Privacy & Cookie Policy

Cookie Policy

Definitions

  • User – Entity using the Website and its functionalities.
  • Service – A given service under the domain www.veganfashionrepository.com.
  • Contact Form – A form placed on the Website of Vegan Fashion Repository Sp. z o. o. enabling Users to contact the company.
  • Newsletter – Information about new products, promotions, products or services related to the activities of Vegan Fashion Repository Sp. z o. o. sent to the User’s email address, to which the User can subscribe on the Website by providing their active email address and name.
  • Registration Form – A form placed on the Website of Vegan Fashion Repository Sp. z o. o. enabling Users to set up their account and access paid premium information.
  • Administrator – Vegan Fashion Repository Sp. z o. o. (details below)
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Identity of the Data Controller

The Administrator of your personal data is Vegan Fashion Repository Sp. z o. o. with its registered office in Warsaw, address: ul. Jugosłowiańska 15c/35, 03-984 Warsaw; KRS: 0001129419, NIP: 1133146789, REGON: 529745437.

Contact Details of the Data Controller

The User may contact the Administrator:

  • In writing – Correspondence address: ul. Jugosłowiańska 15c/35, 03-984 Warsaw
  • Via email – Email address: hello@veganfashionrepository.com

Purposes and Legal Basis of Data Processing

The basis for processing your personal data is to enable the User to use the Website, including the Newsletter service, completing the Registration Form and the Contact Form, as well as for marketing purposes.

The processing of data from the Newsletter subscription takes place for the purpose of:

  • Providing the newsletter service – The legal basis for processing is the necessity of processing for the performance of the contract (Article 6, paragraph 1, letter b of the GDPR). Providing these personal data is voluntary but necessary for the performance of the contract.
  • Own marketing of the Administrator’s services and products – The basis for such processing is the necessity of data processing to implement the legitimate interests of the Administrator (Article 6, paragraph 1, letter f of the GDPR); the legitimate interest of the Administrator is to conduct direct marketing of its products and services.
  • Archiving documents, statistics and any pursuit of claims or defence against claims related to the performance of the service provision agreement – The legal basis for processing is the legitimate interest of the Administrator, i.e. ensuring the possibility of performing the Agreement pursuant to Article 6, paragraph 1, letter f of the GDPR.

Data from the Registration Form for premium services is processed for the purpose of:

  • Providing services related to maintaining and servicing an account on the Website – The legal basis for processing is the necessity of processing for the performance of the contract (Article 6, paragraph 1, letter b of the GDPR), and in the scope of data provided optionally – The legal basis for processing is consent (Article 6, paragraph 1, letter a of the GDPR).
  • Analytical and statistical purposes – The legal basis for processing is the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR), consisting in conducting analyses of Users’ activity on the Website and the manner of using the account, as well as their preferences, in order to improve the functionalities used.
  • Archiving documents, statistics and any pursuit of claims or defence against claims related to the performance of the service provision agreement – The legal basis for processing is the legitimate interest of the Administrator, i.e. ensuring the possibility of performing the Agreement pursuant to Article 6, paragraph 1, letter f of the GDPR.

Data from the Contact Form is processed for the purpose of:

  • Enabling the Administrator to contact the User after the User has submitted such a request together with consent to the processing of personal data provided in the Contact Form – The basis for the processing of personal data is Article 6, paragraph 1, letter a of the GDPR, i.e. consent to the processing of personal data. Providing personal data is voluntary but necessary to contact the User at their request.
  • Archiving documents and conducting analytical and statistical activities, which constitute the legitimate interest of the Administrator pursuant to Article 6, paragraph 1, letter f of the GDPR.

The processing of personal data necessary to conduct marketing activities by the Controller and obtained from sources other than directly from data subjects (pursuant to Article 14 of the GDPR) takes place for the purpose of:

  • Conducting direct marketing, including creating databases of potential customers and sending commercial offers, which constitute the legitimate interest of the Administrator pursuant to Article 6, paragraph 1, letter f of the GDPR. In cases where consent is required, processing takes place on the basis of Article 6, paragraph 1, letter a of the GDPR – consent of the data subject.

