Table of contents
- The Data Controller
- Security measures
- Purpose of data
- Legal basis and data retention period
- Data recipients – who we can disclose your data to
- The rights of the person whose data is being processed - what rights do you have?
- Will commercial information be sent to you?
- Amendments to this policy
- Using the BRAVOMODA Online Store, including making purchases, is voluntary. Similarly, providing personal data by customers using the BRAVOMODA Online Store is voluntary, with two exceptions:
- Legal obligations of the Data Controller - providing personal data is a legal requirement stemming from universally applicable legal regulations imposing on the Data Controller the duty to process personal data (e.g. processing data for tax or accounting purposes), and failure to provide them will prevent the Data Controller from fulfilling these obligations.
- The use of Goods and Services available on the website is not intended for children under the age of 16. The Data Controller does not intentionally collect data regarding children under the age of 16.
- In case of any doubts or discrepancies between the Policy and consents provided by an individual, regardless of the provisions of the Policy, the basis for decision-making and determining the scope of actions by the Data Controller will always be the consents voluntarily given or legal regulations.
The Data Controller - who is the Administrator of your data?
- The Data Controller (Administrator) of personal data collected through the BRAVOMODA Online Store is Beata Wójcik conducting business under the name BRAVOMODA Beata Wójcik, with its registered office at Bobrek-Kolonia 16, 26-804 Stromiec, registered in the Central Register and Information on Economic Activity (CEIDG) of the Republic of Poland maintained by the minister responsible for economy, currently the Minister of Economic Development, identified by Tax Identification Number (NIP): 798-138-37-76, and National Business Registry Number (REGON): 672-771-240 - hereinafter referred to as the "Administrator", „Data controller” or „Controller”, also acting as the Service Provider of the BRAVOMODA Online Store and Seller.
- In the event of your expression of additional consent, data obtained based on your online activity through technologies such as cookies may also be processed by our partners.
- Regarding your personal data, you can contact the Data Controller through:
- e-mail address: email@example.com
- The Data Controller stores correspondence for statistical purposes, as well as for the best and quickest response to inquiries and resolving complaints. The data collected in this manner will not be used for communication purposes other than fulfilling the reported issue.
- In the event of contacting the Data Controller to perform specific actions (such as submitting a product warranty claim form), the Data Controller may request the individual to provide information, including personal data such as name, email address, etc., in order to confirm their identity and facilitate further communication regarding the matter and carry out the requested action. Providing this information is not mandatory but may be necessary to complete the requested action or obtain the information that concerns the individual.
Security measures - how do we protect your data?
- Personal data in the BRAVOMODA Online Store is processed by the Data Controller in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, page 1) (hereinafter also referred to as "GDPR") and other currently applicable laws, throughout the entire period of processing of specified data, as defined by the provisions of personal data protection law.
- Taking into account the nature, scope, context, and purposes of data processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller implements appropriate technical and organizational measures to ensure that the processing complies with this Regulation and to be able to demonstrate such compliance. These measures are subject to periodic reviews and updates as needed.
- The technical measures implemented by the Data Controller to prevent unauthorized acquisition and modification of personal data transmitted digitally, as well as to ensure the protection of processed personal data, include: SSL Certificate; securing the data collection against unauthorized access; encryption of data used for authorizing individuals using the Online Store functionality; access to the Account only after providing an individual login and password.
- The Data Controller takes special care to protect the interests of individuals whose data is concerned, ensuring that the collected data is:
- processed lawfully, fairly, and transparently for the data subject;
- collected for specific, explicit, and lawful purposes, not further processed in a manner that is incompatible with those purposes;
- adequate, relevant, and limited to what is necessary for the purposes they are processed;
- accurate and updated when necessary;
- stored in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data is processed;
- processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures.
Purpose of data - for what purposes the collected data is being processed?
- Each time, the purpose, legal basis, processing period, and recipients of personal data processed by the Data Controller are derived from the actions taken by the respective Service Recipient or Customer in the Online Store or by the Data Controller. For instance, if a Customer decides to make a purchase in the Online Store and chooses personal pickup of the purchased Product instead of courier delivery, their personal data will be processed for the purpose of fulfilling the concluded Sales Agreement, but will not be shared with the carrier responsible for deliveries on behalf of the Data Controller.
