PRIVACY AND COOKIES POLICY
VENICCI.CO.UK ONLINE STORE
1. GENERAL INFORMATION
- The Administrator of personal data of Users and Customers of the Internet Store collected via the Online Store available at the following website: https://www.venicci.co.uk/.is MAGICBABY LIMITED a company registered in England and Wales under number 07003666 whose registered office is at Unit 7 Brookfields Way, Rotherham,South Yorkshire, S63 5DL withemail address [email protected]; telephone number +44(0) 130 295 3872; hereinafter referred to as “Administrator” or “we”). You can contact the Administrator in the following way:
- correspondence address: ul. Unit 7 Brookfields Way, Rotherham,South Yorkshire, S63 5DL,
- e-mail address: [email protected]
- The Administrator declares that Personal Data are processed in accordance with applicable law.
- Each User and Customer of the Online Store has the right to contact the Administrator in order to obtain information on how their Personal Data are used. We always try to provide information about the Personal Data we collects in a clear and understandable way. We answer the following questions: what kind of Personal Data is collected, how it is used, what purposes it is supposed to serve and to whom it is transferred, what protection is provided for such data when transferred to other entities. In case of any doubts, we will indicate the institutions to be contacted.
- Words and expressions that are used in this document and begin with a capital letter (e.g. Supplier, Customer, Order) should be understood in accordance with the definitions contained in the Rules of the Online Store, which is available on the website of the Online Store.
2. PURPOSE AND SCOPE OF PERSONAL DATA COLLECTION
- The Personal Data of the Customers of the Online Store are collected on a continuous basis by means of the following functionalities of the Online Store: Contact Form, Newsletter subscription, Order Form. Personal Data provided in the Customer Account, login and registration data.
- The Administrator obtains information about Customers, among others, by collecting server logs through the hosting operator.
- The Administrator processes the Customers’ Personal Data, necessary for the proper implementation of the services within the activity of the Online Store. The Administrator is entitled to use the collected and stored Personal Data for the following purposes:
- to take action at the request of the Customer before concluding the Contract (Article 6(1)(b) of the GDPR),
- to conclude and perform the Sales Contract (Article 6 par. 1 lit. b GDPR),
- Customer’s use of electronic payment system, if the payment is made by means of e.g. bank or payment institution as well as in case of reimbursement of the amount due to the Customer (art. 6 par. 1 letter f GDPR),
- acceptance and recognition of Customer’s complaint (Art. 6 par. 1 lit. b GDPR),
- to accept the Customer’s declaration of withdrawal from the concluded Contract (Article 6 par. 1 lit. f GDPR),
- application of tax and accounting regulations (Article 6(1)(c) of the GDPR),
- direct marketing of its own products or services (Article 6(1)(f) GDPR),
- Customer service, e.g. when creating and using accounts in the Online Store (art. 6 sec. 1 letter f GDPR),
- make and customize offers to the Customer, including the presentation of advertisements (Article 6(1)(f) of the DPA),
- observing Customer activity (Art. 6 par. 1 lit. f GDPR),
- to contact Customers in connection with the provision of services or performance of the Contract (Article 6(1)(b) of the DPA),
- to analyze Customer’s activity, among others through profiling, i.e. automated processing of Personal Data, which allows for the presentation of information, advertising and promotional materials regarding the Administrator’s and its partners’ products or services, in a manner tailored to the interests of a given Customer (without affecting his/her decisions) (Article 6(1)(f) GDPR) ,
- to conduct analysis and research in order to improve available services (Article 6(1)(f) GDPR),
- verify and enforce compliance with the Terms and Conditions of the Online Store (art. 6 par. 1 letter f GDPR),
- archiving due to the possible need to prove the fulfilment of legal obligations (Article 6.1.f GDPR).
- The legal bases for the processing of Personal Data based on the provisions of GDPR (GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1)) are indicated above under items a.-o. in brackets.
- The Administrator is entitled to store the collected and acquired Personal Data of the Customers only to the extent of the above specified purposes.
- The Administrator collects, processes and stores the following Customers’ Personal Data:
- first and last name
- business name (if the Customer is not a consumer),
- e-mail address
- tax Identification number (if the Customer is not a consumer),
- residential or business address
- delivery address (if different from the residential or business address)
- contact phone number
- bank account number (if the Customer uses electronic payment).
- Providing Personal Data by the Customer referred to above is entirely voluntary, although it is necessary for the Supplier to conclude and perform the Contract concluded via the Online Store. Customer’s refusal to provide the Personal Data indicated above may result in inability to conclude and perform the Contract.
- Customer has the opportunity to register and set up an individual Account in the Online Store, which will require the creation of an individual login and password.
- The Administrator has the right to filter and possibly block messages sent through the internal communication system. Blocking will be subject primarily to messages of a spam nature, containing prohibited content, or otherwise threatening the safety of persons using the Online Store.
