Privacy Policy
Privacy Policy rainbowsocks.com
1. The Data Controller for the online store available at www.rainbowsocks.com (hereinafter referred to as the "Online Store") is IWUC SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, located at ul. Kłobucka 8B/28, 02-699 Warsaw, Poland. It is registered in the business register maintained by the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register, under KRS number 0000636355, NIP: 9512418776, REGON: 36537132800000, hereinafter referred to as the "Data Controller."
2. Any inquiries, requests, or complaints regarding the processing of personal data by the Data Controller (hereinafter referred to as "Submissions") should be directed to the following email address: gosia@rainbowsocks.com or sent in writing to ul. Kłobucka 8B/28, 02-699 Warsaw. The submission should clearly indicate:
- The data of the person(s) to whom the Submission pertains,
- The event that is the reason for the Submission,
- The demands and legal basis for those demands,
- The preferred method of resolving the matter.
3. In our Online Store, we collect the following personal data:
- Name and Surname: May be processed when users provide this information via email, contact form, registration form, or order form available on our Online Store, as well as through traditional mail or telephone contact, to utilize the services of our Online Store.
- Phone Number: May be processed if provided via telephone contact or through email, contact form, registration form, or order form available on our Online Store. It is used to facilitate contact with the user regarding the order fulfillment or to respond to other inquiries.
- Residential/Correspondence Address: Processed for the proper delivery of ordered products; providing this address is necessary for making purchases in our Online Store.
- Email Address: May be processed if provided via email, contact form, registration form, or order form available on our Online Store, as well as through traditional mail or telephone contact. We use this to respond to inquiries related to our offer and to provide information related to the fulfillment of agreements. Additionally, if the user consents to receiving marketing content and subscribes to our newsletter, we will send commercial and marketing information a few times a month.
- IP Address and Potential Personal Data in Cookies: Information from general Internet connection principles, such as IP address (and other data in system logs), is used for technical and statistical purposes, including collecting general demographic information (e.g., the region from which the connection originates). This type of data is also used for marketing and analytical purposes if consent is given in accordance with Article 173(1) of the Telecommunications Law.
- NIP and Company Name: Necessary for issuing invoices and other documents related to using our Online Store.
- Other Data: May be collected as part of handling specific cases or provided by users of our Online Store via email, contact form, traditional mail, or telephone contact.
4. Every person using our Online Store has the option to choose whether and to what extent they wish to use our services and share information and data about themselves, as specified in this Privacy Policy.
5. We process personal data for the following purposes: - Purchasing in Our Online Store: To facilitate purchases through the order form available on our Online Store (Article 6(1)(b) GDPR). Personal data for this purpose will cease to be processed once the specific transaction is completed.
- Entering and Performing Contracts: In connection with the services we offer (Article 6(1)(b) GDPR). Personal data for this purpose will cease to be processed once the contract is fulfilled.
- Managing User Accounts: To maintain individual user accounts (Article 6(1)(b) GDPR). Personal data for this purpose will cease to be processed once the account is deleted by the user.
- Marketing and Website Analytics: To send marketing content related to the Data Controller and to conduct website analytics using cookies (Article 6(1)(a) GDPR). Personal data for this purpose is processed until the session ends or cookies are deleted by the user, or until consent is withdrawn or an objection to processing is made.
- Operating the Website: To manage the website (Article 6(1)(f) GDPR in connection with Article 173(1) of the Telecommunications Law). Personal data for this purpose will cease to be processed upon expiration of the cookie, removal of cookies, or at the end of the session.
- Newsletter Subscription: To provide the newsletter service (Article 6(1)(a) GDPR). Personal data for this purpose will be deleted when consent is withdrawn and the subscriber is removed from the newsletter list.
- Fulfilling Legal Obligations: To meet legal obligations, including maintaining documentation and issuing invoices (Article 6(1)(c) GDPR). Personal data for this purpose will be deleted once legal obligations are fulfilled.
- Communicating About the Store: For current communication related to the operation of the Online Store (Article 6(1)(f) GDPR, which is the legitimate interest of the Data Controller). Personal data for this purpose will cease to be processed once the inquiry is addressed.
