PRIVACY POLICY

What is a privacy policy?

We would like to familiarize you with the details of the processing of your personal data by us to give you full knowledge and comfort in using our website.

Due to the fact that we operate in the online industry, we know how important it is to protect your personal data. That is why we make special efforts to protect your privacy and information that you provide to us.

We carefully select and use appropriate technical means, in particular those of a programming and organizational nature, ensuring the protection of processed personal data. Our website uses encrypted data transmission (SSL), which provides protection for data identifying you.

In our Privacy Policy you will find all the most important information about the processing of your personal data by us. We ask you to read it and we promise that it will not take you more than a few minutes.

Who is the administrator of the website www.theoderside.com?

The website administrator is THE ODDER SIDE Limited liability company, based in Warsaw, at ul. View 10 lok. 3a, 00-023 Warsaw, registered by SDistrict as a Capital City of Warsaw in Warsaw, XIV Economic Department of the National Register SRzgowego, KRS 0000983656, NIP 7010439296, REGON 147420946, with a company capital in the amount of: PLN 5,000 (i.e. we).

PERSONAL DATA

What legal act does the processing of your personal data regulate?

Your personal data is collected by us and processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with connection with the processing of personal data and on the free flow of such data and repealing Directive 95 /46/EC (General Data Protection Regulation) (Journal of Laws of the EU L 119, p. 1), commonly known as: GDPR. To the extent not regulated by the GDPR, the processing of personal data is regulated by the Personal Data Protection Act of May 10, 2018.

Who is the administrator of your personal data?

The administrator of your personal data is THE ODDER SIDE Limited liability company, based in Warsaw, at ul. View 10 lok. 3a, 00-023 Warsaw, registered by SDistrict as a Capital City of Warsaw in Warsaw, XIV Economic Department of the National Register SRozdowy, KRS 0000983656, NIP 7010439296, REGON 147420946, with company capital in the amount of: PLN 5,000, telephone: +48 882 124 830, e-mail: hello@theoderside.com

On your personal data, you can contact us using:

  • e -mail: hello@theoderside.com,
  • Traditional mail: ul. View 10 lok. 3a, 00-023 Warsaw,
  • phone: +48 882 124 830.

The personal data administrator challenged the Data Protection Inspector (IOD) - Mikołaj Ryzop, with whom you can contact the protection of your personal data using:

  • E -mail: ryzop@dpag.pl;
  • phone at: +48 600094612.

How do we process your personal data you provide to us?

What personal data do we process and for what purposes do we process it?

On our website we offer you many different services for which we process various personal data, based on different legal grounds.

Objective

Personal data

Legal basis for processing

Data storage time

conclusion and performance of the contract

name, surname, correspondence address, NIP, e-mail address, phone number

art. 6 para. 1 lit. b) GDPR, i.e. processing in order to take action at your request, before the conclusion of the contract and the processing necessary to perform the contract to which you are a party

Until the expiry of the limitation period for claims regarding the performance of the contract

creating and maintaining an account

name, surname, e-mail address, telephone number, correspondence address

art. 6 para. 1 lit. b) GDPR, i.e. processing in order to take action at your request, before the conclusion of the contract and the processing necessary to perform the contract to which you are a party

Until the expiry of the limitation period for claims regarding the performance of the contract

newsletter

name, surname, e-mail address

art. 6 para. 1 lit. a) GDPR, i.e. processing based on your consent to the processing of your personal data

until you withdraw your consent to the processing of personal data

contact form

name, e-mail address

art. 6 para. 1 lit. f) GDPR, i.e. processing in order to realize our legitimate interest, consisting in maintaining the continuity of communication and enabling contact with us in matters of business activity

until the processing of personal data is raised

interactive chat

name, surname, e-mail address

art. 6 para. 1 lit. f) GDPR, i.e. processing in order to realize our legitimate interest, consisting in maintaining the continuity of communication and enabling contact with us in matters of business activity

until the processing of personal data is raised

Traffic analysis on the online store website

stay address, IP address, browser data

Art. 6 para. 1 lit. f) GDPR, i.e. processing in order to realize our legitimate interest in analyzing the client's movement on the store's website

until the processing of personal data is raised

Direct marketing of own goods and services, including remarketing

stay address, IP address, browser data, e-mail address, name, surname

Art. 6 para. 1 lit. f) GDPR, i.e. processing to realize our legitimate interest in direct marketing of own services, including remarketing

until the processing of personal data is raised

establishing, pursuing and enforcement of claims and defense against claims in proceedings before courts and other state bodies

name, surname, address of residence, PESEL No. NIP, REGON, e-mail address, telephone number, IP No., bank account number, payment card number

art. 6 para. 1 lit. f) GDPR, i.e. processing in order to realize our legitimate interest, consisting in establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state bodies

Until the expiry of the limitation period for claims regarding the performance of the contract

fulfillment of legal obligations arising from legal provisions, in particular tax and accounting provisions

Name, surname, company, PESEL, NIP or REGON number, e-mail address, telephone number, correspondence address, payment card number

Art. 6 para. 1 lit. c) GDPR, i.e. processing is necessary to fulfill the legal obligations of us, resulting from legal provisions, in particular tax and accounting provisions

until the legal obligations have expired on the administrator, which justified the processing of personal data

 Voluntary provision of personal data

Providing the required personal data is voluntary but it is a condition for providing our services for your behalf (e.g. sending a newsletter or accounting).

