PRIVACY AND COOKIES POLICY

PRIVACY AND COOKIES POLICY OF THE CONTROVERSY ONLINE STORE.

 
  1. This privacy policy of the Online Store (hereinafter: the “Policy”) is informational in nature, which means that it is not a source of obligations for the Customers of the Online Store (it is neither a contract nor terms and conditions).
  2. All words, expressions and abbreviations appearing on this page and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Terms and Conditions of the Online Store available in the CONTROVERSY Online Store.
  3. In the event of doubt or inconsistency between the Policy and the consents granted by a given person, regardless of the provisions of the Policy, the basis for the Administrator taking action and determining its scope is always the consents granted voluntarily or the provisions of law. In the event of such an inconsistency between the Policy and the content of the information clauses provided by the Administrator when collecting personal data (usually beneath the forms in the Online Store), the information the Customer should be guided by is the information provided to them as part of the aforementioned information clauses.
Who is the Administrator of Your Data? The administrator of personal data collected:
  • via the Online Store (including through the use of cookies or similar technology) or other channels of communication with the Customer;
  • obtained on the basis of the Customer’s online activity on the pages, subpages and profiles belonging to CONTROVERSY.
is Joanna Kacprzak, conducting business activity under the name: “C” DESIGNER Joanna Kacprzak, Poland, Łódź, ul. Jaracza 8, postal code 90-268, NIP 9472000644, REGON 384332629, www.controversyjeans.pl, hereinafter referred to as the “Administrator” and being at the same time the Seller. The Data Protection Officer is Joanna Kacprzak. You can contact our data protection officer by e-mail: biuro@controversyjeans.pl If you give additional consent, the administrators of data obtained on the basis of your online activity using technologies such as cookies may also be our partners. How do we take care of your data? The Customer’s personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L No. 119, p. 1) (hereinafter also: the “GDPR“) and other currently applicable provisions of personal data protection law, i.e. throughout the entire period of processing the given data. Personal data means information about an identified or identifiable natural person (hereinafter: “Personal Data“). An identifiable natural person is a person who can be identified directly or indirectly, in particular on the basis of an identifier such as a first and last name, an identification number, location data, an online identifier or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person. The Administrator takes particular care to protect the interests of the persons whose data it concerns, and in particular ensures that the data it collects is:
  • processed lawfully, fairly and in a manner transparent to the data subject;
  • collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;
  • adequate, relevant and limited to what is necessary for the purposes for which it is processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data is processed;
  • processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Aware of how important the privacy of Customers is, the Administrator protects not only visitors to the Online Store, but also Customers who have provided the Administrator with their Personal Data using other communication channels, i.e.:
  • the website https://www.facebook.com and all other websites marked or co-marked with the Facebook brand (including subdomains, international versions, widgets and mobile versions), whose operating rules are based on the regulations made available in particular at https://www.facebook.com/legal/terms, provided respectively by Facebook Inc. or Facebook Ireland Limited (hereinafter also: the “Facebook Service“), including via the Facebook Lead Ads function aimed at direct marketing of the Administrator’s own products or services. The rules for the protection and use of Personal Data by the Facebook Service are made available, for example, at: https://www.facebook.com/policy.php. The Administrator has no influence over the content of the Facebook Service’s legal regulations, including those concerning Personal Data.
  • applications enabling the Administrator to run advertising campaigns, including competitions, within the Facebook Service.