- Establishing and Defending Claims: To establish and pursue claims or defend against them (Article 6(1)(f) GDPR, which is the legitimate interest of the Data Controller). Personal data for this purpose will be deleted once claims expire, typically after a 3-year limitation period.
6. The source of personal data processed by the Data Controller is users, i.e., individuals to whom the data pertains.
7. The Data Controller uses tools from Google Ireland Ltd (Google Analytics, Google Ads) and Meta Platforms Ireland Ltd. (Facebook Pixel). Generally, the data processed through these tools are handled on servers located within the EEA. However, the providers of these tools may be required to transfer data to third parties if required by law or due to the nature of the services provided (SaaS, hosting, etc.). The scope of personal data transferred includes all personal data specified in Section 3 of this Privacy Policy. The legal bases for processing these personal data are outlined in Section 5(d) and (e) of this Policy. Data transfers to the United States are based on the European Commission Decision of 10 July 2023 regarding the adequacy of protection provided by the EU-U.S. Data Privacy Framework (Article 45(1) GDPR). Our data importers meet the criteria of the decision and participate in the Data Privacy Framework program, as listed at: https://www.dataprivacyframework.gov/s/participant-search.
8. We do not share personal data with third parties without explicit consent from the data subject. Data may be disclosed without consent only to entities authorized to process personal data under applicable laws (e.g., law enforcement, social security institutions, or tax authorities). The Data Controller provides personal data to payment operators, postal and courier service providers, and tax authorities.
9. Personal data may be entrusted to data processors who process such data on our behalf as the Data Controller. In such cases, as the Data Controller, we enter into a data processing agreement with the data processor. The data processor processes the entrusted personal data only for the purposes, within the scope, and for the purposes specified in the data processing agreement mentioned above. Without entrusting personal data for processing, we would be unable to operate our Online Store or deliver the ordered Products. As the Data Controller, we entrust personal data processing to the following entities:
- Hosting service providers for the website where our Online Store operates,
- CRM service providers,
- Accounting service providers,
- Providers of other services necessary for the current operation of the Online Store.
10. Personal data is not subject to profiling by us as the Data Controller in the sense of GDPR provisions.
11. According to GDPR provisions, every person whose personal data we process as the Data Controller has the right to:
- Access their personal data as stated in Article 15 GDPR,
- Be informed about the processing of personal data as stated in Article 12 GDPR,
- Correct, complete, update, or rectify personal data as stated in Article 16 GDPR,
- Withdraw consent at any time as stated in Article 7(3) GDPR,
- Erase data (right to be forgotten) as stated in Article 17 GDPR,
- Restrict processing as stated in Article 18 GDPR,
- Data portability as stated in Article 20 GDPR,
- Object to data processing as stated in Article 21 GDPR,
- If the legal basis is consent, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,
- Not be subject to automated individual decision-making, including profiling, as stated in Article 22 in connection with Article 4(4) GDPR,
- Lodge a complaint with a supervisory authority (i.e., the President of the Personal Data Protection Office) as stated in Article 77 GDPR.
12. If you wish to exercise your rights as described in the previous section, please send a message by email or in writing to the contact addresses specified in point 2 above.
13. Each identified security breach is documented, and in the event of any situation specified in GDPR or the Personal Data Protection Act, affected individuals and, if applicable, the Personal Data Protection Office (PUODO) will be informed of the data protection breach.
14. The Cookies Policy is a separate document located below.
15. In matters not regulated by this Privacy Policy, the relevant provisions of generally applicable law shall apply. In the case of any discrepancies between the provisions of this Privacy Policy and the aforementioned regulations, the regulations shall take precedence.
Download the document
Cookie Policy for Rainbow Socks Online Store
I. DEFINITIONS
- Data Controller - IWUC Sp.z.o.o based in Warsaw, ul. Kłobucka 8B/28, 02-699 Warsaw, registered in the entrepreneurs' register maintained by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, under KRS number: 0000636355, NIP: 9512418776, REGON: 36537132800000, email address: www.rainbowsocks.com.
