PRIVACY POLICY

This document defines the conditions for the processing of personal data (hereinafter also referred to as "data") and cookies in the area of the yogaflowstore.com online store, run via the website available at the URL: yogaflowstore.com, hereinafter referred to as the "Store".


CONTENTS
§1. HOW TO CONTACT THE DATA ADMINISTRATOR 1
§2. ON WHAT BASIS WE PROCESS YOUR DATA 1
§3. INFORMATION ON DATA PROCESSING FOR THE PURPOSE OF CONCLUDING AND IMPLEMENTING AGREEMENTS, POSSIBLE PURCHASE OF CLAIMS AND DEFENSE AGAINST THEM 1
§4. INFORMATION ABOUT DATA PROCESSING FOR THE PURPOSE OF DIRECT MARKETING 2
§5. INFORMATION ON DATA PROCESSING FOR SECURITY 2
§6. INFORMATION ON DATA PROCESSING FOR GOODS NOTIFICATION 2
§7. INFORMATION ABOUT DATA RECIPIENTS 2
§8. ABSOLUTE RIGHTS OF PERSONS WHOSE DATA ARE PROCESSED 3
§9. RELATIVE RIGHTS OF PERSONS WHOSE DATA ARE PROCESSED 4
§10. COOKIES - INTRODUCTION 4
§11. DATA ADMINISTRATOR COOKIES 5
§12. THIRD PARTY COOKIES 5
§13. CONSENT TO THE USE AND MANAGEMENT OF COOKIES 6
§14. CACHE 6
§15. LINKS TO OTHER WEBSITES OR SOFTWARE 6
§16. CHANGES TO THE PRIVACY AND COOKIES POLICY 6

§1. HOW TO CONTACT THE DATA CONTROLLER
The administrator of personal data processed as part of the Store is Anna Mysłek, running a business under the name YOGA FLOW ANNA MYSŁEK, based in Bobolice (76-020) at ul. Lives I 1B, registered in the Central Register and Information on Economic Activity kept by the Minister of Development, under NIP number 4990498170 and REGON number 385188360.

The Data Administrator can be contacted by phone: +48 570112195 and using the e-mail address: info@yogaflowstore.com..

§2. ON WHAT BASIS WE PROCESS YOUR DATA
When collecting personal data, we always inform you about the legal basis for their processing. It results from the provisions of the GDPR (Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data on the free movement of such data and repealing Directive 95/46 / EC - General Data Protection Regulation). When we inform about:
• Article 6 point 1 lit. a) GDPR - this means that we process personal data on the basis of the consent received,
• Article 6 point 1 lit. b) GDPR - this means that we process personal data because they are necessary to perform the contract or to take action before its conclusion, at the request received,
• Article 6 point 1 lit. c) GDPR - this means that we process personal data in order to fulfill a legal obligation,
• Article 6 point 1 lit. f) GDPR - this means that we process personal data in order to pursue legitimate interests.

§3. INFORMATION ON DATA PROCESSING FOR THE PURPOSE OF CONCLUDING AND IMPLEMENTING AGREEMENTS, POSSIBLE PURCHASE OF CLAIMS AND DEFENSE AGAINST THEM
1. We may process personal data necessary to perform the contract concluded with you. However, even before its conclusion, we may process personal data necessary to take action at your request. The processing of this data is carried out on the basis of art. 6 point 1 lit. b) GDPR.
2. During the performance of the contract and after its performance, we process the personal data of its party for the purpose of possible consideration of claims, as well as their investigation. Our legitimate interest is, for example, the ability to respond to a possible complaint, which we are obliged to do under separate provisions of civil law. In this case, we will process personal data based on a legitimate interest, which is the defense against possible claims or their investigation. The processing of this data is carried out on the basis of art. 6 point 1 lit. f) GDPR.
3. We will store this data for the period necessary to achieve the designated goals, no later than until the claims under separate legal provisions expire.
4. You have the right to access your data, rectify it, delete it, limit processing, the right to transfer data, as well as the right to lodge a complaint with the supervisory authority. In the case of data processing for the purpose specified in point 2, you also have the right to object to their processing.
5. Providing this data is voluntary, but failure to provide this data will prevent the conclusion of the contract or its implementation.
6. The recipients of this data are: our hosting provider, e-mail service provider, IT service provider, transport service providers, provider of accounting services and software used to handle invoices, provider of electronic payment services, provider of legal, consulting and debt collection services and other service providers, which we use as part of the stated purpose.

