Introduction

1. This Privacy Policy for the BRAVOMODA Online Store is for informational purposes only, which means it is not a source of obligations for Customers of the Online Store. The Privacy Policy primarily contains rules regarding the processing of personal data by the Data Controller (Administrator) in the BRAVOMODA Online Store, including the legal bases, purposes, and duration of personal data processing, as well as the rights of individuals whose data is concerned. It also provides information on the use of Cookies and analytical tools in the BRAVOMODA Online Store.
2. Using the BRAVOMODA Online Store, including making purchases, is voluntary. Similarly, providing personal data by customers using the BRAVOMODA Online Store is voluntary, with two exceptions:
   1. Entering into contract with the Data Controller - not providing the necessary personal data for the conclusion and execution of a Sales Agreement or an agreement for the provision of Digital Services with the Data Controller, as indicated on the BRAVOMODA Online Store's website, in the BRAVOMODA Online Store's Regulations, and in this privacy policy, will result in the inability to conclude such an agreement. In such cases, providing personal data is a contractual requirement, and if the individual to whom the data pertains intends to enter into a specific agreement with the Data Controller, they are obligated to provide the required data. The scope of data required for the conclusion of an agreement is always specified beforehand on the Online Store's website and in the Online Store's Regulations.
   2. Legal obligations of the Data Controller - providing personal data is a legal requirement stemming from universally applicable legal regulations imposing on the Data Controller the duty to process personal data (e.g. processing data for tax or accounting purposes), and failure to provide them will prevent the Data Controller from fulfilling these obligations.
3. All terms, expressions, and acronyms appearing in this Privacy Policy and starting with a capital letter (e.g. Seller, Online Store, Digital Service) shall be understood according to their definitions provided in the Terms and Conditions of the BRAVOMODA Online Store available on the BRAVOMODA Online Store's website, unless the context of their use clearly indicates otherwise.
4. The use of Goods and Services available on the website is not intended for children under the age of 16. The Data Controller does not intentionally collect data regarding children under the age of 16.
5. In case of any doubts or discrepancies between the Policy and consents provided by an individual, regardless of the provisions of the Policy, the basis for decision-making and determining the scope of actions by the Data Controller will always be the consents voluntarily given or legal regulations.

The Data Controller - who is the Administrator of your data?

1. The Data Controller (Administrator) of personal data collected through the BRAVOMODA Online Store is Beata Wójcik conducting business under the name BRAVOMODA Beata Wójcik, with its registered office at Bobrek-Kolonia 16, 26-804 Stromiec, registered in the Central Register and Information on Economic Activity (CEIDG) of the Republic of Poland maintained by the minister responsible for economy, currently the Minister of Economic Development, identified by Tax Identification Number (NIP): 798-138-37-76, and National Business Registry Number (REGON): 672-771-240 - hereinafter referred to as the "Administrator", „Data controller” or „Controller”, also acting as the Service Provider of the BRAVOMODA Online Store and Seller.
2. In the event of your expression of additional consent, data obtained based on your online activity through technologies such as cookies may also be processed by our partners.
3. Regarding your personal data, you can contact the Data Controller through:
   1. e-mail address: info@bravomoda.eu
4. The Data Controller stores correspondence for statistical purposes, as well as for the best and quickest response to inquiries and resolving complaints. The data collected in this manner will not be used for communication purposes other than fulfilling the reported issue.
5. In the event of contacting the Data Controller to perform specific actions (such as submitting a product warranty claim form), the Data Controller may request the individual to provide information, including personal data such as name, email address, etc., in order to confirm their identity and facilitate further communication regarding the matter and carry out the requested action. Providing this information is not mandatory but may be necessary to complete the requested action or obtain the information that concerns the individual.

Security measures - how do we protect your data?

