Privacy Policy

WEBSITE PRIVACY POLICY WWW.HERESY.COFFEE

(1) For the Owner of this website, the protection of Users’ personal data is of utmost importance. It makes great efforts to ensure that Users feel safe entrusting their personal information when using the website.


(2) A user is a natural person, a legal person or an organizational unit without legal personality, which is granted legal capacity by law, using electronic services available on the website.

(3) This privacy policy explains the principles and scope of processing of the User’s personal data, his/her rights, as well as the obligations of the administrator of such data, and also informs about the use of cookies.

(4) The Administrator shall use state-of-the-art technical measures and organizational solutions to ensure a high level of protection of the processed personal data and safeguards against unauthorized access.


I. PERSONAL DATA CONTROLLER


The administrator of the personal data is Heresy & more sp. z o. o. with headquarters at: ks. Jerzego Popiełuszki 11/74, 01-595, Warsaw, entered in the register of entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XIV Commercial Division of the National Court Register under KRS number: 0000874198, NIP: 525-28-46-199 (hereinafter: “Owner“).


II. PURPOSE OF PERSONAL DATA PROCESSING


(1) The Administrator processes the User’s personal data in order to:

In order to properly perform sales contracts concluded within the framework of the online store operating at www.heresy.coffee.

2 This means that the data is needed in particular for

a. registering on the website;

b. conclusion of the agreement;

c. making settlements;

d. delivery of goods ordered by the User or performance of services;

e. User’s exercise of any consumer rights (e.g. withdrawal from the contract, warranty).

(3) The User may also agree to receive information on news and promotions, which will also cause the administrator to process personal data, in order to send the User commercial information regarding, among other things. new products or services, promotions or sales.

(4) Personal data shall also be processed in fulfillment of legal obligations incumbent on the data controller and the performance of tasks, in the public interest, among others. to perform tasks, related to security and defense or storage of tax records.

(5) Personal data may also be processed for the purposes of direct marketing of products, securing and asserting claims or protecting against claims by the User or a third party, as well as marketing of services and products of third parties or marketing of our own, which is not direct marketing.


III. DATA TYPE


(1) The administrator processes the following personal data, the provision of which is necessary to:

a. registering on the website:

– name;
– email address;

b. making purchases through the website:

– name;
– gender;
– delivery address;
– phone number;
– email address;

c. Data provided by the User optionally:

– date of birth;
– PESEL number (if an invoice is requested);
– TIN number (in case of requesting an invoice for an entrepreneur).

(2) In the case of withdrawal from the contract or acknowledgment of the complaint, when the refund is made directly to the User’s bank account, we also process information, regarding the bank account number, for the purpose of reimbursement.


IV. LEGAL BASIS FOR PROCESSING PERSONAL DATA


1 Personal data shall be processed in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88, hereinafter referred to as the “RODO Regulation.”

(2) The Administrator shall process personal data only after obtaining the User’s prior consent, expressed at the time of registration on the website or at the time of confirming a transaction made on the website.

(3) Consent to the processing of personal data is completely voluntary, however, failure to provide it prevents registration on the website and making purchases, through the website.


V. USER’S RIGHTS


(1) The user may at any time request information from the controller about the scope of processing of personal data.

(2) You may at any time request the correction or rectification of your personal data. Users can also do this on their own, after logging into their account.

(3) The user may withdraw his consent to the processing of his personal data at any time, without giving any reason. The request not to process data may concern a specific purpose of processing indicated by the User, e.g. withdrawal of consent to receive commercial information, or concern all purposes of data processing. Withdrawal of consent as to all processing purposes will result in the removal of the User’s account from the website, along with all of the User’s personal data previously processed by the administrator. Withdrawal of consent will not affect the activities already performed.

(4) The user may at any time request, without giving any reason, that the administrator delete his data. The request for deletion of data will not affect the activities performed so far. Deletion of data means simultaneous deletion of the User’s account, along with all personal data stored and processed by the administrator to date.

(5) The User may at any time object to the processing of personal data, both with respect to all of the User’s personal data processed by the controller, as well as only to a limited extent, e.g. as to the processing of data for a specifically indicated purpose. The objection will not affect the activities carried out so far. Filing an objection will result in the deletion of the User’s account, along with all personal data stored and processed to date, by the administrator.

(6) You may request a restriction of the processing of your personal data, whether for a certain period of time or without a time limitation, but within a certain scope, which the controller will be obliged to comply with. This request will not affect the activities carried out so far.

