Privacy & Cookie Policy
The information contained in this Policy is of a general nature. Detailed information on the processing of specific personal data will be made available in the content of an information clause placed in a visible and easily accessible place each time such data is collected.
Table of Contents:
1. Personal Data Controller
2. Contact in matters relating to the processing of personal data
3. Legal basis of data processing
4. Origin of data
5. Type of personal data processed
6. Purpose of data processing
7. Transfer of personal data
8. The duration of personal data processing
9. Automatic processing and profiling
10. Your rights in relation to your own personal data
11. How do we secure your data?
12. Supervisory authority and complaints
1 Personal Data Controller
Soligrano limited liability company, limited partnership (collectively referred to as ”Soligrano”, “we”, “us” or “our” in this privacy notice) is the Controller and is responsible for your personal information.
Soligrano limited liability company, limited partnership has its registered office at: ul. 20 Wroclawska, 95-082 Dobroń, Poland.
Soligrano limited liability company, limited partnership is registered by the District Court for Łódź-Śródmieście in Łódź, XX Commercial Division of the National Court Register under number 0000595786, NIP: 731-205-05-08, REGON: 36347185300000, BDO: 000022637.
2 Contact in matters related to the processing of personal data
You can contact the Controller:
– at its registered office ul. 20 Wrocławska, 95-082 Dobroń, Poland
or
– at the following email address: biuro@soligrano.pl.
Monika Dregier serves as our Data Protection Officer. You can contact her at rodo@soligrano.com
3 Legal basis for data processing
The Controller conducts the processing of personal data on the basis of the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2019, item 1781), hereinafter referred to as the Act, and pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the Regulation.
Pursuant to Article 6(1)(a) and (b) of the Regulation, the processing of personal data is lawful where:
– the data subject has given consent to the processing of his/her personal data for one or more specific purposes (point a), or
– the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (point b).
In addition, the processing of personal data may be necessary for compliance with legal obligations incumbent on the Controller, e.g. in a situation where pursuant to tax and accounting regulations, the Controller settles sales agreements concluded with the Customers (Article 6(1)(c) of the Regulation).
In the case of data processing for marketing purposes, the legal basis for such processing is provided by Article 6(1)(f) of the Regulation – the purposes of the legitimate interests pursued by the Controller.
4 Origin of Data
Personal data is collected by the Controller only in connection with its legitimate interests.
Legitimate interest means the interest of our comapny in conducting and managing our business to enable us to give you the best service/product and the best and most secure user experience.
Providing personal data by the buyer while using the services of the Internet store is voluntary, but it is necessary in order to use the store services, specifically for registering a customer account, placing orders, purchasing products, subscribing to a newsletter, or using a contact form.
5 Types of personal data processed
The Controller may collect, use, store and transfer different kinds of personal data. In particular, the Controller may process:
– Personal data entered by the buyer when registering a customer account and placing an order: their name and surname, e-mail address, contact telephone number, delivery address (street, house number, apartment number, postal code, city, country), residence/business/office address – if different from the delivery address, bank account number, and in the case of Buyers who are not individual consumers – their company and tax identification number;
– Personal data provided in order to contact the customer service team or when making a complaint: name, surname, e-mail address, contact telephone number.
6 Purpose of personal data processing
Customers’ personal data is processed by the Controller in order to:
a) enter into and perform the contract,
b) contact a Customer in relation to the handling of a contract;
c) handle complaints submitted by Customers,
d) contact for purposes related to permitted marketing activities,
e) fulfil statutory obligations incumbent on the Controller,
f) establish, assert or defend claims to which the Controller is entitled,
g) for data archiving purposes.
7 Transfer of personal data
The data shall be processed by the Controller and our trusted partners:
– our producer, OrganikAgro Foods Sp. z o.o. SKA, with its registered office in Warsaw, KRS 0000420911;
– our accounting company, CEDEPE Sp. z o.o. SKA, with its registered office in Warsaw, KRS 0000431131;
– providers of hosting or data communication services;
– providers of delivery services;
– entities handling electronic payments or credit card payments at the internet shop;
– companies servicing the shop’s software;
– companies supporting the Controller in its marketing campaigns;
– providers of legal and consulting services.
The processing of personal data by the above-mentioned entities may be conducted solely to the extent necessary for the purposes specified in section 6 above.
The processing of personal data by the Controller and its trusted partners listed above shall be conducted on the basis of agreements that ensure compliance with the terms of processing within the Regulation and the Act.
Personal data may also be provided to public authorities entitled to receive it on the basis of separate regulations (for example the Police, the Prosecutor’s Office, Customs and Tax Authorities).
Personal data will not be transferred outside the European Economic Area.