- Possible purposes of processing Customers' Personal Data by the Data Controller include, in particular:
- Entering into and performing the Service Agreement (Account) or taking actions at the request of a prospective Customer prior to its conclusion, we process data for the purpose of managing your Account, allowing you to use functionalities such as placing orders without the need for repetitive form filling and accessing information about the order status, maintaining a purchase history;
- For the purpose of providing services that do not require the creation of an Account and the purchase of Goods, such as browsing the web pages of the Online Store, using the product search function, we process personal data related to your activity on the online store, such as data about the Goods you viewed, data about your device's session, operating system, browser, location, and unique ID, as well as your IP address;
- For the purpose of performing the sales agreement for Goods (e.g., delivering the ordered Goods), we process the personal data provided by you when purchasing Goods, such as your name, email address, phone number, address details, payment details. Your personal data is required for order fulfillment and executing the concluded agreement – specifically confirming its placement, reserving or dispatching the selected product to you, as well as, if necessary, contacting you in this regard;
- For the purpose of establishing, investigating, and enforcing claims and defending against claims in legal proceedings and other enforcement bodies, we may process your personal data provided when purchasing Goods or creating an Account, as well as other data necessary to prove the existence of a claim or required by legal obligation, court order, or other legal procedure;
- For the purpose of handling complaints, claims, and requests, as well as responding to customer inquiries, we process the personal data provided by you in the contact form, complaints, claims, and requests, or to answer questions in other forms. This may also include certain personal data provided by you in your Account, as well as data related to the ordered Goods and other services provided by us that are the subject of the complaint, claims, or request, and the data contained in the documents attached to the complaints, claims, and requests;
- For the purpose of fulfilling legal obligations arising from regulations, such as tax and accounting regulations, especially in the case of paid agreements;
- Engaging in correspondence with customers, including responding to customer messages.
- For statistical purposes, concerning the use of specific functionalities available in the Online Store, facilitating the use of the Online Store, and ensuring the IT security of the Online Store, we process personal data related to your activity on the Online Store, including the amount of time spent on each subpage, your search history, location, IP address, device ID, data about your internet browser and operating system;
- For the purpose of marketing our products, including remarketing, we process personal data provided by you when creating an Account and updating it, data related to your activity on the Online Store, including orders that are recorded and stored through cookies, especially order history, search history, clicks on the Online Store, login and registration dates, history and your activity related to our communication with you. In the case of remarketing, we use data about your activity to reach you with our marketing messages outside the Online Store and for this purpose, we utilize services provided by external vendors. These services involve displaying our messages on websites other than the Online Store.
Legal basis and data retention period
- The legal basis for processing Customer's Personal Data is primarily the necessity of performing a contract of which the Customer is a party or the necessity of taking actions at the Customer's request before entering into a contract (Article 6(1)(b) of the GDPR). This pertains to Personal Data provided in the registration form when creating an Account, placing Orders, and entering into a Sales Agreement in the Online Store, as well as when subscribing to the newsletter. Similarly, in the case of Personal Data provided to us in relation to a Customer's claims, the legal basis for their processing is the necessity for performing/handling the sales contract of the advertised goods.
- The Data Controller is authorized to process personal data in cases where, and to the extent that, at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Data Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data.
- Personal data will be processed for the period necessary to fulfill orders, provide services, conduct marketing activities, and other services performed for the Customer. If the processing of Personal Data depends on the Customer's consent, the Personal Data may be processed until that consent is withdrawn.
- Personal data can be deleted in the following cases:
- when the data subject requests their deletion or withdraws their consent;
- upon receiving information that the stored data is outdated or inaccurate;
- three years after the Customer's last activity within the Online Store;
- if they are related to cookies and similar technologies, through browser/device settings.
- Some data, such as email address, first and last name, may be stored for an additional period of 3 years for evidential purposes, handling complaints, grievances, and claims related to services provided by the Online Store. These data may be used for the purpose of pursuing claims by the Data Controller or for pursuing or defending against claims by third parties, but will not be used for marketing purposes.
- A longer storage period for Personal Data may also apply when legal regulations (such as accounting or tax laws) require the Data Controller to process them.
