Catalog
Client
Language:
Currency:
+48732801983
Our location:
ul. Średnia 12, 93-368 Łódź, Poland
Phones:
Working hours
  • Mon–Fri: 9:00 AM – 6:00 PM
  • Sat: 10:00 AM – 6:00 PM
  • Sun: 10:00 AM – 6:00 PM
E-mail
info@vd-lingerie.com
We are on social networks
Go to contacts
0 0
Catalog
Main page
Wishlist
0
Compare
0
Contacts

Privacy Policy and cookies

1. GENERAL PROVISIONS

1.1. This Privacy Policy of the Online Store is for informational purposes, which means it is not a source of obligations for the Service Users or Clients of the Online Store. The Privacy Policy primarily contains rules related to the processing of personal data by the Administrator in the online store, including the basis, purpose, and scope of personal data processing, as well as the rights of the data subjects, and information about the use of cookies and analytical tools in the online store.

1.2. The Administrator of personal data collected through the Online Store is Khvoinytska Tetiana with headquarters in Lodz at ul. Średnia, no. 12, 93-368. Tax Identification Number (NIP) 7282901225. Regon 542635055 and email address: info@vd-lingerie.com – hereinafter referred to as the "Administrator," who is also the Service Provider of the Online Store and the Seller.

1.3. Personal data in the online store are processed by the Administrator in accordance with the applicable law, in particular in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as "GDPR" or "GDPR Regulation." The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679

1.4. The use of the online store, including making purchases, is voluntary. Likewise, the provision of personal data by a Client or User of the Online Store is voluntary, with two exceptions:

  • (1) conclusion of contracts with the Administrator – not providing them in cases and to the extent specified on the Online Store Website and in the Online Store Regulations and this personal data privacy policy, necessary for the conclusion and performance of a sales contract or an electronic service agreement with the Administrator, results in the inability to conclude this contract. The provision of personal data in this case is a contractual requirement, and if the data subject wants to conclude this contract with the Administrator, they are obligated to provide the necessary data. The amount of data necessary to conclude the contract is always determined in advance on the online store's website and in the online store's regulations;
  • (2) statutory obligations of the Administrator – the provision of personal data is a legal requirement resulting from generally accepted legal provisions that impose an obligation on the Administrator to process personal data (for example, data processing for the purpose of keeping tax or accounting books), and their non-provision will not allow the Administrator to fulfill these obligations.
  • 1.5. The Administrator takes special care to protect the interests of the data subjects whose personal data are processed, and in particular is responsible for and guarantees that the data collected by him: (1) are processed lawfully; (2) are collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; 3) are substantively correct and adequate in relation to the purposes for which they are processed; (4) are stored in a form that allows the identification of the data subjects for a period no longer than is necessary for the purpose of processing and (5) are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.

    • 1.6. Taking into account the nature, scope, context and purposes of the processing and the varying likelihood and severity of the risk to the rights and freedoms of natural persons, the Administrator applies appropriate technical and organizational measures to ensure that the processing is in accordance with this regulation and can demonstrate it. These measures should be reviewed and updated if necessary. The Administrator applies technical measures to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically.

    1.7. All words, expressions and acronyms appearing in this privacy policy and starting with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Online Store Regulations available on the Online Store's website.

    2. BASES FOR DATA PROCESSING

    2.1. The Administrator has the right to process personal data in cases and to the extent that at least one of the following conditions is met:

    • (1) the data subject has given consent to the processing of their personal data for one or more specific purposes;
    • (2) processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract;
    • (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or
    • (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular if the data subject is a child.

    2.2. The processing of personal data by the Administrator always requires the existence of at least one of the bases indicated in point 2.1 of the privacy policy. The specific bases for the Administrator's processing of personal data of the Users and Clients of the online store are indicated in the next point of the privacy policy - regarding this purpose of personal data processing by the Administrator.

