing is the performance of a contract, then the Customer’s personal data shall be processed by Great Mass S.C. as long as it is necessary for the performance of the contract, and thereafter for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic performance and claims related to the conduct of business, three years.
If a purchase is made from the Online Shop, personal data may be transferred, depending on the Customer’s choice, to the following entities for the purpose of delivering the ordered goods:
– InPost Paczkomaty Sp. z o.o. with its registered office in Kraków, which provides delivery services and operates a system of post office boxes (Paczkomaty);
– Poczta Polska S.A. with its registered office in Krakow;
– DPD courier company
In the event that the Customer chooses to pay via the PayU system, his/her personal data are transferred to the extent necessary for the payment to be processed to PayU S.A. with its registered office in Poznań (60-166), at 182 Grunwaldzka Street, entered into the register of entrepreneurs kept by the District Court Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the number KRS 0000274399.
Navigation data may be used in order to provide Customers with better service, analyze statistical data and adjust the Internet Shop to Customers’ preferences, as well as to administer the Internet Shop.
If a request is made, Great Mass S.C.. shall make personal data available to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.
§ 4 Cookie mechanism, IP address
The online shop uses small files, known as cookies. They are stored by Great Mass S.C. . on the terminal device of the person visiting the Online Shop, if the Internet browser allows it. A cookie usually contains the name of the domain from which it originates, its “expiry time” and an individual random number identifying the cookie. The information collected through cookies of this type helps to adapt the products offered by Great Mass S.C. to the individual preferences and real needs of visitors to the Online Shop. They also provide the possibility of developing general statistics on the visits to the presented products in the Online Shop.
Great Mass S.C. uses its own cookies in order to:
– authenticating the Customer in the Internet Shop and ensuring the Customer’s session in the Internet Shop (after logging in), thanks to which the Customer does not have to, on to re-enter the login and password on each sub-page of the Internet Shop;
– analyses and research as well as audience auditing, in particular to create anonymous statistics which help to understand how the Customers use the Internet Shop’s website, which makes it possible to improve its structure and content.
Great Mass S.C. uses external cookies in order to:
– popularizing the Internet Shop by means of the social networking site facebook.com (administrator of external cookies: Facebook Inc. with its registered office USA or Facebook Ireland with its registered office in Ireland);
– Collecting general and anonymous statistical data via Google Analytics analytical tools (external cookie administrator external: Google Inc, based in the USA);
The cookie mechanism is safe for the computers of the Customers of the Internet Shop. In particular, it is not possible for viruses or other unwanted software or malware to enter Customers’ computers via this route. Nevertheless, Customers have the option in their browsers to limit or disable access of cookies to their computers. If this option is used, the use of the Online Shop will be possible, except for functions that by their nature require cookies.
Great Mass S.C. may collect Customers’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Online Shop by an Internet Service Provider. The IP number allows access to the Internet. In most cases, it is assigned to a computer dynamically, i.e. it changes each time it connects to the Internet, and is therefore generally treated as non-personal identifying information. The IP address is used by Great Mass S.C. to diagnose technical problems with the server, to create statistical analyses (e.g. to determine from which regions we record the highest number of visits), as information useful for administering and improving the Internet Shop, as well as for security purposes and the possible identification of unwanted automatic programmes for browsing the Internet Shop content overloading the server.
The Internet Shop contains links and references to other websites. Great Mass S.C. is not responsible for the privacy protection rules applicable to them.
§ 5 Rights of data subjects
Right to withdraw consent – legal basis: article 7(3) RODO.
– The customer has the right to withdraw any consent that Great Mass S.C. has given.
– The withdrawal of consent has effect from the moment the consent is withdrawn.
– The withdrawal of consent does not affect the processing carried out by Great Mass Sp.c in accordance with the law before its withdrawal.
– The withdrawal of consent does not entail any negative consequences for the Client consequences, but may prevent further use of services or functionalities which, in accordance with the law, Great Mass S.C. can provide only with consent.