- Data related to non-logged-in Customers is stored for a period corresponding to the lifecycle of cookies stored on devices or until they are deleted from the Customer's device by the Customer.
|Purpose of data processing||Legal basis||Data retention period|
|Execution of a Sales Agreement or an agreement for the provision of Digital Services or taking actions at the request of the data subject prior to the conclusion of the aforementioned agreements.||Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract.||The data is stored for a period necessary for the performance, termination, or expiration in any other way of the concluded Sales Agreement or agreement for the provision of Digital Services.|
|Marketing.||Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the Data Controller.||The data is stored until the consent of the individual to whom the data pertains is withdrawn for further processing of their data for this purpose.|
|Direct marketing.||Article 6(1)(f) of the GDPR (legitimate interests of the data controller) – processing is necessary for the purposes of the legitimate interests pursued by the Data Controller – consisting of safeguarding the interests and good reputation of the Data Controller, their Online Store, and aiming at the sale of Products.||The data is stored for the period of existence of the legitimate interest pursued by the Data Controller, but no longer than the statute of limitations period for claims of the Data Controller against the data subject arising from the business activities conducted by the Data Controller. The statute of limitations period is determined by the provisions of the law, in particular the Civil Code (the basic statute of limitations period for claims related to business activities is three years, and for Sales Agreements, two years). The Data Controller cannot process data for direct marketing purposes if an effective objection is raised in this regard by the data subject.|
|Expressing customer opinions about a concluded Sales Agreement.||Article 6(1)(a) of the GDPR - the individual whose data is concerned has given consent to the processing of their personal data for the purpose of expressing opinions.||The data is stored until the person whose data is concerned withdraws their consent for further processing of their data for this purpose.|
|Maintaining tax records||Article 6(1)(c) of the GDPR in conjunction with Article 86(1) of the Tax Ordinance, i.e. of January 17, 2017 (Journal of Laws of 2017, item 201) – processing is necessary for compliance with a legal obligation to which the Controller is subject.||The data is stored for the period required by legal regulations obligating the Controller to keep tax records (until the expiration of the statute of limitations for the tax liability, unless tax laws provide otherwise).|
|Determining, pursuing, or defending claims that the Controller may raise or that may be raised against the Controller.||Article 6(1)(f) of the GDPR (legitimate interests of the controller) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This includes the determination, pursuit, or defense of claims that the Data Controller may raise or that may be raised against the Data Controller.||The data is stored for the duration of the existence of the legally justified interest pursued by the Data Controller, but not longer than the limitation period for claims that may be raised against the Data Controller (the basic limitation period for claims against the Data Controller is six years).|
|Using the Online Store website and ensuring its proper functioning.||Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the controller – consisting in the operation and maintenance of the Online Store website.||The data will be stored for the duration of the legitimate interest pursued by the Data Controller, but no longer than the statute of limitations for claims by the Data Controller against the data subject arising from the Data Controller's business activities. The period of limitation is determined by the law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for Sales Agreements - two years).|
|Keeping statistics and analyzing traffic in the Online Store.||Article 6(1)(f) of the GDPR (legitimate interests of the data controller) – processing is necessary for the purposes of the legitimate interests pursued by the data controller – including conducting statistics and analyzing traffic on the Online Store's website for the purpose of improving the functioning of the Online Store and increasing the sales of Products.||The data will be stored for the duration of the legitimate interest pursued by the Data Controller, but no longer than the period of limitation of claims held by the Data Controller against the person whose data it concerns, resulting from the conducted business activity of the controller. The limitation period is determined by the provisions of the law, in particular the Civil Code (the basic limitation period for claims related to conducting business activity is three years, and for Sales Agreements - two years).|
Data recipients – who we can disclose your data to
- For the proper functioning of the Online Store, including the fulfillment of concluded Sales Agreements, it is necessary for the Data Controller to use the services of external entities, especially providers of technical, logistical, and financial services (such as carriers or intermediaries handling Order shipments or entities handling electronic payments). The Data Controller only utilizes services from such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR and protects the rights of the individuals whose data is being processed.
- The list of recipients of Personal Data processed by the Data Controller is primarily determined by the scope of services that the Customer utilizes. The list of data recipients also results from the Customer's consent or legal regulations, and it is further specified based on the actions taken by the Customer in the Online Store.