8 Duration of personal data processing
If the processing of personal data depends on the buyer’s consent, personal data is processed until such consent is revoked. After the buyer revokes their consent to data processing, personal data can be processed until the expiration of the period of limitation of claims, as determined by the Civil Code.
In other cases, personal data may be processed:
– for the period of the buyer’s use of the internet shop, and also for a period of three years from the last activity of the customer within the internet shop;
– in the case of permitted marketing activities until the customer raises an objection, and in the case of their connection with cookies, until the removal of these files via the browser settings;
– for the period in which the Controller is obliged to process it in accordance with the applicable law (for example for accounting or tax purposes);
– for a period of 10 years from the date of termination of the contract: for fraud prevention, and the detection of fraudulent activities;
– for a period of up to 10 years from the date of termination of the contract: for statistical and analytical purposes.
9 Automated processing and profiling
We do not process personal data in an automated manner, including through profiling in order to match the content of the website and the store’s offer to the personal preferences and interests of customers.
10 Cookies
A cookie is a small piece of data sent by a server and stored on the buyer’s, or visitor’s device (usually on a computer’s hard drive or in the memory of a mobile device).
Cookies store information that the online store may need to adapt to the buyer’s, or visitor’s use of the online store and to collect statistical data about the online store and data about the domain name of the Internet service provider or the visitor’s country of origin.
Our internet shop uses cookies in order to provide buyers, or visitors with maximum comfort while using the shop, as well as for statistical purposes and in order to match the advertising content with the visitor’s interests.
During a visit to the shop, data concerning visitor’s activity in the shop can be collected automatically.
When a visitor or a buyer uses our shop, cookies are used to identify their browser or device.
Cookies collect various types of information, which as a rule, do not constitute personal data (i.e. it is not possible to identify individual people on the basis of information collected by such cookies).
However, some information collected by cookies, depending on their content and manner of use, may be associated with a specific person and thus be considered personal data (for example, it is possible to attribute certain behaviours to a specific person by linking them to the data provided by him/her during the registration of an account in the online store).
In relation to information collected by cookies that can be linked to a specific person, the provisions of the Policy relating to personal data shall apply, including those relating to the rights of the data subject.
Information concerning data collected by cookies is also made available in the content of an information clause, placed in a visible and easily accessible place during the first visit to our website.
Obtaining and storing information using cookies is possible based on the visitor’s consent.
By default, web browsers or other software installed on a computer or other device connected to the Internet allow cookies to be placed on such a device and thus collect information about visitors.
You may modify or revoke your consent to the use of cookies, including those of our partners, at any time in your web browser settings or through our consent forms. Please note, however, that some parts of the website may not function properly if you withdraw your consent to the use of cookies.
Withdrawal of consent does not affect the lawfulness of processing conducted prior to the withdrawal (detailed information on how to withdraw consent is presented later in this Policy). The basis for processing such data is the Controller’s legitimate interest: 1) the need to ensure the highest quality of the content presented by the Controller by adjusting it to the visitors’ preferences, and 2) marketing – including direct marketing – of the Controller’s products and services.
The main purpose of cookies is to make it easier for visitors to use the internet shop (for example by storing the information given once so that users do not have to provide it each time), as well as to adjust the content, including the advertisements presented, to the visitors’ preferences.
Cookies are also used to increase the usefulness of the content of the internet shop, including the display of advertisements, offers or promotions (discounts) dedicated to a given visitor according to his/her interests. (This applies only if he/she is of age and has given his/her consent to such an action).
Cookies used in the internet shop allow the Controller to get to know the visitor’s preferences (for example, by analysing how often he/she visits the shop). The analysis of Internet behaviour helps us to better understand the habits and expectations of the visitors and to adapt our website to their needs and interests. Thanks to this technology, it is possible to present visitors with advertisements tailored to their needs and interests.
The visitor may object to the actions of the Controller described above. The visitor may withdraw their consent, including for the display of dedicated advertisements, offers or promotions (discounts) tailored to his/her preferences at any time. Such withdrawal will not affect the legality of the processing that was carried out on the basis of consent prior to its withdrawal.
Cookies used in our website are not harmful either for the visitor or for the computer/end device used by the visitor, therefore we recommend not disabling them in browsers.
There are two types of cookies used in our shop: 1) session cookies, which remain saved on the visitor’s computer or mobile device until logging out of the website or closing the software (web browser), and 2) permanent cookies, which remain on the visitor’s device for the time specified in the parameters of the cookies or until they are manually deleted in the web browser.
