Privacy Policy

PRIVACY POLICY

We understand that you value your privacy, which is why we’ve prepared this document for you.

It contains the rules for processing personal data and using cookies and other tracking technologies in connection with the use of the online store and blog https://pukapuka.pl. 

First, some formal information – the blog administrator is Maria Jęczmyk, al. Zjednoczenia 38 m. 25, 01-801 Warsaw. If you have any questions regarding this privacy policy, you can contact us at any time by sending a message to pukapukapl@yahoo.com.

Abridged version – the most important information

  1. We care about your privacy, but also about your time. That’s why we’ve prepared a condensed version of the most important privacy policies for you. We process your personal data, which we collect in connection with your use of our blog and store and its individual features, such as registering a user account, placing an order, subscribing to the newsletter, contacting us via chat, and adding a comment.
  2. The personal data we process may include, in particular, the following information: name and surname, email address, telephone number, residential address, permanent business address, company name, Tax Identification Number (NIP), and IP address.
  3. We make every effort to ensure that your personal data remains secure and does not fall into the wrong hands.
  4. We entrust the processing of your personal data only to verified and trusted entities providing services related to personal data processing.
  5. We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, particularly in the USA. The providers of these tools guarantee an adequate level of personal data protection through appropriate compliance mechanisms provided for by the GDPR.
  6. We do not use profiling mechanisms that use personal data.
  7. We provide you with the ability to exercise your rights under the GDPR related to our processing of your personal data.
  8. We track and analyze your behavior on our website for statistical purposes and to optimize our website.
  9. We use tools that rely on cookies, both our own and third-party cookies. These tools do not provide us with information that would allow us to identify you. These tools include various types of analytical, marketing, social media, and communication tools. Some of these tools involve the implementation of special tracking scripts.
  10. You can manage your cookie settings through your web browser or by installing special add-ons that allow you to control cookies, such as Ghostery (https://www.ghostery.com).
  11. You can also manage your behavioral advertising settings by visiting http://www.youronlinechoices.com/.
  12. The website may contain links to external websites managed by third parties. We are not responsible for the personal data processing and cookie usage policies of external website operators. Details can be found in the privacy policies of these external websites.
  13. The website is stored on an external server, which, like any server, generates logs. Logs store information such as the IP address, server date and time, and information about the web browser and operating system. Logs are used solely for operational and technical purposes.

The above information is preliminary. We encourage you to review further details below. 

Personal Data

The controller of your personal data is Maria Jęczmyk, al. Zjednoczenia 38 m. 25, 01-801 Warsaw.

The purposes, legal basis, and period of personal data processing are indicated separately for each data processing purpose (see the description of the individual personal data processing purposes below).

Permissions The GDPR grants you the following potential rights related to the processing of your personal data:

  1. the right to access your data and receive a copy of it,
  2. the right to rectify (amend) your data,
  3. the right to erase your data (if you believe there is no basis for us to process your data, you can request that we erase it),
  4. the right to restrict data processing (you can request that we limit data processing to only storing it or performing actions agreed upon with you, if in your opinion we have incorrect data or are processing it without justification),
  5. the right to object to data processing (you have the right to object to data processing based on legitimate interests; you should indicate the specific situation that, in your opinion, justifies us ceasing the processing covered by your objection. We will cease processing your data for these purposes unless we demonstrate that the grounds for our data processing override your rights or that your data is necessary for us to establish, pursue, or defend legal claims),
  6. the right to data portability (you have the right to receive from us, in a structured, commonly used, and machine-readable format, the personal data you provided to us under a contract or your consent; you can instruct us to transmit this data directly to another entity),
  7. the right to lodge a complaint with a supervisory authority (if you believe that we are processing your data unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).

The principles related to the implementation of the above-mentioned rights are described in detail in Articles 16–21 of the GDPR. We encourage you to familiarize yourself with these provisions. For our part, we consider it necessary to clarify that the rights indicated above are not absolute and will not apply to all processing of your personal data.

We emphasize that you always have one of the rights indicated above – if you believe that we have violated personal data protection regulations in processing your personal data, you have the right to lodge a complaint with the supervisory authority (the President of the Personal Data Protection Office).

You can also always request information about what data we hold about you and the purposes for which we process it. Simply send an email to pukapukapl@yahoo.com. However, we have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. You can also use the email address provided above for any questions related to the processing of your personal data.