Right to object to data processing – legal basis: article 21 RODO.
– The customer has the right at any time to object – for reasons related to his/her particular situation – against the processing of his/her personal data personal data, including profiling, if Great Mass S.C. processes his or her data based on a legitimate interest, e.g. marketing of products and services of Great Mass S.C., keeping statistics on the use of particular functionalities of the Internet Shop and facilitating the use of the Internet Shop Internet Shop, as well as satisfaction surveys.
– Opting out, in the form of an e-mail message, from receiving messages marketing messages concerning products or services will constitute an objection Customer to the processing of his or her personal data, including profiling for these purposes purposes.
– If the Customer’s objection proves to be legitimate and Great Mass S.C. has no other legal basis for processing the personal data, the personal data of the Customer will be deleted, against the processing of which, the Customer has raised an objection.
Right to erasure (“right to be forgotten”) – legal basis: article 17 RODO.
– The Customer has the right to request the erasure of all or some of his/her personal data personal data.
– The Customer has the right to request the erasure of personal data if:
– the personal data are no longer necessary for the purposes for which they were collected or for which they were processed;
– he/she has withdrawn specific consent, to the extent that the personal data were processed on the basis of his/her consent;
– he/she has objected to the use of his/her data for marketing purposes;
– the personal data is processed unlawfully;
– the personal data must be erased in order to comply with a legal obligation under Union or legal obligation under Union or Member State law Member State to which Great Mass S.C. is subject;
– the personal data were collected in connection with the offering of services information society services.
– Despite a request for the erasure of personal data, due to an objection or withdrawal of consent, Great Mass S.C.. may retain certain personal data insofar as the processing is necessary for the establishment, assertion or defense of claims, as well as for the fulfillment of a legal obligation requiring processing under Union law or the law of a Member State to which Great Mass S.C. is subject. This applies in particular to personal data including: name, surname, e-mail address, which data are retained for the purpose of handling complaints and claims relating to the use of Great Mass S.C.’s services, or additionally the address of residence/correspondence address, order number, which data are saved for the purpose of handling complaints and claims related to the concluded sales contracts or provision of services.
Right to restrict data processing – legal basis: article 18 RODO.
– The customer has the right to request the restriction of the processing of his/her personal data. The submission of a request, until it is considered, prevents the the use of certain functionalities or services, the use of which will involve the processing of the data covered by the request. Great Mass S.C. will also not send any communications, including marketing communications.
– The client has the right to request the restriction of the use of personal data in the following cases:
– when he questions the accuracy of his personal data – in which case Great Mass S.C. restricts the use of the personal data for the time needed to check the correctness of the data, but for no longer than 7 days;
– when the processing of the data is unlawful, and instead of deleting the data, the Client requests the restriction of its use;
– when the personal data are no longer necessary for the purposes for which they were collected or used but are needed by the Customer in order to establish, assert or defend his/her claims;
– when he/she has objected to the use of his/her data, in which case restriction shall be for the time necessary to consider whether, due to the particular situation, the protection of the interests, rights and freedoms of the Client outweighs the interests pursued by the Administrator in processing the Customer’s the Customer’s personal data.
Right of access – legal basis: article 15 RODO.
– The Customer has the right to obtain confirmation from the Controller as to whether it is processing personal data and, if this is the case, the Customer has the right to:
– gain access to his/her personal data;
– obtain information about the purposes of the processing, the categories of personal data processed personal data, about the recipients or categories of recipients of such data, the intended period of storage of the Customer’s data or the criteria for determine this period (when determining the planned period of data processing is not possible), about the Customer’s rights under the RODO and the right to lodge a complaint with a supervisory authority, about the source of of this data, about automated decision-making, including profiling and about the safeguards applied in connection with transfer of that data outside the European Union;
– obtain a copy of your personal data.
Right to rectification of data – legal basis: article 16 of the RODO.