For what purposes is information about you used? The purpose and scope of the data processed by the Administrator result from the Customer’s consent or from the provisions of law and are specified as a result of actions taken by the Customer in the Online Store or within other channels of communication with the Customer. For example: (I) the Customer’s Personal Data may be processed in order to grant, present or provide them with offers and promotions dedicated to them and adjusted as far as possible to their preferences, only if the Customer has consented to this (not available to persons who have not given such consent); (II) if the Customer does not decide to make a purchase via the Online Store, but only makes a Reservation of selected Products through it, their Personal Data will not be made available to the carrier delivering shipments on the Administrator’s instruction. The possible purposes of the Administrator’s processing of Customers’ Personal Data are in particular:
  • concluding and performing an Agreement for the Provision of Services (Account) or taking action at the request of a future Customer before it is concluded (we process your data in order to run your Account, so that you can enjoy the benefits it offers, e.g. placing orders without having to fill in forms each time, access to your purchase history, managing your consents in the service, etc., and to enable you to use other services available on our website);
  • concluding and performing a Sales Agreement or taking action at the request of a future Customer before it is concluded (we need your personal data to fulfil your order and perform the concluded agreement – in particular to confirm its placement and to reserve or ship the selected product to you, as well as to contact you in this matter if necessary);
  • receiving and handling complaints;
  • running a competition, in particular selecting the competition winners and awarding the prizes;
  • presenting advertisements, offers or promotions (discounts) concerning the products or services of the Administrator and its partners (whose current list is provided within the Online Store) intended for all recipients, including sending advertisements by e-mail;
  • assessing and analysing the Customer’s activity and information about them, including within the automated processing of Personal Data (profiling), in order to present general advertisements, offers or promotions (discounts) concerning the products or services of the Administrator and its partners, in a manner adjusted to the given Customer’s interests (without, however, significantly affecting their decisions), and for market and statistical analyses;
  • pursuing claims and defending against claims, including those of third parties – when using most of the functionalities of the Online Store and the Application;
  • fulfilling legal obligations arising from regulations, e.g. tax and accounting ones, especially in the case of paid agreements;
  • conducting correspondence with Customers, including replying to Customers’ messages.
What information about you do we use? The Administrator may process in particular the following Personal Data of Customers:
  • of those using the Online Store:
    • Personal Data provided in the form when registering an Account or placing Orders in the Online Store (in particular: first and last name; e-mail address; contact telephone number; address [street, house number, flat number, postal code, town, country], residential/business/registered-office address [if different from the delivery address], bank account number, and in the case of Customers who are not consumers, additionally the company name and tax identification number [NIP]) and the remaining data collected while using the Online Store;
    • Personal Data provided in order to take part in competitions;
    • other data, in particular obtained on the basis of the Customer’s activity on the Internet, in mobile applications belonging to the Administrator, including obtained via the Online Store or other channels of communication with the Customer, including with the use of cookie technology and similar;
  • by completing the data contained in the Facebook Lead Ads form, the User provides the Administrator each time with the Personal Data indicated in the form, which may include in particular: first name, last name, e-mail address, telephone number.
Are you obliged to provide us with your data, and what are the possible consequences of not providing it? Providing Personal Data by the Customer in the Online Store is voluntary, but it is necessary to use certain functionalities of our store, for example for the Customer to place an Order and settle it (conclude and perform a Sales Agreement), register an Account or make a Reservation. In each case, the scope of data required to conclude the relevant agreement is indicated in advance in the Online Store (we mark the data whose provision is necessary to conclude the agreement/use a given functionality), within other channels of communication with the Customer, or in the Terms and Conditions. The consequence of not providing Personal Data may be the inability to effectively carry out the above actions. On what legal basis do we use information about you? The basis for processing the Customer’s Personal Data is primarily the necessity to perform an agreement to which they are a party or the necessity to take action at their request before it is concluded (Article 6(1)(b) GDPR). This applies primarily to Personal Data provided in the form during registration, when placing Orders and concluding a Sales Agreement or making a Reservation in the Online Store. Also in the case of Personal Data provided to us in connection with a Customer’s complaint, the legal basis for its processing is its necessity for the performance/handling of the sales agreement for the goods complained about. In the case of data processing operations for the aforementioned marketing purposes, the basis for such processing is the fulfilment of purposes arising from the legitimate interests pursued by the Administrator or its partners (Article 6(1)(f) GDPR), whereby in such a case the partners do not take part in processing the Customer’s data. On the other hand, to the extent that the Administrator’s partners may also have direct access to this information, the legal basis for such processing is the Customer’s freely given consent (Article 6(1)(a) GDPR). In turn, presenting, creating, granting and delivering advertisements, offers or promotions (discounts) dedicated to a given Customer, based solely on automated processing, including profiling, adjusted as far as possible to their preferences, which may affect the Customer’s consumer decisions, is based on the Customer’s freely given consent (Article 6(1)(a), Article 22(2)(c) GDPR). This, however, applies only to adult Customers. For other purposes, the Customer’s Personal Data may be processed on the basis of:
  • freely given consents – e.g. of persons entering competitions (Article 6(1)(a) GDPR);
  • applicable provisions of law – where processing is necessary to fulfil a legal obligation incumbent on the Administrator, e.g. where, on the basis of tax or accounting regulations, the Administrator settles concluded sales agreements (Article 6(1)(c) GDPR);
  • the necessity for purposes other than those listed above arising from the legitimate interests pursued by the Administrator or by a third party, in particular for establishing, pursuing or defending claims, conducting correspondence with Customers, also via contact forms (including replying to Customers’ messages), and for market and statistical analyses (Article 6(1)(f) GDPR).