- The Administrator is entitled to automatically obtain and record Personal Data transmitted to the server by web browsers or Customers’ devices, e.g.: IP address, software parameters, hardware parameters, viewed pages, mobile device identification number, as well as other data that relate to the devices when using the Online Store.
3. TRANSFER OF PERSONAL DATA
- The Customer’s Personal Data may be provided to the Administrator’s employees and associates, as well as to other entities, which provide services to the Administrator, e.g. accounting, legal and tax offices, IT and technical support. The Administrator also transfers the Customer’s Personal Data to the following entities:
- electronic payment services, i.e. entities, through which the Customer makes payments in the Online Store,
- suppliers and couriers delivering the Goods to the address indicated by the Customer.
- The Administrator may, to a limited extent, transfer Personal Data to entities:
- providing technical support in the operation of the Online Store,
- providers of hosting or data communications services,
- entities conducting communication with the Customer on behalf of the Administrator,
- responsible for preparing market analyses and offers, advertising and promotional materials,
- collecting opinions about stores and products.
- The Administrator transfers the Customer’s Personal Data only to entities that collect, process and store the Personal Data in accordance with their regulations and privacy policies and the provisions of the applicable law. Access to Customer’s Personal Data is granted to entities only to the extent necessary to perform the Contract concluded with the Customer.
- Each of the entities to which the Administrator entrusted the Customer’s Personal Data under a separate agreement is obliged to comply with the principles of Personal Data security and confidentiality, in particular, not to provide access to the data to unauthorized persons, and to use physical and technical security measures appropriate to the method of processing such data.
- The Administrator informs that the Customer’s Personal Data may be disclosed to public authorities in cases provided for by law.
4. AUTOMATIC PROCESSING OF PERSONAL DATA
- During the term of the Contract with the Customer (until its execution), the Administrator may automatically process the Customer’s Personal Data, including profiling.
- Prior to the conclusion of the Contract with the Customer or after its execution, automatic processing of the Customer’s Personal Data, including profiling, is only possible on the basis of the Customer’s explicit consent.
- Profiling shall mean the automatic processing of Personal Data, which consists in their use to assess how the Customer uses the Internet, whether and which products she/he buys, as well as to analyze and forecast the economic situation, preferences, interests, reliability, behavior, purchase decisions of the Customer.
- Profiling is carried out on the basis of the Customer’s Personal Data, which are collected, among others, on the basis of:
- predictive analysis consisting of predicting the Customer’s activity, e.g. reaction to marketing campaigns, purchase decisions, order withdrawal, use of competitor’s offer, identification of potential threats and opportunities for the Administrator,
- Internet identifiers used by the Customer;
- behavioral data.
- Profiling allows the Supplier to adjust the offer to the Customer’s needs and interests, as well as to organize discounts and promotional actions on the basis of criteria such as: sex, number and frequency of shopping in the Online Store, and number and type of goods and services purchased. After verifying the criteria, the system automatically sends information about a special offer or a granted benefit to the Customer.
5. COMMERCIAL INFORMATION
- Commercial information regarding the activities of the Online Store (including in the form of a Newsletter) is sent only to those Customers who have given their consent and provided their email address for that purpose. The Newsletter will provide customers with information about current offers, promotions, news and other special actions conducted in the Online Store.
- The Customer shall have the right to access his/her Personal Data and correct it, as well as resign from receiving the Newsletter and other commercial information by email at any time.
- Resignation from the Newsletter and other commercial information of the Online Store consists in clicking on the link contained in each Newsletter or commercial information. Resignation can also be made by writing to the e-mail address: [email protected]
6. LEGAL BASIS OF DATA PROCESSING
Personal Data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Dz. Urz. EU L 119, p. 1; hereinafter also referred to as: “GDPR”), the Act of 10 May 2018 on the protection of Personal Data (Journal of Laws of 2018, item 1000), the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws No. 144, item 1204, as amended), as well as any other applicable laws.
7. COOKIES POLICY
- Cookies are small text fragments which the Online Store sends to the Customer’s web browser and which the web browser then sends back at the next visit to the Online Store. Cookies are used to maintain the session e.g. by generating and sending back a temporary identifier after logging in.
- Information contained in cookies are collected automatically by the Administrator in order to collect data related to the use of the Online Store by the Customer.
- The Administrator uses “session” cookies (temporary) which are stored on the terminal equipment of the Customer until it logs off, disconnects the website or disables the web browser and “permanent” cookies that are stored on the terminal device of the Customer for the time specified in the parameters of Cookies or until they are deleted by the Customer.
- The Administrator uses the following types of cookies in the Online Store:
- so-called essential, which enable the use of the services available within the Online Store,
- Ads, which enable the delivery of ads adjusted to the Customer’s interests,
- so-called efficiency cookies, which are used to obtain information about the use of the Online Store website by the Customer,
- Functional, which enable memorizing of Customer’s preferred functionalities of the Online Store,
- so-called external, which enable the collection of general and anonymous statistical data through analytical tools: e.g. Google Analytics.
