PRIVACY POLICY
Privacy Policy
1. DEFINITIONS
1.1. Administrator – AGNOSTIC SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw, 00-533, ul. Mokotowska, 63/4, entered into the register of entrepreneurs of the National Court Register under the KRS number 0001000672, NIP 7011112976.
1.2. Personal data – information about a natural person identified or identifiable by one or more specific factors determining their physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, online identifier and information collected via cookies and other similar technology.
1.3. Policy – this Privacy Policy, containing information on the processing of Personal Data and the use of cookies and similar tracking technologies within the Website.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Website – the website operated by the Administrator in the domain https://agnostic.pl/, accessible via web browsers.
1.6. Store – Agnostic's online store available via the Website, through which Agnostic conducts distance selling of goods.
1.7. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
1.8. Device – means an electronic device through which the User gains access to the Website.
2. GENERAL INFORMATION
2.1. In connection with your use of the Website, we collect data necessary to provide the services offered, as well as information about your activity on the Website. In this regard, we are the controller of your Personal Data and attach great importance to its appropriate protection. We ensure that our data processing processes comply with applicable legal provisions, in particular the GDPR. Our goal is to provide you with full information regarding our processing of your Personal Data and to provide you with tools to exercise your rights. Below, we provide information on how we process your Personal Data.
2.2. We process your Personal Data in accordance with the law, ensuring it remains current and accurate. Therefore, we may periodically remind you to update it by sending a message to the email address you provided or by displaying a relevant message on the Website after logging in to your account.
3. HOW CAN I CONTACT THE CONTROLLER AND THE DPO?
3.1. If you have any questions regarding our processing of your Personal Data or wish to exercise your rights, please contact our Data Protection Officer directly at agnostic.warsaw@gmail.com (this email address is not for sending cooperation or marketing offers; such messages will be ignored by our notification system) or at our registered office address (Warsaw 00-533, ul. Mokotowska, 63/4), or use the contact form. Our Data Protection Officer is Mykyta Kolisnyk.
4. HOW DO WE COLLECT YOUR PERSONAL DATA?
4.1. We collect your Personal Data directly from you for the proper implementation of our services and the smooth operation of our Website. You provide us with your data primarily through dedicated forms when you make purchases in our Store, operated pursuant to the Store Terms and Conditions, join our loyalty program, subscribe to our newsletter, or contact us, for example, via the contact form. We also receive your data when you use other services available on the Website, for example, browse products offered in the Store.
5. IS PROVIDING PERSONAL DATA MANDATORY?
5.1. It is your decision whether and what Personal Data you provide to us – it is not mandatory. However, please remember that in some cases, providing Personal Data is necessary for the proper provision of the services we offer or is a condition for entering into and performing a contract, as described in detail below.
6. HOW DO WE PROCESS YOUR PERSONAL DATA?
USING THE SERVICE
6.1. When you use the Website and you are not a registered User (i.e. you do not have an account on the Website), your Personal Data (including your IP address or other identifiers and information collected via cookies or other similar technologies) is processed by us:
6.1.1. in order to provide services electronically in the scope of making the content collected on the Website available to you – then the legal basis for processing is the necessity of processing for the performance of the contract (Article 6, paragraph 1, letter b of the GDPR);
6.1.2. for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in conducting analyses of Users’ activities and their preferences in order to improve the functionalities used and the services provided;
6.1.3. in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in the protection of its rights and economic interests;
6.1.4. for marketing purposes of the Controller and other entities, in particular those related to the presentation of behavioral advertising – the principles of processing Personal Data for marketing purposes are described in the MARKETING section.
6.2. Your activity on the Website, including your Personal Data, is recorded in system logs (a special computer program used to store chronological records containing information about events and activities related to the IT system used to provide our services). The information collected in logs is processed primarily for purposes related to the provision of services. We also process it for technical and administrative purposes, to ensure the security of the IT system and to manage this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR).
REGISTRATION AND ACCOUNT MANAGEMENT
6.3. Individuals who register on the Website are asked to provide the data necessary to create and manage an account. To facilitate service, you may provide additional data, thereby consenting to its processing. Such data can be deleted at any time. Providing data marked as mandatory is required to create and manage an account, while failure to provide this data will result in the inability to create an account. Providing the remaining data is voluntary.
