Privacy Policy
General information
This document defines the principles of the privacy policy in the Online Store (hereinafter referred to as the "Online Store"). The Administrator of the Online Store is Stefano Storto conducting business activity under the name REGINA BONA STEFANO STORTO , entered into the Central Register and Information on Business Activity kept by the Minister of Entrepreneurship and Technology at UL. Nowy Świat 33/13, Warsaw, 00-029, NIP 521887631, REGON 524736474.
The words written in capital letters have the meaning assigned to them in the regulations of this Online Store.
Personal data collected by the Online Store Administrator are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1), hereinafter referred to as "GDPR".
The Administrator of the Online Store takes special care to protect the privacy and information provided to him regarding the Customers of the Online Store.
The Administrator selects and applies appropriate technical measures, including programming and organisational measures, to ensure the protection of processed data, in particular by securing data against making it available to unauthorised persons, disclosure, loss, destruction, unauthorised modification, as well as against its processing in violation of applicable law.
Persons under 16 years of age are not entitled to use the Goods and Services available on the website.
The personal data administrator does not envisage the intentional collection of data relating to persons under 16 years of age.
Personal data
Personal Data Administrator
The administrator of your personal data is: REGINA BONA STEFANO STORTO Nowy Świat 33/13, 00-029 Warsaw, Poland
In matters concerning your personal data, you can contact the Personal Data Administrator via:
- E-mail address: sklep@reginabona.com
- Traditional mail: Nowy Świat 33/13, 00-029 Warsaw, Poland
Data Protection Officer (DPO)
The IOD is in the process of being appointed due to evolving legal regulations. The Personal Data Administrator has appointed a Data Protection Officer (DPO), whom you can contact regarding the protection of your personal data via:
Purposes and legal basis for processing personal data
The personal data administrator processes your personal data for the following purposes and to the extent:
- In order to take action before concluding a contract at your request (e.g. setting up an account), i.e. data provided in the registration form in the Online Store, i.e. e-mail address and set password, gender; if the Account is registered via an external authentication service (e.g. Google+, Facebook), we collect your name and surname, and if you register when purchasing Goods, we collect your name and surname and data provided for the execution of the order, such as shipping address; in order to provide Services requiring the setting up of an Account, such as managing order history, informing about the status of the order, we process your data provided in the Account and when purchasing Goods;
- In order to provide Services that do not require the creation of an Account and the purchase of Goods, i.e. browsing the websites of the Online Store, searching for products, we process personal data relating to your activity in the Online Store, i.e. data relating to the Goods you browse, data relating to the session of your device, operating system, browser, location and unique identifier, IP address;
- In order to execute the contract for the sale of Goods (e.g. delivery of the ordered Goods), we process the personal data provided by you when purchasing the Goods, such as your name and surname, e-mail address, address details, payment details and, in the case of a purchase via an Account, an additional password;
- In order to keep statistics on the use of the functionalities available in the Online Store, to facilitate the use of the Online Store and to ensure the IT security of the Online Store, we process personal data relating to your activity in the Online Store and the amount of time spent on each subpage of the Online Store, your search history, location, IP address, device ID, data relating to your web browser and operating system;
- In order to establish, pursue and enforce claims and defend against claims in court proceedings and through other enforcement bodies, we may process your personal data provided when purchasing Goods or setting up an Account and other data necessary to prove the existence of a claim or resulting from a legal requirement, court order or other legal proceeding;
- In order to process complaints, inquiries and requests, we process the personal data provided by you in the contact form, complaints, inquiries or to answer questions in another form, as well as some of the personal data provided by you in the Account, as well as data relating to the order of Goods and other Services provided by us, which are the reason for the complaint, inquiry or request, as well as data contained in documents attached to complaints, inquiries and requests;
- For the purpose of marketing our Goods and Services and our customers and partners, including remarketing, we process personal data provided by you when creating and updating your Account, data on your activity in the Online Store, including orders that are registered and stored via cookies, in particular order history, search history, clicks in the Online Store, login and registration dates, history and your activity related to our communication with you. For remarketing, we use data on your activity to reach you with our marketing messages outside the Online Store, using external service providers. These services include displaying our messages on websites other than the Online Store. Details can be found in the cookies section;
- In order to organize competitions and loyalty programs, i.e. notifications of collected points, notifications of winnings and advertising our offers, we use your personal data provided in the Account and during registration in the competition or loyalty program. Detailed information is provided each time in the terms of participation in a given competition or loyalty program;
- For market and opinion research by us or our partners, i.e. order information, your data provided in the Account or when purchasing Goods, e-mail address. Data collected as part of market and opinion research is not used by us for advertising purposes. Detailed guidelines are provided in the survey information or where you enter your data.
