ACCOUNT

Country

Language
Search Cart

Country

Language
Account

Cart

Your cart is empty

Continue shopping

Szuflada niestandardowa

Editable content from the section

Add any drawer content here.

Privacy policy

Online Store www.caferare.pl

§ 1 — General Provisions

This Privacy Policy sets out the rules regarding the processing of personal data by the Store, including the legal basis, purposes, and scope of personal data processing, as well as the rights of data subjects and information regarding the use of cookies and analytical tools.

The controller of personal data collected via the Online Store is:

FILIP SARNA LUXURY TRADE
Registered office: 31-024 Kraków, ul. Szpitalna 20-22
Tax Identification Number (NIP): 6772413308
Business Registry Number (REGON): 366386668
Phone: +48 537 555 583
E-mail: shop@caferare.pl

– hereinafter referred to as the “Controller”.

Personal data in the Online Store are processed by the Controller in accordance with applicable laws, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as the “GDPR”.

Using the Online Store, including making purchases, is voluntary. Likewise, the provision of personal data by the Customer using the Online Store is voluntary, except for:

concluding agreements – failure to provide, in the cases and to the extent indicated on the Online Store website, in the Terms and Conditions of the Online Store and in this Privacy Policy, the personal data necessary to conclude and perform a Sales Agreement or an agreement for the provision of Electronic Services with the Controller results in the inability to conclude such agreement. In such a case, providing personal data is a contractual requirement and if the data subject wishes to conclude a given agreement with the Controller, they are obliged to provide the required data. Each time, the scope of data required to conclude an agreement is indicated in advance on the Online Store website;
legal obligations – providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing on the Controller the obligation to process personal data (e.g. processing data for the purpose of keeping tax or accounting records), and failure to provide such data will prevent the Controller from fulfilling these obligations.

The Controller exercises particular care in order to protect the interests of persons whose personal data are processed and, in particular, is responsible for and ensures that the data collected are:

processed lawfully;
collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes;
factually accurate and adequate in relation to the purposes for which they are processed;
stored in a form permitting identification of data subjects for no longer than is necessary for the purposes for which the data are processed;
processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Taking into account the nature, scope, context, and purposes of processing as well as the risk of violation of the rights or freedoms of natural persons with varying likelihood and severity, the Controller implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the Regulation and to demonstrate this. The Controller applies technical measures preventing unauthorized persons from obtaining and modifying personal data transmitted electronically.

§ 2 — Legal Basis for Data Processing

The Controller is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met:

the data subject has consented to the processing of their personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which the Controller is subject;
processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data, in particular where the data subject is a child.

The processing of personal data by the Controller requires each time the existence of at least one of the legal bases indicated above. The specific legal bases for processing Customers’ personal data are indicated below.

§ 3 — Purpose, Basis, Period, and Scope of Data Processing

Each time, the purpose, basis, period, scope, and recipients of personal data processed by the Controller result from the actions taken by a given Customer in the Online Store. For example, if a Customer decides to make purchases in the Online Store and chooses personal pickup of the purchased Product instead of courier delivery, their personal data will be processed for the purpose of performing the concluded Sales Agreement, but will no longer be made available to the carrier carrying out shipments on behalf of the Controller.

The Controller may process personal data in the Online Store for the following purposes, on the following legal bases, for the following periods, and within the following scope:

Purpose of data processing
Legal basis and retention period
Scope of processed data

Performance of a Sales Agreement or agreement for the provision of Electronic Services
Article 6(1)(b) GDPR (performance of a contract).

Data are stored for the period necessary to perform, terminate, or otherwise expire the concluded agreement.
Full name; e-mail address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country); residence/business/registered office address (if different from the delivery address); IP address; Customer ID.

Keeping accounting records
Article 6(1)(c) GDPR in connection with Article 74(2) of the Accounting Act.

Data are stored for the period required by law obliging the Controller to retain tax records (until the expiration of the tax liability limitation period unless tax laws provide otherwise) or accounting records (5 years from the beginning of the year following the financial year to which the data relate).
Full name; residence/business/registered office address (if different from the delivery address); company name and Customer’s tax identification number (NIP).

Sending e-mails as part of the newsletter service
Article 6(1)(a) GDPR (consent).

Data are stored until consent is withdrawn by the data subject.
E-mail address.

Publication of product reviews on websites
Article 6(1)(a) GDPR (consent).

Data are stored until consent is withdrawn by the data subject.
Full name; contact phone number; e-mail address; delivery address (street, house number, apartment number, postal code, city, country); residence/business/registered office address (if different from the delivery address).

Establishing, pursuing, or defending claims
Article 6(1)(f) GDPR (legitimate interest).

Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than for the limitation period of claims against the data subject arising from the Controller’s business activity. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to business activity is three years, and for sales agreements – two years).
Full name; contact phone number; e-mail address; delivery address (street, house number, apartment number, postal code, city, country); residence/business/registered office address (if different from the delivery address).

Handling inquiries
Article 6(1)(a) GDPR (consent).

Data are stored until consent is withdrawn by the data subject.
First name, surname, e-mail address, IP address.

§ 4 — Data Recipients

For the proper functioning of the Online Store, including the performance of concluded Sales Agreements, it is necessary for the Controller to use the services of external entities. The Controller uses only the services of such processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that processing meets the requirements of the GDPR and protects the rights of data subjects.

The transfer of data by the Controller does not occur in every case and not to all recipients or categories of recipients indicated in the Privacy Policy – the Controller transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it. For example, if a Customer uses personal pickup, their data will not be transferred to the carrier cooperating with the Controller.