6.4. Your Personal Data is processed:
6.4.1. in order to provide services related to maintaining and servicing an account on the Website – the legal basis for processing is the necessity of processing for the performance of the contract (Article 6, paragraph 1, letter b of the GDPR), and in the case of data provided optionally – the legal basis for processing is consent (Article 6, paragraph 1, letter a of the GDPR);
6.4.2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in conducting analyses of Users’ activity on the Website and the manner of using the account, as well as Users’ preferences in order to improve the functionalities used;
6.4.3. in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in the protection of its rights and economic interests;
6.4.4. for marketing purposes of the Administrator and other entities – the principles of processing Personal Data for marketing purposes are described in the MARKETING section.
6.5. You can also log in to your account on the Website via the Facebook social networking site. In this case, the Website will only download from your social networking site account the data required for registration and account management. The scope of your data to which we will have access will be indicated in the message displayed along with the request to continue logging in. Continuing to log in will mean that the indicated data will be transferred to our Website. Facebook will remember your choice, and if you log in again via this portal, the message will not be displayed again. Detailed information about the scope and purposes of data processing by the portal, as well as related rights and configuration options for protecting your privacy, is described in the Facebook privacy policy. 6.5.1. You can also log in to your account on the Website via your Apple ID. In this case, the Website will only download from your Apple account the data required for registration and account management. The scope of your data to which we will have access will be indicated in the message displayed along with the request to continue logging in. Continuing to log in will mean that the indicated data will be transferred to our Website. Detailed information on the scope and purposes of data processing by Apple Inc., as well as related rights and configuration options to protect your privacy, is described in Apple's privacy policy.
6.5.2. You can also log in to your account on the Website using your Google account. In this case, the Website will only download the data required for registration and account management from your Google account. The scope of your data to which we will have access will be indicated in the message displayed along with the request to continue logging in. Continuing to log in will mean that the indicated data will be transferred to our Website. Google will remember your choice, and if you log in again through this portal, the message will not be displayed again. Detailed information about the scope and purposes of data processing by the portal, as well as related rights and configuration options to protect your privacy, are described in the Google privacy policy.
6.6. If the User posts any Personal Data of other people on the Website (including their name, address, telephone number or e-mail address), they may do so only if they do not violate the law and the personal rights of such people.
PLACING ORDERS
6.7. Placing an order for goods or services offered by us involves the processing of your Personal Data. Providing data marked as mandatory is required to accept and process your order, and failure to provide this data will result in the order not being processed. Providing the remaining data is optional.
6.8. Your Personal Data is processed:
6.8.1. in order to fulfil the placed order – the legal basis for processing is the necessity of processing for the performance of the contract (Article 6, paragraph 1, letter b of the GDPR); in the scope of data provided optionally, the legal basis for processing is your consent (Article 6, paragraph 1, letter a of the GDPR);
6.8.2. in order to fulfil the statutory obligations incumbent on the Controller, resulting in particular from tax and accounting regulations – the legal basis for processing is the legal obligation (Article 6, paragraph 1, letter c of the GDPR);
6.8.3. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in conducting analyses of Users’ activity on the Website, as well as Users’ purchasing preferences in order to improve the functionalities used;
6.8.4. in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in the protection of its rights and economic interests.
COMPLAINTS AND RETURNS
6.9. Submitting a complaint or return involves the processing of your Personal Data. Providing data in the complaint form is not mandatory, but is necessary for the proper processing of the complaint. Providing data in the return form is not mandatory, but is necessary for the effective withdrawal from the contract.
6.10. Your Personal Data is processed:
6.10.1. in order to consider a submitted complaint – the legal basis for the processing of your Personal Data is the Controller's obligation arising from the legal provisions regarding warranty for defects in sold goods (Article 6, paragraph 1, letter c of the GDPR);
6.10.2. for the purpose of processing a return – the legal basis for processing your Personal Data is the Controller’s obligation arising from the provisions of consumer law (Article 6, paragraph 1, letter c of the GDPR), if the basis for the return is the provisions on the right of withdrawal from the contract or the necessity of processing for the performance of the contract (Article 6, paragraph 1, letter b of the GDPR), if the basis for the return is the regulations of our Store;
6.10.3. in order to fulfil other statutory obligations incumbent on the Controller, resulting in particular from tax and accounting regulations – the legal basis for processing is the legal obligation (Article 6, paragraph 1, letter c of the GDPR);
6.10.4. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in conducting analyses of Users’ activity on the Website, as well as Users’ purchasing preferences in order to improve the functionalities used;
6.10.5. in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in the protection of its rights and economic interests.