- Personal data of Service Recipients and Customers of the BRAVOMODA Online Store may be disclosed to the following recipients or categories of recipients:
- Carriers / entities handling warehousing and/or shipping processes - in the case of a Customer who selects delivery of the Product by postal mail or courier service in the BRAVOMODA Online Store, the Data Controller provides the collected personal data of the Customer to the chosen carrier or intermediary carrying out shipments on behalf of the Data Controller. If the shipment is dispatched from an external warehouse, the data may also be shared with the entity handling the warehouse and/or shipping process, to the extent necessary to fulfill the delivery of the Product to the Customer.
- Entities handling electronic and online payments or credit/debit card payments - in the case of a Customer who chooses to make payments through electronic means or credit/debit card in the BRAVOMODA Online Store, the Data Controller provides the collected personal data of the Customer to the selected entity handling the mentioned payments in the Online Store on behalf of the Data Controller. This is done to the extent necessary for processing the payment made by the Customer.
- Depending on contractual agreements and circumstances, these entities either operate under our instructions or independently determine the purposes and methods of data processing.
- Personal data may also be disclosed to state authorities (e.g., the President of the Office of Competition and Consumer Protection, the Inspector General for the Protection of Personal Data, the prosecutor's office, the police) if they request such information from us.
The rights of the person whose data is being processed - what rights do you have?
- Under the General Data Protection Regulation (GDPR), every customer has the right to:
- request access to their personal data (including receiving information about the processed data);
- request correction of their personal data (e.g., if the data is incorrect);
- request erasure of their personal data (right to be forgotten);
- request restriction of the processing of personal data, including withdrawing any consent given to the Data Controller at any time, with the understanding that withdrawing consent does not affect processing carried out by the Administrator in accordance with the law before its withdrawal;
- request the transfer of personal data.
- raise objections to the processing of personal data;
- file complaints with the President of the Office for Personal Data Protection.
- Right of access, rectification, restriction, erasure, or data portability - the individual whose data is processed has the right to request from the Data Controller access to their personal data, their rectification, erasure ("right to be forgotten"), or restriction of processing, and they also have the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the aforementioned rights are indicated in Articles 15-21 of the GDPR.
- Right to withdraw consent at any time - the individual whose data is processed by the Data Controller based on given consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to file a complaint with a supervisory authority - the individual whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, particularly the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
- Right to object - the individual whose data is concerned has the right to object at any time, for reasons related to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public task or official authority) or (f) (legitimate interests of the data controller), including profiling based on these provisions. In such a case, the Data Controller is no longer allowed to process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the individual, or for the establishment, exercise, or defense of legal claims.
- Right to object to personal data processing - if personal data is processed for the purposes of direct marketing, the individual whose data is concerned has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that it is related to such direct marketing.
- The Data Controller will provide you with information about the actions taken in relation to your request without undue delay, and in any case within one month of receiving the request. If necessary, this one-month period may be extended by an additional two months due to the complexity of the request or the number of requests.
- In any case, the Data Controller will inform you of such an extension within one month of receiving the request, providing the reasons for the delay.
Will commercial information be sent to you (e.g. to your e-mail address)?
- The Data Controller has the technical capability to communicate with the Customer remotely, for example, by sending email messages.
- Commercial and marketing information related to the business activities conducted by the Data Controller will only be sent based on the Customer's explicit consent.
What are cookie files?
Cookies are text files stored on users' end devices (such as computers, phones, etc.) and are used for interacting with websites. These files allow the recognition of a user's device and the display of a website tailored to their individual preferences. "Cookies" typically contain the name of the website they originate from, the duration of their storage on the device, and a unique identifier. Detailed information about cookies, as well as their history, can be found, for example, here: https://en.wikipedia.org/wiki/HTTP_cookie.
Cookies are used in the HTTP protocol, which serves as a communication link between the web server and the browser. They consist of a key that specifies the name of the value, the value itself, and the expiration time after which the browser should delete the cookie. Their functions are mostly standard and aligned with browser settings. Cookies are used to facilitate the usage of the website, tailor its content including our offerings to user preferences, enhance usability, and personalize the content of internet websites.
What type of cookies do we use?