Recipient of personal data

You can find the current list of entities we reveal your personal data here.

Automatized decision making (including profiling)

We use tools with which we direct personalized ads to you. Based on the actions you take in the store, in particular the selection of the content viewed and the time to remain on the store's subpages, we adapt and display marketing content adapted to you. Thanks to such profiling, we can manage a marketing message more desired by you, which is a benefit for both us and you, because in this way we limit the marketing message regarding goods and services that do not lie in the area of ​​your interests.

Will we transfer your personal data outside EEA or to an international organization?

In order to use Google tools, your personal data can be transferred to the United States, where Google LLC servers are located.

Google LLC is included in the list of entities participating in the "Privacy Shield" certification program* (link: https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAI&STATUS=ACTIVE), and also applies reference conventional clauses regarding data security approved by the European Commission. .

In order to use Facebook tools, your personal data may be transferred to the United States, where there are META Inc.

META INC. Figures in the list of entities participating in the Privacy Shield Program (link: https://www.privacyshield.gov/participant?id=a2zt0000000gnywaac&status=active), in the scope of Workplace and advertising options and measuring tools. Meta Platforms Ireland Limited transfers data to Meta Inc. Based on the attachment regarding the transmission of European data by Facebook, which includes the standard new contractual clauses that came into force in 2022. More information can be found here: https://www.facebook.com/legal/terms/dataprocessing/update, https: https: https: https: https: //www.facebook.com/legal/eu_data_transfer_addendum/update.

In order to use Pinterest, your personal data may be transferred to the United States, where Pinterest Inc. servers are located.

Pinterest Europe Ltd., provides personal data outside EEA only if there are appropriate security protecting personal data, such as standard contractual clauses.

In order to provide your services, Edrone sp.z o.o. It may transfer your personal data to its external suppliers based outside the European Union.

*Remember that the privacy disc is no longer the law in the European Union, but a program that sets certain standards for personal data protection for entities with their servers in the United States. Currently, it is a form of certification, entities entered in the Privacy Targe, meet certain standards for personal data protection.

What are your rights in connection with the processing of your personal data by us?

Based on the GDPR, you have the right to:

  • access to your personal data,
  • demands to rectify your personal data,
  • demands to delete your personal data,
  • demand for limiting the processing of personal data,
  • an objection to the processing of personal data,
  • requests for transferring personal data.

In the event of submitting any of the requests listed to us without undue delay - and in any case within a month of receiving the request - we will provide you with information about the actions taken in connection with your request.

If necessary, we can extend the monthly date by another two months due to the complicated nature of the request or the number of demands.

In any case, we will inform you within a month of receiving a request to extend the deadline and give you the reasons for the delay.

Right to access personal data (Article 15 GDPR)

You have the right to obtain information whether we process your personal data. If we process your personal data, you have the right to:

  • access to personal data,
  • obtaining information on the purposes of processing, categories processed personal data, about recipients or categories of recipients of this data, planned period of storage of your data or about the criteria for determining this period, about the rights of you under the GDPR and about the right to lodge a complaint to the President of the Office for Personal Data Protection, about the source of this data, about automated decision making, including profiling and the security used in connection with the transfer of this data outside the European Union;
  • obtaining copies of your personal data.

If you want to request access to your personal data, report your request to: hello@theoderside.com.

The right to rectify personal data (Article 16 of the GDPR)

If your personal data is incorrect, you have the right to demand from us immediately rectify your personal data. You also have the right to request your personal data to complete. If you want to request a rectification or supplementing your personal data, report your request to: hello@theoderside.com.

The right to delete personal data, so -called "The right to be forgotten" (Article 17 GDPR)

You have the right to request deleting your personal data when:

  • Your personal data has ceased to be necessary for the purposes for which they were collected or processed in another way;
  • You have withdrawn a certain consent to the extent that personal data was processed based on your consent;
  • Your personal data was processed unlawfully;
  • You have raised an objection to the processing of your personal data for the purposes of direct marketing, including profiling, to which the processing of personal data is related to direct marketing;
  • You have raised an objection to the processing of your personal data in connection with the processing necessary for the performance of the task carried out in the public interest or the processing necessary for the purposes arising from legitimate interests of our or the third party.

Despite submitting a request to delete personal data, we can process your data further in order to determine, investigate or defend claims about which you will be informed/informed.

If you want to request the deletion of your personal data, report your request to: hello@theoderside.com.