CONTACT FORM
6.11. We provide the ability to contact us via a contact form. Using the form requires providing Personal Data necessary to contact you and respond to your inquiry. Providing data marked as mandatory is required to accept and process your inquiry, and failure to provide this data will result in the inability to process your inquiry. Providing other data (e.g., in the content of your inquiry) is voluntary.
6.12. Your Personal Data is processed:
6.12.1. in order to identify and process your inquiry sent via the provided form – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in the need to resolve the reported matter and to conduct correspondence addressed to it in connection with its business activities;
6.12.2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), consisting in maintaining statistics of inquiries submitted by Users via the Website in order to improve its functionality.
7. MARKETING
7.1. We process your Personal Data for the purpose of carrying out marketing activities, which may include:
7.1.1. displaying marketing content that matches your interests (behavioral advertising);
7.1.2. conducting activities related to the direct marketing of goods and services (sending commercial information electronically and telemarketing activities).
7.2. In some cases, we use profiling to implement marketing activities. This means that through automated data processing, we evaluate selected factors about you to analyze your behavior or create future forecasts. This allows us to better tailor the content displayed to your individual preferences and interests.
BEHAVIORAL ADVERTISING
7.3. Together with our trusted partners, we process your Personal Data, including Personal Data collected through cookies and other similar technologies, for marketing purposes in connection with the delivery of behavioral advertising to you (i.e., advertising tailored to your preferences). This processing of Personal Data also includes profiling, which results only in the display of tailored advertising based on your Personal Data collected by us and our partners.
DIRECT MARKETING
7.4. If you consent, we may use your data to send you marketing content via various channels, i.e., via email (in the form of a newsletter), MMS/SMS, or telephone. The legal basis for processing your data in this case is the Controller's legitimate interest (Article 6, paragraph 1, letter f of the GDPR) in connection with your consent, consisting in the marketing of the goods and services offered. We undertake such actions only if you have given your consent, which you can withdraw at any time. You can withdraw your consent at any time by clicking the link we send in every email containing commercial information, by contacting us at agnostic.warsaw@gmail.com (this email address is not used for sending cooperation or marketing offers; such messages will be ignored by our notification system), or by using the contact form. Withdrawal of consent does not affect the correctness of data processing in the period prior to its withdrawal.
7.6. We may also conduct direct marketing via traditional mail to the address you provide. The legal basis for processing your data in this case is the Controller's legitimate interest (Article 6, paragraph 1, letter f of the GDPR), consisting in the marketing of the goods and services offered. You may object to the processing of your data for this purpose at any time. You can object by contacting us at the following email address: agnostic.warsaw@gmail.com (this email address is not used for sending cooperation or marketing offers; such messages will be ignored by our notification system) or via the contact form.
PUSH NOTIFICATIONS
7.7. If you provide separate consent to receive push notifications, you may receive notifications in the form of messages displayed on your mobile device and in your web browser, containing marketing content related to our offers, services, and promotions. The legal basis for processing your Personal Data for this purpose is the Controller's legitimate interest (Article 6, paragraph 1, letter f of the GDPR), consisting in the marketing of the goods and services offered in connection with your consent to receive communications in the form of push notifications. You can withdraw your consent to receive push notifications at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal. Withdrawal of consent may occur by changing the settings in your web browser or on your mobile device.
GOOGLE ADS CUSTOMER MATCH
7.8. Marketing of the products and services we offer may be conducted using the Google Ads Customer Match tool. Google Ads Customer Match is a tool that allows the Administrator to load a hashed database of email addresses (customer list) into Google tools to verify whether user accounts have been created in Google services using the same email addresses (e.g., YouTube, Gmail, etc.). If the email addresses match, users of Google services may be displayed the Administrator's advertisements after logging in. Information on displaying advertisements based on a pre-defined customer list can be found at: https://support.google.com/google-ads/answer/7474263.
FACEBOOK CUSTOM AUDIENCE
7.9. Marketing of the products and services we offer may be conducted using the Facebook Custom Audience tool. Facebook Custom Audience is a tool that allows the Administrator to load a hashed database of email addresses into Facebook tools to verify whether user accounts have been created on the Facebook platform using the same email addresses. If the email addresses match, Facebook users may be displayed the Administrator's advertisements after logging in. More information about custom audiences can be found here: https://pl-pl.facebook.com/business/help/341425252616329?id=2469097953376494
8. SOCIAL MEDIA NETWORKS
8.1. We process the Personal Data of people visiting our social media profiles (Facebook, Instagram, Pinterest).
9. INFORMATION ABOUT THE USE OF COOKIE FILES
WHAT ARE COOKIES?