Where applicable, the categories of personal data concerned include:

  • Identification data: Name, surname
  • Contact details: Email address
  • Employment data: Position

Personal data of Potential Customers come from publicly available sources such as public registers, websites, and social media platforms.

Data Storage Time

The User’s personal data will be processed for the period necessary to achieve the purposes for which the data is processed or until an objection is filed, if the basis for processing is the legitimate interest of the Administrator, or the withdrawal of consent, if the basis for processing is expressed consent. Subsequently, the Administrator may store the data until the limitation period for any claims or until the obligation to store data resulting from the law expires.

The User has the right to

  • Access your personal data and the right to request their rectification, deletion, or restriction of their processing.
  • Transfer personal data.
  • Withdraw consent to the processing of personal data – to the extent that the basis for the processing of the User’s personal data is consent (withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal).
  • Object to the processing of the User’s personal data – to the extent that the basis for the processing of the User’s personal data is the legitimate interest of the Administrator.
  • Object at any time to the processing of their personal data for direct marketing purposes, including profiling to the extent it is related to such marketing.
  • Lodge a complaint with the supervisory authority responsible for personal data protection (the President of the Personal Data Protection Office) if, in the User’s opinion, the processing of data violates the GDPR.

To exercise your rights, contact the Administrator.

Automation of Personal Data

The User’s personal data, together with other data originating from cookies, for example, may be processed in an automated manner to analyse user activity and optimise services. The legal basis for such processing is the legitimate interest of the Administrator, consisting in improving the quality of services provided and better adapting content to the needs of users (Article 6, paragraph 1, letter f of the GDPR). Users have the right to obtain information about the logic used in automated processing. If you have any questions regarding automation, contact the Administrator.

Transfer of Personal Data Outside the EEA

Personal data, especially from cookies, may be made available to entities outside the European Economic Area (EEA). However, we will only transfer your personal data if an appropriate level of protection of your personal data is ensured, as required by the provisions of the GDPR.

Cookie Policy

What are Cookies

Cookies are small text files installed on the device of the User browsing the Service. They collect information that facilitates the use of the Service, such as remembering the User’s visits and actions. A cookie consists of a series of letters and numbers placed in the web browser, on the hard drive of the computer, or the User’s portable device.

Types of Cookies

  • Session cookies: Specific to a visit, limited to sending a session identifier (a random string of numbers generated by the server). They are not permanently stored and are deleted when the browser is closed.
  • Persistent cookies: Files that record user preferences and are stored in the cache of a browser or mobile device.
  • Third-party cookies: Placed by third parties to collect data across multiple websites or sessions.

Cookies We Use

  • Strictly necessary and functional cookies: Enable the use of the Service and its individual functions, remembering choices made such as selected language, consents, and cookie preferences.
  • Analytical cookies: Collect information about how Users use the Service, such as which pages are visited most often, error messages received, and how Users found our website. This information is used solely to improve the user experience and may be placed by external entities (e.g. Google Analytics).
  • Advertising cookies: Record visits to the Service, allowing measurement of the effectiveness of marketing activities.

Information Collected from Cookies

When using the Service, the following data is automatically collected via cookies:

  • IP address
  • Approximate location data
  • Traffic on the Service
  • Domain name
  • Browser type
  • Operating system type

This data may be collected by cookies, Google Analytics, or other similar analytical systems.

Information Retrieved from Server Logs

Using the Service involves sending queries to the server where this website is stored. Each query directed to the server is saved in the server logs, which include:

  • IP address
  • Date and time of the server
  • Information about the Internet browser and the User’s operating system

The logs are saved and stored on the server and are not associated with specific individuals using the website. They are used solely as auxiliary material to administer the website. In the case of User identification, the basis for processing personal data contained in the server logs is the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR), ensuring server and website security, diagnosing problems, and analysing performance.

Managing Cookie Preferences

The User’s consent is not required for cookies necessary for the provision of a telecommunications service (data transmission to display content). This applies to necessary and functional cookies and information contained in server logs. Other cookies require the User’s consent. The default settings of most browsers assume consent to cookies. This consent may be withdrawn at any time from the User’s browser settings.

Changes to Privacy Policy

The Privacy Policy may be updated and adapted to the current legal and factual situation. This version of the Privacy Policy is effective as of 28 October 2024.