(7) The user may request that the controller transfer to another entity, the processed personal data of the user. For this purpose, he should write a request to the administrator, indicating to which entity (name, address) the User’s personal data should be transferred and what specific data the User wishes the administrator to transfer. After the User confirms his/her request, the administrator will provide, in electronic form, to the designated entity, the User’s personal data. Confirmation of the request by the user is necessary for the security of the user’s personal data and to be sure that the request comes from an authorized person.

(8) The Administrator shall inform the User of the action taken, before the expiration of one month after receiving one of the requests listed in the preceding paragraphs.


VI. RETENTION PERIOD OF PERSONAL DATA


(1) As a general rule, personal data shall be retained only as long as necessary to fulfill the contractual or statutory obligations for which it was collected. The data will be deleted immediately when storage is no longer necessary, for evidentiary purposes, in accordance with civil law, or in connection with a statutory obligation to store data.

(2) Information, relating to the contract, shall be kept for evidence purposes, for a period of three years, starting from the end of the year in which the business relationship with the User was terminated. The deletion of data will take place after the expiration of the statutory limitation period for the assertion of contractual claims.

(3) In addition, the administrator may retain archival information relating to concluded transactions, as their storage is related to the User’s claims, e.g. under warranty.

(4) If no contract has been concluded, between the User and the Owner, the User’s personal data is stored until the User’s account on the website is deleted. Deletion of the account may occur as a result of a request by the User, withdrawal of consent to the processing of personal data, or objection to the processing of such data.


VII. ENTRUSTING DATA PROCESSING TO OTHER ENTITIES


(1) The administrator may entrust the processing of personal data to entities cooperating with the administrator to the extent necessary for the implementation of the transaction, e.g. for the preparation of the ordered goods and delivery of shipments or transmission of commercial information, originating from the administrator (the latter applies to Users who have agreed to receive commercial information).

(2) Other than for the purposes indicated in this Privacy Policy, personal data of Users, will not be shared in any way with third parties, or transferred to other entities, for the purpose of sending marketing materials of these third parties.

(3) Personal data of website users are not transferred outside the European Union.

(4) This Privacy Policy shall comply with the provisions arising from Art. 13 para. 1 and paragraph. 2 of the RODO regulation.


VIII. COOKIES


(1) The website uses cookies or similar technology (hereinafter collectively referred to as“cookies“) to collect information about the User’s access to the website (e.g., via a computer or smartphone) and his/her preferences. They are used, among other things. for advertising and statistical purposes and to customize the website for you.

(2) Cookies are fragments of information that contain a unique reference code that a website sends to a user’s device for the purpose of storing, and sometimes tracking information, about the device being used. Usually they do not allow to identify the User’s person. Their main task is to better tailor the website to the user.

(3) Some of the cookies present on the website are available only for the duration of a given web session and expire when the browser is closed. Other cookies are used to remember the User, who, when returning to the website, is recognized on it. They are then preserved before a longer period of time.

4 The cookies used on this website are:

Ecsi: 1 month, cck3: removed when browser closes; _Secure_CASTGC: removed when browser closes; has_js: removed when browser closes.

5. all cookies, occurring on the website, are determined by the administrator.

6 All cookies, used by this website, comply with the applicable laws of the European Union.

7 Most Users and some mobile browsers automatically accept cookies. If the user does not change the settings, the cookies will be stored in the memory of the device.

(8) You may change your preferences, regarding the acceptance of cookies, or change your browser so that you can receive an appropriate notification each time the cookie function is set. To change your cookie acceptance settings, adjust the settings in your browser.

9 It is worth remembering that blocking or deleting cookies may prevent full use of the website.

10. cookies will be used for necessary session management, including:

a. Creating a special login session for the Website User so that the Website remembers that the User is logged in and requests are delivered in an efficient, secure and consistent manner;

b. Recognizing the User who has visited the website before, which allows us to identify the number of unique users who have used the website and allows us to make sure that the website has enough capacity for the number of new users;

c. Recognizing whether a website visitor is registered on the website;

d. Recording information from the User’s device, including: cookies, IP address and information about the browser used, in order to be able to diagnose problems, administer and track Site usage;

e. Customize elements of the layout or content of the website;

f. To collect statistical information about how Users use the Site, in order to be able to improve the Site and to determine which areas of the Site are most popular with Users.