9.1. Cookies are small text files saved and stored on devices through which the User uses the Website. Cookies collect information that facilitates the use of the Website – for example, by remembering the User's visits and actions. The cookies we use are safe for the User's Device. In particular, it is impossible for viruses or other unwanted software or malware to reach Users' Devices this way. These files allow us to identify the software used by the User and tailor the operation of the Website to each User individually.
TYPES OF COOKIES USED BY THE ADMINISTRATOR
9.2. We use the following types of cookies:
9.2.1. Required cookies are essential for the proper functioning of the Website. These cookies allow the Administrator to ensure the secure execution of activities such as fulfilling a User's order, "remembering" a logged-in User on the Website after navigating to another page, or automatically completing address data during purchases. Blocking these cookies in the User's browser may result in the Website not functioning properly. These cookies are required and cannot be disabled.
Specific purposes of using technical cookies:
a) ensuring the security and reliability of the Website;
b) implementation of processes necessary to ensure the full functionality of the Website, including:
adapting the content of the Website to ensure that the User can fully utilize the available functionalities and optimize the use of the Website's web pages. In particular, these files allow for the recognition of the basic parameters of the User's Device and appropriate display of the website;
correct operation of the "Recommend to a friend" program, in particular enabling verification of the sources of Users' redirection to the Website's websites;
enabling the use of the "Clipboard" and "Basket" functions on the Website.
9.2.2. Analytical cookies are used by the Administrator to analyze User behavior on the Website for business purposes and also to understand how Users use the Website. This allows us to identify which functionalities require improvement or updating. The information obtained by the Administrator through analytical cookies is anonymous – based on them, the Administrator is unable to identify the User from whom the information was obtained.
9.2.3. Personalization cookies allow us to analyze User behavior on the Website and their shopping preferences, which allows us to provide Users with personalized product suggestions, make changes to the Website's functionality, and post sponsored content. Data obtained through these cookies may also be used to improve existing systems and software and develop new solutions and functionalities.
9.2.4. Advertising cookies allow the Administrator to tailor the displayed advertisements to Users' preferences and interests, i.e., to target Users with so-called behavioral advertising. With their help, entities cooperating with the Administrator, such as Facebook or Instagram operators, will be able to tailor the displayed advertising content to suit User preferences.
COOKIES STORAGE PERIOD
9.3. The cookies described above can be divided into two types based on their storage period:
9.3.1. Session cookies are stored on the User's Device and remain there until the browser session ends. The stored information is then permanently deleted from the Device's memory.
9.3.2. Persistent cookies are stored on your Device until you delete them. Ending your browser session or turning off your Device does not delete them. If you do not delete persistent cookies from your Device, they will be stored for up to 60 days from their introduction.
MANAGING COOKIES ON THE WEBSITE
9.4. Only required cookies are required for the Website to function properly. You can consent to the use of other types of cookies, but this is not mandatory. You can manage our use of analytical, personalization, and advertising cookies by expressing or withdrawing consent. You can manage consent to individual types of cookies at any time using the panel we provide. You can access the panel via the "Your Cookies" tab in the footer of the Website.
10. WHO WILL WE TRANSFER YOUR PERSONAL DATA TO?
10.1. We may transfer your Personal Data to entities with which we cooperate in the implementation of the services we provide.
10.2. Depending on the delivery or return method you choose, we will transfer your data necessary to complete the delivery or return of goods to one of the entities with which we cooperate in this regard. If you use the geolocation service to search for stationary delivery points, your Personal Data will also be transferred to entities providing location services.
10.3. Depending on the payment method you choose for purchased goods, we will transfer your data necessary to collect or make payment to one of the entities with which we cooperate in processing payments.
10.4. Furthermore, your data will be transferred to entities that process customer Personal Data on our behalf to the extent necessary for hosting the Store's websites.
10.5. We may also transfer your Personal Data to other entities with whom we establish cooperation, including legal and tax advisors, as well as providers of accounting, IT, logistics and marketing services.
10.7. We also have the right to disclose selected information about our Users to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.
11. HOW LONG WILL WE PROCESS YOUR PERSONAL DATA?
11.1. The period for which we process your data depends on the type of service provided and the purpose of the processing. Generally, data is processed for the duration of the service provision or order fulfillment, until you withdraw your consent or effectively object to data processing in cases where the legal basis for data processing is the Controller's legitimate interest.