1. Personal data in the BRAVOMODA Online Store is processed by the Data Controller in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, page 1) (hereinafter also referred to as "GDPR") and other currently applicable laws, throughout the entire period of processing of specified data, as defined by the provisions of personal data protection law.
2. Taking into account the nature, scope, context, and purposes of data processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller implements appropriate technical and organizational measures to ensure that the processing complies with this Regulation and to be able to demonstrate such compliance. These measures are subject to periodic reviews and updates as needed.
3. The technical measures implemented by the Data Controller to prevent unauthorized acquisition and modification of personal data transmitted digitally, as well as to ensure the protection of processed personal data, include: SSL Certificate; securing the data collection against unauthorized access; encryption of data used for authorizing individuals using the Online Store functionality; access to the Account only after providing an individual login and password.
4. The Data Controller takes special care to protect the interests of individuals whose data is concerned, ensuring that the collected data is:
   1. processed lawfully, fairly, and transparently for the data subject;
   2. collected for specific, explicit, and lawful purposes, not further processed in a manner that is incompatible with those purposes;
   3. adequate, relevant, and limited to what is necessary for the purposes they are processed;
   4. accurate and updated when necessary;
   5. stored in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data is processed;
   6. processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Purpose of data - for what purposes the collected data is being processed?

1. Each time, the purpose, legal basis, processing period, and recipients of personal data processed by the Data Controller are derived from the actions taken by the respective Service Recipient or Customer in the Online Store or by the Data Controller. For instance, if a Customer decides to make a purchase in the Online Store and chooses personal pickup of the purchased Product instead of courier delivery, their personal data will be processed for the purpose of fulfilling the concluded Sales Agreement, but will not be shared with the carrier responsible for deliveries on behalf of the Data Controller.
2. Possible purposes of processing Customers' Personal Data by the Data Controller include, in particular:
   1. Entering into and performing the Service Agreement (Account) or taking actions at the request of a prospective Customer prior to its conclusion, we process data for the purpose of managing your Account, allowing you to use functionalities such as placing orders without the need for repetitive form filling and accessing information about the order status, maintaining a purchase history;
   2. For the purpose of providing services that do not require the creation of an Account and the purchase of Goods, such as browsing the web pages of the Online Store, using the product search function, we process personal data related to your activity on the online store, such as data about the Goods you viewed, data about your device's session, operating system, browser, location, and unique ID, as well as your IP address;
   3. For the purpose of performing the sales agreement for Goods (e.g., delivering the ordered Goods), we process the personal data provided by you when purchasing Goods, such as your name, email address, phone number, address details, payment details. Your personal data is required for order fulfillment and executing the concluded agreement – specifically confirming its placement, reserving or dispatching the selected product to you, as well as, if necessary, contacting you in this regard;
   4. For the purpose of establishing, investigating, and enforcing claims and defending against claims in legal proceedings and other enforcement bodies, we may process your personal data provided when purchasing Goods or creating an Account, as well as other data necessary to prove the existence of a claim or required by legal obligation, court order, or other legal procedure;
   5. For the purpose of handling complaints, claims, and requests, as well as responding to customer inquiries, we process the personal data provided by you in the contact form, complaints, claims, and requests, or to answer questions in other forms. This may also include certain personal data provided by you in your Account, as well as data related to the ordered Goods and other services provided by us that are the subject of the complaint, claims, or request, and the data contained in the documents attached to the complaints, claims, and requests;
   6. For the purpose of fulfilling legal obligations arising from regulations, such as tax and accounting regulations, especially in the case of paid agreements;
   7. Engaging in correspondence with customers, including responding to customer messages.
   8. For statistical purposes, concerning the use of specific functionalities available in the Online Store, facilitating the use of the Online Store, and ensuring the IT security of the Online Store, we process personal data related to your activity on the Online Store, including the amount of time spent on each subpage, your search history, location, IP address, device ID, data about your internet browser and operating system;
   9. For the purpose of marketing our products, including remarketing, we process personal data provided by you when creating an Account and updating it, data related to your activity on the Online Store, including orders that are recorded and stored through cookies, especially order history, search history, clicks on the Online Store, login and registration dates, history and your activity related to our communication with you. In the case of remarketing, we use data about your activity to reach you with our marketing messages outside the Online Store and for this purpose, we utilize services provided by external vendors. These services involve displaying our messages on websites other than the Online Store.