Customers’ personal data of the Online Store may be transferred to the following recipients or categories of recipients:

carriers / courier brokers – in the case of a Customer who uses postal or courier delivery in the Online Store, the Controller makes the collected personal data of the Customer available to the selected carrier or intermediary carrying out shipments on behalf of the Controller to the extent necessary to deliver the Product to the Customer;
entities handling electronic or card payments – in the case of a Customer using electronic payment methods or payment cards, the Controller makes the collected personal data of the Customer available to the selected entity handling the above payments in the Online Store on behalf of the Controller to the extent necessary to handle the payment made by the Customer;
providers of technical and IT services supplying the Controller with technical, IT, and organizational solutions enabling the Controller to conduct business activity, including the Online Store and Electronic Services provided through it (in particular suppliers of computer software for operating the Online Store, e-mail and hosting providers, and providers of software for company management and technical support for the Controller) – the Controller makes the collected personal data of the Customer available to the selected provider acting on its behalf only in cases and to the extent necessary to achieve a given purpose of data processing consistent with this Privacy Policy;
providers of accounting and legal services ensuring accounting and legal support for the Controller (in particular accounting offices, law firms, or debt collection companies) – the Controller makes the collected personal data of the Customer available to the selected provider acting on its behalf only in cases and to the extent necessary to achieve a given purpose of data processing consistent with this Privacy Policy.

§ 5 — Profiling

The Controller may use profiling in the Online Store for marketing purposes, but decisions made on its basis by the Controller do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using services in the Online Store. The result of profiling in the Online Store may include, for example, granting a given person a discount, sending them a discount code, reminding them about unfinished purchases, sending a product proposal that may correspond to the interests or preferences of a given person, or offering better conditions compared to the standard offer of the Online Store. Despite profiling, the individual freely decides whether they wish to use the discount or better conditions received in this way and make a purchase in the Online Store.

Profiling in the Online Store consists of the automatic analysis or prediction of a person’s behavior on the Online Store website, e.g. by adding a specific Product to the cart, browsing a specific Product page in the Online Store, or by analyzing the previous purchase history in the Online Store. A condition for such profiling is that the Controller has the personal data of a given person in order to subsequently send them, for example, a discount code.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

§ 6 — Rights of the Data Subject

Right of access, rectification, restriction, erasure, or portability – the data subject has the right to request from the Controller access to their personal data, rectification, erasure (“right to be forgotten”), or restriction of processing and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the above rights are indicated in Articles 15–21 GDPR.

Right to withdraw consent at any time – a person whose data are processed by the Controller on the basis of consent has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Right to lodge a complaint with a supervisory authority – a person whose data are processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.

Right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to processing of personal data concerning them based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interest pursued by the Controller) GDPR, including profiling based on those provisions. In such a case, the Controller may no longer process these personal data unless the Controller demonstrates compelling legitimate grounds for processing overriding the interests, rights, and freedoms of the data subject, or grounds for the establishment, exercise, or defense of claims.

In order to exercise the rights referred to in this section, the Controller may be contacted by sending an appropriate message in writing or by e-mail to the Controller’s address indicated in § 1.

§ 7 — Cookies, Operational Data, and Analytics

Cookies are small text information in the form of text files sent by a server and stored on the side of the person visiting the Online Store website (e.g. on the hard drive of a computer, laptop, or smartphone memory card – depending on the device used by the visitor to our Online Store). Detailed information regarding Cookies and the history of their creation can be found, among others, here: https://en.wikipedia.org/wiki/HTTP_cookie.

The Controller may process data contained in Cookies while visitors use the Online Store website for the following purposes:

identifying Customers as logged into the Online Store and showing that they are logged in;
remembering Products added to the cart in order to place an Order;
remembering data from completed Order Forms, surveys, or login data to the Online Store;
adjusting the content of the Online Store website to the individual preferences of the Customer (e.g. regarding colors, font size, page layout) and optimizing the use of the Online Store pages;
keeping anonymous statistics showing how the Online Store website is used;
remarketing, i.e. examining the behavioral characteristics of visitors to the Online Store through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their predicted interests, including when they visit other websites in the advertising network of Google Inc. and Meta Platforms Ireland Limited.

By default, most web browsers available on the market accept the storage of Cookies by default. Everyone has the option to determine the conditions for using Cookies through the settings of their own web browser. This means that it is possible, for example, to partially limit (e.g. temporarily) or completely disable the possibility of storing Cookies – in the latter case, however, this may affect certain functionalities of the Online Store (for example, it may become impossible to complete the Order path through the Order Form due to failure to remember Products in the cart during subsequent steps of placing the Order).

Web browser settings regarding Cookies are important from the point of view of consent to the use of Cookies by our Online Store – according to regulations, such consent may also be expressed through the settings of the web browser. In the absence of such consent, the web browser settings regarding Cookies should be changed accordingly.

Detailed information on changing settings regarding Cookies and their independent deletion in the most popular web browsers is available in the help section of the web browser.

The Controller may use Google Analytics and Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), the Meta Pixel service provided by Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland), and the Heatmap service provided by HeatMap, Inc. in the Online Store. These services help the Controller analyze traffic in the Online Store. The collected data are processed within the above services in an anonymized manner (these are so-called operational data that make it impossible to identify a person) to generate statistics helpful in administering the Online Store. These data are aggregate and anonymous in nature, i.e. they do not contain identifying features (personal data) of persons visiting the Online Store website. Using the above services, the Controller collects such data as the sources and medium of obtaining visitors to the Online Store and the manner of their behavior on the Online Store website, information about devices and browsers from which they visit the website, IP and domain, geographic data, demographic data (age, gender), and interests.

It is possible for a given person to easily block Google Analytics from sharing information about their activity on the Online Store website – for this purpose, a browser add-on made available by Google Inc. can be installed, available here: https://tools.google.com/dlpage/gaoptout?hl=en