Privacy Policy and Cookie Policy

www.margaretshoes.pl

effective from 01.11.2023


§ 1

GENERAL PROVISIONS

1.We inform you that the Privacy Policy and Cookie Policy of our website www.margaretshoes.pl is for informational purposes only, meaning that it is not a source of obligations for users of the website. The Privacy Policy primarily contains rules regarding the processing of personal data by the Administrator on the website, including the legal basis, purposes, and scope of personal data processing, as well as the rights of individuals whose data is processed. It also provides information on the use of cookies and analytical tools on the website.


2.Our goal is to ensure the security and protection of users' personal data on the website in accordance with the applicable law, especially the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR"). The official text of the GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679


3.The administrator of your personal data is: MARGARET Spółka z ograniczoną odpowiedzialnością with its registered office in Złotoryja, address: ul. Stroma 8, 59-500 Złotoryja, entered in the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, under the number 0000826459, with share capital of 5,000 PLN, Tax Identification Number (NIP): 8971875633, REGON: 38544608000000. The Administrator independently performs the tasks of the Data Protection Officer. You can contact the Administrator via email: malgorzata.gawrzydek@margaretshoes.pl


4.The use of the website is voluntary, as is the provision of personal data by users of the website.

5.The Administrator undertakes to exercise special care to protect the interests of individuals whose data it processes. In particular, the Administrator declares that the data collected by them are:

a) processed in accordance with applicable law;

b) collected for specific purposes that are in accordance with applicable law;

c) not subjected to further processing inconsistent with the purposes referred to in § 1 para. 5 lit. b;

d) factually correct and adequate in relation to the purposes for which they are processed;

e) stored in a way that allows the identification of the persons to whom they relate;

f) stored for a period not longer than necessary to achieve the purpose of processing;

g) processed in a manner ensuring adequate security of personal data, in particular protection against unlawful or unauthorized processing, and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.


6.The Administrator applies appropriate technical and organizational measures to ensure data processing in accordance with this regulation. If necessary, an analysis and update of the described measures are carried out. The Administrator undertakes to use technical measures to prevent access to and modification of personal data transmitted electronically by unauthorized persons.


7.By accepting this Privacy Policy, you consent to the principles of processing your personal data in connection with the use of this website.


§ 2

DEFINITIONS

The terms used in this Policy mean:

1.Administrator – MARGARET Sp. z o.o. Spółka z ograniczoną odpowiedzialnością with its registered office in Złotoryja, address: ul. Stroma 8, 59-500 Złotoryja, entered in the National Court Register kept by the District Court in Wrocław-Fabryczna in Wrocław, under the number 0000826459, with share capital of 5,000 PLN, Tax Identification Number (NIP): 8971875633, REGON: 38544608000000


2.Personal data – information about an identified or identifiable natural person through one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including the IP address of the device, internet identifier, and information collected through cookies or other similar technologies.


3.Policy – this Privacy Policy.


4.GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.


5.Website/Service – Website operated by the Administrator at www.margaretshoes.pl


6.User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.


7.Cookies – small text files saved on the User's device when using the Website, and any other similar technologies used to collect information about the User's activity on the Website. Cookies may come from the Administrator or trusted partners of the Administrator.


8.Cookies Policy – this Cookies Policy.



§ 3

BASIC DATA PROCESSING PRINCIPLES

1.Using the Service – personal data of Service Users (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Administrator:


1.1 For the purpose of providing electronic services in the scope of providing Users with content stored on the Service – in this case, the legal basis for processing is the necessity of processing to perform the contract (Art. 6(1)(b) GDPR).

1.2 For analytical and statistical purposes – in this case, the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR) consisting of analyzing the activity of Users and their preferences to improve the applied functionalities and provided services.

1.3 For the eventual establishment and pursuit of claims or defense against them – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR) consisting of protecting their rights.


