Privacy policy

1. Data controller and definitions

1.1 The administrator of personal data of Customers / Users of the Online Store, also referred to as the Seller, is: itSound Albert Świączkowski, ul. Enklawy 1/20, 05-509 Józefosław, NIP: 1231185572; Independent distributor of Nature’s Sunshine products.

1.2 The Data Administrator can be contacted:

1.2.1 at the correspondence address: ul. Enklawy 1/20, 05-509 Józefosław;

1.2.2 at the e-mail address: [email protected]

1.3 User – a natural person entering the website(s) of the Online Store or using the services or functionalities described in this Privacy and Cookies Policy;

1.4 Client – a natural person with full legal capacity, a natural person who is a Consumer, a legal person or an organizational unit without legal personality, which the law grants legal capacity, which concludes a Distance Sales Agreement with the Seller.

1.5 Online Store – a website run by the Seller, available at the following electronic addresses (websites): nsnatura.pl through which the Customer/User can obtain information about the Goods and their availability and buy Goods or order the provision of a service.

1.6 Newsletter – information, including commercial information within the meaning of the Act of July 18, 2002. on the provision of electronic services (Journal of Laws of 2020, item 344) from the Seller sent to the Customer/User by electronic means; its receipt is voluntary and requires the consent of the Client/User.

1.7 Account – a set of data stored in the Online Store and in the Seller’s ICT system regarding a given Customer/User and orders placed by him and concluded contracts, with the use of which the Customer/User may place orders and conclude contracts.

1.8 RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Regulation on data protection).

2. Purposes, legal grounds and time of data processing

2.1 In order to perform the Distance Sales Agreement, the Seller processes:

2.1.1 information on the User’s device to ensure the correct operation of the services: computer IP address, information contained in cookies or other similar technologies, session data, web browser data, device data, data on activity on the Website, including on individual subpages;

2.1.2 information on geolocation, if the User has consented to the service provider’s access to geolocation. Geolocation information is used to provide more customized product and service offerings.

2.2 This information does not contain Users’ identity data, but in combination with other information, it may constitute personal data and therefore the Administrator covers it with full protection under the GDPR.

2.3 These data are processed in accordance with Art. 6 sec. 1 lit. b of the GDPR, in order to perform the service, i.e. the contract for the provision of electronic services in accordance with the Regulations and in accordance with art. 6 sec. 1 lit. a GDPR, in connection with consent to the use of certain cookies or other similar technologies, expressed through the appropriate settings of the web browser in accordance with the Telecommunications Law or in connection with consent to geolocation. The data is processed until the end of the Customer’s/User’s use of the Online Store.

3. Administrator’s marketing activities

3.1 On the website of the Online Store, the Data Administrator may post marketing information about its products or services. Displaying this content is made by the Data Administrator in accordance with art. 6 section 1 lit. f of the GDPR, i.e. in accordance with the legitimate interest of the Data Administrator consisting in the publication of content related to the services provided and promotional content of actions in which the Data Administrator is involved. At the same time, this action does not violate the rights and freedoms of Customers/Users, Customers/Users expect to receive similar content, and even expect it or it is their direct purpose of visiting the website/pages of the Online Store.

4. Recipients of user data

4.1 The Data Administrator discloses personal data of users only to processing entities under concluded contracts for entrusting the processing of personal data in order to provide services to the Data Administrator, e.g. hosting and servicing the Website, IT services, marketing and PR services.

5. Transfer of personal data to third countries

5.1 Personal data will not be processed in third countries.

6. Rights of data subjects

6.1 Each data subject has the right to:

6.1.1 access (Article 15 of the GDPR) – obtaining data from the Data Administrator

h confirmation whether her personal data is being processed. If data about a person are processed, he or she is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or about the criteria for their determination, about the right to request rectification, deletion or limitation of the processing of personal data of the data subject, and to object to such processing;

6.1.2 to receive a copy of the data (Article 15(3) of the GDPR) – to obtain a copy of the data subject to processing, where the first copy is free of charge, and the Data Administrator may charge a reasonable fee for subsequent copies, resulting from administrative costs;

6.1.3 for rectification (Article 16 of the GDPR) – requests to rectify incorrect personal data concerning her or to supplement incomplete data;

6.1.4 to delete data (Article 17 of the GDPR) – request to delete her personal data if the Data Administrator no longer has a legal basis for processing them or the data is no longer necessary for the purposes of processing;

6.1.5 to limit processing (Article 18 of the GDPR) – requests to limit the processing of personal data when:

6.1.5.1 the data subject questions the correctness of the personal data – for a period allowing the Data Administrator to check the correctness of the data,

6.1.5.2 the processing is unlawful and the data subject opposes their removal, requesting the restriction of their use,

6.1.5.3 The data controller no longer needs these data, but they are needed by the data subject to establish, pursue or defend claims,