§4. INFORMATION ABOUT DATA PROCESSING FOR THE PURPOSE OF DIRECT MARKETING
1. We may process your personal data for direct marketing purposes. This happens, for example, when we reply to your message with details of our offer.
2. The processing of this data is carried out on the basis of art. 6 point 1 lit. f) GDPR.
3. We will store your data for the time necessary for the purpose of implementation.
4. You have the right to access your data, rectify it, delete it, limit processing, the right to transfer data, the right to object to data processing, as well as the right to lodge a complaint with the supervisory authority.
5. Providing this data is voluntary, and failure to provide this data will prevent the implementation of direct marketing activities.
6. The recipients of this data are: our hosting provider, IT service provider, e-mail service provider.

§5. INFORMATION ON DATA PROCESSING FOR SECURITY
1. From the moment you launch our website, in order to ensure the security of services, we process such data as:
• public IP address of the device from which the query came,
• browser type and language,
• date and time of the inquiry,
• number of bytes sent by the server,
• URL address of the previously visited page, if the visit was made using this link,
• information about errors that occurred during the execution of the query.
2. Our legitimate interest in this processing is to keep server event logs and protect the Store against potential hacking attacks and other abuses. Including the possibility of determining the IP address of a person performing an illegal activity in the area of the Store, such as an attempt to break security, or the publication of prohibited content, or attempts at unauthorized activities using our servers.
3. The processing of this data is carried out on the basis of art. 6 point 1 lit. f) GDPR.
4. We will store this data for the period necessary to achieve the designated goals, no later than until the claims resulting from separate legal provisions expire.
5. You have the right to access your data, rectify it, delete it, limit processing, object to its processing, as well as the right to lodge a complaint with the supervisory authority.
6. Providing this data is a condition for using the Store. Failure to provide this data will make it impossible to use the Store.
7. The recipient of this data is our hosting provider and IT service provider.

§6. INFORMATION ON DATA PROCESSING FOR GOODS NOTIFICATION
1. The store has the functionality of sending notifications about selected goods to the e-mail address entered by the user.
2. Our legitimate interest in this processing is the implementation of the user's request, and then protecting the Store against potential abuse.
3. The processing of this data is carried out on the basis of art. 6 point 1 lit. f) GDPR.
4. We will store this data for the period necessary to achieve the designated goals, no later than until the claims resulting from separate legal provisions expire.
5. The data subject has the right to access his data, rectify it, delete it, limit processing, object to its processing, as well as the right to lodge a complaint with the supervisory authority.
6. Providing this data is a condition for sending the notification. Failure to provide this data will prevent this activity.
7. The recipient of this data is our hosting provider and IT service provider.

§7. INFORMATION ABOUT DATA RECIPIENTS
When processing personal data, we use external services. Therefore, the recipients of your personal data may be third parties. When collecting personal data, we always inform about these recipients, however, due to the primacy of the message's readability, we do it briefly. Therefore, we hereby clarify that when we inform about specific categories of recipients, these are the following entities:
• Transport service provider / couriers: Furgonetka sp. z o.o. sp. k. with its registered office in Warsaw, al. Prince Józefa Poniatowskiego 1, 03-901 Warsaw; DPD Polska Sp. z o.o., ul. Mineralna 15, 02-274 Warsaw.
• IT service provider: OVH Sp. z o.o., ul. Swobodna 1, 50-088 Wroclaw.
• Hosting provider: OVH Sp. z o.o., ul. Swobodna 1, 50-088 Wroclaw.
• Email service provider: Google Inc. 1600 Amphitheater Pkwy, Mountain View, CA 94043, United States.
• Accounting services provider: MK Monika Kobylińska Biuro Rachunkowe, Biskupa Czesława Domina 9/1, 75-065 Koszalin.
• Invoicing software provider: Fakturownia sp. z o.o., ul. Juliana Smulikowski 6/8, 00-389 Warsaw.
• Provider of legal / advisory / debt collection services - these service providers are appointed individually, in case of each need.
• Newsletter sending service provider: Shopify International Ltd., Attn: Data Protection Officer, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
• Provider of electronic payment services: Centrum Rozliczeń Elektronniczych Polskie ePŁATNOŚCI S.A., Tajęcina 113, 36-002 Trzebownisko.

§8. ABSOLUTE RIGHTS OF PERSONS WHOSE DATA ARE PROCESSED
When we write about the rights related to the processing of your personal data, we refer to the rights described below. The possibility of using the following rights is independent of the legal basis for the processing of personal data.

