privacy policy

Privacy Policy of the Opcja Natura online store.

In caring for the security of the data entrusted to us, we have developed internal procedures and recommendations to prevent unauthorized disclosure of data. We control their execution and constantly check their compliance with relevant legal acts - the Act on Personal Data Protection, the Act on the Provision of Services by Electronic Means, as well as all types of implementing acts and acts of Community law, primarily the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - hereinafter GDPR).

You have the right, among others, to access your data, correct it, and request its deletion. In addition, you have the right to object to the processing of your personal data or to request the restriction of their processing.

Providing the required personal data by you is voluntary, but it is a condition for us to provide specific services to you (e.g., maintaining an account, sending a newsletter) or performing a contract. We do not make individual decisions based solely on automated processing (profiling) that would produce legal effects or similarly significantly affect your situation.

Our domain has an SSL certificate, so your data is encrypted.

Below you will find all the most important issues related to the processing of personal data on our website.

General Provisions

1. The controller of Customers' personal data is Opcja Natura Sp. z O. O. based in Krotoszyn and the Service administrator hereinafter referred to as the Controller.
2. Contact details: sklep@opcjanatura.pl, phone no. +48 536214728.

3. Personal data will be processed for the purpose of:

   • Concluding or performing a contract to which you are a party based on art. 6 para. 1 lit. b) GDPR. A contract, in our case, means the Opcja Natura service regulations after expressing separate consent, based on art. 6 para. 1 lit. a) GDPR data may also be processed for the purpose of sending text information electronically for direct marketing purposes, including promotion of our content – in connection with art. 10 para. 2 of the Act of 18 July 2002 on the provision of services by electronic means.
   • Creating and maintaining an account - based on art. 6 para. 1 lit. b) GDPR, i.e., when processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the data subject's request before entering into a contract.
   • Ensuring contact with us via contact form, email message, telephone conversation - based on art. 6 para. 1 lit. b) GDPR, i.e., when processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the data subject's request before entering into a contract.
   • Adding reviews and their verification - based on: art. 6 para. 1 lit. a GDPR – i.e., when the data subject has given consent to the processing of their personal data for one or more specific purposes,
   • Direct marketing based on: art. 6 para. 1 lit. a GDPR – i.e., when the data subject has given consent to the processing of their personal data for one or more specific purposes or based on art. 6 para. 1 lit. f) GDPR, i.e., when processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
   • Sending newsletter and handling loyalty programs - based on art. 6 para. 1 lit. a) GDPR, i.e., when the data subject has given consent to the processing of their personal data for one or more specific purposes.
   • Fulfilling legal obligations, establishing and pursuing claims – based on art. 6 para. 1 lit. c) GDPR, i.e., when processing is necessary to comply with a legal obligation to which the controller is subject and based on art. 6 para. 1 lit. f) GDPR, i.e., when processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
   • Analytical and statistical activities - art. 6 para. 1 lit. f) GDPR, i.e., when processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
4. Providing personal data is voluntary, but failure to provide data marked as necessary to provide services to you will prevent their provision.
5. The Controller reserves the right to make changes to the Privacy Policy. We will inform about all changes in a visible and understandable manner.
6. The Controller takes particular care to protect the interests of data subjects, and in particular ensures that the data collected by it is:
   • processed in accordance with the law,
   • collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,
   • substantively correct and adequate in relation to the purposes for which they are processed and stored in a form that allows identification of data subjects no longer than necessary to achieve the purpose of processing.

Personal Data

1. The Controller processes Users' personal data for the proper performance of contracts covering the Controller's Products and services and for direct marketing purposes of the Controller's Products and services and Products and services of the Controller's business partners if the Customer consents to such marketing.
2. The Controller requires only data that is necessary for the proper operation of the website and provision of services. Failure to provide required data will prevent the performance of the action to which such data related.
3. The scope of processed data includes: first name, last name, email address, mobile phone number, address, IP address.
4. The transmitted personal data is controlled by the Controller. It also protects your data under relevant personal data protection regulations.
5. We use tools such as Facebook Ads and Google Ads, within which we can target ads to specific target groups based on interests, gender, age, profession. These tools have been described in detail in the cookie policy.

To whom do we transfer personal data?

We transfer personal data to other entities only to the extent to which the data subject has consented to data processing, to the extent necessary to perform the contract or to the extent resulting from the legitimate interests pursued by the controller. These are cooperating with the store: hosting provider, newsletter sending tool provider, CRM system and invoicing system provider, accounting office, courier and transport companies, IT company providing services for the Store, online payment operators, banks, marketing tool providers and other subcontractors, as well as entities to which we are obliged to transfer your data under applicable regulations. In the case of data concerning analytics and statistics, which do not constitute personal data, they may be transferred to companies commonly providing services in the field of analytics, statistics and optimization, including to the United States (e.g., companies: Google LLC, Meta Platforms Inc.).

Rights related to personal data processing

You have certain rights under the law in connection with the Controller's processing of your personal data. You have the right to:

• request access to your personal data,
• request rectification of your personal data,
• object to the processing of personal data,
• request deletion of your personal data,
• request restriction of personal data processing,
• request data portability,
• obtain information about automated decision-making, including profiling and safeguards applied in connection with the transfer of this data outside the EU,
• obtain information about the purposes of processing, categories of processed personal data, recipients or categories of recipients of this data,
• obtain information about the rights under GDPR, the right to lodge a complaint with the President of the Personal Data Protection Office, the planned period of data storage or criteria for determining this period, the source of this data,
• obtain a copy of your personal data.

To exercise the above rights, please contact the Controller. We will promptly provide you with all information about actions taken in connection with the submitted request.