Security. We guarantee the confidentiality of all personal data provided to us. We ensure that appropriate security and personal data protection measures are taken as required by personal data protection regulations. Personal data is collected with due diligence and appropriately protected against access by unauthorized persons.

Data recipients: Your personal data may be processed by entities whose services we use and whose services involve or may involve the processing of personal data. These include, in particular, the following entities:

  1. Hosting provider – your personal data is stored on the server.
  2. Email service provider – your personal data is processed within email.
  3. Cloud software providers, such as mailing, invoicing, accounting, and CRM systems – your personal data is processed within the software.
  4. Chat service provider – your personal data is processed within the chat.
  5. Virtual cloud service provider – files containing your personal data may be stored in the cloud.
  6. Courier companies – these companies process your personal data to deliver your parcel.
  7. Accounting office – the office processes your personal data contained in invoices and other accounting documents.
  8. Law firm – the law firm may access your personal data if necessary to provide legal services to us.
  9. Website technical support provider – this entity may access your data in connection with technical work related to the areas in which data is processed. 
  10. Marketing service provider – this entity may access your personal data to the extent necessary for Implementation of entrusted marketing activities,
  11. Other subcontractors – We cooperate with various subcontractors who may have access to your personal data if they provide services within the scope of such access.

Your personal data may also be transferred to tax offices to the extent necessary to fulfill tax, settlement, and accounting obligations. This includes, in particular, all declarations, reports, statements, and other accounting documents containing your personal data.

Furthermore, if necessary, your personal data may be shared with entities, bodies, or institutions authorized to access data under law, such as police and security services, courts, and prosecutors’ offices.

Transfer of personal data to third countries. We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of protection of personal data through appropriate compliance mechanisms provided for by the GDPR, in particular by joining the Privacy Shield program or using standard contractual clauses.

Personal data is stored on servers located in third countries using the following tools:

  • MailChimp mailing system, provided by Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA – for your name and email address provided when signing up for the newsletter;
  • Google services within the G-Suite package, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – for all data processed within Google services, including data contained in files synchronized with Google Drive. 

Both Rocket Science Group LLC and Google Ireland Limited ensure an adequate level of personal data protection by applying compliance mechanisms provided for by the GDPR, in particular by joining the Privacy Shield program. Below are links to confirmations of participation in the Privacy Shield program, where you can read information about the processing of personal data by these entities.

  • Google: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI, 
  • MailChimp: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG. 

Profiling and behavioral advertising. We do not make decisions about you based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect you. Yes, we use tools that can take specific actions depending on the information collected through tracking mechanisms, but we believe that these actions do not have a significant impact on you because they do not differentiate your situation as a customer or affect the terms of the contract you may enter into with us.

By using certain tools, we can, for example, target you with personalized advertisements based on your previous actions on our website or suggest products that may be of interest to you. This is referred to as „targeting.”

Behavioral advertising. We encourage you to learn more about behavioral advertising, particularly privacy issues. Detailed information, including the ability to manage behavioral advertising settings, can be found here: http://www.youronlinechoices.com.

We emphasize that the tools we use do not provide access to information that could identify you. The information we discuss here includes, in particular:

  • information about the operating system and web browser you are using,
  • websites you are viewing,
  • time spent on the website,
  • page transitions between subpages,
  • the source from which you accessed our website,
  • your age range,
  • your gender,
  • your approximate location (limited to a city),
  • your interests determined based on your online activity.

We do not combine the information indicated above with your personal data stored in our databases. This information is anonymous and does not allow us to identify you. This information is stored on the servers of the providers of individual tools, and these servers can usually be located all over the world.

Purposes and Procedures for Processing Personal Data

User Account. When creating a user account, you must provide the data required to create an account, such as an email address and password. Providing your data is voluntary, but necessary to create an account. You can provide further details when editing your account details.

The data provided in connection with creating an account is processed for the purpose of providing you with an electronic service, which involves enabling you to use your user account. This service is provided pursuant to a contract concluded in accordance with the terms and conditions described in the Terms and Conditions, meaning that the legal basis for processing your personal data in this respect is Article 6(1)(b) of the GDPR.

You may decide to delete your account at any time. However, this will not result in the deletion of your data from our database, as this data is necessary for us to establish, defend, or pursue any claims related to the contract for the provision of electronic services. Furthermore, your data is retained in the database after account deletion so that we can identify you as a returning user in the future if you decide to use the website again as a registered user. In this respect, the legal basis for the processing of your personal data is our legitimate interest – Article 6, paragraph 1, letter f of the GDPR.