Legal basis and data retention period

1. The legal basis for processing Customer's Personal Data is primarily the necessity of performing a contract of which the Customer is a party or the necessity of taking actions at the Customer's request before entering into a contract (Article 6(1)(b) of the GDPR). This pertains to Personal Data provided in the registration form when creating an Account, placing Orders, and entering into a Sales Agreement in the Online Store, as well as when subscribing to the newsletter. Similarly, in the case of Personal Data provided to us in relation to a Customer's claims, the legal basis for their processing is the necessity for performing/handling the sales contract of the advertised goods.
2. The Data Controller is authorized to process personal data in cases where, and to the extent that, at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Data Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data.
3. Personal data will be processed for the period necessary to fulfill orders, provide services, conduct marketing activities, and other services performed for the Customer. If the processing of Personal Data depends on the Customer's consent, the Personal Data may be processed until that consent is withdrawn.
4. Personal data can be deleted in the following cases:
   1. when the data subject requests their deletion or withdraws their consent;
   2. upon receiving information that the stored data is outdated or inaccurate;
   3. three years after the Customer's last activity within the Online Store;
   4. if they are related to cookies and similar technologies, through browser/device settings.
5. Some data, such as email address, first and last name, may be stored for an additional period of 3 years for evidential purposes, handling complaints, grievances, and claims related to services provided by the Online Store. These data may be used for the purpose of pursuing claims by the Data Controller or for pursuing or defending against claims by third parties, but will not be used for marketing purposes.
6. A longer storage period for Personal Data may also apply when legal regulations (such as accounting or tax laws) require the Data Controller to process them.
7. Data related to non-logged-in Customers is stored for a period corresponding to the lifecycle of cookies stored on devices or until they are deleted from the Customer's device by the Customer.

Data recipients – who we can disclose your data to

1. For the proper functioning of the Online Store, including the fulfillment of concluded Sales Agreements, it is necessary for the Data Controller to use the services of external entities, especially providers of technical, logistical, and financial services (such as carriers or intermediaries handling Order shipments or entities handling electronic payments). The Data Controller only utilizes services from such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR and protects the rights of the individuals whose data is being processed.
2. The list of recipients of Personal Data processed by the Data Controller is primarily determined by the scope of services that the Customer utilizes. The list of data recipients also results from the Customer's consent or legal regulations, and it is further specified based on the actions taken by the Customer in the Online Store.
3. The transfer of data by the Data Controller does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy. The Data Controller transfers data only when it is necessary to achieve a specific purpose of personal data processing and only to the extent necessary for its realization. For example, if a Customer opts for personal pickup, their data will not be shared with the carrier cooperating with the Data Controller.
4. Personal data of Service Recipients and Customers of the BRAVOMODA Online Store may be disclosed to the following recipients or categories of recipients:
   1. Carriers / entities handling warehousing and/or shipping processes - in the case of a Customer who selects delivery of the Product by postal mail or courier service in the BRAVOMODA Online Store, the Data Controller provides the collected personal data of the Customer to the chosen carrier or intermediary carrying out shipments on behalf of the Data Controller. If the shipment is dispatched from an external warehouse, the data may also be shared with the entity handling the warehouse and/or shipping process, to the extent necessary to fulfill the delivery of the Product to the Customer.
   2. Entities handling electronic and online payments or credit/debit card payments - in the case of a Customer who chooses to make payments through electronic means or credit/debit card in the BRAVOMODA Online Store, the Data Controller provides the collected personal data of the Customer to the selected entity handling the mentioned payments in the Online Store on behalf of the Data Controller. This is done to the extent necessary for processing the payment made by the Customer.
   3. Providers of accounting, legal and advisory services providing the Data Controller with accounting, legal or advisory support (including accounting firms, law firms, or debt collection agencies) – Data Controller provides the collected personal data of the Customer to the selected service provider acting on its behalf only in cases where it is necessary and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.
5. Depending on contractual agreements and circumstances, these entities either operate under our instructions or independently determine the purposes and methods of data processing.
6. Personal data may also be disclosed to state authorities (e.g., the President of the Office of Competition and Consumer Protection, the Inspector General for the Protection of Personal Data, the prosecutor's office, the police) if they request such information from us.