Two types of cookies are used – session cookies and persistent cookies. The former are temporary files that remain on the user's device until they log out of the website or close the software (web browser), after which they are automatically deleted from the user's device. "Persistent" files remain on the user's device for a duration defined in the parameters of the cookies or until manually deleted by the user. Cookies used by partners of the website operator are subject to their own privacy policies.
The "cookies" we use are primarily aimed at making it easier for users to interact with our website. For instance, they help in "remembering" information that has been provided once, so that users don't have to enter it every time. We also employ cookies that allow us to customize the presented content according to user preferences.
When users interact with our website, we utilize cookies that enable the identification of the user's browser or device. Cookies gather various types of information, which generally do not constitute personal data (they do not allow for user identification).
By using the technology of cookies on our website, it becomes possible to familiarize ourselves with users' preferences. For instance, through analyzing how frequently they visit our website or which products they most frequently view. Analyzing online behavior helps us gain a better understanding of users' habits and expectations, allowing us to tailor our offerings to their needs and interests.
The Data Controller may use profiling for the purpose of direct marketing in the Online Store, but the decisions made based on it by the Data Controller do not concern the conclusion or refusal to conclude a Sales Agreement, or the ability to use Digital Services in the Online Store. The result of using profiling in the Online Store could include actions such as granting a discount to a specific individual, sending them a discount code, reminding them of unfinished purchases, proposing a Product that may match the interests or preferences of that individual, or offering better terms compared to the standard Online Store offer. Despite the profiling, the individual retains the freedom to decide whether they wish to take advantage of the received discount or better terms and make a purchase in the Online Store.
Using cookies, we employ a technology that enables us to deliver advertising messages to users who have previously visited our website, on other websites they visit, including those belonging to entities collaborating with our partners. This is done to ensure that the message received by the user corresponds to their interests and needs identified through the analysis of their past behavior, based on cookie technology.
The cookies we use primarily aim to optimize the user experience while using our website. We also collaborate with other companies in terms of their marketing activities. For the purposes of this cooperation, the browser or other software installed on the user's device also stores cookies from entities engaged in such marketing activities.
Cookies sent by these third parties are intended to enhance the effectiveness of presenting advertisements to the user that correspond to their online activity. Third-party entities provide advertising content to users.
Therefore, when visiting our website, cookies from our partners are also stored on the user's computer or other device. This way, information about viewed or purchased products is collected.
As part of our marketing and analytical activities (statistical analysis), the Data Controller may utilize services from the following entities, which employ cookies in the Online Store:
- Google Analytics
- Google Ads
- Google TagManager
- Google Dynamic Retargeting
- Facebook Ads
- Facebook Dynamic Retargeting
- Facebook Pixel
- Facebook Messenger
More information about cookies from the mentioned entities can be found in their privacy policies.
Deleting and Blocking Cookies
Consent for using cookies can be managed through the privacy settings of your web browser.
By default, web browsers or other software installed on your computer or device connected to the network allow certain types of cookies to be placed on that device. These settings can be changed to block the handling of cookies in your web browser settings or to be notified of their transmission to your device each time. This way, consent given to the use of this technology can be modified or withdrawn at any time (blocking the storage of cookies in the future).
It is also possible to block third-party cookies while accepting cookies directly from the website administrator.
Detailed information about the possibilities and methods of handling cookies is available in the settings of your specific web browser. For example, in Microsoft Edge, you can modify cookies through: Tools -> Internet Options -> Privacy; in Mozilla Firefox: Tools -> Options -> Privacy; and in Google Chrome: Settings -> Advanced -> Privacy -> Content Settings -> Cookies. The access paths may vary depending on the version of the browser you are using.
Detailed information about managing cookies on a mobile phone or other mobile device can be found in the user manual or operating instructions of that specific phone or mobile device.
Please note that opting out of cookies will only apply to the specific browser. This means that the same actions will need to be taken for each other browser used on the same or different device.
Amendments to this policy
- changes in applicable regulations, especially regarding the protection of Personal Data, telecommunications law, digital services, and consumer rights, which may impact the rights and obligations of the Data Controller or the data subject;
- development of functionalities or Digital Services driven by the progress of internet technology, including the implementation of new technological or technical solutions that may impact the scope of the Policy;
- With each change, a new version of the Policy will be presented with a new date.