You can modify the data contained in your account at any time.

Orders. When placing an order, you must provide the data necessary to process the order, such as your name, billing address, email address, telephone number, and tax identification number. Providing this data is voluntary, but necessary to place the order.

The data provided to us in connection with the order are processed for the performance of the contract concluded by placing the order (Article 6, paragraph 1, letter b of the GDPR), for issuing an invoice (Article 6, paragraph 1, letter c of the GDPR), for including the invoice in accounting records (Article 6, paragraph 1, letter c of the GDPR), and for archival and statistical purposes (Article 6, paragraph 1, letter f of the GDPR). Order data will be processed for the time necessary to process the order and then until the expiry of the limitation period for claims arising from the concluded contract. Furthermore, after this period, we may continue to process your data for statistical and archival purposes, particularly to identify returning customers. Please also note that we are obligated to retain invoices containing your personal data for a period of 5 years from the end of the tax year in which the tax liability arose.

In the case of order data, you cannot rectify this data after the order has been completed. You also cannot object to data processing or request deletion of data until the statute of limitations for claims under the concluded contract expires. Similarly, you cannot object to data processing or request deletion of data contained in invoices. After the statute of limitations for claims under the concluded contract expires, you can, however, object to our processing of your data for statistical purposes and request deletion of your data from the database.

Complaints and withdrawal from the contract. If you submit a complaint or withdraw from the contract, you provide the personal data contained in the complaint or declaration of withdrawal from the contract, which includes your name, address, telephone number, email address, and bank account number. Providing data is voluntary, but necessary to file a complaint or withdraw from the contract.

Data provided to us in connection with a complaint or withdrawal from a contract is used to carry out the complaint or withdrawal procedure (Article 6, Section 1, Letter c of the GDPR) and subsequently for archiving purposes, which constitutes our legitimate interest (Article 6, Section 1, Letter f of the GDPR).

The data will be processed for the time necessary to carry out the complaint or withdrawal procedure. Complaints and declarations of withdrawal from a contract may also be archived to enable future evidence of the complaint or withdrawal process. In the case of data contained in complaints and declarations of withdrawal from a contract, you cannot rectify this data.

You also cannot object to the processing of data or request the deletion of data until the limitation period for claims arising from the concluded contract expires. However, after the limitation period for claims arising from the concluded contract expires, you may object to the processing of your data by us and request the deletion of your data from the database.

Newsletter. By subscribing to the newsletter, you provide us with your email address. 

Providing your email address is voluntary, but necessary to subscribe to the newsletter.

The data you provide to us when subscribing to the newsletter is used to send you the newsletter, and the legal basis for its processing is your consent (Article 6, Section 1, Letter a of the GDPR) expressed when subscribing to the newsletter.

You can unsubscribe from the newsletter at any time by clicking the dedicated link in every newsletter message or by simply contacting us. Despite unsubscribing from the newsletter, your data will still be stored in our database for the purpose of defending any claims related to the newsletter, in particular to prove that you consented to receiving the newsletter and the moment of its withdrawal, which constitutes our legitimate interest referred to in Article 6, Section 1, Letter f of the GDPR.

You can correct your data stored in the newsletter database at any time. If you object to the processing of your personal data and request the deletion of your data from our database, we will be required to inform you that, due to our legitimate interest referred to in the preceding paragraph, we will not delete your data from the database. Deleting such data would prevent us from demonstrating, if necessary, that you previously consented to receiving the newsletter.

The mailing system we use tracks your actions in connection with the messages we send you. Therefore, we have information about which messages you have opened, which links you have clicked, etc.

Contact. By contacting us, you naturally provide us with your personal data contained in the correspondence, in particular your email address and name. Providing your data is voluntary, but necessary to establish contact.

In this case, your data is processed for the purpose of contacting you, and the basis for processing is Article 6(1)(f) of the GDPR, i.e., our legitimate interest. The legal basis for processing after the end of the contact is also our legitimate purpose of archiving correspondence for internal purposes (Article 6, Section 1, Letter f of the GDPR).

The content of correspondence may be archived, and we cannot clearly determine when it will be deleted. You have the right to request a history of your correspondence with us (if it was archived) and to request its deletion, unless its archiving is justified by our overriding interests, e.g., defense against potential claims from you.

Cookies and Other Tracking Technologies

Our website, like almost all other websites, uses cookies.