Right of access to data
You have the right to obtain confirmation from us as to whether we process personal data concerning you. If this is the case, you have the right to access this data, as well as receive additional information about:
• processing purposes,
• categories of relevant data,
• recipients or categories of recipients to whom the data have been or will be disclosed, in particular recipients in third countries or international organizations,
• if possible, the planned period of data storage, and if this is not possible, the criteria for determining this period,
• the right to demand from us rectification, deletion or limitation of data processing, to object to such processing, as well as the right to lodge a complaint with the supervisory authority,
• data source, if your data was not collected from you,
• automated decision-making, including profiling and the rules for making decisions, as well as the importance and expected consequences of such processing for you.

After receiving such a request, we are obliged to provide a copy of the personal data subject to processing. If such a request is received electronically, and unless we receive a different objection, we will also provide information electronically.

Right to rectification
You have the right to request us to immediately rectify inaccurate personal data concerning you. Taking into account the purposes of processing, you have the right to request completion of incomplete personal data, including by submitting an additional statement.

Right to erasure (to be forgotten)
You have the right to request us to delete your personal data immediately. We are then obliged to delete personal data without undue delay if one of the following circumstances applies:
• you have withdrawn your consent to the processing of your personal data and we have no other basis for processing them,
• you have filed an effective objection to the processing of data concerning you,
• your personal data has been processed unlawfully,
• Your personal data must be deleted in order to comply with a legal obligation,
• Your data has been collected in connection with offering information society services.

Right to restriction of processing
You have the right to request us to restrict processing in the following cases:
• when you question the correctness of the data - for a period allowing us to check their correctness,
• the processing is unlawful and you oppose the deletion of the data, requesting the restriction of their use instead,
• we no longer need personal data for the purposes of processing, but you need them to establish, pursue or defend claims,
• you have objected to the processing of your data - until it is determined whether the legitimate grounds on our part override the grounds for your objection.

Automated decisions, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The law does not apply if this decision:
• is necessary for the conclusion or performance of a contract between you and us,
• is permitted by EU law or the law of the Republic of Poland and which provides for appropriate measures to protect your rights, freedoms and legitimate interests, or
• is based on your express consent.

Right to lodge a complaint
You have the right to lodge a complaint regarding the processing of your personal data to the supervisory body: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, tel. 22 531 03 00, fax. 22 531 03 01, e-mail: rekrutia@uodo.gov.pl.

§9. RELATIVE RIGHTS OF PERSONS WHOSE DATA ARE PROCESSED
When we write about the rights related to the processing of your personal data, we refer to the rights described below. The possibility of using them is each time dependent on the legal basis for the processing of personal data.

The right to withdraw consent to processing
Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. Naturally, the withdrawal of consent does not affect the lawfulness of the earlier processing of personal data.

Right to data portability
You have the right to receive your personal data provided to us in a structured and commonly used machine-readable format. You also have the right to send this personal data to another administrator without any obstacles on our part, if the processing takes place:
• on the basis of consent or on the basis of a contract, and
• in an automated manner.
When exercising the right to transfer data, you have the right to request that we send your personal data directly to another administrator, if it is technically possible. This right must not adversely affect the rights and freedoms of others.

Right to object
If we process your personal data pursuant to art. 6 point 1 lit. f) GDPR, you have the right to object to the processing of this data for reasons related to your particular situation.

Then we are no longer allowed to process this personal data, unless we demonstrate the existence of:
• valid, legitimate grounds for processing, where these grounds must override the interests, rights and freedoms of your person, or
• grounds for establishing, pursuing or defending claims.

Also, if you object to the processing of your personal data for direct marketing purposes, then we will not be able to process it for such purposes.

§10. COOKIES - INTRODUCTION
The Store's website uses cookies. These are commonly used, small files containing a string of characters that are sent and saved on the end device (e.g. computer, laptop, tablet, smartphone) used when visiting the Store. This information is sent to the memory of the browser used, which sends it back the next time you visit the website. We can categorize cookies according to three division methods.
In terms of the purposes of using cookies, we distinguish three categories:
• Necessary files - these files enable the proper functioning of the website and its functionalities, e.g. authentication or security cookies. Without saving them on your device, it will be impossible to use the website.
• Analytical files - these files enable monitoring of opened websites, traffic sources, time spent on the website. Without saving them, the use of website functionality will not be limited.
• Advertising files - these files enable the display of personalized advertisements in the area of the website or outside it. Without saving them, the use of website functionality will not be limited.
• Social media files - these files make it possible to display the fanpage in the area of the website, as well as to like it. Without saving them, the use of website functionality will not be limited.
In terms of their validity, we distinguish two categories of cookies:
• session files - existing until the end of a given session,
• persistent files – existing after the end of the session.
In terms of distinguishing the entity administering cookies, we distinguish:
• our cookies,
• third party cookies.