You may withdraw your consent to the processing of your personal data at any time. For this purpose, please contact us.

Transfer of data to third parties

1. The Controller will not sell Customers' personal data to other entities. In the course of and for the purpose of providing services to Customers, Customers' personal data may be transferred to other entities with which the Controller has appropriate agreements. This will not affect the security of your personal data.
2. Customers' data may be made available to entities entitled to receive them under applicable law, including judicial authorities.
3. The collected personal data is stored in the European Economic Area ("EEA"), but may also be transferred to and processed in a country outside this area. Each data transfer operation is performed in accordance with applicable law.
4. Some data processing operations may involve transferring them to third countries or international organizations in connection with the use of tools that store personal data on servers located in third countries, especially the USA.

However, it should be noted that providers of these tools guarantee an adequate level of personal data protection, in particular by joining the Privacy Shield program or using standard contractual clauses. This particularly applies to Google Ireland Limited services.

Cookie Policy

Cookies are commonly used short text information that allows identifying the software used, adapting content to user needs and ensuring proper functioning of websites. They are saved on the device you use and have a domain name, storage time and a specific value. Cookies used in our store are safe and are divided into session cookies and persistent cookies. Session cookies are stored only until the end of a given browser session. Persistent cookies are stored on the device until they are deleted. Using your web browser, you can change your cookie preferences or delete them (persistent cookies) at any time.

Cookie Policy

Cookies are commonly used short text information that allows identifying the software used, adapting content to user needs and ensuring proper functioning of websites. They are saved on the device you use and have a domain name, storage time and a specific value. Cookies used in our store are safe and are divided into session cookies and persistent cookies. Session cookies are stored only until the end of a given browser session. Persistent cookies are stored on the device until they are deleted. Using your web browser, you can change your cookie preferences or delete them (persistent cookies) at any time.

Basis for using cookies

Some cookies are used to the extent necessary for the proper provision of electronic services, other cookies are used based on consent given.

The consent given results from web browser settings, other software used to manage cookies or cookie manager settings if made available on the website.

You can disable cookies and also individual types of cookies. However, please note that in case of disabling or limiting cookie handling, you may lose access to part of the functionality available on our website, for which cookie consent is necessary.

Entities whose cookies we use:

Google Tools - Google Analytics, Google Ads, Google Adsense, Google Tag Manager, as well as YouTube owned by Google, provided by Google Ireland Limited (Registration Number: 368047 / VAT Number: IE6388047V), Gordon House, Barrow Street, Dublin 4, Ireland. Actions regarding the use of these tools are based on our legitimate interest in marketing using commonly used tools. From our perspective, data collected in connection with the use of these tools does not have the character of personal data due to anonymization.

More information about the tools can be found in Google's Terms of Service and Privacy Policy.

Google Analytics

We use the Google Analytics tool for analytics and statistics purposes, which serve to improve our website's functioning.

Data collected in connection with using the tool does not have the character of personal data due to anonymization and includes examination of user traffic on the website (information about operating system, browser, visited pages and subpages, time spent on the website and subpages, source of transition to the website).

Google Ads

When you visit our website, cookies related to remarketing are left on your device that collect information about activity on our website. The collected information serves to display ads in the Google network that correspond to your activities and interests. If you have given such consent to Google, this data may also be further processed by this company, e.g., to create target groups.

If you do not wish to receive personalized ads, you can define settings at myadcenter.google.com.

Google AdSense

Personalized ads may be displayed on our website within the AdSense network. Cookies are used to display ads based on visits and activity on our website or on other websites.

Google Tag Manager

This tool allows analyzing traffic and user activity using tags. It allows collecting information about ad effectiveness, which contributes to optimizing our website and offer.

YouTube

On our website we use YouTube widgets that allow embedding videos posted on YouTube. Youtube acquires cookies containing information about played videos – to ensure proper and safe service provision, as well as their improvement and for ad personalization purposes.

Meta Pixel

We use marketing tools available within the Facebook service and provided by Meta Platforms Ireland Limited.

Meta Pixel is a short code placed on a website that allows measuring ad effectiveness based on analysis of actions taken by users on the website and personalizing ads. The code's purpose is to show ads to the right audience, increase sales and measure ad results.

Meta Pixel uses cookies recording actions on the website – for example, traffic on the website, visiting specific subpages, adding products to cart or making purchases. Analysis of these actions serves to optimize website operation and our offer.

More information can be found in Meta's Privacy Policy.

Social Media

In case of placing on the website a plugin for a given social platform (Facebook, Instagram, LinkedIn, X (formerly: Twitter), TikTok), the administrator of the given service receives information about visiting our website using the user's identifier. The administrator of the given platform collects information about the browser used, date and time of the visited website. Administrators of the given platform use this information to fill the full functionality of plugins and to improve their services, as well as personalizing ads.

More information can be found in Meta's Privacy Policy and Privacy Policy of Linkedin, X (Twitter) and TikTok.

Server Logs

Visiting the website and using it involves sending queries to the server, which are recorded in so-called server logs. They contain, among others, information about the user's IP address, date and time of the query, browser and operating system.

Server logs are recorded and stored on the server. However, they are not linked to specific persons using the website and do not aim to identify – they serve only to administer the website, and their content is not disclosed to unauthorized persons.

Final Provisions

1. The Controller applies technical and organizational measures ensuring protection of processed personal data appropriate to the threats and category of data covered by protection, and in particular secures data against disclosure to unauthorized persons, taking by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.
2. In matters not regulated by this Privacy Policy, the provisions of the junglemorpho.com Store Regulations, provisions of Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and other relevant provisions of Polish law shall apply.
3. The provisions of this Privacy Policy enter into force on 19.03.2024.