Cookies used in the Internet Shop and their storage time;
|
Cookie |
Domain |
Description |
Duration |
|
test_cookie |
.doubleclick.net |
This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user’s browser supports cookies. |
15 minutes |
|
_fbp |
.soligrano.pl |
This cookie is set by Facebook to deliver advertisements when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website. |
3 months |
|
fr |
.facebook.com |
The cookie is set by Facebook to show relevant advertisements to the users and measure and improve the advertisements. The cookie also tracks the user’s behaviour across the web on sites that have the Facebook pixel or Facebook social plug-in. |
3 months |
|
_ga |
.soligrano.pl |
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, and campaign data as well as keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
2 years |
|
_gid |
.soligrano.pl |
This cookie is installed by Google Analytics. The cookie is used to store information about how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected includes the number visitors, the source where they have come from, and the pages visited in an anonymous form. |
1 day |
|
__cfduid |
.tawk.to |
The cookie is used by services such as CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. |
1 month |
|
SERVERID |
secure.przelewy24.pl |
This cookie is used to assign the user to a specific server, thus to provide an improved and faster server time. It remembers which server had delivered the last page on to the browser. It also helps in load balancing. |
|
|
wp_woocommerce_session |
.soligrano.pl |
Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. |
2 days |
|
_gat_gtag_UA |
.soligrano.pl |
This is a Google Analytics cookie which Identifies unique visitors and tracks a visitor’s sessions on a site |
1 minute |
|
_gat |
.soligrano.pl |
This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. |
1 minute |
The visitor can change the way we use cookies by managing the consents given as part of the privacy settings on our website or through the browser, including blocking or deleting those from the online store (and other websites). To do this, you need to change your browser settings. The method of the deletion varies depending on the web browser you use. Information on how to delete cookies should be located in the “Help” tab of your web browser. Deleting cookies is not the same as deleting Personal Data by the Controller obtained through cookies.
Detailed information about managing cookies on a cell phone or other mobile device can be found in the user manual for a given phone or mobile device.
Restricting the use of cookies on a given device prevents or significantly hinders the proper use of our shop (for example, it may result in the inability to maintain a log-in session).
11 How we safeguard your data
The Controller takes special care to protect the interests of data subjects:
a) personal data shall be processed lawfully, fairly, and in a manner transparent to the data subject;
b) data shall only be processed for specific, explicit, and legitimate purposes;
c) the data processed by the Controller is adequate for the purposes for which the processing takes place;
d) the Controller shall apply appropriate technical and organizational measures to protect the data processed by them against accidental loss, destruction, or damage.
12 Your rights in relation to your own personal data
The visitor has the right to:
(a) access the personal data concerning him/her, including obtaining a copy of the personal data being processed. The right to obtain a copy may not adversely affect the rights and freedoms of others,
b) to correct and complete his/her data in case of any inaccuracy or outdatedness,
(c) to erase the data,
(d) to restrict the processing in the following cases:
– the data subject questions the accuracy of the personal data (allowing the controller to verify the accuracy of the data).
– the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead that the processing be restricted,
– The controller no longer needs the personal data for the purposes of the processing, but the data is needed by the data subject to establish, assert or defend a claim.
(e) the data subject shall have the right to receive, in a structured, commonly used machine-readable format, the personal data concerning him or her which he or she has provided to the Controller, and shall have the right to transmit such personal data to another controller without hindrance from the Controller to whom the personal data has been provided
(f) not to be subject to automated decision-making, including profiling.
g) object to the processing of personal data where the processing relates to statistical purposes or is carried out on the basis of the legitimate legal interest of the Controller, and the objection is justified by the particular situation of the person.
h) lodge a complaint with the President of the Office for Personal Data Protection.
All requests concerning the exercise of the above-mentioned rights should be addressed to the Controller:
– by e-mail: rodo@soligrano.com
– by traditional mail: SOLIGRANO, ul.Wrocławska 20, 95-082 Dobroń, Poland
– or in person: at the Controller’s place of business.
The Controller shall provide information on actions taken regarding all requests without undue delay, within one month of receiving the request. In the case of extenuating circumstances (e.g. the number of requests or complexity of the application) the deadline may be extended by another 2 months. The Controller shall inform the data subject about the reasons for the delay and the extension of the deadline within one month.
The Controller’s refusal to act may be appealed against to the supervisory authority.
13 Supervisory authority and Complaints
In connection with the processing of personal data, any person has the right to lodge a complaint against an action or omission of the Controller to the supervisory authority, which is:
President of the Office for Personal Data Protection
Stawki 2, 00-193 Warsaw, Poland
Tel. 22 531 03 00
Fax. 22 531 03 01
Office hours: Monday-Friday 8.00 – 16.00
Contact Centre: 606 950 000
Website: www.uodo.gov.pl