The rights of the person whose data is being processed - what rights do you have?

1. Under the General Data Protection Regulation (GDPR), every customer has the right to:
   1. request access to their personal data (including receiving information about the processed data);
   2. request correction of their personal data (e.g., if the data is incorrect);
   3. request erasure of their personal data (right to be forgotten);
   4. request restriction of the processing of personal data, including withdrawing any consent given to the Data Controller at any time, with the understanding that withdrawing consent does not affect processing carried out by the Administrator in accordance with the law before its withdrawal;
   5. request the transfer of personal data.
   6. raise objections to the processing of personal data;
   7. file complaints with the President of the Office for Personal Data Protection.
2. Right of access, rectification, restriction, erasure, or data portability - the individual whose data is processed has the right to request from the Data Controller access to their personal data, their rectification, erasure ("right to be forgotten"), or restriction of processing, and they also have the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the aforementioned rights are indicated in Articles 15-21 of the GDPR.
3. Right to withdraw consent at any time - the individual whose data is processed by the Data Controller based on given consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
4. Right to file a complaint with a supervisory authority - the individual whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, particularly the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
5. Right to object - the individual whose data is concerned has the right to object at any time, for reasons related to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public task or official authority) or (f) (legitimate interests of the data controller), including profiling based on these provisions. In such a case, the Data Controller is no longer allowed to process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the individual, or for the establishment, exercise, or defense of legal claims.
6. Right to object to personal data processing - if personal data is processed for the purposes of direct marketing, the individual whose data is concerned has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that it is related to such direct marketing.
7. To exercise the rights mentioned in this privacy policy, you can contact the Data Controller by sending a relevant message in writing or via email to the Data Controller’s address provided at the beginning of the privacy policy, or by using the contact form available on the website of the Internet Store.
8. The Data Controller will provide you with information about the actions taken in relation to your request without undue delay, and in any case within one month of receiving the request. If necessary, this one-month period may be extended by an additional two months due to the complexity of the request or the number of requests.
9. In any case, the Data Controller will inform you of such an extension within one month of receiving the request, providing the reasons for the delay.

Will commercial information be sent to you (e.g. to your e-mail address)?

1. The Data Controller has the technical capability to communicate with the Customer remotely, for example, by sending email messages.
2. Commercial and marketing information related to the business activities conducted by the Data Controller will only be sent based on the Customer's explicit consent.

Cookie policy

What are cookie files?

Cookies are text files stored on users' end devices (such as computers, phones, etc.) and are used for interacting with websites. These files allow the recognition of a user's device and the display of a website tailored to their individual preferences. "Cookies" typically contain the name of the website they originate from, the duration of their storage on the device, and a unique identifier. Detailed information about cookies, as well as their history, can be found, for example, here: https://en.wikipedia.org/wiki/HTTP_cookie.

What do we use cookies for?

Cookies are used in the HTTP protocol, which serves as a communication link between the web server and the browser. They consist of a key that specifies the name of the value, the value itself, and the expiration time after which the browser should delete the cookie. Their functions are mostly standard and aligned with browser settings. Cookies are used to facilitate the usage of the website, tailor its content including our offerings to user preferences, enhance usability, and personalize the content of internet websites.

What type of cookies do we use?

Two types of cookies are used – session cookies and persistent cookies. The former are temporary files that remain on the user's device until they log out of the website or close the software (web browser), after which they are automatically deleted from the user's device. "Persistent" files remain on the user's device for a duration defined in the parameters of the cookies or until manually deleted by the user. Cookies used by partners of the website operator are subject to their own privacy policies.

The "cookies" we use are primarily aimed at making it easier for users to interact with our website. For instance, they help in "remembering" information that has been provided once, so that users don't have to enter it every time. We also employ cookies that allow us to customize the presented content according to user preferences.

Privacy policy and cookies

When users interact with our website, we utilize cookies that enable the identification of the user's browser or device. Cookies gather various types of information, which generally do not constitute personal data (they do not allow for user identification).