    3. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE

    3.1. The purpose, basis, period and scope, as well as the recipients of personal data processed by the Administrator, always result from the actions taken by that User or Client in the Online Store. For example, if a Client decides to make purchases in the online store and instead of courier delivery, chooses personal pickup of the purchased Goods, their personal data will be processed for the purpose of fulfilling the concluded Sales Agreement, but will no longer be available to the carrier acting on behalf of the Administrator.

    3.2. The Administrator may process personal data in the online store for the following purposes, on the following bases, for the following periods, and in the following scope:

    Purpose of data processing Legal basis for processing and data retention period Scope of processed data
    Performance of a sales contract or an electronic service agreement or taking action at the request of the data subject prior to concluding the aforementioned agreements. Art. 6 sec. 1 lit. b) of the GDPR Regulation (contract performance) Data is stored for the period necessary for the performance, termination, or other expiry of the concluded contract. Maximum scope: name and surname; email address; phone contact number; delivery address (street, house number, apartment number, postal code, city, country), residence/business address/headquarters (if different from the delivery address). In the case of Users or Clients who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the User or Client. This scope is the maximum – in the case of, for example, personal pickup, there is no need to provide a delivery address.
    Direct marketing Art. 6 sec. 1 lit. f) GDPR (legitimate interest of the administrator) Data is stored for the period of the existence of the legitimate interest pursued by the Administrator, but no longer than for the period of prescription of claims against the data subject in connection with the business activity conducted by the Administrator. The prescription period is determined by legal provisions, in particular the Civil Code (the main prescription period for business matters is three years, and for sales contracts, it is two years). The Administrator may not process data for direct marketing if the data subject effectively objects to it. email address
    Expression of a Client's opinion regarding a concluded Sales Agreement Art. 6 sec. 1 lit. a) GDPR Data is stored until the data subject withdraws consent for further processing of their data for this purpose. Name and surname, email address
    Accounting Art. 6 sec. 1 lit. c) GDPR in connection with Art. 74 sec. 2 of the Accounting Act, i.e., from January 30, 2018 (Dz.U. 2018 poz. 395) Data is stored for the period provided for by legal provisions that impose on the Administrator the obligation to keep tax books (until the expiration of the statute of limitations for the tax liability, unless tax provisions state otherwise) or accounting books (5 years, counting from the beginning of the year following the financial year to which the data relates). Name and surname; residence/business address/headquarters (if different from the delivery address), company name and Tax Identification Number (NIP) of the Client or User.
    Establishing, pursuing, or defending claims that the Administrator may have or that may be brought against the Administrator Art. 6 sec. 1 lit. f) GDPR Data is stored for the period of the existence of the legitimate interest pursued by the Administrator, but no longer than for the period of prescription of claims against the data subject in connection with the business activity conducted by the Administrator. The prescription period is determined by legal provisions, in particular the Civil Code (the main prescription period for business matters is three years, and for sales contracts, it is two years). Name and surname; phone contact number; email address; delivery address (street, house number, apartment number, postal code, city, country), residence/business address/headquarters (if different from the delivery address). In the case of Users or Clients who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the User or Client.

    4. RECIPIENTS OF DATA IN THE ONLINE STORE

    4.1. For the proper functioning of the online store, including the performance of concluded sales contracts, the Administrator needs to use the services of external entities (such as, for example, a software provider, a courier, or a payment service provider). The Administrator uses the services of such processors who provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.

    4.2. The transfer of data by the Administrator does not occur in every specific case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it. For example, if a Client uses personal pickup, their data will not be transferred to a carrier cooperating with the Administrator.

    4.3. The personal data of the Users and Clients of the Online Store may be transferred to the following recipients or categories of recipients:

    • 4.3.1. Carriers/Forwarders/Courier brokers – in the case of a Client who uses postal or courier delivery for the Goods in the online store, the Administrator provides the collected personal data of the Client to the selected carrier, forwarder, or broker who carries out the shipment on behalf of the Administrator in the amount necessary to deliver the Goods to the Client.
    • 4.3.2. Business entities conducting electronic or payment card payments – in the case of a Client who uses electronic or payment card payment methods in the online store, the Administrator provides the collected personal data of the Client to the selected entity processing the aforementioned online payments – it stores on behalf of the Administrator the amount necessary to process the payment made by the Client.
    • 4.3.3. Public opinion survey system providers – in the case of a Client who has agreed to express their opinion on a concluded Sales Agreement, the Administrator provides the collected personal data of the Client to the selected entity that provides a survey system ensuring requests regarding concluded Sales Agreements in the online store at the request of the Administrator in the amount necessary for the Client to express their opinion using the public opinion survey system.
    • 4.3.4. Providers of services that provide the Administrator with technical, IT, and organizational solutions enabling the Administrator to conduct business, including the Online Store and services provided through it electronically (in particular, providers of computer software for running the Online Store, email and hosting providers, and providers of software for company management and providing technical support to the Administrator) - the Administrator provides the collected personal data of the Client to the selected provider acting on their behalf, only if and to the extent necessary to achieve a specific purpose of data processing in accordance with this privacy policy.
    • 4.3.5. Providers of accounting, legal, and advisory services who provide the Administrator with accounting, legal, or advisory support (in particular, an accounting firm, a law firm, or a debt collection company) – the Administrator provides the collected personal data of the Client to the selected provider acting on their behalf, only if and to the extent necessary to achieve a specific purpose of data processing in accordance with this privacy policy.

    5. PROFILING IN THE ONLINE STORE

    5.1. The GDPR Regulation imposes an obligation on the Administrator to provide information on automated decision-making, including profiling, referred to in Art. 22 secs. 1 and 4 of the GDPR Regulation and – at least in these cases – current information on the principles of their decision-making, as well as on the significance and anticipated consequences of such processing for the data subject. With this in mind, the Administrator informs in this point of the privacy policy about the possibility of profiling.

    5.2. The Administrator may use profiling in the Online Store for direct marketing purposes, but the decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement, or the possibility of using Electronic Services in the Online Store. The result of using profiling in the online store may be, for example, granting a discount to a specific person, sending them a discount code, reminding them of unfinished purchases, sending a Product Offer that may correspond to the interests or preferences of that person, or offering better conditions compared to the standard offer of the Online Store. Despite profiling, this person freely decides whether they want to use the discount or better conditions obtained in this way and make a purchase in the online store.

    5.3. Profiling in the online store involves the automatic analysis or prediction of human behavior on the online store's website, for example, by adding a specific product to the cart, viewing a specific product's page in the online store, or analyzing the history of previous purchases made in the online store. The condition for such profiling is that the Administrator has the personal data of the person in question to be able to send them, for example, a discount code.

    5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

    6. DATA SUBJECT RIGHTS

    6.1. Right to access, rectification, restriction, erasure, or portability – the data subject has the right to request from the Administrator access to their personal data, their rectification, erasure ("right to be forgotten") or restriction of processing, and has the right to object to processing and the right to data portability. The detailed conditions for exercising the aforementioned rights are specified in Art. 15-21 of the GDPR Regulation.

    6.2. Right to withdraw consent at any time. The data subject whose data is processed by the Administrator based on consent (in accordance with Art. 6 sec. 1 lit. a or Art. 9 sec. 2 lit. a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

    6.3. Right to lodge a complaint with a supervisory authority – the data subject whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and mode specified by the provisions of the GDPR Regulation and the provisions of Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.

    6.4. Right to object – the data subject has the right to object at any time – for reasons related to their particular situation – to the processing of personal data concerning them, on the basis of Art. 6 sec. 1 lit. e) (public interest or task) or f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the administrator may no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or grounds for the establishment, exercise, or defense of legal claims.

    6.5. Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling, insofar as the processing is related to such direct marketing.

    6.6. To exercise the rights specified in this point of the privacy policy, you can contact the Administrator by sending a written or email message to the Administrator's address specified at the beginning of the privacy policy, or by using the contact form available on the online store's website.