- Dotpay SA based in Krakow - Payment processing
- mBank SA based in Warsaw - Payment processing
- Ceneo sp. z o. o. based in Poznań - Customer satisfaction survey or inclusion in the Buyer Protection Program
- Opineo.pl, Ringier Axel Springer Polska sp. z o. o. with its registered office in Warsaw - Presenting and expressing opinions on external websites
- Skąpiec.pl, Ringier Axel Springer Polska sp. z o. o. based in Warsaw - Informing Customers about where to buy the product they are looking for, sales conditions and opinions about the store
- General Logistics System Poland sp. z o. o. based in Głuchów - Order fulfillment
- GP Kancelaria Poniatowska-Maj Strzelec-Gwóźdź sp. P. with its registered office in Kraków - Presentation of the Certificate of Conformity via the website solidnyregulamin.pl
- Google Inc. (Google Cloud, Google Analytics, Google Analytics 360, Fabric Software) based in the US - website traffic measurement, application error reporting, statistics creation
- Google Inc., USA-based - Customer Profiling - Google AdSense and Google Adwords
- Google Inc., US-based – Customer Action Analysis
- Google Ireland Ltd (Google Adwords, Double Click Manager, Double Click Search, Remarketing Service, Firebase) based in Ireland - measuring the effectiveness of advertising campaigns, managing advertising campaigns
- Facebook Ireland based in Ireland - Popularization of the online store using the social network Facebook.com
- Instagram LLC. based in the USA - Popularization of the Online Store using the social networking site Instagram.com
- Twitter Inc. based in the USA - Popularization of the online store using the social networking site twitter.com
- State authorities, e.g. prosecutor's office, police, PUODO, President of the Office of Competition and Consumer Protection, if they make such a request to us,
- Service providers we use to run the Online Store, e.g. to process orders. Depending on the contractual arrangements and circumstances, these entities act on our behalf or independently determine the purposes and methods of their processing.
Under the GDPR you have the right to:
- Request access to your personal data;
- Request rectification of your personal data;
- Request deletion of your personal data;
- Request to restrict the processing of personal data;
- Objection to the processing of personal data;
- Request data transfer.
The right to access personal data (Article 15 of the GDPR) You have the right to obtain information from the Personal Data Controller as to whether your personal data is being processed. If the Controller processes your personal data, you have the right to:
- Access to your personal data;
- Obtain information on the purposes of processing, categories of personal data processed, recipients or categories of recipients of such data, the planned period of data storage or criteria for determining this period, rights arising from the GDPR, the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and the security measures applied in connection with the transfer of data outside the European Union;
- Get a copy of your personal data.
If you wish to request access to your personal data, please send your request to: info@reginabona.com
The right to rectify personal data (Article 16 of the GDPR) If your personal data is incorrect, you have the right to request that the Administrator immediately rectify your personal data. You also have the right to request that the Administrator supplement your personal data. If you want to request the rectification or supplementation of your personal data, submit your request to the following address: info@reginabona.com If you have registered in the Online Store, you can correct and supplement your personal data yourself after logging in to the Online Store.
The right to delete personal data, the so-called "right to be forgotten" (Article 17 of the GDPR) You have the right to demand that the Personal Data Controller delete your personal data when:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You have withdrawn specific consent to the extent that personal data were processed based on your consent;
- Your personal data was processed unlawfully;
- You have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of personal data is related to direct marketing;
- You have objected to the processing of your personal data in connection with the processing necessary for the performance of a task carried out in the public interest or the processing necessary for the purposes of legitimate interests pursued by the Personal Data Controller or a third party.