- Cookies - small text files saved by the websites you visit and stored on the devices you use to access the Data Controller's website. The information contained in cookies is necessary for the website to function correctly, and these files are encrypted to prevent unauthorized access. The information in cookies can be read by the Data Controller and its contractors (for technical reasons).
- Device - an electronic device used to access the Data Controller’s website.
- User - any person visiting the website www.rainbowsocks.com.
- Website - www.rainbowsocks.com along with its subpages.
II. USE OF COOKIES
1. The Administrator uses cookies through the website.
2. Cookies are used only to the extent of the consents given by the User.
3. Information collected through cookies is used for the proper optimization of the website's operation, as well as for statistical, functional, advertising, and social purposes.
4. Cookies record the User's activity on the website by recognizing the Device, allowing the website to be displayed according to the User's individual preferences. The solutions used on the website are safe for the User's Devices. It is not possible for malicious or harmful software to penetrate the User's Devices.
5. The Administrator uses two types of cookies:
a. Session Cookies: These are files stored on the User’s Device and remain there until the website is exited or the web browser is closed. The saved information is then permanently removed from the Device’s memory. The session cookies mechanism does not allow the retrieval of any personal data or confidential information from the User’s Device.
b. Persistent Cookies: These are stored on the User’s Device and remain there until deleted. Such files stay on the user's device for a period specified in the file’s parameters or until manually deleted by the user. Closing the browser session or turning off the Device does not cause their removal from the Device.
6. Based on the source of the cookies, the Administrator uses:
a. First-Party Cookies: Files generated by the website and placed on it by the Administrator (e.g., necessary cookies).
b. Third-Party Cookies: Information from external servers, such as advertising servers or service providers (e.g., maps or search engines). These files help evaluate the effectiveness of advertising activities and design related actions according to user preferences (e.g., analytical cookies).
7. Cookies are categorized based on their function on the Website:
a. Technical/Necessary Cookies: Files essential for ensuring the proper functioning of the website, including ensuring the correct display of the website according to the device used by the user or the settings of that device; adjusting the content on the website that has technical significance for the operation of the website (e.g., language settings); remembering if the user has consented to display certain content.
b. Analytical Cookies: Files used to measure the effectiveness of our marketing activities without identifying users’ personal data, and to improve the functioning of our website, including: studying statistics related to website traffic and verifying traffic sources (e.g., referral directions); detecting abuses in website traffic (e.g., artificial internet traffic – bots); measuring the effectiveness of actions conducted for the Administrator, e.g., in the Google advertising network or on external websites.
c. Functional Cookies: Files used to remember user settings on websites (e.g., background color, language, shopping cart). This allows users to revisit a page and not have to reconfigure their settings after their first visit. This type of file is often a kind of persistent cookie.
d. Marketing/Advertising Cookies: Files used to track user interests and preferences for tailoring targeted advertising. These files are installed on the User’s device. Targeted ads may be displayed on other sites through remarketing. Not consenting to these cookies does not affect the use of the Website negatively.
e. Social Cookies: Cookies installed by placing links to specific social media. The purpose of these files is to allow users to connect with their profiles on social media.
8. Users can delete cookies from their browser at any time.
III. METHODS FOR DEFINING THE CONDITIONS FOR STORING OR ACCESSING COOKIES
1. The User has the option to limit or disable access to cookies on their Device. If this option is used, accessing the Administrator's website will still be possible, except for functions that inherently require cookies.
2. The User can independently and at any time change the settings related to cookies, defining the conditions for storing and accessing cookies on the User's Device.
3. Changes to the settings mentioned above can be made using the web browser settings or through the service configuration. These settings can be changed, in particular, to block automatic handling of cookies in the web browser settings or to notify about each placement of cookies on the Device. Detailed information about the options and methods for managing cookies is available in the software (web browser) settings. Below are 4. links to information on how to delete cookies in several popular web browsers:
a. Google Chrome
b. Mozilla Firefox
c. Microsoft Edge
5. The User can delete cookies at any time using the available functions in the web browser they use.
6. Restricting the use of cookies may affect some functionalities available on the Administrator’s website.