§11. DATA ADMINISTRATOR COOKIES
The cookies we administer allow you to:
• access authentication,
• maintaining the session after logging in,
• protecting the Store against hacker attacks,
• "remembering" by the browser the content of fields of completed forms (optional),
• "remembering" items added to the basket by the browser.
Thanks to this, using the functionality of the Store becomes easier and more pleasant.

§12. THIRD PARTY COOKIES
The use of third party cookies is conditioned by the privacy and cookie policy applied by these entities.
GOOGLE
We use cookies administered by Google Inc. 1600 Amphitheater Pkwy, Mountain View, CA 94043, United States as part of the services:
• Google Ads - advertising files used to conduct and evaluate the quality of advertising campaigns carried out using the Google Ads service,
• Google Analytics - analytical files used to study the behavior and traffic of users and to compile traffic statistics,
• YouTube - they allow you to display video files from YouTube embedded on the website.
Collected by Google Inc are anonymous and aggregated. In particular, they do not contain identifying features (understood as personal data) of Store users. By using these services, we collect data such as the sources of acquiring users visiting the Store, as well as the manner of their behavior on the Store's website, information on the devices and browsers they use, IP address, domain, demographic data (age, gender), interests and geographical.
More information in this regard can be found here: https://policies.google.com/technologies/cookies?hl=pl
FACEBOOK
We use files administered by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, United States:
• Functional cookies used by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, United States. These files can be used to connect your account on an external Facebook social network with an account in the Store. These files can also be used to process your actions on Facebook using the "Share" or "Like" buttons. The processing of these activities may be public.
• Advertising pixel tags used by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, United States. These are elements published in digital content and allow you to record information, e.g. about activity on the website, as well as assess the effectiveness of advertising. Facebook Inc. Pixel Tag Management is possible via Facebook, in its user panel
More information in this regard can be found here: https://www.facebook.com/policies/cookies/
INSTAGRAM
We use cookies used as part of the Instagram service by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, United States. These files can be used to connect your account on an external Instagram social network with an account in the Store (if we provide such functionality and if you use this account). These files may also be used to display personalized advertisements to you via Instagram. Information on the conditions for objecting to the processing of your personal data for this purpose can be found here: https://www.facebook.com/help/instagram/155833707900388

The use of third party cookies is conditioned by the privacy and cookie policy applied by these entities. The current rules of third parties in this regard can be found on the websites mentioned and here: https://www.e-regulaminy.pl/biuletyn/polityki-prezentnosci-i-plikow-cookies/.

§13. CONSENT TO USE AND MANAGE COOKIES
With the exception of essential cookies, their processing is based on the user's consent.
Consent to the processing of cookies is voluntary and may be withdrawn at any time. However, it should be remembered that the lack of consent to the use of some cookies may result in restrictions on the use of the Store and its functionality, and even prevent its use.
Consent to the processing of cookies may be granted:
• using the settings of the software installed in the telecommunications end device used by the user,
• by using a button containing a statement of consent to the processing of cookies or confirmation of reading its terms,
• using the settings available in the website area.

§14. CACHE
When you use the Store's website, we may automatically use the cache installed on your device. As part of the local memory, it is possible to store data between sessions, i.e. between subsequent visits to the Store's website. The purpose of using the cache is to speed up the use of the Store by eliminating the situation where the same data would be repeatedly downloaded from the Store, thus burdening the user's internet connection. The cache may also store data such as your login password.

§15. LINKS TO OTHER WEBSITES OR SOFTWARE
The Store may contain links to other websites or software. We are not responsible for the rules of compliance with the privacy policy and the processing of cookies in these websites or in this software. We recommend that you read the privacy and cookie policies of these websites or software after accessing them or before installing them.

§16. CHANGES TO THE PRIVACY AND COOKIES POLICY
1. The privacy and cookie policy comes into force on the date of its publication on the Store's website.
2. The Privacy and Cookies Policy is changed by publishing its new content on the Store's website.
3. We publish information about the change of the Privacy and Cookies Policy in the area of the Store's website, no later than 3 days before the date of its new wording.