Despite the request to delete personal data, the Personal Data Administrator may still process your data in order to establish, pursue or defend claims, about which you will be informed. If you wish to request the deletion of your personal data, send your request to the following address: sklep@reginabona.com
The right to request the restriction of the processing of personal data (Article 18 of the GDPR) You have the right to request the restriction of the processing of your personal data when:
- You question the accuracy of your personal data – the Personal Data Administrator will limit the processing of your personal data for a period allowing the accuracy of this data to be verified;
- The processing of your data is unlawful and instead of deleting your personal data, you request the restriction of the processing of your personal data;
- Your personal data are no longer necessary for the purposes of processing, but are needed for the establishment, exercise or defence of your legal claims;
- You have objected to the processing of your personal data – until it is determined whether the legitimate interests of the Personal Data Administrator override the grounds indicated in the objection.
If you wish to submit a request to restrict the processing of your personal data, please send your request to: info@reginabona.com
The right to object to the processing of personal data (Article 21 of the GDPR) You have the right to object at any time to the processing of your personal data, including profiling, in connection with:
- Processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by the Personal Data Controller or a third party;
- Processing for direct marketing purposes.
- State authorities, e.g. prosecutor's office, police, PUODO, President of the Office of Competition and Consumer Protection, if they make such a request to us,
- Service providers we use to run the Online Store, e.g. to process orders. Depending on the contractual arrangements and circumstances, these entities act on our behalf or independently determine the purposes and methods of their processing.
Under the GDPR you have the right to:
- Request access to your personal data;
- Request rectification of your personal data;
- Request deletion of your personal data;
- Request to restrict the processing of personal data;
- Objection to the processing of personal data;
- Request data transfer.
The Personal Data Controller shall provide you with information on the actions taken in response to your request without undue delay – and in any case within one month of receiving the request. If necessary, the monthly period may be extended by a further two months due to the complexity of the request or the number of requests. In any case, the Personal Data Controller shall inform you of such extension within one month of receiving the request, stating the reasons for the delay.
The right to access personal data (Article 15 of the GDPR) You have the right to obtain information from the Personal Data Controller as to whether your personal data is being processed. If the Controller processes your personal data, you have the right to:
- Access to your personal data;
- Obtain information on the purposes of processing, categories of personal data processed, recipients or categories of recipients of such data, the planned period of data storage or criteria for determining this period, rights arising from the GDPR, the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and the security measures applied in connection with the transfer of data outside the European Union;
- Get a copy of your personal data.
If you wish to request access to your personal data, please send your request to: info@reginabona.com
The right to rectify personal data (Article 16 of the GDPR) If your personal data is incorrect, you have the right to request that the Administrator immediately rectify your personal data. You also have the right to request that the Administrator supplement your personal data. If you want to request the rectification or supplementation of your personal data, submit your request to the following address: info@reginabona.com If you have registered in the Online Store, you can correct and supplement your personal data yourself after logging in to the Online Store.
The right to delete personal data, the so-called "right to be forgotten" (Article 17 of the GDPR) You have the right to demand that the Personal Data Controller delete your personal data when:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You have withdrawn specific consent to the extent that personal data were processed based on your consent;
- Your personal data was processed unlawfully;
- You have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of personal data is related to direct marketing;
- You have objected to the processing of your personal data in connection with the processing necessary for the performance of a task carried out in the public interest or the processing necessary for the purposes of legitimate interests pursued by the Personal Data Controller or a third party.
Despite the request to delete personal data, the Personal Data Administrator may still process your data in order to establish, pursue or defend claims, about which you will be informed. If you wish to request the deletion of your personal data, send your request to the following address: info@reginabona.com
The right to request the restriction of the processing of personal data (Article 18 of the GDPR) You have the right to request the restriction of the processing of your personal data when:
- You question the accuracy of your personal data – the Personal Data Administrator will limit the processing of your personal data for a period allowing the accuracy of this data to be verified;
- The processing of your data is unlawful and instead of deleting your personal data, you request the restriction of the processing of your personal data;
- Your personal data are no longer necessary for the purposes of processing, but are needed for the establishment, exercise or defence of your legal claims;
- You have objected to the processing of your personal data – until it is determined whether the legitimate interests of the Personal Data Administrator override the grounds indicated in the objection.
