PRIVACY AND COOKIES POLICY

PRIVACY AND COOKIES POLICY

I. Definitions and General Information

Website – refers to the website available at: https://sofluffy.com.pl/.

User – refers to any individual who visits the Website using a computer, tablet, mobile phone, or other device connected to the Internet.

Administrator – the Administrator of personal data is SO FLUFFY Sylwia Cygan, based at ul. Rejtana 4/4, 50-002 Wrocław, Poland, NIP: 8992624623, REGON: 387479304.

Profiling – means any form of automated processing of personal data that involves using personal information to assess certain personal aspects of an individual, particularly to analyze or predict preferences and interests.

We want to assure Users of our Website that the protection of your privacy is of the utmost importance to us. This Privacy and Cookies Policy explains what data we collect, for what purposes, and how cookies are used within this Website.

II. Legal Basis and Scope of Data Processing

1. Personal data collected by the Administrator is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – “GDPR”), and the Act of 18 July 2002 on the Provision of Electronic Services (Journal of Laws 2017, item 1219, as amended).

2. The Administrator processes only the personal data provided by the User in connection with the use of the Website. Data is processed for the following purposes and on the following legal bases:

• Contract performance – to conclude and perform a sales agreement, issue invoices, and deliver products (data: name, surname, country, address, phone number, email) – Article 6(1)(b) GDPR.
  
  
• Debt recovery – to pursue or defend legal claims (data: name, surname, address, delivery address, email, phone number, and other necessary data) – Article 6(1)(f) GDPR.
  
  
• Legal obligations – to comply with legal duties arising from business operations (data: any information obtained from the User) – Article 6(1)(c) GDPR.
  
  
• Marketing and newsletter – to promote products or services (data: name, surname, address, email, phone number) – based on the User’s consent – Article 6(1)(a) GDPR.
  
  
• Commercial information – to send electronic commercial messages – based on consent – Article 6(1)(a) GDPR.
  
  

Providing personal data is voluntary, but necessary to register and make purchases through the Website. Browsing the Website does not require providing personal data, apart from data automatically collected through cookies.

III. Lawfulness and Data Security

1. The Administrator processes data lawfully and for legitimate, clearly defined purposes. Data is collected only to the extent necessary for those purposes and is not further processed in a manner incompatible with them.

2. We take every measure to protect Users’ data from unauthorized access, applying high-level technical and organizational safeguards. Personal data is not shared with unauthorized entities. It may only be entrusted to third parties under a written data processing agreement or disclosed to entities legally authorized to receive it.

3. All connections involving electronic payments are secured via SSL encrypted connections. Users are responsible for maintaining the confidentiality of their login details and passwords. The Website will never ask you to disclose this information outside the login process. Please always log out after finishing your session.

IV. Automated Processing (Profiling)

1. The Administrator may use profiling to offer the most relevant and personalized experience for Users or in cases where it is necessary for contract performance or where the User has given explicit consent.

2. Automated decisions, such as discounts or special offers, may be generated based on cookie data. The User may choose to take advantage of such offers or decline them.

3. Users have the right to object to processing for direct marketing or profiling purposes. The Administrator does not make decisions based solely on automated processing that would produce legal effects or significantly affect the User.

V. Data Retention Period

1. Personal data will be processed for the period necessary to:

• perform the contract and for the time required to pursue or defend potential claims (until the statute of limitations expires),
  
  
• or until consent is withdrawn or an objection to processing is raised (for data processed on the basis of consent).
  
  

2. Data may also be retained if necessary to comply with legal obligations, resolve disputes, enforce agreements, ensure security, and prevent fraud or abuse.

VI. User Rights

1. To exercise your rights, please contact us by email at kontakt.sofluffy@gmail.com.

2. Users have the right to:

• access their data (Article 15 GDPR),
  
  
• rectify or update data (Article 16 GDPR),
  
  
• erase data (Article 17 GDPR),
  
  
• restrict processing (Article 18 GDPR),
  
  
• transfer data (Article 20 GDPR),
  
  
• object to processing (Article 21 GDPR),
  
  
• withdraw consent at any time (Article 7(3) GDPR),
  
  
• lodge a complaint with the President of the Personal Data Protection Office (UODO) (Article 77 GDPR).
  
  

3. The Administrator will process submitted requests promptly, but no later than one month from receipt. However, if – due to the complex nature of the request or the number of requests – the Administrator is unable to process the User’s request within the specified timeframe, the Administrator will inform the User of the intended extension and indicate a deadline for processing the request, which will not exceed two months.

4. The Administrator will inform each recipient to whom personal data has been disclosed of the rectification or deletion of personal data, or the restriction of processing, which has been carried out in accordance with the User’s request, unless this proves impossible or requires a disproportionate effort.

VII. Data Sharing

1 . To fulfill the sales contract, the Administrator may share Users’ data with: courier and postal companies, online payment providers, the Administrator’s accounting office.

2. In such cases, the amount of data transferred is limited to the required minimum. Furthermore, the information you provide may be made available to competent public authorities if required by applicable law.

3. Personal data processed by us will not be shared with recipients not indicated above in a form that would allow for any identification of Users, unless the User has consented to such transfer.

4. Users’ personal data will not be transferred to countries outside the European Economic Area.

VIII. Cookies and Their Use

1. While using the Website, small files are saved on the User’s end device, particularly text files, which contain information enabling the User to remember login details, recently selected products, and products in their shopping cart (hereinafter referred to as “cookies”). Cookies also enable the collection of statistical data, as described in Section 2 below.

2. Cookies do not contain any data that identifies the User, meaning that their identity cannot be determined based on them. The files used by the Website are not harmful to the User or the device in any way and do not interfere with its software or settings.

3. The cookie system does not interfere with the operation of the User’s computer and can be disabled.

4. Cookies allow us to:

• maintain the User’s session (so they don’t need to log in repeatedly),
  
  
• generate website traffic statistics.
  
  

5. Please note that browsers generally have the option to save cookies enabled in their default settings.

6. If the User does not consent to the storage of these files on the end device, the User should change the settings of the web browser they are using.

7. Preventing the storage of cookies may involve:

– not saving cookies on the end device;

– informing the User each time a cookie is saved on the device; and deleting cookies after using the Website.

8. To use the option appropriate for the User, please refer to the information on cookie management, which is usually found in the browser’s “Settings” or “Help” tab.

9. The Administrator informs that if cookies are necessary for the operation of the Website, restricting their use may hinder the use of the Website.

10. Your device’s browser settings allow you to save cookies and express your consent by clicking “OK” in the window that appears after entering the Website, stating: “This website uses cookies to provide top-quality services. By continuing to use the website, you consent to their use – these files will be saved on your end device.”

IX. Changes to the Privacy and Cookies Policy

1. The Administrator reserves the right to amend this Policy. Users will be informed of any changes in a way that allows them to review updates before they take effect, for example by posting a notice on the homepage or sending an email notification.

2. If a User disagrees with the changes, they may request the deletion of their account. Continued use of the Website after the publication or notification of changes constitutes acceptance of the updated Policy.

3. his document does not limit any rights granted to Users under applicable law.