Is your data subject to profiling and what does that mean for you? For the purposes of presenting general advertisements, offers or promotions (discounts) intended for all Customers, in a manner adjusted to the given Customer’s interests, the Administrator may familiarise itself with their preferences, e.g. by analysing how often they visit the Online Store and whether and which products they buy or reserve in the online store. This allows for a better understanding of the Customer’s expectations and adjustment to their needs, without, however, significantly affecting their decisions. Thanks to the Administrator’s use of advanced technologies, the above activities will often be carried out by the system in an automated manner, so that the content sent will be the most up to date and the Customer will be able to familiarise themselves with it quickly. In the case of adult Customers, the aforementioned analysis of interests or preferences will also serve to create, grant and deliver dedicated advertisements, offers or promotions (discounts) adjusted to them as far as possible, in an automated manner, which may produce legal effects towards them or similarly significantly affect them, potentially limiting other Customers’ access to them (an option not available to Customers who are not adults and have not consented to such actions by the Administrator). Such actions differ from ordinary “profiling” (i.e. e.g. adjusting our communications and banners to your interests) in that their result may significantly affect your choices as a consumer, i.e. for example the result may be a very advantageous, time-limited offer addressed exclusively to you based on your purchase history and behaviour on our website, which our other Customers will not have access to. The more often a given Customer uses the Administrator’s services and buys its products, the better the promotions and surprises that can be prepared for them. To whom may we transfer your data? In each case, the catalogue of recipients of Personal Data processed by the Administrator results primarily from the scope of services used by the Customer. The catalogue of data recipients also results from the Customer’s consent or from the provisions of law, and is specified as a result of actions taken by the Customer in the Online Store or the Application. Partners of the Administrator may participate in the processing of Personal Data to a limited extent, in particular those who technically help to run the Online Store or the Application efficiently, including communication with our Customers (e.g. they support us in sending e-mails, and in the case of advertising activities – also in marketing campaigns), providers of hosting or IT services, carriers or intermediaries delivering Order shipments, entities handling electronic payments or card payments in the Online Store, companies that service software, support the Administrator in marketing campaigns, as well as providers of legal and advisory services. As part of its marketing (advertising) activity, the Administrator uses the services of third parties who use cookies in the Online Store / Application. Is your data also transferred to third countries (outside the European Economic Area)? As part of the Administrator’s use of tools supporting its ongoing activity, made available e.g. by Google, the Customer’s Personal Data may be transferred to a country outside the European Economic Area, in particular to the United States of America (USA) or another country in which an entity cooperating with it maintains tools for processing Personal Data in cooperation with the Administrator. Appropriate safeguards for the transferred Personal Data have been ensured by the Administrator through the use of standard data protection clauses adopted by decision of the European Commission and data processing agreements meeting the requirements of the GDPR. In the case of transferring data from Europe to the USA, some entities located there may additionally ensure an appropriate level of data protection under the so-called Privacy Shield programme (more information on this subject is available at: https://www.privacyshield.gov/). The Customer has the right to obtain a copy of the safeguards applied by the Administrator concerning the transfer of Personal Data to a third country by contacting us. What rights do you have? Every Customer has the right at any time to:
  • lodge a complaint with the President of the Personal Data Protection Office;
  • transfer the Personal Data they have provided to the Administrator and which is processed in an automated manner, where the processing is based on consent or on an agreement, e.g. to another administrator;
  • access their Personal Data (including e.g. obtaining information on which Personal Data is being processed);
  • request rectification and restriction of processing (e.g. if the Personal Data is incorrect) or erasure of Personal Data (e.g. where it was processed unlawfully);
  • withdraw any consent given to the Administrator at any time, whereby the withdrawal of consent does not affect the processing carried out by the Administrator lawfully before its withdrawal;
  • object to the processing of Personal Data concerning them carried out for the purpose of pursuing the legitimate interests of the Administrator or a third party, including in particular to processing for marketing purposes, including profiling (if there are no other overriding legitimate grounds for the processing overriding the Customer’s interests).