If you wish to submit a request to restrict the processing of your personal data, please send your request to: info@reginabona.com
The right to object to the processing of personal data (Article 21 of the GDPR) You have the right to object at any time to the processing of your personal data, including profiling, in connection with:
- Processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by the Personal Data Controller or a third party;
- Processing for direct marketing purposes.
If you wish to object to the processing of your personal data, please submit your request to the following address: info@reginabona.com
Right to request data portability (Article 20 GDPR) You have the right to receive your personal data from the Personal Data Controller in a structured, commonly used and machine-readable format and to transmit it to another personal data controller. You can also request that the Personal Data Controller transmits your personal data directly to another controller (if technically feasible). If you wish to request the portability of your personal data, please send your request to: info@reginabona.com
The right to withdraw consent You may withdraw your consent to the processing of your personal data at any time. Withdrawal of consent to the processing of personal data does not affect the lawfulness of the processing that was carried out on the basis of your consent before its withdrawal. If you wish to withdraw your consent to the processing of your personal data, submit your request to the following address: info@reginabona.com or use the appropriate functionalities in the Account.
Complaint to the supervisory authority If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of alleged infringement. In Poland, the supervisory authority under the GDPR is the President of the Personal Data Protection Office (PUODO).
Cookies
General information When browsing the websites of the Online Store, "cookies" files are used, i.e. small text information saved on your end device in connection with the use of the Online Store. Their use is intended to ensure the proper functioning of the websites of the Online Store. These files allow you to identify the software you are using and to customize the Online Store individually to your needs. "Cookies" files usually contain the name of the domain from which they come, the time of their storage on the device and the value.
Security The "cookies" we use are safe for your devices. In particular, it is not possible for viruses or other unwanted software or malware to reach your devices via "cookies".
Types of cookies We use two types of cookies:
- Session cookies: are stored on your device and remain there until you end your browser session. The stored information is then permanently deleted from your device's memory. The session cookie mechanism does not allow the collection of any personal data or confidential information from your device.
- Persistent cookies: are stored on your device and remain there until you delete them. Ending a browser session or turning off your device does not delete them from your device. The mechanism of persistent cookies does not allow the collection of any personal data or confidential information from your device.
- Online store setup;
- Presentation of the Certificate of Conformity via the website solidnyregulamin.pl, administered by GP Kancelaria Poniatowska-Maj Strzelec-Gwóźdź sp. p. with its registered office in Kraków, Privacy Policy available at: http://solidnyregulamin.pl/polityka-prywatnosci/;
- Creating statistics that help understand how Customers use the Online Store websites, which allows improving their structure and content through the analytical tools of Google Analytics, which are administered by Google Inc. with its registered office in the USA. The Google Privacy Policy is available at the following addresses: http://www.google.com/intl/pl/policies/privacy/, http://www.google.com/intl/pl/policies/privacy/partners/;
- Defining the Customer's profile in order to display tailored materials in advertising networks, using the Google AdSense advertising tool, which is administered by Google Inc. based in the USA, the Google Privacy Policy is available at: http://www.google.com/intl/pl/policies/privacy/, http://www.google.com/intl/pl/policies/privacy/partners/;
- Analyzing user activities in order to match the displayed content to their profile, which allows for better management of advertising campaigns through DoubleClick analytical tools, which are administered by Google Inc. based in the USA. The Google Privacy Policy is available at: http://www.google.com/intl/pl/policies/privacy/, http://www.google.com/intl/pl/policies/privacy/partners/;
- Popularization of the Online Store using the social networking site Facebook.com, which is administered by Facebook Inc. based in the USA or Facebook Ireland based in Ireland, the Facebook Privacy Policy is available at: https://www.facebook.com/help/cookies/;
- In order to present opinions on the websites of the Online Store, downloaded from the external website Opineo.pl, the administrator of which is Opineo.pl sp. z o. o. with its registered office in Wrocław, the cookies policy available at: http://www.opineo.pl/i/informacje-o-ciastkach/ is used.