Cookies are small text information stored on your end device (e.g., computer, tablet, smartphone) that can be read by our IT system (first-party cookies) or third-party IT systems (third-party cookies).

Some cookies we use are deleted after the end of the web browser session, i.e., after closing it (so-called session cookies). Other cookies are stored on your device and enable us to recognize your browser the next time you visit the website (persistent cookies).

If you want to learn more about cookies, you can refer to this material: https://pl.wikipedia.org/wiki/HTTP_cookie.

Below you will find detailed information about the cookies used on our website.

Cookie Consent. When you first visit the website, you are presented with information about the use of cookies, along with a request to consent to the use of these files.

You can always change your cookie settings in your browser or delete cookies altogether. Browsers manage cookie settings in various ways. Your browser’s help menu explains how to change cookie settings.

You can also manage your cookie settings by installing special add-ons that allow you to control cookies, such as Ghostery (https://www.ghostery.com).

Please note that disabling or limiting cookies may cause difficulties in using our website, as well as many other websites that use cookies.

Own Cookies. We use first-party cookies to ensure the proper functioning of the website. First-party cookies also store information about your consent to the use of cookies and information about the cookie settings you have defined on our website. First-party cookies are also used by the script responsible for the abandoned shopping cart recovery mechanism. This means that cookies may contain information about the contents of your shopping cart, recently viewed products, etc.

Third-party cookies. Our website, like most modern websites, utilizes functions provided by third parties, which involves the use of third-party cookies. The use of these cookies is described below.

Google Analytics. We use Google Analytics, a tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We do this based on our legitimate interest in generating and analyzing statistics to optimize our websites.

Google Analytics automatically collects information about your use of our website. The information collected in this way is most often transferred to a Google server in the United States and stored there.

Due to our activated IP anonymization, your IP address is shortened before being forwarded. Only in exceptional cases is the full IP address transferred to a Google server in the United States and shortened there. The anonymised IP address transmitted by your browser as part of Google Analytics is generally not combined with other Google data.

We emphasize that we do not collect any data that would allow you to be identified through Google Analytics.

Therefore, the data collected through Google Analytics is not personal data. The information we have access to through Google Analytics includes, in particular:

  • information about the operating system and web browser you are using,
  • the pages you view on our website,
  • the time spent on our website and its subpages,
  • transitions between individual pages on our website,
  • the source from which you accessed our website.

In addition, we use the following Advertising Features through Google Analytics:

  •  demographic and interest reporting,
  • remarketing,
  • ad reporting features, and user ID.

We also do not collect personal data through Advertising Features. The information we have access to includes, in particular:

  • your age range,
  • your gender,
  • your approximate location limited to a specific city,
  • your interests determined based on your online activity.

Google Analytics and Google Analytics 360 have been certified by the independent ISO 27001 security standard. ISO 27001 is one of the most widely recognized standards worldwide and certifies that systems supporting Google Analytics and Google Analytics 360 meet the relevant requirements.

If you are interested in details related to data processing within Google Analytics, we encourage you to read the explanations provided by Google: https://support.google.com/analytics/answer/6004245.

Content from external websites. We embed content from external websites, particularly YouTube videos, on our websites. Therefore, we use cookies from Google LLC related to YouTube, including DoubleClick cookies.

When you play a video or view other embedded content, Google receives information about it, even if you do not have a profile with the service provider or are not currently logged in. This information (along with your IP address) is sent directly by your browser to the service provider’s server (some servers are located in the USA) and stored there.

If you have logged in to a service provider’s website, the service provider will be able to directly assign your visit to our website to your profile on the relevant social networking site. The purpose and scope of data collection and its further processing and use by the service providers, as well as contact options and your rights in this regard, and the ability to configure settings to protect your privacy, are described in the privacy policies of the individual service providers.

If you do not want service providers to associate data collected while playing a video or viewing other content on our website directly with your profile on that service, you must log out of that service before visiting our website. You can also completely prevent plugins from loading on the website by using appropriate browser extensions, such as a script blocker.

YouTube-related cookies are only loaded when a video is played, so if you do not want this to happen, refrain from watching the video.

Social Tools. Our website uses plugins and other social media tools provided by social networking sites such as Facebook.

When you view our website containing such a plugin, your browser establishes a direct connection to the servers of the social network administrators (service providers). The content of the plugin is transferred directly to your browser by the relevant service provider and integrated into the website. This integration informs the service providers that your browser has viewed our website, even if you do not have a profile with the service provider or are not currently logged in. This information (along with your IP address) is sent directly to the server of the respective service provider (some servers are located in the USA) by your browser and stored there.