6.1.5.4 the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds of objection of the data subject;

6.1.6 to transfer data (Article 20 of the GDPR) – to receive in a structured, commonly used machine-readable format personal data concerning her, which she provided to the Data Administrator, and to request that this data be sent to another Administrator, if the data is processed on the basis of consent the data subject or the contract concluded with him, and if the data is processed in an automated manner;

6.1.7 to object (Article 21 of the GDPR) – to object to the processing of their personal data for the legitimate purposes of the administrator, for reasons related to their particular situation, including profiling. Then the Data Administrator assesses the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of the data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject will be more important than the interests of the administrator, the Data Administrator will be obliged to stop processing data for these purposes;

6.1.8 to withdraw consent at any time and without giving any reason, but the processing of personal data carried out before withdrawal of consent will still be lawful. Withdrawal of consent will result in the Administrator ceasing to process personal data for the purpose for which the consent was given.

6.2 In order to exercise the above-mentioned rights, the data subject should contact the Data Administrator using the contact details provided and inform him which right and to what extent he wants to exercise.

7. President of the Office for Personal Data Protection

7.1 The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2, which can be contacted as follows:

7.1.1 by post: ul. Stawki 2, 00-193 Warsaw;

7.1.2 via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt;

7.1.3 Hotline: 606-950-0000.

8. Data Protection Officer

8.1 In each case, the data subject may also contact the Administrator’s data protection officer directly by e-mail or in writing to the Administrator’s address provided in section 1 point 2 of this Privacy and Cookies Policy.

9. Changes to the Privacy Policy

9.1 The privacy and cookie policy may be supplemented or updated in accordance with the current needs of the Administrator in order to provide current and reliable information to Clients/Users.

10. Cookies

10.1 The online store performs the functions of obtaining information about customers, users and their behavior in the following way:

10.1.1 through information voluntarily entered in forms for purposes resulting from the function of a specific form;

10.1.2 by saving cookie files in end devices (i.e

zv. “cookies”);

10.1.3 by collecting web server logs by the Online Store’s hosting operator (necessary for the proper operation of the website).

10.2 Cookies are IT data, in particular text files, which are stored in the Customer’s / User’s end device and are intended for using the Online Store website. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number.

10.3 The online store uses cookies only after the Customer/Store User has given prior consent in this regard. Consent to the use of all cookies by the Online Store is made by clicking the “Close” button when the message about the use of cookies by the Online Store is displayed or by closing this message.

10.4 The consent referred to in the previous point may only cover selected cookies. In this case, the Customer/User of the Online Store should use the option: “Cookie settings”, available in the message on the use of cookies by the Online Store. At the same time, the Data Administrator stipulates that disabling cookies necessary for authentication processes, security, maintaining Customer/User preferences may make it difficult, and in extreme cases may prevent the use of the Online Store.

10.5 If the Customer/User of the Online Store does not agree to the use of cookies by the Online Store, he may use the option: “I DO NOT CONSENT”, also available in the message on the use of cookies by the Online Store or make changes to the settings of the web browser, which he is currently using (however, this may cause the Online Store website to malfunction).

10.6 In order to manage cookie settings, select the web browser/system from the list below and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.

10.7 The legal basis for the processing of personal data from cookies are the legitimate interests of the Data Administrator, consisting in providing high quality services and ensuring the security of services.

10.8 As part of the Online Store, two basic types of cookies are used: “session” (session cookies) and “permanent” (persistent cookies). Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the Online Store or turning off the software (web browser). “Permanent” cookies are stored on the Client’s/User’s end device for the time specified in the cookie file parameters or until they are deleted by the Client/User.

10.9 Cookies are used for the following purposes:

10.9.1 creating statistics that help to understand how Customers/Users of the Online Store use websites, which allows improving their structure and content;

10.9.2 maintaining the Customer/User’s session (after logging in), thanks to which the Customer/User does not have to re-enter the login and password on each subpage of the Online Store;

10.9.3 defining the Client’s/User’s profile in order to display product recommendations and matching materials in advertising networks, in particular the Google network.

10.10 Software for browsing websites (web browser) usually allows cookies to be stored on the Client’s/User’s end device by default. Customers/Users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies.

10.11 Restrictions on the use of cookies may affect some of the functionalities available on the websites of the Online Store.

10.12 Cookies placed on the Customer’s/User’s end device may also be used by advertisers and partners of the Online Store cooperating with the Online Store.

10.13 Cookie files may be used by advertising networks, in particular the Google network, to display advertisements tailored to the manner in which the Customer/User uses the Online Store. For this purpose, they may keep information about the Customer’s navigation path or the time spent on a given page.

10.14 We recommend that the Client/User read the privacy policy of these companies to learn the rules of using cookies used in statistics: Google Analytics Privacy Policy.

10.15 Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the manner in which the Customer / User uses the Online Store