2.The Administrator provides the option to contact them using the electronic contact form on the Website. Using the form requires providing personal data necessary to establish contact with the User and respond to their inquiry. The User may also provide other data to facilitate contact or handle the inquiry. Providing data marked as mandatory is required to accept and process the inquiry; failure to provide them results in the inability to process the inquiry. Providing other data is voluntary. Personal data is processed:

a) For the purpose of identifying the sender and handling their inquiry sent via the provided form – in the scope of data necessary to establish contact or handle the inquiry, the legal basis for processing is the necessity of processing to perform a contract for the provision of services (Art. 6(1)(b) GDPR).

b) For the purpose of identifying the sender and handling their inquiry sent via the provided form – in the scope of data not necessary to establish contact or handle the inquiry, the legal basis for processing is the User's consent (Art. 6(1)(a) GDPR).

c) For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of conducting analyses of Users' activity and preferences during the use of the Service and the way of using the account to improve applied functionalities.


3.In the case of directing correspondence to the Administrator via email, personal data included in such correspondence are processed solely for communication and resolving the matter related to the correspondence. The legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR) consisting of conducting correspondence addressed to them in connection with their business activity. The Administrator processes only data relevant to the matter of the electronic correspondence. The entire correspondence is stored in a manner ensuring the security of the contained personal data and is disclosed only to authorized persons.

4.In the case of contacting the Administrator by phone, the Administrator may request personal data only when necessary to handle the matter related to the contact. The legal basis in this case is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR) consisting of the need to resolve the reported issue related to their business activity.

5.Using the Website involves sending queries to the server where the site is stored. Each query directed to the server is recorded in server logs. Logs include, among other things, your IP address, server date and time, information about the web browser, and operating system you use. Logs are saved and stored on the server. The data stored in server logs are not associated with specific individuals using the site and are not used by the Administrator to identify you. Server logs are only auxiliary material used to administer the site, and their content is not disclosed to anyone except persons authorized to administer the server.)


§ 4

DATA PROCESSING PERIOD ON THE WEBSITE

1.The processing period of data by the Administrator depends on the type of service provided and the purpose of processing. The Administrator informs that the User's data is processed for the duration of using the Service or conducting correspondence with the User.


2.The data processing period may be extended if processing is necessary to establish and pursue potential claims or defend against them. After this period, your data will only be processed if and to the extent required by legal regulations. After the processing period has expired, your data will be irreversibly deleted or anonymized.)


§ 5

RECIPIENTS OF PERSONAL DATA ON THE WEBSITE

1.To ensure the proper functioning of the website, the Administrator needs to use services from third-party/external entities (such as services providing IT system maintenance and hosting, email service providers, subcontractors, and assignees involved in work on the website). The Administrator declares that they exclusively use the services of external entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the processing complies with the requirements of the GDPR and protects the rights of individuals whose personal data is concerned.


2.The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and related to ensuring an adequate level of protection, primarily by cooperating with entities processing personal data in countries for which the European Commission has issued an adequacy decision regarding the provision of an adequate level of data protection, using standard contractual clauses issued by the European Commission, applying binding corporate rules approved by the relevant supervisory authority. In the case of transferring data to the USA, the Administrator cooperates with entities participating in the Privacy Shield program approved by the European Commission. The Administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection. The Administrator transfers collected personal data only when necessary and to the extent necessary to achieve the specific purpose of processing data in accordance with this Privacy Policy.


3.The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the Privacy Policy – the Administrator transfers data only when necessary to achieve the specific purpose of processing personal data and only to the extent necessary for its realization.)


§ 6

USER RIGHTS

1.We inform you that, in accordance with local and European data protection regulations, you have the following rights:

  • Right of access to data ("to obtain information about your personal data") – the right to obtain information about your personal data that we process;
  • Right to obtain a copy of data – the right to receive from us a copy of personal data concerning the person making such a request;
  • Right to rectification of data ("to correct your personal data") – the right to request us to correct or supplement your data if it is incorrect or incomplete,
  • Right to limit data processing – the right to request us to limit or cease processing your personal data, which we store for a specified period or indefinitely; in some cases, fulfilling this request may be impossible if it is associated, for example, with the fulfillment of a legal obligation,
  • Right to erasure of data ("right to be forgotten") – the right to request us to erase your personal data to the extent permitted by law. In certain circumstances, fulfilling your request may be impossible, for example, if processing is necessary to fulfill a legal obligation or perform a contract,
  • Right to data portability ("transferring personal data") – the right to request us to directly transfer to you personal data concerning you. This applies to specific personal data if it is processed in an automated manner and with your consent or based on a contract you have concluded with us. In accordance with your instructions and to the extent of our technical capabilities, we may transfer your personal data to a third party specified by you.
  • Right to object - the right to object to the processing of your personal data. The reasons for objection should relate to your individual situation and processing based on a condition in the form of a legally justified legal basis.
  • Right to object to direct marketing – if personal data is processed for the purposes of direct marketing, the person whose data is concerned has the right to object at any time to the processing of their personal data for the purposes of such marketing, including profiling, to the extent that processing is related to such direct marketing.
  • Right to withdraw consent to the processing of personal data – the right to withdraw consent to the processing of your personal data at any time; for example, after giving consent to receive information about our services, you have the right to withdraw it at any time. Withdrawal of consent will not affect the lawfulness of the processing of your personal data that took place before such withdrawal.
  • Right to lodge a complaint with the supervisory authority – the person whose data is processed by the Administrator has the right to lodge a complaint with the supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.