If you have logged in to one of the social networking sites, the service provider will be able to directly assign your visit to my website to your profile on that social networking site.

If you use a given plugin, for example, by clicking the „Like” or „Share” button, the corresponding information will also be sent directly to the server of the respective service provider and stored there

Furthermore, this information will be published on the respective social networking site and will be visible to people you have added as your contacts. The purpose and scope of data collection and its further processing and use by the service providers, as well as the possibility of contacting them and your rights in this regard, and the possibility of making settings to protect your privacy, are described in the privacy policies of the individual service providers.

Facebook https://www.facebook.com/legal/FB_Work_Privacy,

Twitter https://twitter.com/en/privacy,

LinkedIN https://www.linkedin.com/legal/privacy-policy,

Instagram https://help.instagram.com/155833707900388.

If you do not want social media platforms to directly associate data collected during your visits to our website with your profile on that platform, you must log out of that platform before visiting our website. You can also completely prevent plugins from loading on the website by using appropriate browser extensions, such as script blockers.

Affiliate and Partner Programs. The content available on our websites is distributed free of charge, which means you don’t have to make any payments to view this content. We don’t require monetary payments from you, but we monetize our activities in other ways. 

Regarding cookies related to affiliate and partner programs, we don’t offer the option to disable these cookies, as this would prevent us from monetizing the content available on the website. If you do not agree to this use of cookies, we must ask you to cease using our websites.

Server Logs

Using the website involves sending queries to the server where the website is stored. Each query sent to the server is recorded in the server logs.

The logs include, among other things, your IP address, the server date and time, information about the web browser and operating system you are using. The logs are saved and stored on the server.

The data stored in the server logs is not associated with specific individuals using the website and is not used by us to identify you.

Server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone other than persons authorized to administer the server.

Mediavine Programmatic Advertising (Ver 1.1)

The Website works with Mediavine to manage third-party interest-based advertising appearing on the Website. Mediavine serves content and advertisements when you visit the Website, which may use first and third-party cookies. A cookie is a small text file which is sent to your computer or mobile device (referred to in this policy as a “device”) by the web server so that a website can remember some information about your browsing activity on the Website.

First party cookies are created by the website that you are visiting. A third-party cookie is frequently used in behavioral advertising and analytics and is created by a domain other than the website you are visiting. Third-party cookies, tags, pixels, beacons and other similar technologies (collectively, “Tags”) may be placed on the Website to monitor interaction with advertising content and to target and optimize advertising. Each internet browser has functionality so that you can block both first and third-party cookies and clear your browser’s cache. The „help” feature of the menu bar on most browsers will tell you how to stop accepting new cookies, how to receive notification of new cookies, how to disable existing cookies and how to clear your browser’s cache. For more information about cookies and how to disable them, you can consult the information at All About Cookies.

Without cookies you may not be able to take full advantage of the Website content and features. Please note that rejecting cookies does not mean that you will no longer see ads when you visit our Site. In the event you opt-out, you will still see non-personalized advertisements on the Website.

The Website collects the following data using a cookie when serving personalized ads:

  • IP Address
  • Operating System type
  • Operating System version
  • Device Type
  • Language of the website
  • Web browser type
  • Email (in hashed form)

Mediavine Partners (companies listed below with whom Mediavine shares data) may also use this data to link to other end user information the partner has independently collected to deliver targeted advertisements. Mediavine Partners may also separately collect data about end users from other sources, such as advertising IDs or pixels, and link that data to data collected from Mediavine publishers in order to provide interest-based advertising across your online experience, including devices, browsers and apps. This data includes usage data, cookie information, device information, information about interactions between users and advertisements and websites, geolocation data, traffic data, and information about a visitor’s referral source to a particular website. Mediavine Partners may also create unique IDs to create audience segments, which are used to provide targeted advertising.

If you would like more information about this practice and to know your choices to opt-in or opt-out of this data collection, please visit National Advertising Initiative opt out page. You may also visit Digital Advertising Alliance website and Network Advertising Initiative website to learn more information about interest-based advertising. You may download the AppChoices app at Digital Advertising Alliance’s AppChoices app to opt out in connection with mobile apps, or use the platform controls on your mobile device to opt out.

For specific information about Mediavine Partners, the data each collects and their data collection and privacy policies, please visit Mediavine Partners.

Wróć na górę