– The customer has the right to request from the Administrator the immediate rectification of of personal data concerning him/her that are inaccurate. Z consideration of the purposes of the processing, the Data Subject Customer has the right to request the completion of incomplete personal data, including by providing an additional statement, by directing the request to the email address email address in accordance with §8 of the Privacy Policy.
Right to data portability – legal basis: article 20 RODO.
– The customer has the right to receive his/her personal data that he/she has provided to the Administrator and then send it to another personal data controller of his/her choice, administrator of the personal data. The customer also has the right to request that the personal data personal data be sent by the Administrator directly to such a Administrator, insofar as this is technically possible. In this case Administrator will send the Customer’s personal data in the form of a file in csv format,nformat, which is a commonly used, machine-readable andnmachine-readable format and allowing the data received to be sent to another administrator of the personal data.
In the event that the Customer makes a claim under the above-mentioned rights, Great Mass S.C. shall either comply with the request or refuse to comply with the request immediately, but no later than one month after receiving it. However, if – due to the complex nature of the request or the number of requests – Great Mass S.C. is unable to comply with the request within one month, it will comply with the request within a further two months by informing the Client in advance – within one month of receiving the request – of the intended extension of the deadline and the reasons for it.
The Customer may lodge complaints, queries and requests to the Administrator regarding the processing of his/her personal data and the exercise of his/her rights.
The Customer has the right to request Great Mass S.C. to provide a copy of the standard contractual clauses by directing the request in the manner indicated in §8 of the Privacy Policy.
The Customer has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding the violation of his/her data protection rights or other rights granted under the RODO.
§ 6 Services tailored to preferences and interests (profiling)
Profiling means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyze or forecast aspects relating to that individual’s performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement.
Customers’ personal data may be processed by automated means (profiling); however, this will not have any legal effect on them or similarly materially affect customers.
Profiling of personal data by Great Mass S.C. involves the processing of Customers’ data in an automated and manual manner, by using it to assess certain information about the Customer, in particular to analyze or forecast the Customer’s personal preferences and interests.
In order to reach the Customer with marketing messages through the Website of the Online Shop, Great Mass S.C. uses the services of external suppliers. These services consist of displaying marketing messages on the Websites of the Online Shop. For this purpose, external providers install, for example, an appropriate code or pixel to retrieve information about the Customer’s activity on the Online Shop Site. Details of the cookies used can be found in §4. Legal basis – Legitimate interest (Article 6(1)(f) RODO), consisting of tailoring marketing messages to preferences and interests.
In order to reach the Customer with marketing messages via the Online Shop Website, Great Mass S.C. uses its own cookie mechanisms to retrieve information about the Customer’s activity on the Online Shop Website. Details of the cookies used can be found in §4. Legal basis – Legitimate interest (Art. 6(1)(f) RODO) to tailor marketing messages to preferences and interests.
§ 7 Security management – password
Great Mass S.C. provides Customers with a secure and encrypted connection when transmitting personal data and when logging into the Customer Account on the Website. Great Mass S.C. uses an SSL certificate issued by one of the world’s leading companies for the security and encryption of data transmitted over the Internet.
In the event that a Customer with an account on the Website loses his/her access password in any way, the Website allows a new password to be generated. Great Mass S.C. does not send a password reminder. The password is stored in an encrypted form in such a way that it cannot be read. In order to generate a new password, it is necessary to provide an email address in the form available under the link “You do not remember your password”, provided at the log-in form for the account in the Online Shop. The Customer will receive an e-mail message to the e-mail address provided during registration or saved in the last account profile change, containing a redirection to the dedicated form made available on the Website of the Shop, where the Customer will have the opportunity to set a new password.
Great Mass S.C. never sends any correspondence, including electronic correspondence, requesting login details and, in particular, the password to access the Customer’s account.
§ 8 Changes to the Privacy Policy
The Privacy Policy is subject to change, of which Great Mass S.C. will inform Customers 7 days in advance.
Date of last modification: 22.09.2022 r.