2.To exercise the rights mentioned in §6 sec. 1 of the Privacy Policy, you can contact the Administrator by submitting a relevant request in writing or by email to the email address: malgorzata.gawrzydek@margaretshoes.pl or by using the contact form available on the website.


3.The Administrator declares that they store information about the submitted request and the person who submitted it to ensure the possibility of demonstrating compliance and for the purpose of establishing, defending, or pursuing any claims by users. The request register is kept in a manner that ensures the integrity and confidentiality of the data it contains.)



§ 7

COOKIE POLICY AND CONTENT ANALYTICS

1.In order to optimize the Website and analyze internet traffic on the Website, we use Cookies. Therefore, the Administrator and other entities providing analytical and statistical services on its behalf use cookies, storing information or gaining access to information already stored on the User's telecommunications end device (computer, phone, tablet).


2.Cookies are small text files saved on the User's device while using the Website and any other similar technologies used to collect information about the User's activity on the site. Cookies can come from the Administrator or from trusted partners of the Administrator. Detailed information about Cookies is available, among other places, at the website address: https://en.wikipedia.org/wiki/HTTP_cookie.


3.Cookies that may be sent by the Website can be divided into various types according to the following criteria:

  • due to their provider: own (belonging to the Administrator, created by the Website), belonging to third parties;
  • due to the purpose of their use: necessary, preferential, analytical/performance, marketing/advertising, social;
  • due to the period of their storage on a specific device: session (temporary), permanent.


4.The Administrator may process data contained in Cookies when visitors use the Website only for the following purposes:

  • enabling the use of services available within the Service (necessary cookies);
  • optimizing the use of the Website (preferential cookies);
  • conducting statistics illustrating how the Website is used (analytical cookies);
  • displaying, graphically presenting digitally stored advertising content, limiting the number of ad views, ignoring ads, measuring the effectiveness of advertising messages, personalizing ads (marketing/advertising, social cookies).


5.The Administrator informs that most internet browsers available on the market by default accept the storage of Cookies. Each User has the ability to independently decide on the conditions of using Cookies on the Website using the settings of their internet browser. The User can partially limit or completely prevent the possibility of storing Cookies – in the latter case, however, it may affect some functionalities of the Website.


6.Internet browser settings regarding Cookies are important from the point of view of consent to the use of Cookies by our Website – in accordance with the regulations, such consent can also be expressed through the settings of the internet browser.


7.The Administrator informs that, for statistical purposes and for the analysis of traffic on the Website, they may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The collected data is of an aggregate nature. When using the above services on the Website, the Administrator collects data such as sources and medium of acquiring visitors to the Website, their behavior on the Website, information about devices and browsers from which they visit the site, IP and domain, geographical data, as well as demographic and interest data.


8.The Administrator informs that the User of the Website has the right to block information about their activity on the Website. To block the acquisition of data for statistical purposes by Google Ireland Ltd., you can, for example, install a browser add-on provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=en.


9.Due to the possibility of the Administrator using advertising and analytical services provided by Google Ireland Ltd. on the Website, the Administrator points out that complete information about the processing of personal data of people visiting the Website (including information stored in Cookies) by Google Ireland Ltd. is available in Google's privacy policy at the following website: https://policies.google.com/technologies/partner-sites.)


§ 8

FINAL PROVISIONS

1.This Privacy Policy applies only to the Administrator's Website.

2.The Administrator reserves the right to update this Privacy Policy and Cookie Policy. This version is effective from November 2023.)