11.2. The data processing period may be extended if processing is necessary to establish, pursue, or defend against potential claims, and after that period only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.
12. WHAT RIGHTS DO YOU HAVE IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA?
12.1. In connection with our processing of your Personal Data, you have the following rights:
12.1.1. the right to information about the processing of Personal Data – on this basis, the Controller provides you with information about the processing of your Personal Data, including in particular the purposes and legal basis of processing, the scope of data held, entities to which it is disclosed, and the planned date of data deletion;
12.1.2. the right to obtain a copy of the data – on this basis, the Controller provides you with a copy of your Personal Data processed by him;
12.1.3. right to rectification – the Controller is obliged to remove any inconsistencies or errors in the Personal Data being processed and to supplement them if they are incomplete;
12.1.4. the right to delete data – on this basis, you may request the deletion of data whose processing is no longer necessary to achieve any of the purposes for which they were collected;
12.1.5. the right to restrict processing – if such a request is made, the Controller will cease performing operations on your Personal Data – with the exception of operations to which you have given consent, and storing data in accordance with the adopted retention principles – or until the reasons for restricting data processing cease to exist (e.g. a decision of the supervisory authority is issued permitting further data processing);
12.1.6. the right to data portability – on this basis, to the extent that data is processed by automated means in connection with a concluded contract or expressed consent, the Controller releases the data provided by you in a machine-readable format. You may also request that this data be transferred to another entity, provided that both the Controller and you have the technical means to do so;
12.1.7. the right to object to the processing of data for marketing purposes – you may object to the processing of your Personal Data for marketing purposes at any time, without having to justify such objection;
12.1.8. the right to object to other purposes of data processing – you may object at any time – for reasons related to your particular situation – to the processing of your Personal Data, which is carried out on the basis of the Controller's legitimate interest (e.g. for analytical or statistical purposes or for reasons related to property protection); the objection in this respect should include justification;
12.1.9. the right to withdraw consent – if your data is processed on the basis of your consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal;
12.1.10. Right to complain – if you believe that the processing of your Personal Data violates the provisions of the GDPR or other provisions regarding the protection of Personal Data, you may file a complaint with the authority supervising the processing of Personal Data, competent for your place of habitual residence, place of work, or place of the alleged infringement. In Poland, the supervisory authority is the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw).
MAKING REQUESTS RELATED TO THE EXERCISE OF RIGHTS
12.2. You can exercise some of the above rights yourself. If you have an account in the Store, you always have access to your Personal Data and can correct and update it.
12.3. You can submit a request regarding all of the above rights by contacting our Data Protection Officer at the following e-mail address: agnostic.warsaw@gmail.com (this e-mail address is not used to send cooperation and marketing offers, such messages will be ignored by our notification system) or to the address of our registered office (ul. Mokotowska 63/4, 00-533 Warsaw), as well as using our contact form.
12.4. We will endeavor to fulfill your request as quickly as possible and answer your questions regarding the processing of your data. You will receive a response within 30 days of receiving your request. If it turns out that due to the complex nature of the request or the number of requests we have received, we are unable to provide you with information about the actions taken within this timeframe, we will inform you of an extension.
12.5. If we have any doubts as to whether you are the person making a particular request, we may ask you additional questions to verify your identity. Providing such information is optional, but failure to do so will result in the request being refused. We may also require additional information to determine the exact content of your request.
12.6. The request may be submitted in person or through a proxy (e.g., a family member). For data security reasons, we encourage the use of a power of attorney certified by a notary or authorized legal counsel or attorney, which will expedite verification of the request's authenticity.
12.7. If a request is submitted to us electronically, we will respond in the same format, unless the requester requests a different format. In other cases, we will respond in writing. If the deadline for processing the request prevents a written response, and the scope of the requester's data processed by us allows for electronic contact, we will respond electronically.
12.8. We retain information regarding the request and the person who submitted it to ensure compliance and to establish, defend, or pursue any claims by data subjects. The request log is maintained in a manner that ensures the integrity and confidentiality of the data contained therein.
13. CHANGES TO THE PRIVACY POLICY
13.1. The Policy is reviewed on an ongoing basis and updated as necessary. The current version of the Policy was adopted and is effective from August 2023.
COMPLAINT TO THE SUPERVISORY AUTHORITY
Data subjects have the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data violates the GDPR, or to pursue legal claims. In Poland, the supervisory authority is the President of the Personal Data Protection Office.