Profiling

By using the technology of cookies on our website, it becomes possible to familiarize ourselves with users' preferences. For instance, through analyzing how frequently they visit our website or which products they most frequently view. Analyzing online behavior helps us gain a better understanding of users' habits and expectations, allowing us to tailor our offerings to their needs and interests.

The Data Controller may use profiling for the purpose of direct marketing in the Online Store, but the decisions made based on it by the Data Controller do not concern the conclusion or refusal to conclude a Sales Agreement, or the ability to use Digital Services in the Online Store. The result of using profiling in the Online Store could include actions such as granting a discount to a specific individual, sending them a discount code, reminding them of unfinished purchases, proposing a Product that may match the interests or preferences of that individual, or offering better terms compared to the standard Online Store offer. Despite the profiling, the individual retains the freedom to decide whether they wish to take advantage of the received discount or better terms and make a purchase in the Online Store.

Retargeting

Using cookies, we employ a technology that enables us to deliver advertising messages to users who have previously visited our website, on other websites they visit, including those belonging to entities collaborating with our partners. This is done to ensure that the message received by the user corresponds to their interests and needs identified through the analysis of their past behavior, based on cookie technology.

Third-Party Cookies

The cookies we use primarily aim to optimize the user experience while using our website. We also collaborate with other companies in terms of their marketing activities. For the purposes of this cooperation, the browser or other software installed on the user's device also stores cookies from entities engaged in such marketing activities.

Cookies sent by these third parties are intended to enhance the effectiveness of presenting advertisements to the user that correspond to their online activity. Third-party entities provide advertising content to users.

Therefore, when visiting our website, cookies from our partners are also stored on the user's computer or other device. This way, information about viewed or purchased products is collected.

As part of our marketing and analytical activities (statistical analysis), the Data Controller may utilize services from the following entities, which employ cookies in the Online Store:

• Google Analytics
• Google Ads
• Google TagManager
• Google Dynamic Retargeting
• Facebook Ads
• Facebook Dynamic Retargeting
• Facebook Pixel
• Facebook Messenger
• Freshmail

More information about cookies from the mentioned entities can be found in their privacy policies.

Deleting and Blocking Cookies

Consent for using cookies can be managed through the privacy settings of your web browser.

By default, web browsers or other software installed on your computer or device connected to the network allow certain types of cookies to be placed on that device. These settings can be changed to block the handling of cookies in your web browser settings or to be notified of their transmission to your device each time. This way, consent given to the use of this technology can be modified or withdrawn at any time (blocking the storage of cookies in the future).

It is also possible to block third-party cookies while accepting cookies directly from the website administrator.

Detailed information about the possibilities and methods of handling cookies is available in the settings of your specific web browser. For example, in Microsoft Edge, you can modify cookies through: Tools -> Internet Options -> Privacy; in Mozilla Firefox: Tools -> Options -> Privacy; and in Google Chrome: Settings -> Advanced -> Privacy -> Content Settings -> Cookies. The access paths may vary depending on the version of the browser you are using.

Detailed information about managing cookies on a mobile phone or other mobile device can be found in the user manual or operating instructions of that specific phone or mobile device.

Limiting the use of cookies may affect certain functionalities available on the website, such as the ability to maintain login sessions.

Please note that opting out of cookies will only apply to the specific browser. This means that the same actions will need to be taken for each other browser used on the same or different device.

Amendments to this policy

1. The continuous evolution of our services may lead to changes in how your personal data is processed compared with that described here. This privacy policy may therefore be subject to change over time if necessary due to the introduction of new data protection laws or any new developments or changes to our services. The Data Controller may change the Privacy Policy in the future for various reasons, including:
   1. changes in applicable regulations, especially regarding the protection of Personal Data, telecommunications law, digital services, and consumer rights, which may impact the rights and obligations of the Data Controller or the data subject;
   2. development of functionalities or Digital Services driven by the progress of internet technology, including the implementation of new technological or technical solutions that may impact the scope of the Policy;
2. With each change, a new version of the Policy will be presented with a new date.
3. The Online Store may contain links to other websites. The Administrator encourages you to review the privacy policy established on those websites after transitioning to them. This privacy policy applies only to the Data Controller’s Online Store.