The right to submit a request to limit the processing of personal data (Article 18 GDPR)

You have the right to request a limitation of the processing of your personal data when:

  • You question the correctness of your personal data - in this case we will limit the processing of your personal data for time to check the correctness of this data;
  • The processing of your data is unlawful, and instead of deleting personal data, you will demand limiting the processing of your personal data;
  • Your personal data has ceased to be needed for processing purposes, but they are needed to determine, investigate or defend your claims;
  • You raised an objection to the processing of your personal data - until our legitimate interests are superior to the foundations indicated in your opposition.

If you want to request a limitation of the processing of your personal data, report your request to: hello@theoderside.com.

The right to oppose the processing of personal data (Article 21 GDPR)

You have the right to object to the processing of your personal data at any time, including profiling, in connection with:

  • processing necessary for the performance of the task carried out in the public interest or processing necessary for the purposes arising from legitimate interests pursued by the Personal Data Administrator or the third party;
  • processing for direct marketing.

 If you want to object to the processing of your personal data, report your request to: hello@theoderside.com.

The right to request the transfer of personal data (Article 20 of the GDPR)

You have the right to receive from us your personal data in a structured, commonly used format suitable for machine reading and send it to another personal data administrator.

By default, we will provide you with your personal data in CSV format. If you prefer that the data is made available in another format, indicate the preferred format in your request. If possible, we will try to provide you with data in your preferred format.

You can also request that we send your personal data directly to another administrator (if it is technically possible).

If you want to request the transfer of your personal data, report your request to: hello@theoderside.com.

Can you undo the consent to the processing of personal data?

You can undo the consent to the processing of your personal data at any time. Withdrawal of consent to the processing of personal data does not affect the lawfulness of the processing made by us on the basis of your consent before its withdrawal.

If you want to withdraw your consent to the processing of your personal data, report your request to: hello@theoderside.com.

Complaint to the supervisory authority

If you think that the processing of your personal data violates the provisions of personal data protection, you have the right to lodge a complaint to the supervisory authority, in particular in the Member State of your ordinary stay, your workplace or the place of committing the alleged violation.

In Poland, the supervisory body within the meaning of the GDPR is the President of the Office for Personal Data Protection, which on May 25, 2018 replaced GIODO.

You can find more information here .

"Cookies" files

General information

When browsing the online store websites, "cookies" are used, hereinafter referred to as cookies, i.e. small text information that is saved in your end device in connection with the use of the Online Store. Their use is intended to properly operate online store websites.

These files allow you to identify the software you use and customize the online store individually to your needs.

Cookies usually contain the domain name from which they come, storage time on the device and the assigned value.

Security

The cookies we use are safe for your devices. In particular, it is not possible to get into your devices through virus cookies or other unwanted software or malware.

Types of cookies

We use two types of cookies:

  • Session cookies: they are stored on your device and remain there until the end of the browser session. The written information is then permanently removed from the memory of your device. The session cookies mechanism does not allow you to download any personal data or any confidential information from your device.
  • Durable cookies: they are stored on your device and remain there until they are deleted. The end of the browser session or turning off the device does not cause them to be removed from your device. The permanent cookies mechanism does not allow you to download any personal data or any confidential information from your device.

Target

We also use cookies of external entities for the following purposes:

  • online store configuration;
  • creating statistics that help to understand how online store users use websites, which allows you to improve their structure and content via Google Analytics analytical tools, whose administrator is Google Ireland Ltd. based in Ireland, Google Privacy Policy is available at the following link: https://policies.google.com/privacy?fg=1;
  • Determining the customer's profile to display matched materials in advertising networks, using the Google Ads online advertising tool, whose administrator is Google Ireland Ltd. based in Ireland, the Google Privacy Protection Policy is available at the following link: https://policies.google .com/private? FG = 1;
  • Collecting information about the user's behavior using the Facebook Pixel tool, whose administrator is Facebook Ireland Ltd. based in Ireland, the privacy policy Facebook is available at the following link: https://www.facebook.com/help/cookies/;
  • collecting information about the user's behavior using the Pinterest Ads tool, whose administrator is Pinterest Europe Ltd. Pinterest privacy policy is available at the following link: https://policy.pinterest.com/pl/privacy-polica;
  • Chat communication on the website using the application provided by Shopify, the Shopify Privacy Policy is available at the following link: Hhttps://www.shopify.com/legal/privacy/app-users;
  • determining the client's profile and remarketing activities via Edrone tools, whose administrator is Edrone sp.z o.o. with its registered office in Poland, the Privacy Policy is available at: https://edrone.me/en/privacy-policy/.

To learn the rules of using cookies, we recommend that you familiarize yourself with the privacy policies of the above -mentioned companies.

Cookies can be used by advertising networks, in particular the Google network, to display ads tailored to your preferences. For this purpose, information on how you move on the web or time of using the website may be maintained.

To browse and edit information about your preferences collected by Google's advertising network, you can use the tool posted under the link https://www.google.com/ads/preużeżens/.

Using a web browser settings or using the service configuration, you can change cookies yourself and at any time, determining the conditions for their storage and access through cookies to your device. You can change these settings to block automatic cookies in the web browser settings or inform about them each time you place on your device. Detailed information about the possibilities and methods of handling cookies is available in your software settings (web browser).