    7. COOKIES IN THE ONLINE STORE, OPERATIONAL DATA, AND ANALYTICS

    7.1. Cookies are small text-based information files, sent by a server and stored on the side of the person visiting the online store's website (e.g., on the hard drive of a computer, laptop, or smartphone) – depending on which device the person visiting our online store uses). Detailed information about cookies and the history of their creation can be found here: http://en.wikipedia.org/wiki/HTTP_cookie

    7.2. The Administrator may process data contained in cookies when visitors use the online store's website for the following purposes:

    • 7.2.1. identifying Clients as logged in to the Online Store and showing that they are logged in;
    • 7.2.2. remembering goods added to the cart for the purpose of placing an Order;
    • 7.2.3. remembering data from completed Order Forms, surveys, or data for logging in to the online store;
    • 7.2.4. adapting the content of the online store's website to the individual preferences of the Service User (e.g., regarding colors, font size, page layout) and optimizing the use of the online store's pages;
    • 7.2.5. conducting anonymous statistics showing the manner of using the online store's website;
    • 7.2.6. remarketing, i.e., studying the behavior of people visiting the online store through anonymous analysis of their activity (e.g., repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements considering their expected interests, also when visiting other sites in the Google Inc. and Facebook Ireland LLC advertising network.

    7.3. As a standard, most web browsers available on the market accept the saving of cookies by default. Everyone has the option to determine the conditions for the use of cookies through the settings of their own web browser. This means that you can, for example, partially limit (e.g., temporarily) or completely disable the possibility of saving cookies – in the latter case, however, this may affect some functionalities of the online store (e.g., it may not be possible to follow the order path through the Order form due to the fact that the Products are not saved in the cart during subsequent steps of placing the Order).

    7.4. The web browser settings regarding cookies are important from the point of view of consent to the use of cookies by our online store – according to the regulations, such consent can also be expressed through the web browser settings. If there is no such consent, you must change the settings of your web browser regarding cookies.

    7.5. Detailed information on changing cookie settings and deleting them on your own in the most popular web browsers is available in the help section of the web browser and on the following websites (just click on the given link):

    • in Chrome
    • in Firefox
    • in Internet Explorer
    • in Opera
    • in Safari
    • in Microsoft Edge

    7.6. The Administrator may use the services of Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CALIFORNIA 94043, USA). These services help the Administrator analyze traffic in the online store. The collected data is processed within the above services anonymously (these are so-called operational data that prevent personal identification) in order to create statistics useful in administering the online store. This data is collective and anonymous, i.e., it does not contain identifying features (personal data) of the people visiting the online store website. The Administrator, using the above services in the online store, collects data such as the sources and methods of acquiring people visiting the online store and their behavior on the online store's website, information about the devices and browsers from which they visit the site, IP and domain, geographical and demographic data (age, gender), and interests.

    7.7. This person can easily block the sharing of information about Google Analytics on the online store's website – to do this, you can install a browser application provided by Google Inc. ("Google") available here: https://tools.google.com/dlpage/gaoptout?hl=en

    7.8. The Administrator may use the Facebook Pixel service in the online store provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator measure the effectiveness of advertisements and find out what actions people visiting the online store take, as well as display personalized advertisements to these people. Detailed information about the operation of the Facebook Pixel can be found at the following internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content

    7.9. Facebook Pixel can be managed using the ad settings on the Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

    7.9.1 Use of advertising data (TikTok Pixel)

    On our website, we use marketing tools such as TikTok Pixel to better understand user behavior and optimize our advertising activities. TikTok Pixel allows us to track actions such as:

    • visiting product pages,
    • adding products to the cart,
    • making a purchase.

    Thanks to this data, we can provide our customers with more relevant advertisements and analyze the effectiveness of our marketing campaigns. Information collected by TikTok may include data about the browser, device, time spent on the page, and interactions with page elements.

    How do we protect your data?

    All data is processed in accordance with applicable law, including the General Data Protection Regulation (GDPR). We do not transfer personal data to third parties without your consent unless required by law. More information about TikTok's data processing can be found in their privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en

    8. FINAL PROVISIONS

    8.1. The online store may contain links to other websites. The Administrator encourages you to familiarize yourself with the privacy policy contained there after navigating to other websites. This privacy policy applies only to the Administrator's online store.