- Cookies are designed to adapt the Online Store and its offer to the interests and needs of customers. Cookies allow to maintain the session of the Customer after leaving the Online Store, so the Customer has access to the content of his/her cart without having to select the Goods again.
- The Customer, using their web browser, can at any time change the settings for cookies, including completely blocking or deleting the collection of cookies in accordance with the instructions of the manufacturer of the web browser. However, changes in the settings of cookies can cause difficulties or prevent the use of the Online Store.
- Detailed information about cookies are available in the menu of each web browser.
- The Administrator reserves the right to collect information using cookies on the website of the Online Store and transfer them to third parties, such as suppliers of advertising or analytical solutions. The Personal Data collected in this way are subject to the provisions of privacy policies prepared by these entities.
8. THIRD PARTY COOKIES
- Google AdWords
- Google Analytics
- Google Doubleclick
- Smartsupp Live Chat
- Facebook Pixel
- Detailed information about the cookies of the entities mentioned above can be found in the privacy policies provided by them.
9. PROTECTION OF PERSONAL DATA
- The Administrator shall ensure technical and organizational measures that constitute protection of the processed Personal Data, adapted to the risks and categories of data covered by the protection, and in particular shall protect the data against: access to the data by unauthorized persons, taking the data by unauthorized person, processing of the data in violation of applicable regulations, and against change, loss, damage or destruction.
- The Administrator shall apply the following technical measures to prevent unauthorized persons from acquiring and modifying Personal Data sent electronically:
- storing Personal Data on secure servers;
- using appropriate data protection against unauthorized access;
- ensuring access to an Account only after providing an individual login and password;
- use of the SSL certificate on the pages of the Online Store where Personal Data is provided;
- encrypting data used for authorization of persons using the Online Store’s functionalities.
10. DATA STORAGE PERIOD
- Personal Data are stored by the Administrator for the time necessary for the execution of the Contract, as well as claims, and to confirm the fulfillment of obligations of the Administrator and the assertion of claims or defense against claims – but no longer than 10 years from the date of Personal Data transfer.
- Where the only basis for Personal Data processing is consent, in case of withdrawal of consent the Personal Data are immediately deleted.
11. RIGHTS AND OBLIGATIONS
- The Administrator has the right and the statutory obligation to provide information on online store customers to public authorities or third parties who make such a request for information under the applicable law.
- The Customer has the right to access his/her Personal Data collected by the Administrator at any time. The right includes the ability to verify, modify, supplement, delete, limit data processing, object to the processing, transfer the Personal Data, and cease processing the Customer’s Personal Data, as well as the right to withdraw consent to the processing of the Personal Data for a specific purpose, if the Customer has previously given such consent, and the right to lodge a complaint to the President of the Office for Personal Data Protection. These rights are granted without giving reasons.
- The Customer may at any time send the appropriate statement of intent to the address of the Administrator of the data: Unit 7 Brookfields Way, Rotherham,South Yorkshire, S63 5DL or by e-mail to the address: address [email protected]
- Deletion of Personal Data or cessation of their processing by the Administrator may result in a complete inability to perform the services provided through the Online Store, or their serious limitation.
- The Customer consents to the processing of his/her Personal Data for the purposes of the Contract by accepting the statements contained in interactive forms available on the website of the Online Store proposed by the Administrator, including Contact Form, Registration Form or Newsletter subscription form.
- The Customer may also consent to additional purposes of processing his/her Personal Data by accepting statements of a non-mandatory nature, which are proposed in the forms available in the Online Store website.
- The Customers who have accounts in the Online Store have the right to edit, review and delete any data provided by them at any time.
- The Customer is obliged to provide authentic and correct Personal Data.
- The Customer is entitled to request permanent removal of Personal Data from the Administrator’s resources. This right results directly from the provisions of GDPR (“right to be forgotten”).
- Consent, which was granted voluntarily by the Customer to receive commercial information, can be withdrawn at any time at the request of the Customer, submitted via e-mail. In this case, the Administrator immediately removes the Customer’s data from the contact database, which is used to transmit commercial information by e-mail.
- The Administrator is obliged to provide information on the actions taken in relation to the Customer’s requests for processing their Personal Data without undue delay, and in any case within one month of receiving such a request. However, the deadline may be extended by another two months due to the complexity of the request or the number of requests, of which the Administrator shall immediately notify the Customer.
- The Administrator provides information:
- by registered letter to the provided address of the Customer or
- by e-mail to the provided e-mail address of the Customer.
- Correspondence and actions taken by the Administrator in the course of processing the Customer’s Personal Data requests are free of charge.
- In the event that the Customer’s requests with regard to the processing of his/her Personal Data are manifestly unfounded or excessive, the Administrator may:
- charge an appropriate fee including the administrative costs of providing the information or
- refuse to take action on the request.
- If you are not satisfied with our response to any enquiry or complaint or believe our use of your personal information does not comply with applicable data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) by:
- writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF;
- calling: 0303 123 1113; or
- submitting a message through the ICO’s website at: www.ico.org.uk.
12. FINAL PROVISIONS