For how long will we store your data? Personal Data may be stored for the period of using the Online Store (whereby it may be deleted three years after the Customer’s last activity within the Online Store), in the case of marketing activities – until the Customer objects, and if it is related to cookie technology and similar, depending on technical issues, until these files are deleted using the browser/device settings (whereby deleting the files is not always the same as deleting the Personal Data obtained via these files, hence the possibility to object). If the processing of Personal Data depends on the Customer’s consent, the Personal Data may be processed until it is withdrawn. In each case:
  • Personal Data will also be stored where the provisions of law (e.g. accounting or tax ones) oblige the Administrator to process it;
  • we will store Personal Data for longer in case the Customer has any claims against the Administrator, in order for the Administrator to pursue claims, or in order to pursue or defend against claims of third parties, for the limitation period specified by law, in particular by the Civil Code.
Depending on the scope of the Personal Data and the purposes of its processing, it may therefore be stored for different periods. In each case, the longer Personal Data storage period applies. Will commercial information be sent to you (e.g. to your e-mail address)? The Administrator has the technical ability to communicate with the Customer remotely (e.g. by e-mail). Commercial information related to the commercial activity conducted by the Administrator or the entities cooperating with it may be sent solely on the basis of the Customer’s consent. Cookies
  • Who do cookies concern?
  • Since the cookie technology used by the Administrator (or technology with functionality similar to cookies) collects information about every person visiting the Online Store, including within the Application, the following provisions of the Policy apply to persons who use the Online Store and the Application, regardless of whether they are its Customers (place Orders, reserve Products or have an Account) (hereinafter also “Visitor“).
  • What technology do we use?
  • The Online Store uses technology that stores and accesses information on a computer or other device connected to the network (in particular using cookies or related solutions), in order to ensure maximum comfort while using the Online Store, including for statistical purposes and to adjust the advertising content presented by the Administrator, its partners and advertisers to the Visitor’s interests. During a visit to the Online Store, including within the Application, data concerning the Visitor’s online activity may be automatically collected.
  • Since the Administrator may use solutions with functionality similar to cookies, please refer the following provisions of the Policy accordingly to these technologies as well.
How to delete / block cookies?
  • The cookies used are intended above all to make it easier for the Visitor to use the Online Store and the Application, for example by “remembering” information provided once so that they do not have to provide it every time, and they also serve to adjust their content, including the advertisements presented, to their preferences. Cookies also serve to increase the usability and personalisation of the content of the Online Store and the Application, including presenting, creating, granting and delivering advertisements, offers or promotions (discounts) dedicated to a given Visitor according to their interests (this applies only to a situation where they are an adult and have consented to such action).
  • How to delete / block cookies?
  • The Visitor may change the way cookies are used by managing the consents given within the privacy settings on our website or via the browser or the Application, including blocking or deleting those that come from the Online Store (and other websites). To do this, change the settings of the browser or the Application. The method of deletion differs depending on the web browser used. Information on how to delete cookies should be found in the “Help” tab of the chosen web browser. Deleting cookies is not the same as the Personal Data Administrator deleting the Personal Data obtained via cookies.
  • What consequences will deleting or blocking cookies have?
  • Limiting the use of cookies on a given device prevents or significantly hinders the proper use of the Online Store; for example, it may involve the inability to maintain a login session.
How can you contact us? You can contact the Administrator at any time by sending a message by traditional or electronic mail to the Administrator’s address indicated at the beginning of the Policy. How do we secure your data? Taking into account the state of technical knowledge, the cost of implementation and the nature, scope, context and purposes of processing, as well as the risk of infringement of the rights or freedoms of natural persons with varying likelihood and severity, the Administrator applies appropriate technical and organisational measures ensuring protection of the processed Personal Data appropriate to the threats and the categories of data covered by the protection, and in particular secures the data against being made available to unauthorised persons, being taken by an unauthorised person, being processed in breach of applicable regulations, and against change, loss, damage or destruction. Making information about the applied technical and organisational measures ensuring the protection of processing available externally may weaken their effectiveness, thereby threatening the proper protection of Personal Data. The Administrator appropriately provides, for example, the following technical measures preventing unauthorised persons from obtaining and modifying Personal Data transmitted electronically:
  • Protection of the data set against unauthorised access.
  • An SSL certificate on the pages of the Online Store where Personal Data is provided.
  • Encryption of the data used to authorise the person using the functionalities of the Online Store.
From when does this version of the Policy apply? This version of the Policy applies from 1 September 2020.